hidden full system encryption on gnulinux?

Here you can discuss every aspect of Debian. Note: not for support requests!

hidden full system encryption on gnulinux?

Postby hthi » 2016-04-15 15:09

I cannot say if the following is correct. I read about countries that have legal means or plan to get legal means to make a person tell a password for decryption. Countries that may not use violence to get the password. The windows versions of truecrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied. I am not aware of gnulinux having this feature. It is important that gnulinux gets this encryption option that people in these countries get another means to provide privacy. If it can be made for windows it can be made for gnulinux? Can I get to know, how difficult it is to provide this option? Expensive? Many programmers required? Technically advanced?
Thanks.
hthi
 
Posts: 173
Joined: 2015-05-09 15:43


Re: hidden full system encryption on gnulinux?

Postby tomazzi » 2016-04-15 21:58

hthi wrote:The windows versions of truecrypt have the ability to create and run a hidden encrypted operating system

No, this about hidden file system (implemented in a virtual partition existing as a normal file, called a "container"). Definitely, this is not about "operating system" - quite a big difference.

Anyway, this means that in countries which have the "legal" means (which are illegal just by the nature of this problem - human rights), those "containers" can be easily detected - and "they" can ask for a password.

But:
The whole thing is about what You're risking by claiming that You have just "forgot" the password... - are they going to torture You? - do they have means for this? - that is a real question/problem here.

Regards.

PS.
GNU/Linux has a very similar solution - it's an ecryptfs - available as a ready to install package, fully documented.
Odi profanum vulgus
tomazzi
 
Posts: 730
Joined: 2013-08-02 21:33

Re: hidden full system encryption on gnulinux?

Postby hthi » 2016-04-16 07:46

There are to many arrogant people on this forum. Dasein, you are one of them. You waste my time and yours. Your answer contributes with nothing. More than 6000 answers and you have not learned to meet people on their level? About my question, your answer is arrogant and wrong. Truecrypt does not provide full system encryption on gnulinux. Because you do not answer any of my questions I conclude you are not skilled enough. You are not capable of answering any of my questions. Stay away from my posts if you cannot contribute.

I frequently write posts on forums and get no answers. Likely because my questions are to difficult. What I want to know is how big a task it is to bring hidden full system encryption to gnulinux? No surprise if nobody here have the skills to answer it. Sometimes you run unsuspectingly into someone who can answer or who can tell you that your question is very difficult.

Tomazzi. I quoted wikipedia. It says hidden full system encryption is provided by truecrypt. You say, wikipedia is wrong?

Even if a law is illegal due to a convention, it will likely stand until some higher judicial body rules it illegal.
You say, what if I claim to not remember the password? It seems some countries have or want to get laws that fine or remand a person that will not tell a password. A hidden full system encryption option makes it possible for a person to tell a password and it will open a system that shows nothing.

You refer to ecryptfs. That is not what I am asking for. The hidden full system encryption has to be an option which displays when you install a gnulinux system. Can laypersons make this suggestion to debian?
hthi
 
Posts: 173
Joined: 2015-05-09 15:43

Re: hidden full system encryption on gnulinux?

Postby alan stone » 2016-04-16 14:16

hthi wrote:... The windows versions of truecrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied. ...
Thanks.

Did you try this search: hidden encrypted linux operating system ?
User avatar
alan stone
 
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: hidden full system encryption on gnulinux?

Postby stevepusser » 2016-04-16 17:26

Yes, your questions are so difficult they've blown my freaking mind!

Truecrypt is old, unmaintained, and will not build on a modern Linux system. I suggest you bend your vast intellect toward learning about its successor, Veracrypt. Yes, there are Debian packages for it out there.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12075
Joined: 2009-10-06 05:53

Re: hidden full system encryption on gnulinux?

Postby GarryRicketson » 2016-04-16 18:26

hthi wrote:
... The windows versions of truecrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied. ...
Thanks.

I don't know, but we get so many people these days claiming, all these weird things
they want to do, work on their "windows" versions, or "When I use windows, it works",..
I get tired of that, if the versions you have on your windows thing work so great, then why don't you just use that ?

The whole thing is about what You're risking by claiming that You have just "forgot" the password... - are they going to torture You? - do they have means for this? - that is a real question/problem here.


The rest sounds more like some kind of spy verses spy movie, and then they come and torture the guy, because he either really can not remember the password, or maybe just says they forgot, because they don't want to tell it,... who cares really ? It is all from a movie, or sounds like it to me.
It all ready has been mentioned there are packages available:
Post by stevepusser »Yes, there are Debian packages for it out there.

And as suggested, : Did the OP try any searches ?
by alan stone »
Did you try this search: hidden encrypted linux operating
system ?

and Dasein:

=
I frequently write posts on forums and get no answers. Likely because my questions are to difficult.

Amazing, does that not tell the OP and all of us something, but they don't get answers,
it is not that they are to "difficult", it is because they can easily be answered doing a few searches, or because they are simply pointless, with not real , true , absolute answer,
or controversial, these are the kind of questions trolls like to ask, and every body knows
the best thing to do with a troll is to ignore it. So that is what they do on many forums, and they ignore the questions, that : Please Read.. What we expect you have already Done.
When it is obvious the OP has not done any searches, often they just ignore the question.
The troll starts out in the very first post:
by hthi » 2016-04-15 09:09 The windows versions of truecrypt have the ability to create and run a hidden encrypted operating system whose existence may be denied. I am not aware of gnulinux having this feature.

With out having done any real searches, to see if there are any Debian, and linux packages with this feature. It appears to me it is deliberately trying to say it's crappy windows apps, and windows versions are better.
Now, the response probably will be something saying "garry is the troll",..hmm maybe so, but then there is also the expression "It takes one to know one",....However I don't usually try to be one , in fact I usually just ignore them, and that is what I am going to start doing after this post.
Please do not feed the trolls
http://forums.debian.net/ucp.php?i=zebra&mode=foes&add=hthi
Especially these ones that come around telling us how much better everything works on their "Windows" things,....
I know everything works better on Debian, and I really am not interested in how or what works on windows.
They blame Debian, or gnulinux, but the facts are clear to me, no windows in my systems, and Debian, and gnulinux, and pure linux, no problems, and usually work perfectly.
99% of the people having problems with Debian and linux software, are still using windows as well, or trying to make Debian more like Windows, or expecting the Debian, and linux packages to be like their windows garbage.
So any way, that is all from me , today. I am tired of these people all ways trying to tell us how wonderful things work on their Windows, but it does not work on Debian,
If they like how things work on windows so much, that is what they should be using.
User avatar
GarryRicketson
 
Posts: 5872
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: hidden full system encryption on gnulinux?

Postby hthi » 2016-04-26 20:13

Tell me how dasein answers my question?

I frequently write posts on forums and get no answers. Likely because my questions are to difficult. What I want to know is how big a task it is to bring hidden full system encryption to gnulinux? No surprise if nobody here have the skills to answer it. Sometimes you run unsuspectingly into someone who can answer or who can tell you that your question is very difficult.


This part must be read like it is written. It is a statement of fact.

On a debian iso you may select full hdd encryption when you install. There is no hidden full hdd encryption option. I know no gnulinux iso which has this option. Likely because no one made the software.
It may be possible to make hidden full hdd encryption on gnulinux software already available. In that case there had to be tested instructions. No one should make their own encryption. If you do not know a person's skills that is an irresponsible piece of advice.

I wrote my post in general discussions because I think gnulinux systems should get the hidden full hdd encryption option when you install. I wanted to get information how the software can be provided and how difficult it would be? There is no reason to get defensive if windows has an option that gnulinux does not have. Or you cannot answer my question.

You cannot answer on the relevance about hidden full hdd encryption for others. In a country that has or plans laws that will fine or remand a person who will not tell a password and the country will not use violence, hidden full hdd encryption is another option to obtain privacy.

I named windows truecrypt because windows truecrypt shows that hidden full hdd encryption software can be made. I think same software must get made for gnulinux. That produced a lot of hooey in commenting posts. Most of it fall within misplaced loyalty about debian or inability to say something substantive. If a non gnulinux piece of software provides something that is of value, then gnulinux should also get it.

Why side with dasein? He contributed with nothing.

Veracrypt does not provide full hdd encryption on gnulinux.
hthi
 
Posts: 173
Joined: 2015-05-09 15:43

Re: hidden full system encryption on gnulinux?

Postby dryden » 2016-05-07 18:08

Myself I have often observed to my dismay that in general the user options for encryption are extremely limited compared to Windows (TrueCrypt) and this mostly comes down to the lack of anyone actually thinking about real use cases.

Most Linux people do not have such real use cases. Either it is mostly a hobby, or it is used in a corporate environment. I have found for instance that most initrds will spill the guts of the device being decrypted. This is bad information. Any information leak is bad. A real Linux system with multiple encryption setups at once would use a key from the first, to unlock the next ones. There is no need whatsoever to tell the casual observer what disk is getting unlocked. Just a simple example.

According the the LUKS help (cryptsetup) it does support hidden truecrypt partitions, I just have never come across the information on how to do it, and it seems so arcane that I haven't bothered with it yet.

On Windows I had the perfect setup : an encrypted system, a separately encrypted data, another encrypted disk, and something hidden inside of that.

I was not living in a country (like the UK) where they can force or reprimand you to give your passwords.

If then, my situation might have been different.

Most of all even if it is not available for regular installers, I am pretty sure no one has ever done it except if they have used Truecrypt for it. The Truecrypt authors were true geniuses and it is the best and most well-made software I have ever seen.

I recently compiled it on an older kernel (2.6.32) and the installer that you can download, runs just fine on modern Linuxes so I don't see why it wouldn't compile.

The real issue is usability. I have some thoughts but I don't really have the opportunity, health, reality, love or support to design or develop it. I am too abandoned in my life.

As such I am just struggling to survive and even selling off assets.

All I can offer on Linux is to create a partition within an encrypted LVM, encrypt it with TrueCrypt, and then put a hidden volume inside of that. Then wipe your trails whenever you access that.

I have not said those things ;-).

Your best bet is always a multi-encryption setup where you can please law enforcement in steps. Make sure you are capable of giving them the first password without trouble. Then make them beg for the next ones.

This is very hard to do in Linux according to real needs.

Linux is too messy, it just won't work.

Today I have my entire disk(s) encrypted and I let Grub decrypt it. It is a hell of a lot of work to set it up and I always forget one single thing causing me to have to reboot again, etc. etc.

But it is the best thing I can do myself.

I plan to adjust grub to get rid of its ugliness. TrueCrypt has a beautiful bootloader. I do not trust the VeraCrypt authors. They are open source junk.

For one thing they have ensured that unlocking your system takes up to 20-30 seconds? Because they feel they know better about what you want and need? That is the illness in Linux: the other person always thinks they know what you need and don't need, instead of you yourself.

So apparently the VeraCrypt authors decided that they know that people need that 20-30 second bootup phase. When people complain, they don't care. TrueCrypt would never design something like that. They were just outstanding. I miss them already, even though they are still here for me.

In this thread a person also claims to 'know' that if you like TrueCrypt so much, you won't need Linux, want it, or desire to use it. Because to him, apparently, it feels like betrayal. To prefer, or laud, a software not developed by open source guys. To desire something that another person created who actually is praised much more than the Linux alternatives. That feels like betrayal to him.

What rewards does LUKS win? Nothing. Its user experience is horrible. If TrueCrypt had a modern version with a great UI for Linux, I would use that.

But the GUI is not integrated and it is an older Gnome app. I will, or may, still have to use it. But it is downright detrimental. The current state of affairs for Linux is downright detrimental. People in general have never cared about real solid user experiences that completely agree with a use case. It is a wonder I guess that we had TrueCrypt to begin with.

A hidden operating system would require Grub decrypting the volume AND the volume must contain a hidden partition. Then depending on what partition is actually derypted, it starts that one.

Personally I think this is troublesome to begin with. I prefer to give law enforcement my main password. You could try to virtualize inside of that. You could try to chain boot into something else. Those are really your only options I think.

You would need a way to clear logs, or to create as few of them as possible. A regular Linux system is not really suitable for that. They haven't even solved the issue of the fixed library paths, yet. So what you need is first a way to create a hidden partition, then a way to boot into that without leaving traces. I would suggest doing this booting from a running Linux system. I would suggest ensuring that you can either use kexec for that, or a virtualizer. A virtualization solution started from a hidden volume, would be almost the same as having a hidden OS. Now you only need to ensure that the mounting, and starting of the VM, do not leave traces in the system log.

However I will say that you can also run systems from USB stick that you can hide. You may have a main harddisk but you don't have to use it. Any data that is not sensitive, store it on the harddisk. Put a nice little OS next to it you don't really use. Remember: the burden of having a hidden OS is having to boot that fake system regularly, which you will probably not do.

However, there are virtualizers, maybe all of them, that can boot a guest OS from a system partition or LVM volume. That means you can run your fake OS as a guest in your stick OS. Just an issue, just an example. That way, you can keep it "current" while not using it for anything sensitive. Lots of troubles, I know.

Law enforcement may not search your premises. They may just take the computers that are in plain sight.

Use it for gaming, you know. Run a Guest OS from a fast harddisk (or any harddisk) and use it for gaming.
dryden
 
Posts: 80
Joined: 2015-02-04 08:54

Re: hidden full system encryption on gnulinux?

Postby sgosnell » 2016-05-07 21:27

How would you propose full, hidden, disk encryption? Truecrypt never did that on Windows, or anything else. Truecrypt, and now Veracrypt, can provide a hidden encrypted container inside a disk. I'm not sure the OP understands what he's talking about.
Take my advice, I'm not using it.
sgosnell
 
Posts: 844
Joined: 2011-03-14 01:49

Re: hidden full system encryption on gnulinux?

Postby tomazzi » 2016-05-07 21:37

dryden wrote:Myself I have often observed to my dismay that in general the user options for encryption are extremely limited compared to Windows (TrueCrypt) and this mostly comes down to the lack of anyone actually thinking about real use cases.

Most Linux people do not have such real use cases. Either it is mostly a hobby, or it is used in a corporate environment. I have found for instance that most initrds will spill the guts of the device being decrypted. This is bad information. Any information leak is bad. A real Linux system with multiple encryption setups at once would use a key from the first, to unlock the next ones. There is no need whatsoever to tell the casual observer what disk is getting unlocked. Just a simple example.


First, there's no such thing as "hidden full system encryption".
This stupidity has its roots in the winblows world, where the average user don't have a clue what is the HDD and how it works - so they think, that if there's no partition shown in "My computer", then nobody will know about their "secret data" -> *bullshit*.

It's trivially simple to discover that You have hidden data on Your HDD - every law enforcement division in the world will discover it in just few seconds -> just by looking at the physical layout of data on the disk surface or by checking the bootloaders.

This is a complete stupidity to rely on the "supposedly invisible" partitions - this way You can possibly cheat Your neighbor or maybe your girlfriend ;)

Regards.
Odi profanum vulgus
tomazzi
 
Posts: 730
Joined: 2013-08-02 21:33

Re: hidden full system encryption on gnulinux?

Postby dotlj » 2016-05-11 01:07

full system encryption means the whole system is encrypted. You can do that putting /boot on a separate device (usb flashdisk, SD card, ...) and encrypting the whole device (say /dev/sda for example).
You can not hide the fact that a whole device is encrypted.
What TrueCrypt called hidden encryption only works with disks using MBR.
Today disks use GPT and TrueCrypt does not work with GPT devices.
What TrueCrypt called hidden encryption is not the full system, it was a hidden encrypted container inside of a larger openly encrypted container, partition or device.

Linux encyrption using LUKS works with MBR and GPT devices. Linux allows encrypting whole disks, partitions and containers. Linux also allows encyrpting containers inside of encrypted devices or partitions.
As has been mentioned in other replies, it is difficult to hide encrypted containers inside encypted devices.
For more information please search for stenanography using your preferred search engine.
User avatar
dotlj
 
Posts: 646
Joined: 2009-12-25 17:21

Re: hidden full system encryption on gnulinux?

Postby edbarx » 2016-05-11 06:18

Full system encryption defies its own aim when it is used to avoid censorship. The reason is quite simple to understand: if one is caught using a fully encrypted computer in a country that enforces censorship, one would incriminate oneself. No one will go into the trouble of encrypting a full system without a motive.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.
User avatar
edbarx
 
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E

Re: hidden full system encryption on gnulinux?

Postby dryden » 2016-05-19 21:06

sgosnell wrote:How would you propose full, hidden, disk encryption? Truecrypt never did that on Windows, or anything else. Truecrypt, and now Veracrypt, can provide a hidden encrypted container inside a disk. I'm not sure the OP understands what he's talking about.


You are incorrect. The OP never mentioned full hidden disk encryption, but a hidden partition inside a system disk encryption, causing two passwords: one for the "non-secure" system and one for the "secure" system. This causes the ability to deny the existence of the hidden OS, because the container looks the same from the outside and you can supply your non-secure password to law enforcement (for instance).

LUKS doesn't even really format your disk. There is no provision to wipe your disk, unless you manually fill it with zeroes yourself. Not saying it always should format. Just saying it is up to you to do it, and if you don't care enough, it won't be done.

tomazzi wrote:First, there's no such thing as "hidden full system encryption".
This stupidity has its roots in the winblows world, where the average user don't have a clue what is the HDD and how it works - so they think, that if there's no partition shown in "My computer", then nobody will know about their "secret data" -> *bullshit*.


I have never said any such thing a a hidden full system encryption. The stupidity is yours, not mine, to even suggest such a thing.

It's trivially simple to discover that You have hidden data on Your HDD - every law enforcement division in the world will discover it in just few seconds -> just by looking at the physical layout of data on the disk surface or by checking the bootloaders.


The whole point of the OP was to hide a partition within an encrypted partition. In case you don't know (are you really that stupid? I doubt it) the purpose is to give a "fake" password to any person interested that will unlock the partition you want them to see, instead of the hidden one.

I again did not say that :p. Actually I do not have any hidden partitions at this time.

This is a complete stupidity to rely on the "supposedly invisible" partitions - this way You can possibly cheat Your neighbor or maybe your girlfriend ;)


You can also fool anyone just looking at your computer. In case you think law enforcement is omnipotent: they are not. Fooling them for a moment or two may be enough to get out of a tough spot. Someone who sees a neat little encryption prompt may not think much of it, except knowing that it is encrypted. His/her attention will then go to other things. Someone who sees device data or UUIDs and who doesn't have any computer knowledge himself, may get confused and think you are doing something nasty. The difference may come down to your computer being towed away or not, or police returning to your home for a second visit, or not. You obviously have no real world experience. Perhaps I might, in fact, do. Someone who sees a password prompt may in fact not even be aware it is going to be an encryption prompt.

Personally I prefer the TrueCrypt system: a neat prompt that does show encryption, but not any other data.

When you want to be inconspicuous, you want to be inconspicuous. You want neatness, tidiness, and people not thinking much of what they see.

Weird people may think you are hacking their wifi when they cannot get online. Weird people may think you are hacking the regional power station because you are using a Linux prompt computer. And the power goes down, so it must be you. In general it is better, if you want to avoid complications, to not let people know too much. What to you is obvious and understandable, another person may think is something suspicious. You want to avoid people thinking you are suspicious.

Neatness is part of that.

dotlj wrote:full system encryption means the whole system is encrypted. You can do that putting /boot on a separate device (usb flashdisk, SD card, ...) and encrypting the whole device (say /dev/sda for example).
You can not hide the fact that a whole device is encrypted.
What TrueCrypt called hidden encryption only works with disks using MBR.
Today disks use GPT and TrueCrypt does not work with GPT devices.
What TrueCrypt called hidden encryption is not the full system, it was a hidden encrypted container inside of a larger openly encrypted container, partition or device.

Linux encyrption using LUKS works with MBR and GPT devices. Linux allows encrypting whole disks, partitions and containers. Linux also allows encyrpting containers inside of encrypted devices or partitions.
As has been mentioned in other replies, it is difficult to hide encrypted containers inside encypted devices.
For more information please search for stenanography using your preferred search engine.


Not sure why you are turning this into an advert for Linux and LUKS.

As noted TrueCrypt achieved that thing just fine, contrary to your last statement. We have no requirement at all to go search for something that professes to deny what is already so; that TrueCrypt did in fact easily achieve this thing, and perhaps, always has.

I hope you realize how dedicated and with how much attention to detail, the TrueCrypt authors are, and were. You will not find any software solution that has as much attention to detail as that. From the information you get while using the program, to the fact that they first want you to burn a rescue disk, and then proceed to change the bootloader, and then test that, and then proceed to encrypt, and even that is done while using the system, not in advance. I don't think there is any way to run-time encrypt any Linux partition or container, nor is there any way to decrypt it in-place.

It could, but apparently Windows filesystems did have this space to embed the full TrueCrypt bootloader into. In fact, you are warned, that if you use multiple ciphers, there is not going to be a backup header. I actually doubt the TrueCrypt loader extended beyond the first section of MBR, so in fact it did not need to change the partition itself, or the filesystem.

Also, there is no reason you cannot use MBR formatting these days, I believe. I'm not sure what partition tables Windows creates, since you often have little choice in what it does. But I have had no issue running modern Windows on a MBR disk, nor is there any problem doing so on Linux, so that point is moot. Also, if TrueCrypt was still being developed, that could probably be changed. I do not know the details of GPT as to why that shouldn't work, but I think that is nonsense. On Windows, only UEFI can boot GPT, but I don't use UEFI.

And again, no one has ever tried to hide the fact that a whole system is encrypted, nor has anyone ever tried to do so (in that sense). Nobody wants to do that here. That is not what the OP was talking about, and also not what either ones of me intend ;-).

So you are all responding to a statement that was never made. This is called a false flag operation, or more appropriately so, a strawman argument. You intend to refute something that was never even proposed, as though to disqualify your opponent with that, no matter if you do it out of a lacking understanding as to what was intended here.

And yes, I know, but I will not explain here. Why it is also a false flag operation.

So, to go back, and I apologize for any sense of arrogance I may have here:

LUKS does not support hidden partitions. It does support a KILL header/password that will destroy the actual header of the data, when entered.

That won't destroy the data, but you will need a backup of the header to retrieve it. This is something TrueCrypt didn't have. It's a little devious, but you can give this password to (law enforcement) and when it doesn't work, your old (real) passwords won't work anymore either. That probably only makes sense if the forensics guys are not going to use your own software to decrypt it, but still, it should work if anyone tries to open your computer. Law enforcement usually doesn't do that, though, from my perspective and experience. However, unknowing forensics people may try to boot the system instead of decrypting it own their own; I wouldn't count on it though. Because of that, this KILL password has to be used by you, yourself.

You can do that putting /boot on a separate device (usb flashdisk, SD card, ...) and encrypting the whole device (say /dev/sda for example).


You don't need a separate boot device for that, you can do it with Grub. Again, uninformed.

Although in that case you will have a visible partition table, whereas you wouldn't if you used a separate disk. Still, that's the only difference. You will have a partition table with one partition (in the case of MBR) and two (in the case of GPT).

Linux also allows encyrpting containers inside of encrypted devices or partitions.


No shit sherlock. That is because they are just files. Although, perhaps it is worth mentioning because Linux needs some special tools to do it (pmt-edh) although that is not really true either, I believe they are just convenience wrappers (from libpam-mount). Still you cannot hide anything in a Linux system (partition) other than in the sheer madness of its disorganisation, except when you modify the kernel, but that won't stop a forensics guy.

edbarx wrote:Full system encryption defies its own aim when it is used to avoid censorship. The reason is quite simple to understand: if one is caught using a fully encrypted computer in a country that enforces censorship, one would incriminate oneself. No one will go into the trouble of encrypting a full system without a motive.


Do you not understand much, do you. Incriminating oneself and people having knowledge as to why you do it, is not the same thing. The mere fact that you have used encryption is like 1 bit of knowledge. People will not know why you have done so. Unless encryption is persecuted by itself, people know no other fact than that 1 bit of information. They have no other leads. Perhaps this gives them reason to search your stuff, but police don't always do that, because it takes a lot of work, and needs to be done on-site. With no other information, and you not in other ways suspect, police will actually respect what you do. They start to bargain with you to get the passwords, but you won't give it to them.

And you can have very good reasons to encrypt: you don't want random people (which police are) looking into your stuff. That is stuff people can understand. So you can explain very well why you are encrypting in the first place, even if there is nothing incriminating stored on that.

It depends on how important you think your privacy is, or how important you think it is, that people who have nothing to do with you, stay out. This also applies to police, and is a reason to refuse them knowledge.

What I am saying is that you can very well explain, attest and justify, that there are other reasons to encrypt than hiding incriminating facts. In the end, police don't have more than that 1 bit of information. Which is not a lot, I can tell you.

And all you need to explain, is that 1 bit choice you have made. You can do that, I'm sure, right?

What it requires though is a stance that says that police are not any form of authority over you, and they are no different from other random people who have nothing to do with who you are, what you do, or how you live.

What it requires is shedding this notion that the state holds power over you, not just from a practical reality point of view, but from the perspective that you are somehow a subject.

If you disregard authority, you can encrypt just fine. In most cases, in the West. Unless perhaps people start devising laws that incriminates encryption in the first place; that makes it illegal to encrypt. Or illegal to encrypt and then not give your passwords or keyfiles.

When that happens you need something more. You need a system that is visible to everyone. At least your main system should be. You need to be able to give police access, while not giving everything. Everyone has a right to *some* private data. If they *then* are going to prosecute you for it, you stand much stronger. But if, at that point, "in the end" you succumb and give your password(s), what gives if they are not the real ones? What if you have a whole hierarchy of encryption, some of which are hidden? Police may never know.

They can't ask you what they don't know about, and this is called: I bet you know it. Plausible deniability. That is what this topic was about. Don't be confused by the topic title. The guy meant full system encryption with a hidden operating system, as mentioned in the original post.
dryden
 
Posts: 80
Joined: 2015-02-04 08:54

Re: hidden full system encryption on gnulinux?

Postby edbarx » 2016-05-20 08:09

dryden wrote:
edbarx wrote:Full system encryption defies its own aim when it is used to avoid censorship. The reason is quite simple to understand: if one is caught using a fully encrypted computer in a country that enforces censorship, one would incriminate oneself. No one will go into the trouble of encrypting a full system without a motive.


Do you not understand much, do you. Incriminating oneself and people having knowledge as to why you do it, is not the same thing. The mere fact that you have used encryption is like 1 bit of knowledge. People will not know why you have done so.


Police represent authority which means a citizen's refusal to cooperate with their investigations is often seen as a corroborate that there is something sinister to hide on the part of the investigated.

In reply to your argument about "privacy", well, I value more my freedom, rather than risking a free stay at some police lockup facility or a prison. People who reason like you are forgetting the state has authority and I, you and every common Joe have none.

If you can afford a very expensive lawyer, it is completely a different story.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.
User avatar
edbarx
 
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E

Next

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable