I am from Russia. My friend was arrested by the police for political comments he made 4 years ago. He and I new Qubes users. His laptop was encrypted with LUKS, but the system was on during the arrest; he didn’t have time to shut it down. Now his laptop has been sent for examination. I have several questions that are causing me great concern and paranoia.
What data can be recovered if we used disposable VMs and Whonix? I have studied forums and some users write that it is possible to recover a lot of dangerous confidential data. Can police and FSB recover data and sessions from the last 2 months? In our country, many types of data can be the cause of political persecution. This could worsen his situation - he could be accused of new violations.
I read that to protect against data recovery, one should work through RAM or use data wiping (shredding). Is this possible in Qubes? If so, please write the most effective methods for the latest version of Qubes. I noticed that there are many requests to add such a feature to Qubes, but the developers believe that for sensitive data, other OS should be used. But why then is Whonix included in Qubes, as it is usually used for sensitive activities? Moreover, I found out that the original Whonix has a mode of operation from RAM. Why not add such a function to protect Qubes users, as in many countries, such as Russia and Belarus, any activity can be suddenly banned and not leaving traces on the disk is a very important function. But it seems that some users have learned to enable such a function in Qubes.
I would be grateful for any comments on this topic
Assume it would be hard for them to recover data from disposable qubes (or Whonix) - at least, because they don’t take sooo much effort in this, because it’s easy to arrest one for less doing in Russia.
Assume they only will try to look over the “saved data” on the device and that’s it!
If they arrested him, the judgement is taken already and he is guilty (for whatever).
So I only can speak from a objective point of view:
to recover data from a past time (even on a Qubes device) it will take a lot of effort and if he “is worth that”, they will do (especially the FSB). I guess, he ‘isn’t worth’ that effort, cause they arrested him (for less) already. And maybe they get more information by taking some pressure on him
but they will try to recover all saved data on the device and check if they can work with that for other cases (cause this is easy going as long as they have full access on the device)
Maybe there are some other people, who can answer your other questions. Can’t say much on these…
This part of your post seems very confusing to me. If you think you really need an answer on this subject, please do more research and open a new topic with the links you encountered.
