Truecrypt Hidden o/s or Full disk Encryption?

Thank u very nice post but there is a way to check if our pc is "controlled"? U said they could have full control of it, even take camera pics or make an image of our hdd but this is only possible if our pc is comprosied installing some software or keyloggers on it right? Do u know some programs to check if these softwares are silently rinnung on our pc? I dont think an antivirus its enought right... could u advice me some programs? I dont know much about this, Thank u

 

Check the other threads in the Anti-Malware section. I think OA or Comodo with HIPS/Sandbox, Zemanna Anti-Keyogger Free, Sandboxie, etc... are a good start. This is also why FDE, with a boot loader that you always carry, helps...no way to install software. If you grind/JB Weld your laptop screws (max out your RAM and HD Size first! ) and use security tape...hardware loggers would be tough too.

PD

 

Thank u PD ill check the other topic too, actually i just use AVG - Comodo Firewall and Malware Bytes, they arent enought right? Id like to add one more program to prevent key loggers, u would advice Zemanna Anti-Keyogger Free?
Also if someone has installed something to remote control my pc how can i check it? An Avg scan could detect it or its not enough? Thank u again

 

AVG - Comodo Firewall and Malware Bytes is good I would say, plenty of programs and software out there which can check for bugs and viruses, I would as suggested by pd check the other sections out.

I use to use Kaspersky Internet security suite, with malwarebytes the odd weekly scan of superantispyware also.

I would suggest however while its great to use firewalls/AV programs to safe guard yourself, you want to safe guard yourself with the most important thing and that is your privacy. Check into VPN topics, a VPN is a paid service which encrypts your connection, no isp or government can snoop or see what you are doing on the internet. Provided you set it up properly your golden.

Course all depends what you do online and if you want to safe guard yourself.

I feel a VPN should always come first, then AV and Spyware etc

 

Ok, legal structure in the United States. LE has been forcing people to turn over their TC pass phrase. Failure to do so has resulted in legal charges being brought (hence the need for plausible deniability). II work with security a lot. If I was ever in such a position I might take another route. I would give a fake pass phrase and when it didn't work say your honor I gave the correct pass phrase it is not my responsibility if they screwed my system up. Another take on plausible deniability. Good security also means knowing how to deal with LE in this fascist state.

 

pcdoctor36:

would love your take on my plausible D idea here:

https://www.wilderssecurity.com/showthread.php?p=2297654#post2297654

Its at the bottom post 17, cheers.

 

They may try but LE at this time is avoiding taking this type case to the Supremes. I have several opinions for appeals level and the 5th Amend is still being upheld. The lower guys have a mean "bark" but the bite isn't constitutionally there, and they know as the case elevates they will lose. They are afraid to take this to the Supreme Court and then set a precedant which could change all their "hot air" into nothing. Of course there is a small chance they would win and privacy freaks would lose. LE won't take that gamble for now as long as there are 5 conservative judges on the court. My .02

 

You are of course correct the 5th amendement has been fortunately upheld regarding truecrypt passphrases. That doesn't and hasn't stopped prosecutors offices from threatening and leveling felony charges when someone refuses to turn over passphrases. Many who get into these situations are not legally sophisticated and just start running their mouth against that type of pressure. Legal education is a necessity anymore.

 

Just want to add a practical consideration -- namely, I have strong doubts that multiple levels of plausible deniability would be effective in the real world.

More specifically, once a person admits that their first denial was a lie, everything is going to spiral into a total crash from that point on. In civil and criminal litigation, it's a lawyer's dream to catch a witness in an intentional lie. After that, all credibility is lost. Nothing else the witness says will be believed.

The same or worse is to be expected in an interrogation. A person who admits that they were lying should expect the harshest treatment possible to follow. That means extended and intensive interrogation followed by arrest and/or indictment for every minor technical infraction that can be found. In other words, expect the authorities to throw the book at you after that point. Moreover, after that, no denial can reasonably be expected to be viewed as "plausible". You're going to basically need to be able to prove you're telling the truth for every answer to every question after that if you want to walk.

So my recommendation is set things up so that you simply refuse to make any admission whatsoever. Alternatively if you are in a jurisdiction where you cannot refuse to make an admission, and you have decided to rely on a plausible denial, you darned well better plan to stick to that denial because if your denial doesn't work, you can be pretty certain you're going to find yourself up the proverbial creek without a paddle -- and any further denials are just going to make things worse.

__

 

Thank you sir! Not vibrating your vocal cords is one of the easiest things a human can do...I don't know why people think they can help by talking.

Ever see the Bourne Identity? Imitate Matt Damon in the police station

PD

 

You are so right and it really bears repeating, and repeating... Say Nothing!

If that isn't possible in your jurisdiction, try to talk to a lawyer or solicitor before saying anything, and then say a little as possible.

Also be aware of traps and pitfalls associated with anything you say in virtually any jurisdiction. For example, Ray Lewis, former Baltimore Ravens NFL Football standout was charged with murder in 2000, in Atlanta Ga., despite little if any evidence of his guilt and a great deal of evidence of his innocence. Ultimately the baseless murder charge was dropped but Lewis was still forced to plead guilty to a misdemeanor charge of obstruction of justice, due to a misleading statement he voluntarily gave to police.

__

 

Another wilder on here suggested similar, as in just act dumb and say dunno?

This is why I love the idea of no evidence of tc or dc or encryption ever installed or used on your system.

A hdd with random data is just that.... no time stamps on when it happen... nadda one can say you have never used it since you brought it, you simply press the on button and windows loads and that is what you use daily.

Am sure its easier said then done, and multiple questions will be thrown at you as in where did you buy the hdd, how much did it cost etc

Suppose another way is to simply say "no comment" but this simply implies guilt, more so if you answered your full name before hand

 

Just my personal opinion, but I tend to agree that Full Disk Encryption (or Full Operating System Encryption) is a pretty good way to go and although I currently use TrueCrypt, I also like DiskCryptor (DC). I've installed DC several times and it's really not a problem. I haven't put the bootloader on a separate USB drive, but the set up for doing that is just a matter of checking a box as I recall.

Please, do a full back up before encrypting anything! Do it on a separate encrypted drive or partition, or use the encryption option available with most back up programs if you are concerned about security of the back-up. With a back up in place, any encryption program is just a lot easier to use, and to experiment with because you don't have to worry that even the slightest mistake is going to cause the end of the (computer) world.

I see you hail from UK. I know that there are laws there requiring the user to give up a password to encrypted data but I don't know the details of those laws such as whether there is a minimum hurdle the authorities must meet before imposing this type of search on citizens (I suspect there are some requirements but don't know), so DC is probably a pretty good approach there.

But bear in mind that it would be reasonable for a prosecutor to argue that your disk must be encrypted if there is no operating system on your computer whatsoever. You don't have to respond to this argument -- that's your counsel's job. But you counsel's job would be a lot easier if there were some operating system either somewhere on the computer or on a USB or DVD associated with the computer.

The message from the Ray Lewis and similar cases is don't lie or say something that can be viewed as attempting to mislead the authorities. If you must say something you can say something like you know that the authorities must strongly believe in respect for the law since the law is their vocation; they must understand your desire not to mistakenly say the wrong thing, or say anything that might somehow put you in the wrong light; and the since the law guarantees certain rights to all citizens, it stands to reason that these authorities must certainly respect your rights not to speak at this point. You're not trying to be difficult but citizen's rights are important aspects of the fundamentally respected way of living in your country.

Regards.

__

 

Yes in england you are pretty much forced to give up access to the hdd more so if its prompting for a password, no 5th amendment saviour here sadly.

Its 2 years max sentence I believe...

Yes I agree, my current thinking of is keeping it really simple.

C drive: Decoy windows for general and normal use

D drive : Real windows.

D drive would be FDE and require bootloader and password.

This way any adversary who switches on the pc goes straight to C drive Windows and D drive is full of random data, no sign or evidence of encryption.

Explanation of D drive could be was not even aware of it since switched on pc and just used it.

Keeping it simple with stupidity thrown in which comes natural may work wonders for privacy and security.

 

Then how do you access the D drive if accessing the C drive does NOT require a pre-boot authentication passphrase?

 

Let's say that you didn't keep any data locally, and stored it all online somewhere, in (let's say) an entirely secure way that left no local traces. For example, you would always boot a LiveCD, perhaps Tails, and save nothing.

Would you go to jail for refusing to disclose where the data is located?

How about if you disclosed the password, but not the location?

 

I put it more in detail here:
https://www.wilderssecurity.com/showthread.php?t=354986

But my working setup was to either use tc or dc with 2 hard drives.

1st hdd: normal windows with nothing hidden or encryption software
(use regular)

2nd hdd: tc hidden os or dc REAL os encrypted which requires bootloader


This way anyone switching on the pc suspects nothing, if further questioned regarding the D drive drive letter or why is D drive not working. My excuse is simple, I was going to install Windows 8 on it at a later date.

If questioned further about why Random data exist on D drive by adversaries. I inform them I used Dban and used a random data Wipe mode, this way I could install windows 8 at a later on date.

Its simple and if it works is the golden question, course there will always be holes and paranoia with plausable D excuses, but you just have to use what your comfortable and confident in.

I would naturally after 6 months of being a wilder create multiple barriers if they got to the end point of bootloader/password etc....

 

Q. Why do you have an unused HDD (or partition) that is filled with random data?

A. You know, it's crazy...

At one point I encrypted the drive (partition). But as it turned out I almost never used the encrypted drive (partition). So I tried to mount the darn thing one day but I couldn't remember the password because I hadn't used the password for a while and when I set up the effing thing I chose some long password for security purposes.

I tried for a while to mount the effing thing but nothing I tried worked. I was frustrated as h***! Wished I'd never even heard the word, "encryption".

Then I got to thinking about the whole thing and got really freaked out. Here I had an encrypted drive (partition) and I couldn't remember the right password. But I'm in the UK and I could be put in jail for not remembering the password -- I mean how could I prove I can't remember the password if they didn't believe me?

So I got a wipe/shred software and wrote over the whole drive (partition). What else could I do?

Wish I'd never heard of effing encryption. This whole thing is just crazy...

__

 

Good question, this is was why when I first joined here I was more interested in going the live cd route. No hdd no proof. An adversary would still need to prove a password or data was stored else where before they could ask the question. So yes if they are aware of something hidden and you do not co-operate in UK they can put you in jail for thought crimes.

They could in theory still use logs from their own end, websites and IP addresses and Chats taken place as evidence, they do this everywhere world wide as we know.

An adversary would attempt to catch you regardless and ask for all passwords ie your email account even your favourite forum website. They could then work out mirimir@riseup.net is linked to mirimir username, and its registered on wilder forums and several others.....

Its like a trail of breadcrumbs, and just like birds they peck away.

Not co-operating with them will show your guilty, I know cases in which adversaries have even planted fake stories and evidence just to get a conviction or get the charges reduced so they accept a less minor charge, happens all the time. Its hard to win, one could plant evidence on your encrypted drive.... and then you slip up and say how did you put those files on there without my password... whoops

Misdirection and as many barriers I feel can help

 

That is a good un even more so since I cant work out what h***! could be.

If your not in England your PD could work... in England the above may not work sadly.

In fact its just not in England, quite a few places in Europe also do similar:

https://en.wikipedia.org/wiki/Key_disclosure_law

Here is a link for UKers:

http://falkvinge.net/2012/07/12/in-...or-encryption-but-for-astronomical-noise-too/

Its a good read, so even if an adversary believes you are hiding something even if its random data.... off to the cells you go(england law).

Its the ultimate injustice but then who said the law was honest and followed the law.

This is why the hidden os or hidden container works in our privacy favour and attempts to save your head.... literally. Sadly no one ever comes back to say if it really worked

 

There's a simple solution.

Move somewhere that's sane

 

It would be an apartment right above your place