Question re accepted items

Heated discussions about long term goals please. Pretty much everything goes.

Question re accepted items

Postby Merlin » Tue Jun 10, 2014 2:09 pm

Particularly in the case of multiple hidden volumes.

Have you considered all the implications? In many parts of the world, and some threat models you can be subject to being detained or worse not giving up your passcode.

For those of us who have no state secrets, we can currently create a hidden volume with nothing significant in it, and be happy to give it up to the authorities or a mistaken adversary.

The moment you introduce multiple /unlimited layers, you can never eliminate the suspicion there may be another layer, and there are places and adversaries where mere suspicion is sufficient to detain you (or worse).
Merlin
 
Posts: 43
Joined: Sun Jun 08, 2014 4:57 pm

Re: Question re accepted items

Postby compul » Tue Jun 10, 2014 2:35 pm

I have certainly not considered _all_ the implications.
Note the note at the top, that those ideas are not actually "accepted for implementation", but rather "accepted for consideration". So discussions about those can and will still happen.
User avatar
compul
Site Admin
 
Posts: 69
Joined: Fri Jun 06, 2014 6:15 pm

Re: Question re accepted items

Postby Merlin » Tue Jun 10, 2014 2:40 pm

That's really all I wanted to confirm at this point thanks. Sometimes people get swept up by enthusiasm, which is good, I'd just hate to see anything rushed into without careful consideration of both sides of the case.
Merlin
 
Posts: 43
Joined: Sun Jun 08, 2014 4:57 pm

Re: Question re accepted items

Postby compul » Tue Jun 10, 2014 2:43 pm

Careful consideration about every "feature" we add into the codebas is among our top priorities here. I believe that was very widely accepted in a forum thread, and stated on the wiki as well.
User avatar
compul
Site Admin
 
Posts: 69
Joined: Fri Jun 06, 2014 6:15 pm

Re: Question re accepted items

Postby Sabbath » Tue Jun 10, 2014 3:10 pm

Merlin wrote:Have you considered all the implications? In many parts of the world, and some threat models you can be subject to being detained or worse not giving up your passcode.


Precisely why the hidden volume is implemented, I am not sure of your point.

Merlin wrote:For those of us who have no state secrets, we can currently create a hidden volume with nothing significant in it, and be happy to give it up to the authorities or a mistaken adversary.


The same logic would suggest you could simply use bitlocker or the current version of TC. Why cripple ciphershed for those who wish to enjoy a higher level of security / obfuscation ? It may be more prudent to allow the user to decide their own threat model and choose their software options accordingly.

Merlin wrote:The moment you introduce multiple /unlimited layers, you can never eliminate the suspicion there may be another layer, and there are places and adversaries where mere suspicion is sufficient to detain you (or worse).


True, but these same "gangster" regimes are unlikely to be reasonable under any circumstances. Again the user should be allowed to determine their software choice according to their perceived threat model.
Sabbath
 
Posts: 49
Joined: Sat Jun 07, 2014 9:05 am

Re: Question re accepted items

Postby Merlin » Tue Jun 10, 2014 3:46 pm

Sabbath wrote:
Merlin wrote:For those of us who have no state secrets, we can currently create a hidden volume with nothing significant in it, and be happy to give it up to the authorities or a mistaken adversary.


The same logic would suggest you could simply use bitlocker or the current version of TC. Why cripple ciphershed for those who wish to enjoy a higher level of security / obfuscation ? It may be more prudent to allow the user to decide their own threat model and choose their software options accordingly.

For lots of people BitLocker is thoroughly objectionable as an option. and the current version of TC is hostile to Win8.x which they're also stuck with.
[edit]Also possible the audit will find something that must be fixed, leaving the current version unsuitable for anyone[/edit]
Sabbath wrote:
Merlin wrote:The moment you introduce multiple /unlimited layers, you can never eliminate the suspicion there may be another layer, and there are places and adversaries where mere suspicion is sufficient to detain you (or worse).


True, but these same "gangster" regimes are unlikely to be reasonable under any circumstances. Again the user should be allowed to determine their software choice according to their perceived threat model.

Even the UK qualifies as a "gangster" regime once they invoke the anti-terror laws
However, if you're willing to cooperate and let the authorites see you truly have nothing you're bothered about them seeing, they're suddenly a lot less gangster. With a fixed number of levels this is easy, with an open ended system it becomes impossible.
While most users wouldn't want the authorities snooping in their stuff, most users also have nothing incriminating (or even interesting) there if it comes to picking between letting them or spending their break in a spartan room with the window too high for a decent view.
Merlin
 
Posts: 43
Joined: Sun Jun 08, 2014 4:57 pm

Re: Question re accepted items

Postby Sabbath » Tue Jun 10, 2014 4:16 pm

Merlin wrote:For lots of people BitLocker is thoroughly objectionable as an option. and the current version of TC is hostile to Win8.x which they're also stuck with.


BitLocker is only objectionable for people who prefer better security or those who wish to resist government snooping. Your point, which I quoted, implied you would be "happy" to surrender your privacy to a government.

You are no longer arguing the same point.

Merlin wrote:Even the UK qualifies as a "gangster" regime once they invoke the anti-terror laws
However, if you're willing to cooperate and let the authorites see you truly have nothing you're bothered about them seeing, they're suddenly a lot less gangster. With a fixed number of levels this is easy, with an open ended system it becomes impossible.


In the UK under RIPA you are compelled, by law, to provide a password. The multiple hidden volume option allows you to do so.

Once a password has been provided and the container opened, as far as the law is concerned you have complied. There is nothing in English law which states you must continue to comply further.

RIPA, although close to the edge, is still bound by common law. The burden of proof is on the prosecution not the defendant.


Merlin wrote:While most users wouldn't want the authorities snooping in their stuff, most users also have nothing incriminating (or even interesting) there if it comes to picking between letting them or spending their break in a spartan room with the window too high for a decent view.


As previously mentioned, these are the exact same users who should choose a less secure software option. There are other options available, I fail to understand your interests in limiting the obfuscation benefits in chipershed.
Sabbath
 
Posts: 49
Joined: Sat Jun 07, 2014 9:05 am

Re: Question re accepted items

Postby Merlin » Tue Jun 10, 2014 4:31 pm

Sabbath wrote:As previously mentioned, these are the exact same users who should choose a less secure software option. There are other options available, I fail to understand your interests in limiting the obfuscation benefits in chipershed.

It's called "Devil's Advocate", it makes no odds whatsoever in my own personal use case, but unless someone argues the counter case, it can't be called considered.
Merlin
 
Posts: 43
Joined: Sun Jun 08, 2014 4:57 pm

Re: Question re accepted items

Postby Sabbath » Tue Jun 10, 2014 4:36 pm

Merlin wrote:It's called "Devil's Advocate", it makes no odds whatsoever in my own personal use case, but unless someone argues the counter case, it can't be called considered.


I understand, so after our consideration, would it be fair to say we have a compelling argument for multiple hidden volumes ? Or should we continue ?
Sabbath
 
Posts: 49
Joined: Sat Jun 07, 2014 9:05 am

Re: Question re accepted items

Postby Merlin » Tue Jun 10, 2014 4:57 pm

I can't honestly declare I'm totally persuaded either way, sometimes I think yes, others I find the arguments on the cryptsetup wiki against hidden volumes at all persuasive.. having a fixed depth of one level makes a system that's workable for persons from either pro or anti hidden-volume camp.

I've raised that there is a tradeoff involved, that was my main goal, it's now here for anyone to read, they're aware of some possible pitfalls as well as some gain if they do so, I can't decide for them, or for the team. Personally I'm satisfied with the current version's functionality, I don't think there are many who need more, most don't need all of what is on offer.

However, while we're on the subject of hidden volumes, a nice big warning on mount that accessing them other than from a hidden OS is perhaps unwise, particularly in the case of Windows, would be a good thing.
Pointing them here to see why might be a plan too: https://www.schneier.com/paper-truecrypt-dfs.pdf
Merlin
 
Posts: 43
Joined: Sun Jun 08, 2014 4:57 pm

Next

Return to Long-Term Goals / Wish List

Who is online

Users browsing this forum: No registered users and 1 guest