Personal documents on work computer

MitchWagner · July 23, 2022, 4:45pm

I’ve been using my employer-supplied computer—it’s a MacBook Pro—for both work and personal documents. The company allows it, but I’ve become increasingly uncomfortable with this. It’s bad personal security.

So how do I separate work documents from personal documents, while continuing to maintain easy access to everything?

Ideally I’d like to continue using one MacBook for everything.

And I also want to access all my Obsidian documents on the Mac, iPad, and iPhone.

Alternatives:

Store personal documents on a separate MacBook or external storage, accessible over home network. That gets me access to all documents on one Mac, but I don’t think I’d be able to access all documents from the iPad. Would I? And would I need to maintain separate vaults for work and personal documents?
Another solution would be to simply encrypt a folder for personal stuff, within my Obsidian vault. However, that might break linking, and I don’t think I’d be able to access those documents from my iPad, would I?
Here’s a third option, and I think it might work: Maintain two vaults. Sync using the Obsidian sync service. Both vaults are available on my personal MacBook and iPad. Only the work vault is synced to the work MacBook. If I need to access the personal vault from the work MacBook—which is actually how I’d access that vault most of the time—I do it over my home network. Would this work?

How are other people solving this problem?

BarryPorter13 · July 23, 2022, 6:51pm

How about having 1 user account for work, and 1 user account for personal stuff. You should be able to share documents between them if needed.

MitchWagner · July 23, 2022, 6:57pm

I think I can manage it with two vaults, one account.

Work Mac gets the work vault only.

Personal Mac gets both vaults.

iPad and iPhone get both vaults.

Is there a way to manage with one vault, with a “personal” folder that’s excluded from my work Mac?

And is there a better way?

BarryPorter13 · July 23, 2022, 7:01pm

th reason why I mentioned 2 accounts is you could then also have work and personal calendars, work and personal email, work and personal address books, etc. Many companies don’t want those mixed for security. It also makes backups a bit more granular.

Dor · July 23, 2022, 7:49pm

If it’s a work computer they presumably have a right to audit anything on the computer whether it is encrypted or not.

johw · July 23, 2022, 8:08pm

At least in NL it is mandatory by law to inform the worker when there’s company provided computer is audited. So at least you will know it

MitchWagner · July 23, 2022, 8:31pm

@BarryPorter13 I already have personal and work emails and calendars. I spent most of my career working in a volatile industry where I changed jobs every few years, so it was a necessity.

@Dor I presume so—and if they do, and I encrypt my personal data on the computer, then they will find a great big wodge of encrypted data.

To be clear, I quite like my job and the company I work for. But good security practice requires planning for the worst-case scenario, and I hav been slacking in that regard recently.

ManadayM · July 24, 2022, 3:50am

I think (as I haven’t tried and tested) this should be possible with the single vault. I personally prefer single vault system.

The primary requirement of my suggested solution is to have two directories in your vault root - Personal and Work. You may further want to create subdirectories for Assets and other stuff.

Under Work directory you may further create a company wise directories. It keeps everything separate at company level considering future job switches.

Below is visual representation of the proposed structure.

Vault
dashboard.md
- Personal
  - Assets
- Work
  - Company A
    - Assets
  - Company B
    - Assets

Now comes the syncing part. Let’s assume you’re okay having all work directories on your personal machine. You setup your vault with the above structure. You can setup to sync your entire vault with the Google Drive or whatever else you want. I use Google Drive to back up my vault.

On your Company A machine, manually create a root vault directory. Selectively sync .obsidian and Work/Company A directory from Google Drive under your manually created root directory. This will sync all your plug-ins and Metadata of your entire vault plus your assets and notes of the Company A.

The broader idea is to use folders to create physical boundaries. Selectively sync using Google Drive like services.

You may want to check the graph data on your work machine. It would show your personal notes connections but those links won’t be accessible as they won’t exist physically on your work machines. And, you’re okay with it.

Hope it helps.

MitchWagner · July 24, 2022, 3:56am

That is helpful—but I don’t think I could access personal documents over the network from the work computer. Could I? And could I access both work and personal docs from my iPad?

ManadayM · July 24, 2022, 4:03am

A quick search on Obsidian Sync got me this. Looks like it’s possible. I don’t know and use Obsidian Sync, you can try with a test vault first.

All the best!

ManadayM · July 24, 2022, 4:13am

I understood that you don’t want to sync anything private on your work machines. That’s possible when you selectively sync on your work machine.

On your iPad you sync everything and it should provide you with access to everything.

Also, I don’t see any issue in using Obsidian Sync + Google Drive sync. On your work machine use Google Drive sync.

MitchWagner · July 24, 2022, 6:01pm

Correct—I do not want to store personal information on my work machine. But I want to be able to access it remotely on my home-office network from the work machine.