plausible deniability idea ?

Discussion in 'privacy technology' started by TheCatMan, Oct 12, 2013.

Thread Status:
Not open for further replies.
  1. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Hi whacky and silly idea, but was just thinking while we have work around methods like true crypt hidden os and tc containers within more containers.

    How about this idea.....

    just create a ram drive, create the vm virtual hdd file within a Ram drive.

    Install whatever windows or linux under VM running under the Ram drive, delete or close ram drive when done, or create a safety snapshot with all software/config setup.

    This way no evidence of encryption software/use or passwords or why no o/s installed, or why hdd filled with 0s and 1s, no questions asked at all from an adversary this way.... provided you remove the VM or cut the power to the pc?
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Never use plausible deniability, it requires that the other party cares about your opinion. If we say its there, its there and you have to prove otherwise,
     
  3. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    So my idea is sound then ?

    As in no mention or evidence or partitions, hdd with 0s, passwords, encryption, hidden os etc .....
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    The one thing missing with your plan is to wipe RAM at power shutdown - like Tails does, and keep the safety snapshot on an external device like a USB flash drive.

    Have you explored how much RAM you will need to support this idea in a prototype?

    -- Tom
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    There's no reason to wipe the RAM at shutdown unless you're looking at an unrealistic cold boot attack scenario.

    The real issue is how you're going to boot into the RAM drive (memory resets at shutdown) and save the snapshots.
     
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    You never know.
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Your idea is interesting, but I see no real advantage over using a LiveCD that doesn't store any data on your HDD...
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Just for jollies, suppose your computer has been tagged and 'they' are knocking at your door out of oh, let's say politeness instead of breaking down the door? What are you going to do without wiping RAM in that situation - plead plausible deniability?

    -- Tom
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    The key to that conundrum would be to store the data elsewhere!

    -- Tom
     
  10. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    My idea which I did not mention was to run it from within windows 7/8
    and use softperfect ramdisk to create say a 4gig ram drive, one can then use a portable firefox with security/privacy addons or portable Tor, or whonix with tor or another linux distro, you also have an added benefit to add a 2nd VPN either on host or linux distro for an extra paranoia layer.


    Did they not already prove once a Pc is shut down within 10 seconds 80-90% of data is pretty much gone, and a further 1-2 minutes being powered off then recovery is almost impossible.

    Not too fussed with Ram being cheap and one can usually install up to 16gig.

    LiveCd is great, however lets face it with a live cd you cant do much, your gpu/sound will never run as good as it would on Windows software, half your pc features wont even be there, your 1080p mkvs may not even run as smooth or look as good, at least with my idea you can use your pc as normal just keep your other private "activities" in the Ram drive which can be shut down afterwards.

    Regarding snapshot, why not take a snapshot with just the basics all setup, ie updates and config all setup but nothing actual started ie uttorent installed with 20 linux distros qued, take the snapshop with just utorrent installed, this way no worry or matter or evidence... its just a snapshot ain't it?

    Yes about the data, key is to not store it so accessible, full disk encryption only on drives perhaps externally or via nas/network drives, am thinking drives brought off ebay for better plausible deniability ;) Then again an adversary could manipulate the files or add data to it, but more easier for you to prove otherwise....

    Guess my thinking was its more easier to setup and run then installing true-crypt or dc and then perhaps having that whole plausible deniability factor or trying to explain what is there, these adversaries would probably assume the worst or say its there if not plant it themselves, so why trust that scenario !

    If my ideas pants its cool I just like to get different takes on it.
     
    Last edited: Oct 14, 2013
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Shutdown and stall them of course. Even pulling the plug will work. If they want your data, how likely is it they'll wait for you to wipe the RAM? If they do, how likely will wiping be necessary? In fact, it'll arouse more suspicion if they see you doing that instead of just closing the computer.

    There are far too many attack vectors to worry about than wiping RAM, even someone like me finds that unnecessarily paranoid.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I run all of my machines from one 3 KW UPS. There's a Big Red Button <-http://en.wikipedia.org/wiki/Big_red_button-> for said UPS on my desk, a few inches from my touchpad. I don't have kids ;)
     
  13. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    I would hate to imagine the worst case scenario mirimir, dozens of adversaries leaping towards your red button of impending doom:argh:

    I was looking for a link someone once gave me regarding recovery on ram, certain myths around on the net make concern but are not true, in this link these guys froze the ram units itself and then conducted several test showing data recovery from the ram units and within 10 seconds pretty much nothing was showing, within 5 seconds some parts of the jpeg pictures were found.

    Perhaps its super paranoia to think an adversary will be that highly equipped to start freezing your ram and checking other files which can maintain data. Course why chance it hence my ram drive idea, after all we want to show anyone your a normal upstanding citizen and your C drive and windows is normal, its just anything else could be in a virtual box ram drive.
     
  14. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Just use the regular Hidden OS from TC. It's the best you can do.
     
  15. redcell

    redcell Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    126
    I'm thinking ...

    NSA: Yes good. Use Truecrypt :D The most trusted and secured open source full disk encryption.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I had a friend in college, a rather dour physics major.

    He wanted a Big Red Button attached to a 10 megaton device in his closet ;)

    ... like that Eskimo dude in Snow Crash ...

    And OMG, a movie with Emma Watson as Y.T. :eek: <-http://www.geek.com/news/snow-crash-movie-to-be-written-and-directed-by-joe-cornish-1496727/->
     
  17. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163

    That could be said of *any* software. The DiskCryptor guy could be cooperating, and so could (and there is more to worry about with this company, and it's owner/founder) DriveCrypt Plus Pack. Etc...

    Barring proof, or at least serious questions, I don't worry. We know the binaries hash out to the same as compiled from source...do we even have that from the other products?

    PD
     
  18. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I agree on the other party not caring, but PD *may* get you out of there, where as a straight up encrypted anything leaves no other option. We haven't devolved into totalitarian rule yet. I believe we have a member here, who used PD successfully (a Linux version of it), IIRC.

    The other party would be talking to my barrister if it got that far, I'd say nothing.

    Take this example: Airport Checkpoint -

    "Turn on your computer so that we can see that it really works and isn't just for carrying something bad"

    1. Computer boots to the TC encryption screen.

    2. Computer boots to decoy Windows and you give them the log on password so they can root through your stuff.

    Which one runs a greater risk of further investigation?

    I take the opposite track - Use PD for *everything*...you always have the option of breaking it...which puts you in the exact same place as if you didn't use it, IMO. But at least you have the option.

    This reminds of the "tip" to actually use a hidden volume, and place one text file in there to show that you aren't using hidden volumes. Well since there is no distinguishing a decoy volume from a regular one (both say "Normal" if hidden volume protection isn't used) - How can you prove a regular volume doesn't contain a hidden one, if you are a non-pd advocate? You can't.

    PD isn't something to worry about, to the point of avoiding it, IMO.


    PaulyD
     
  19. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    thats all nice and great , but theres an even easier way , just use tc with its hidden os option and in conjunction with shadow defender , make sure to activate said SD and make sure it caches to the ram not the hdd , youve got

    full lite vitualization , meaning not even sectors change cause all activites that change a sector get done in ram not hdd , its like running a live cd or for that matter a volatile ram disk, much more convenient and you dont loose everything youve been working on only what youve been working on while full virtualization was active and uphold plausible deniablity if youve fd up PD then youve done something wrong that you shouldnt have , use some common sense people , and of course youll need abit more ram than usual ;)

    and yes as ive mentioned before any ram starting from 2008 aka ddr3 erases in less than a minute tops if not seconds , theres been links to it many times over , just make sure youre case uses non conventional mounting and is able to withstand a angle grinder for more than a minute or located in such a manner that it would take them atleast a couple minutes to get to your rig and your good to go, sure we can all go crazy and use one time use laptops since where all just bathing in money or use jbweld to permanently mount our rams to the slots , mind you its a real bitch to replace once faulty ,lols and then theres the good ol magnesium trap , will burn right through your ram and hdds that should take care of any totalitarian country not happy with you using encryption for any other "normal" country the above should more than suffice ;)
     
    Last edited: Oct 21, 2013
Thread Status:
Not open for further replies.