If you put enough effort into deniability, one cannot even prove they do exist in a given system. The question is: WHO is going to put those resources in.
2 Likes
They can’t find a vault that doesn’t have a physical presence on the machine. And if they do find it, so long as you lead them down the right red-herring golden path, and gave them what they expected on the outer layer, they’ll be none the wiser.
Securing the physical vault is a different issue… but much easier problem to solve.
The PD vault has to take up hd space somewhere. You can mask it in various ways to contain outer data congruent to another red-herring storyline.
But if you know of other ways so make it completely invisible except unless you know exactly its position on the harddrive, I’d want to know how.
And that almost solely depends on the content you are trying to hide.
Only in pd vault size. Once encrypted, without any traces it should not matter.
Now, the point is to not end up in secondary screening. Hence the red-herring data. And hence having 2 layers of computing.
Lets stop with the arguing on if it should be done or not, and get on to getting it done.
If you can’t see that it is going to be necessary for every sovereign… well… perhaps you’re in the wrong forum or a state shill.
The question at hand is how to best do it.
1 Like
As I said, if the vault is reserved by default install and it is up for you to use it or not, then we get complete deniability (given other criteria are met, which are plenty)
1 Like
Read my prior posts: The point is to not get in secondary screening. And hence why we are leaving forensic logs that lead the criminals down the golden path we want. And why we are hiding those logs when that path deviates from what we don’t want.
Do your own thinking. This is not a discussion about whether you should bend over and submit to state tyrants. This is a discussion about how to best build a pd layer.
Yes, we all have seen “The Unthinkable” movie.
However, typically, in real world most governments (with a few exceptions) are bound by at least some rules. And deniability works reasonably well under those rules.
/var/logs
The obvious logs folder to bind.
var/mail?
var/tmp?
var/cache?
…What others would have forensics?
Thanks for removing remarks towards personal in communication. That was absolute misconception, too.
Happy hardening though.
1 Like
Haven’t read the full thread yet, but this too clearly belongs into ‘User Support’.
1 Like
I spoke out of hand, and misread the intent.
…The last 18 months has worn away my tolerance for those willfully submitting to this global spiral to dystopia, and doing nothing to change it, side-step it, or create a parallel system.
2 Likes
From https://betrusted.io:
In practice, authorities need not even go so far as rubber-hose cryptanalysis to obtain passwords; simply demanding a user’s passwords at Customs as a pre-condition for entry into a country has become a normalized deviance.
Therefore, enhanced security must come hand-in-hand with enhanced plausible deniability (PD) of any secrets that may or may not be contained within the system. PD is possible on traditional systems, but it is tricky; it is hard to train user to use the tools, and easy for apps to accidentally leave incriminating traces. It is also hard to say for sure on modern SSDs if data has been actually deleted or merely de-allocated.
The Plausibly Deniable DataBase (PDDB) is our answer-in-development to this problem. We plan to take advantage of the Message-oriented nature of Xous and our tight integration with the Precursor hardware layer to entirely do away with the notion of files and volumes. Instead, data is stored in a database as a set of key/value pairs that are associated with a security state. The set of user-visible data is transparently adjusted depending upon the set of PIN codes currently authorized by the user. We blend patterns of secure and insecure data access together all the way down to the hardware, while keeping end-user applications largely oblivious to the entire PD process. For example, the process of deleting a data set is identical to that of forgetting a PIN code. This makes it difficult to determine at the point of inspection if a complete set of PIN codes have been turned over.
2 Likes