Routinely moving and syncing my complete user folder between 2 macs

fred242 wrote:

I do not find it acceptable that I should have some or indeed any part of my data archive under the control of a third party.

I agree 100%. In my case I object to certain apps being hard coded to store data in a specific location that cannot be changed, as I do not want my user data stored on the same drive as the system. The biggest offender so far, imho, is MS Outlook v16/v19/v365. It stores mail in a folder buried deep inside ~/Library and no one has found a way to change the location.

However, if you are using the Mac Mail app, there is a way to "move' the mail data folder to another drive. By default Mail stores messages & attachments in ~/Mail but that location can be changed using a symbolic link to another drive (and that means the mail folder can also be moved to another Mac). I have successfully done this for years on multiple Macs. Currently I am using macOS Catalina 10.15.17 w/Mac Mail 13.4. BTW, in the case of Catalina or later macOS releases, you will also have to give Mail "Full Disk Access" in System Preferences > Security & Privacy > Full Disk Access. And you should test it on your system(s) before "going live" with it.

Some third-party mail apps are also capable of having their data files stored in a user-specified location.

fred242 wrote:

Thanks for taking the time to respond! Unfortunately, using iCloud is just what I am trying to avoid as it is not end to end encrypted and therefore not legal for confidential data in my professional area of work. Let me give you a simple analogy, which does not even begin to cover the issue of the legal framework: would you allow your local Police station to keep a set of your house keys?

Police don’t need a set of house keys when they can either pick or bypass or break in as needed. Preferably that arising only with a duly-issued warrants. But it happens. And more than a few organizations can and do use so-called key boxes, those allowing emergency responders access. Knox Box is one of the common key-access products used in the US.

As for protecting the here data…

Per Apple, iCloud Drive file data is end-to-end encrypted in transit, and also uses encryption on Apple servers: iCloud security overview - Apple Support

If that protection is insufficient…

AES-encrypted files or ARS-encrypted disk images are an option for sensitive data. This can mean iCloud is an option within added data protection requirements. This means double encryption with iCloud Drive, and double encryption when FileVault is in use (and as it here should be).

Another hosting service which specifically caters to those with data protection requirements is SpiderOak. Again, this increases the effort and—should mistakes be made—the risks of data exposure.

You could choose to run your own file services of course, though that is more of an investment, and probably also a bigger risk for your data. There are options here, hosting your own local or cloud-hosted NextCloud being more of the more inclusive options.

The other option is to keep your most sensitive data on removable media, and that to be encrypted with AES or better.

All that written, iCloud encrypts in transit, and at rest, per published Apple documents, and which appears to meet the stated requirements. This absent criminal warrants or national security warrants or industrial or national espionage, and those cases can and do arise in all jurisdictions. And avoids encrypted key drives, whether those lost or stolen or dunked or otherwise.

Backups and the protection of data and the protection of backups themselves against malicious activities are additional issues that arise in these cases, as a side project in these efforts.

All Apple devices are synced through the use of the exact same Apple ID, as soon as you create a user and sign in with the same Apple ID, your data will synchronize and be available.

But, give it time as nothing is instantaneous.

That's the Apple way. If your country doesn't allow such, you have to follow your country's laws and regulations. And that is outside the purview of Apple.

As to data security. How you do that is something you must decide upon. CCC is a great app; I use it in lieu of Time Machine.

There is a learning curve for all new tech ... "a lot of work". You can't really get around it and you can't be as secure and up to date if you don't do the work.

There are multiple ways too do this.

One way is to use Apple iCloud keychain sync to ensure that your keychain and passwords are identical on all your Macs (they all must be on the same Apple ID for this to work). You can also make a clone of your Documents folder in a Dropbox folder (or even use the Dropbox method of "backing up" all your Documents to Dropbox) and then all Macs with Dropbox will sync those files. In fact I have started using Dropbox much like a second "Documents" folder for this.

Moving your user home folder has always been a risky endeavor, and with the increasing types & levels of security in each macOS release coupled with parallel changes in applications, moving the home folder becomes even less & less advisable.

That said, if you intend to do this, at a base minimum, you should make sure that both Macs have exactly the same setup including: the version of macOS & any security updates, volume formats & names, users/groups that were created with exactly the same names and in the exact same order of creation, exactly the same releases of the apps you commonly use. And in order to keep the Macs 'aligned' in this manner you should turn off all automatic updates. This is to minimize and hopefully avoid problems due to differences in the way the Macs have been set up when you move your home folder back & forth between your two Macs. If you were only moving user data none of that would be necessary, but if you are moving the entire home folder including ~/Library you have to be extra careful. Even then not everything may work properly.

For that matter, my advice is to only move user data, not the entire home folder. You can install & configure all applications identically on each Mac, once & done, so you would not risk having to re-do setups or configurations. And it's so much simpler just to move the user data. I have done this for many years with many different Macs and releases of OS X and macOS. Never ran into any problem except for an occasional and seemingly random data file permission that was easy to change.

That said, I do admit that moving email messages & folders between Macs could still be a problem if you are using any POP mail service, the MS Outlook app, and/or saving mail to your local drive. IMAP, Exchange & webmail do not have that problem.

fred242 wrote:

Thanks for you time and trouble in posting. I would look at solutions for a backup where I could keep an archive that have already encrypted on a remote server- that is always a sensible idea. The problem is in keeping a sort of remote time machine type copy that could be shared by two machines, which I don't think can be done. I'll have to keep plugging away at finding a solution that both works and that I feel comfortable with!

Synology NAS can purportedly provide this, not that I’ve tried restoring a remotely mirrored Time Machine archive.

Full Disk Access is a fairly new security feature of macOS. It was introduced in macOS Mojave and requires user intervention to grant applications full permission to access "user-protected" files and the assumption is that everything is protected unless the user deems otherwise. This creates a new set of headaches because we now have to think in terms of opening up access rather than restricting access.

In all previous versions of macOS "full disk access" permission was either not required or was automatically granted to all applications during installation. Everything had full disk access from the get-go, no user action required.

I do not believe there is any danger in giving mail apps Full Disk Access. The messages themselves would not be an issue, as they are not executable.