[HN Gopher] Show HN: HiddenVM - Use any desktop OS without leavi...
___________________________________________________________________
Show HN: HiddenVM - Use any desktop OS without leaving a trace
Author : aforensics
Score : 367 points
Date : 2020-03-05 10:09 UTC (12 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| unnouinceput wrote:
| Or, or..hear me out, swap your HDD with a gaming one so when a
| smart guy takes a look at your HDD will find only benign games.
| You think customs agencies does not have smart people who can
| look past a simple boot screen? Think again
| incompatible wrote:
| Or just wipe the HDD and install a fresh OS? I have to admit
| that I'm uncertain exactly what the goal is.
| saagarjha wrote:
| A fresh OS is pretty suspicious.
| Insanity wrote:
| It takes almost no time to reinstall an OS, install a few
| games from steam.
|
| If you want you don't even need to wipe your install and
| have a bit more time to spend, you can dual boot and remove
| the other boot option temporarily from GRUB / MBR or
| whatever the windows equivalent was.
|
| Or fetch out a few github repos if you don't want to
| install steam games. :)
| saagarjha wrote:
| I'm not sure I understand your response. Am I missing
| something in my original comment?
| Insanity wrote:
| My reply was to say that it's relatively easy to make a
| clean install not look 'fresh' :P
| incompatible wrote:
| A zeroed drive and a stock OS install, surely unlikely to
| have any hidden data.
| unnouinceput wrote:
| Github says the goal is to hide your privacy from customs
| agents. That's the honorable use of this. But is a tool, and
| just like any tool can be used for both bad or good things. A
| scammer or spammer will have use of this faster then a person
| facing customs agents.
| jedieaston wrote:
| Put your sensitive data on a microSD card and put the card in
| your mouth while in the checkpoint, the detector won't be
| sensitive enough to pick it up (it doesn't detect fillings and
| they are around the same size).
|
| If you get in trouble, just swallow.
| unnouinceput wrote:
| Or have Veracrypt volumes uploaded to some service and use it
| from anywhere on the world when need it? Much simpler
| walrus01 wrote:
| If your laptop is getting inspected at the border of an actual
| authoritarian police state:
|
| https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
| bergheim wrote:
| Reminds me of this xkcd: https://www.xkcd.com/538/
| goblin89 wrote:
| The same tradeoff as with any security measure applies to
| border officials. They may or may not go beyond scanning for
| low-hanging fruit, and in a typical scenario probably won't.
| joantune wrote:
| That's why TrueCrypt, and I think Vera Crypt have support for a
| volume that can be decripted with two keys - one will yield a
| decoy volume where its free space is actually the real volume
| that you want to protect which gets decoded only with a second
| key
|
| I'm not sure if the entropy analysis of that free space can
| suggest that there's something funky about that free space or
| not.. Because usually free space is either actual info just
| marked as deleted, or info reset to zeros by some pro active
| wiping of the free space. So, having a bunch of whacky data
| that doesn't look like any kind of file, can probably be used
| as a tell tale sign? No?
| RcouF1uZ4gsC wrote:
| I think the authoritarian regime will just torture anyone
| with any VeraCrypt or TrueCrypt volume and the plausible
| deniability will come back to bite you as you can't prove
| that there are no other hidden volumes.
| rolltiide wrote:
| The point of a decoy is to satisfy scrutiny. Truecrypt
| WITHOUT decoy will escalate the scrutiny, truecrypt WITH
| decoy will avoid further scrutiny.
| XMPPwocky wrote:
| The problem is the level of scrutiny. Against some
| attackers, decoys have very very nasty game-theoretic
| failure cases.
|
| Specifically- there's no limit to the number of decoys
| that could be on a disk. So you can get into the
| situation where you've decrypted every volume that
| exists, under coercion, but your adversary believes there
| are more volumes remaining.
|
| By design, you have no way to prove that there isn't more
| hidden data on that disk. This is unlikely to end very
| well for you.
| sveme wrote:
| If that's the operation mode of your foe, it's not going
| to end very well for you anyways.
| [deleted]
| heeen2 wrote:
| When the sum of nonfree data on all volumes reaches the
| capacity of the drive there is no more space for hidden
| data
| shaftway wrote:
| If I remember correctly, the decoy volume treats all the
| hidden space as available disk space. TrueCrypt used to
| have a warning that booting into the decoy volume could
| scramble the hidden volume when the OS wrote files to
| disk if it happened to choose some space that overlapped
| with your data.
|
| If your decoy only lists 5GB of space on a 5TB drive,
| then it isn't a very good decoy.
| bArray wrote:
| An encrypted volume (fixed space) should even remove the
| white space. After all, knowing the size of a file contained
| within could leak information about its contents.
|
| I imagine the only way to detect a volume would be to have it
| decrypted (enforced by law enforcement), to take the supposed
| volume type and files within and then re-encrypt with the
| same data. If your volume and the supposed clone are
| different, it would suggest that you have hidden another
| volume within.
| abhorrence wrote:
| I think the defense is that (assuming IVs, nonces, etc...
| are held constant) that the files would encrypt
| identically. And the excuse for the rest of the disk is "it
| gets filled with random bytes to obscure how much disk
| space is actually being used.
| threatofrain wrote:
| It's also why, IMO, obscurity is a valid component to
| security.
| ivankolev wrote:
| Yes, but defence in depth/layering is the over-arching,
| higher-order concept in the security game.
| tetha wrote:
| As I've started putting it: Make your infrastructure and
| systems hard. Then don't tell anyone the details.
| OJFord wrote:
| I agree, not least because I can't see how to define
| 'obscurity' without it also being a basic explanation of
| encryption.
|
| (Good) Encryption is a (secure) mechanism for obscuring
| data, surely?
| antepodius wrote:
| It seems like there's something like a way to measure the
| different mechanisms in terms of how inherently decoupled
| they are from their surroundings. So, a the fact you have
| to send messages to my server in a particular format is
| one type of obscurity- but it's highly non-incidental,
| linked to many different parts of the world (i.e. it's
| some common network protocol) and more easily
| investigated (you could get interesting different
| responses by vary what string of bits you send).
|
| In comparison, which particular password I use can be
| very highly decoupled from the rest of the world and my
| architecture, which makes it vastly more (reliably)
| obscure.
|
| Somewhere inbetween "you have to know my server exists to
| send 'login:admin password:pass' to it" and "the volume's
| encrypted with a 2048-bit cypher generated from
| atmospheric entropy" is, maybe, a useful middle ground.
|
| Hidden volumes seem like more of a defensive meta-
| obscurity, in that they obscure your metadata (your
| ownership of a particular piece of encrypted data).
| XMPPwocky wrote:
| https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
| OJFord wrote:
| I'm aware. But Kerckhoff's principle is just saying that
| your mechanism of encryption shouldn't be obscured. It
| doesn't change that I can't define 'obscure' in a way
| that doesn't make it a mechanism (in itself inobscure) of
| obscuring data.
|
| Also, there are plenty of historical ciphers that fall
| foul of Kerckhoff, I don't think we can say
| retrospectively that they weren't done for security, and
| in many cases were probably totally adequate for some
| time, if not their lifespan.
| grifball wrote:
| When cryptographers talk about "security through obscurity"
| they're talking about cryptographic algorithms and
| protocols. So even systems that aim to prevent "rubber-
| hose" attacks could benefit by avoiding algorithms (like
| AES) who's security is based on obscurity, even if there
| are parts of the system that are obscured.
| TheFiend7 wrote:
| Only circumstantially in IMHO. Obscurity can be a semi-
| decent security tool in some situations, and in others
| completely and utterly useless. It depends on what you're
| trying to secure.
| brianjlogan wrote:
| In most instances I think torture would yield all of your
| knowledge including the secondary unlock.
|
| Unless you're thinking your attacker would exclude you from
| torture for "yielding" the password.
|
| I would think if they are capable of torturing you than they
| wouldn't stop at a polite confession.
| bootlooped wrote:
| Border agents inspect and copy many more digital devices
| than just those of people they actively suspect of
| something, or are willing to torture.
| varenc wrote:
| VeraCrypt hidden volumes are supposed to be a 100%
| deniable. There's no way to prove they exist.
|
| The idea is that they'll stop torturing you because they
| don't know of the existence of the hidden volume.
|
| (In practice I suspect it leaves some subtle queues, but
| maybe perfect for a border crossing )
| frandroid wrote:
| My understanding is that people who torture you don't
| know what you don't know; so they don't know when to
| stop. As such, they'll keep torturing you way past the
| point where you've admitted to everything you know. This
| is why information obtained under torture is considered
| unreliable: eventually you'll just say anything to stop
| the torture; further admissions will support the use of
| torture as an information extraction tactic, and then
| lead to more torture.
| elif wrote:
| Yes but, under what pretext would you torture someone who
| has complied with all of your requests?
|
| ~"Do you have any encrypted data we can't see?"
|
| "Yes. The entire drive is encrypted"
|
| ~"What is the key?"
|
| "iloveapplesauce6969"
|
| ~"Well, that worked and I see your data here. What a
| lovely family.. is that Disney world?"
|
| "Yes it was Timmy's 5th birthday"
|
| ~"I'm going to waterboard you"
| frandroid wrote:
| Them: "You're still hiding something"
|
| You: "This was everything!"
|
| Them: "We don't believe you" _-rubber hose-_
|
| You: "Stop it! I planned to blow up the world trade
| center!"
|
| Them: "We knew you were a liar."
|
| To themselves: "Wow, torture works."
|
| Rinse, repeat.
| lukifer wrote:
| In theory, you could just keep adding n+1 layers of fake
| passwords (maybe with realistic fake data), on the hope
| that after n attempts, they think they've broken you and
| hit the jackpot.
|
| But as sibling commenters describe, if sufficiently
| motivated, there's no reason that an authoritarian state
| wouldn't just keep torturing you anyway. :(
| dmos62 wrote:
| What countries do this? I saw a mention of Australia.
| chupasaurus wrote:
| Any, if they would really want the data.
| dmos62 wrote:
| All borders don't have privacy protection laws? Hard to
| believe.
| duxup wrote:
| Depends on the border / country.
| IggleSniggle wrote:
| All things are fungible
| kube-system wrote:
| That just raises the bar for how much they need to want
| it. It doesn't eliminate it.
| 87zuhjkas wrote:
| Are there any protection mechanism against that? Something
| like, even if you are being tortured you cannot provide the
| access to anyone else?
| Santosh83 wrote:
| Sharded secrets... you only have one part of a key or keys
| needed to decrypt some data so even extracting that from you
| by torture will not suffice. Of course this isn't always
| practical.
| maxaf wrote:
| "They" (whoever they are) can torture more than one person
| at a time.
| gruez wrote:
| Presumably the other key holders are in a different
| jurisdiction.
| bluGill wrote:
| The trick is to ensure you are never near all the people
| who know the secret when there is the possibility of
| trouble. That makes kidnapping everyone harder.
|
| Of course if you really worry about such things you
| shouldn't be trusting the other people you are working
| with either...
| ben_w wrote:
| Yes, but:
|
| 1) they might not believe you, and
|
| 2) that's still true even if the reason you don't have a key
| is because you don't actually _have_ a secret encrypted
| partition -- or whatever -- to supply a decryption key for
|
| So the best thing to do is avoid being in a situation where
| someone is allowed to do that in the first place.
| aforensics wrote:
| This is interesting. This also means that using encryption
| or anything that can plausibly make someone even slightly
| suspect you're using encryption (even if you are not) can
| make your situation worse, with certain classes of enemies.
|
| I'm sure advanced configurations with well-crafted decoys
| and steganography can help combat that, but as we can see,
| encryption can only take you so far and it's only one
| element of the picture.
| smichel17 wrote:
| Encrypt with two keys, one that you know and one that a
| trusted third party , knows. When you reach your destination,
| establish secure contact with the third party and have them
| share their key.
| amoshi wrote:
| Plausible deniability, like hidden containers in TrueCrypt?
|
| That's a double edged sword though - imagine you give up,
| surrender the password and are then being asked to unlock a
| hidden volume, which you don't have.
| jmt_ wrote:
| I believe Truecrypt supported a feature where different
| passwords would unlock different partitions in a volume. So
| someone could ask you to input the password for BadBoy.tc,
| and if you enter password1, then you get say the data they
| actually want. But if you enter password2, it mounts a
| different part of the file which gives the appearance that
| you unlocked the whole thing. So, you could stage a dummy
| partition that has false but convincing data and hopefully
| fool any captors.
| contravariant wrote:
| Don't take the laptop with you.
|
| At this point setting up a secure connection to a device in a
| secure location is _way_ easier than trying to protect your
| data against someone with physical access.
|
| You can also get your collaborators to revoke access if you
| fear you might be 'compromised', although ultimately it's
| hard to protect a system against yourself.
| bArray wrote:
| I think one method would be to ensure you don't have the full
| key, i.e. you have some select friends, each that have part
| of the key (with some redundancy) - all unaware of one
| another and potentially all unaware that they even have part
| of the key.
|
| Then you position your friends over multiple jurisdictions so
| that they cannot legally compel all of them to play along.
| megous wrote:
| If you're talking about protection for the people that may be
| captured with the help of the data you may have on your
| computer, yes.
|
| Otherwise, no. When they have you they can just torture you
| to death for whatever reason or no reason at all.
| jstanley wrote:
| > The VM will even connect to full-speed pre-Tor Internet by
| default, while leaving the Tor connection in Tails undisturbed.
|
| This doesn't strike me as a selling point? Surely the default
| should be to have the VM traffic all go over Tor?
|
| Cool project though.
| aforensics wrote:
| Well, the idea is that you don't have to be limited by Tor's
| speed or handicaps like being IP blocked when web browsing, if
| you don't want that by default. We love Tails' amnesia for
| anti-forensics, but we prefer Whonix's more secure Tor
| anonymization, if you want to be anonymous. Now you can easily
| combine both benefits.
| norswap wrote:
| I think the point is to make a decoy OS that you can boot into
| if forced to unlock your laptop. Running on Tor would be highly
| suspicious.
|
| The point of running this on Tails is to prevent the use of
| forensic tools inside the decoy OS to unearth what's
| underneath.
| joosters wrote:
| If using Tor is suspicious, then having Tails on your
| computer is also going to be suspicious. I'm certain that no
| border agent will be swayed by your "but I don't actually use
| this Tor I have installed" arguments.
| bluesign wrote:
| Safest way is to hack the SSD/HDD firmware, make it report its
| size half. Depending on some condition, make it use the selected
| half. (ex: some byte in first sector, some ATA command)
| flyGuyOnTheSly wrote:
| And when they pull the hdd and realize it says 512gb when
| you're only showing 256gb?
| Someone1234 wrote:
| Replacing a SSD's sticker doesn't seem particularly
| challenging relative to modifying the firmware to misreport
| but make available storage.
| threatofrain wrote:
| Any entity big enough to seize your laptop for analysis is also
| going to be able to look up the specification for any
| particular part in your laptop, and eventually this portion of
| the cat and mouse game will end.
| ArchReaper wrote:
| That's definitely not true, the article mentioned people
| traveling between countries - TSA/border patrol/airport
| police aren't going to send your laptop over to the NSA/KGB
| to have it cracked by an expert. That being said, actually
| encrypting the data is way more secure than fucking with HD
| self-reporting.
| Someone1234 wrote:
| That's predicated on an all knowing adversary with unlimited
| time and budget. In other words it is a largely fictional
| problem.
|
| Most of the people we're talking about just run off the shelf
| forensics software and have minimum actual expertise (the
| government doesn't pay well enough for legitimate experts
| doing it by hand).
|
| But then again, very few people are crazy enough to modify
| computer hardware to protect their information. So both sides
| of this coin might be largely fictional.
| threatofrain wrote:
| Are most people getting their laptops seized?
| Someone1234 wrote:
| A international borders? It isn't at all uncommon. I've
| had my electronics searched before.
| jedieaston wrote:
| Out of curiosity, if you're comfortable saying, what
| country was it and were you a citizen there?
|
| I'm always curious what the breakdown is.
| 6510 wrote:
| I forget where I hear it or if it was my own idea (the shame, I
| know, I know!) but... cant you have an unknown number of
| username/password pairs that decrypt/unpack the same chunk of
| data into different things? Say you have the same OS 51 times, as
| clean installs the data shouldn't have to be all that much larger
| than 1. You install some games on one, some office apps on the
| next, put some downloaded movies on the 3rd. You could give them
| "all" 50 passwords and they could never find OS nr 51.
| lousyd wrote:
| Perhaps you're thinking of this:
| https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29
| jetrink wrote:
| It's not possible to encrypt 51GB of real-world data in 1GB
| space for the same reason that compression algorithms can't
| achieve 51x compression ratios. Given that, such a scheme
| presents some challenges if you want to maintain plausibility.
| Either,
|
| 1. Each filesystem lives within an allocated area and knows not
| to overwrite its neighbors' data.
|
| 2. Some filesystems (the real ones) are privileged and know
| their actual allocated area. Others (the decoys) think they own
| areas of the storage volume that contain hidden data and
| therefore have the potential to overwrite the hidden
| filesystems if they are written to.
|
| In the case of (1), you need to be able to explain why your
| computer has unallocated areas filled with pseudorandom data.
| That is never going to pass the plausibility test, imo.
|
| In the case of (2), a lot of effort needs to be put into making
| the decoys look normal while not letting them overwrite the
| hidden data. There are a number of strategies you could use
| here that would work, but it will never be as convenient or
| simple as dual-booting and the more convenient you try to make
| it, the less innocent a hard drive will appear under close
| inspection.
| cheztir wrote:
| I think the original commenter was going for an encrypted
| copy-on-write setup, not some magical compressed fs. Just a
| base image (eg 50GB) with various encrypted delta images (1GB
| each) that are assigned to each user.
| jstewartmobile wrote:
| if i had reason to be this paranoid about doing something on the
| computer, i probably wouldn't do it on the computer... see what
| Ron Minnich amd Bunnie Huang have to say about the state of
| modern hardware and bios.
|
| that, and i believe AMT is still _a thing_
| ThePowerOfFuet wrote:
| > The VM will even connect to full-speed pre-Tor Internet by
| default
|
| Snatching defeat from the jaws of victory.
| paulcarroty wrote:
| Will be interesting to also have macOS as guest with Vera Crypt &
| encrypted volume etc.
| Santosh83 wrote:
| Maybe good for hiding activity when you're already below the
| radar. If you're a person of interest for a large enough state
| then they can and will use all manner of dirty tactics to nail
| you and simply encrypting is not enough. You will have to flee
| like Snowden did. And once they bring in legislation that says a
| govt agent can ask for your decryption keys under reasonable
| doubt then everyone is in soup since encrypted data is easy
| enough to detect as such. One may have to shift to steganography
| of increasing sophistication. Basically this fight has to be
| clinched politically. While technology can help it can't ensure
| absolute privacy/security against an all-powerful state. The key
| question is if a state should be all-powerful at all in the first
| place...
| aforensics wrote:
| Indeed. Software is a supplement to the physical world. But we
| do what we can, and at least in the realm of software, we can
| have freedom.
|
| It's possible Tor and Tails is dangerous software to use in
| certain states. But if they can safely use it, it's here for
| them.
| tuxxy wrote:
| > everyone is in soup since encrypted data is easy enough to
| detect...
|
| This is only half-true. Any secure encryption is going to
| result in ciphertext that is indistinguishable from random
| data.
|
| In cases where the ciphertext is designated by a header or file
| format, then it's trivial to know that something is encrypted.
| Then there are cases where we can try to forensically determine
| that there's encrypted data via the existence of an encryption
| tool (e.g. VeraCrypt).
|
| If you wipe a disk with random data, for example, then it would
| be relatively difficult to determine whether or not the disk is
| encrypted (implying that there are no headers on it). In fact,
| one method of wiping disks is to generate a random encryption
| key and encrypt a stream from /dev/zero to fill the disk
| (https://wiki.archlinux.org/index.php/Dm-
| crypt/Drive_preparat...).
|
| This tool is making use of a VeraCrypt hidden volume which is a
| rather really interesting application of plausible deniability
| in cryptography. Essentially, this let's you have two volumes
| where both are encrypted, but each has a different key. In this
| setup, you'd put some files on one of the volumes to make it
| appear that it's your "used" volume. On the other "hidden"
| volume, you'd place the real files you want to keep safe.
|
| In a case where the government is demanding that you release
| your encryption keys, you would give up the keys to the "fake"
| volume. Unless you divulge the keys to the "real" volume, the
| attackers wouldn't necessarily know that it exists.
|
| Unless there's evidence of you using one (maybe chat logs or
| google searches asking for help on using it, for example),
| there's no reason for anyone to suspect you use it.
|
| The VeraCrypt documentation explains the technical details
| (https://www.veracrypt.fr/en/Hidden%20Volume.html) well enough.
| ansible wrote:
| > _This is only half-true. Any secure encryption is going to
| result in ciphertext that is indistinguishable from random
| data._
|
| A new SSD with very little data in the filesystem isn't going
| to have many, many sectors filled with random bytes. They're
| going to be blank instead.
|
| A used drive will have free sectors (not used by the
| filesystem) containing unencrypted contents of old files that
| have since been deleted or something. This is also not random
| data. Chunks of movies, pictures, applications and music will
| be identifiable, easily.
| Piskvorrr wrote:
| A previously-used disk, wiped to NIST standards, will be
| filled with random data - that's exactly the point of the
| wipe.
| ansible wrote:
| > _A previously-used disk, wiped to NIST standards, will
| be filled with random data - that 's exactly the point of
| the wipe._
|
| Yes, and that is suspicious. Random data is suspicious.
| Piskvorrr wrote:
| Suspicious, true. But in such case, you could be in
| trouble for refusing to provide the password to a
| suspected hidden drive _which doesn 't exist_. How does
| that even make sense? (Rhetorical question)
| ansible wrote:
| From your point of view, it doesn't of course. You know
| that you don't have an encrypted partition.
|
| But from the authorities' point of view, they will beat
| you until they're convinced you don't have anything of
| interest you can give up. That could last quite a
| while...
| wpietri wrote:
| Exactly. Something being suspicious is about small
| differences from what's expected, differences that
| correlate with something bigger. Whether the disk is full
| of random data because it's encrypted or because it was
| securely wiped, either way it correlates with somebody
| having something they're working to hide.
| Piskvorrr wrote:
| Or a second-hand computer: I do not wish to carry
| previous owner's use history into my usage, and neither
| should anyone else. Do not conflate "unusual" with
| "therefore hiding stuff", and don't even try "hiding
| stuff, therefore bad".
|
| There are legitimate reasons for wiping data...can't
| believe we're having _this_ discussion, _here_ of all
| places.
| ansible wrote:
| In no way am I arguing that you shouldn't wipe your data,
| use encrypted filesystems, or anything like that. That is
| a totally legitimate thing to do.
|
| We're just talking about drawing attention to yourself
| from governmental agencies that probably don't have your
| well-being as their highest concern.
|
| Using state-of-the-art encryption to keep your files safe
| is good. But if it leaves _any_ evidence that you are
| indeed using encryption, you are potentially drawing
| attention to yourself. And people should be aware of
| that.
| wpietri wrote:
| I agree there are legitimate reasons for doing so. None
| of which will matter to some official busybody rummaging
| through your drive. To them, a drive filled with random
| noise (instead of, say, being zeroed out) is going to be
| unusual in a way that correlates with bigger things they
| worry about. Or, in short, suspicious.
| laumars wrote:
| > _Any secure encryption is going to result in ciphertext
| that is indistinguishable from random data._
|
| While that's technically true it feels a bit like a moot
| point because if you have random data that cannot be
| attributed to any other application (such as large volumes of
| randomness) then it's a reasonable conclusion that you've
| just detected an encrypted volume.
|
| > _In a case where the government is demanding that you
| release your encryption keys, you would give up the keys to
| the "fake" volume. Unless you divulge the keys to the "real"
| volume, the attackers wouldn't necessarily know that it
| exists._
|
| Unless they inspect the storage properties (either physically
| or how it registers itself on the host) and see that it's a
| 1TB drive with only a 500GB mountable volume. Again, it
| wouldn't be a forgone conclusion that the individual has
| other hidden volumes but it would be suspicious enough to
| warrant further investigation / interrogation.
|
| As always though, it really depends on the risk level you're
| trying to protect yourself against.
| ajphdiv wrote:
| I would also assume the 'dummy' operating system wouldn't
| have much activity. Since the user would be using the
| hidden OS. So that coupled with the unaccounted for space
| would raise more flags.
| a_imho wrote:
| Isn't downloading additional software defeats the purpose of
| inspecting the code?
| [deleted]
| hleszek wrote:
| It is kind of ridiculous to still use md5sum to check software
| for integrity.
| ralphc wrote:
| If you want to use Tor in another country then come through a
| border, what's the advantage of HiddenVM over putting Tor on a
| bootable thumb drive, using it, then throwing away the drive
| before crossing the border? Just the persistence?
| aforensics wrote:
| Hello HN,
|
| We're finally sharing our github with the world. This post is the
| first announcement of our project apart from our thus-far non-
| populated subreddit. No one's discovered us yet. We've only told
| one person in the world before right now. We're new to developing
| and we're very humble and willing to learn, so any suggestions
| and help is welcome.
|
| What we aren't as humble about is the potential we think this
| application has. HiddenVM allows full-scale anti-forensic use of
| any desktop OS. (No longer just Tails.) If you place your
| installed files inside good deniable encryption like VeraCrypt,
| it means that no digital trace of your chosen OS is left on your
| hard drive or can be forensically proven to exist. That is
| significant.
|
| There are many reasons why you may want to use HiddenVM. Some use
| cases include:
|
| - You're a spy protecting national security and you need to leave
| no digital trace on the hard drive of the computer you just used.
|
| - Law enforcement agents conducting sensitive investigations.
|
| - Diplomats, politicians, and military personnel.
|
| - Whistle-blowers needing to safely carry their information in
| any situation.
|
| - Activists, dissidents, political asylum seekers, and
| journalists in need of stronger protection of their information
| from corrupt governments when their equipment is forcibly seized.
| (We know that the risk of the rubber hose remains a complex
| problem and limitation of encryption.) Now that you can use
| Windows once you set it up inside Tails, keeping your data
| private could become easier for you.
|
| Border agents forcibly invade our privacy and potentially steal
| our secrets with no respect to who we are or what our rights are.
| We need tech solutions to protect our data. More use cases
| include:
|
| - Lawyers carrying sensitive client information.
|
| - People in business protecting their IP or trade secrets.
|
| - Tactics in fighting against corporate espionage. It could be
| expensive or impossible to sue for someone's unlawful intrusion
| into your data. Easier to technologically prevent them in the
| first place.
|
| - Protect your basic privacy and dignity for any of the one
| thousand other reasons why privacy matters.
|
| - You travel a lot and you want to use Windows/macOS/Linux in a
| way that prevents malware code from being forcibly installed
| inside your operating system simply because you entered a
| country.
|
| - Digital currency: store a more private Bitcoin wallet. Secure
| your assets against unwanted and unwarranted access. When data
| literally is money you have a lot to lose.
|
| - Domestic violence victims, and people in other dangerous
| situations in life.
|
| Data privacy is a human right. If you don't want someone
| searching your naked body and violating your dignity in that way,
| why should your data be any different? Airport border agents not
| only perform a full digital strip search, but they're also
| potentially stealing your data or implanting spyware and malware
| without you knowing. It is a devastating act.
|
| Using Tails should never be reason to suspect you are a criminal
| or a spy. It also protects basic data privacy and democracy.
| Tails should become a standard USB that anyone who values their
| digital safety carries around in their briefcase, bag, purse or
| wallet. We hope our application increases the size of the Tails
| user base.
|
| Thank you for your interest. We invite you to rip apart our
| assertions and code (but with courtesy), try out HiddenVM, and
| contribute to our project.
|
| Sincerely, aforensics
| smashah wrote:
| Hi, very cool project! I'm getting more into security so
| apologies if this is a stupid question. Is the veracrypt drive,
| and therefore the HVM, linked to my specific instance of tails
| or can it be accessed by anyone with a tails usb and my
| veracrypt authentication details? Also, is it possible to have
| tails on one usb and a veracrypt drive on a seperate USB drive?
| How would that effect deniability at, say, a border?
| aforensics wrote:
| > Is the veracrypt drive, and therefore the HVM, linked to my
| specific instance of tails or can it be accessed by anyone
| with a tails usb and my veracrypt authentication details?
|
| If someone has your VeraCrypt volume password, the volume can
| be unlocked by them using via any Tails stick but potentially
| any other operating system. What HiddenVM does is reduce
| digital forensic evidence of using that volume quite
| fundamentally.
|
| > Also, is it possible to have tails on one usb and a
| veracrypt drive on a seperate USB drive?
|
| Yes. It may be faster if you make your computer's internal
| SSD to be one entire partitionless hidden VeraCrypt volume.
|
| > How would that effect deniability at, say, a border?
|
| We want to be careful about making claims about deniability,
| and it's still a field we have a lot to learn about at
| HiddenVM. Someone more knowledgeable might dare to answer
| this. We already give two examples on the github page. Your
| situation is unique and only you can know what deniability
| strategy works best.
| jcahill wrote:
| Copy notes:
|
| 1. Pictures.
|
| > What we aren't as humble about is the potential we think this
| application has.
|
| So you're not humble? Ditch the marketing goofiness. You think
| it has major potential. Be humble or don't. It's inessential to
| conveying what HiddenVM is.
|
| > Like Tor, Tails, or Whonix, HiddenVM can be used for bad
| purposes
|
| Unnecessary. You're already on the back foot.
|
| > - You're a spy
|
| This isn't a normatively 'good' reason.
|
| > Activists, dissidents, political asylum seekers, and
| journalists (like Laura Poitras)
|
| Don't cite a specific person unless that person is endorsing
| the product.
|
| > Using Tails should never be reason to suspect you are a
| criminal or a spy. It protects basic data privacy and
| democracy.
|
| Don't lead with a user story that exactly matches the
| stereotype, then. You're walking right into it.
| aforensics wrote:
| Thank you for the feedback. Some of it made sense and I've
| updated the parent comment.
| gadders wrote:
| Don't forget private bankers trying to evade the tax
| authorities:
|
| "According to one former UBS banker, managers gave the private-
| wealth team specially encrypted laptops that could be easily
| deleted in case U.S. authorities barged in. "They told us about
| the computers, 'if ever you run into problems in the U.S. with
| the IRS, just push button X twice, and everything will be
| deleted,' " said the banker. "It was like James Bond.""
|
| https://www.cnbc.com/2015/04/30/why-did-the-us-pay-this-form...
| mkl wrote:
| I may be misunderstanding how it works, but aren't the presence
| of Tails, the drive full of random-looking data, and the
| absence of a visible consumer OS all massive red flags? It
| seems like it would be completely undeniable that you're trying
| to hide something.
| aforensics wrote:
| Red flags might not actually matter in many use cases. But
| where it does, setting up a decoy OS that boots on the
| computer by default when turned on may be one good strategy.
|
| For a VeraCrypt volume, setting up an outer volume with
| convincing files and providing the decoy password may be
| effective.
|
| Whether the mere possession of a Tails USB adversely affects
| your situation is a matter that remains to be discussed at
| length. There is clearly no one situation that applies to
| everyone.
|
| HiddenVM's potential to provide deniability is about
| cryptographic deniability, not human deniability. Software
| can only do so much. If humans are suspicious, software alone
| cannot change their minds.
| justsid wrote:
| The thing is, if you are outside the norm, you are raising
| suspicion. Using this kinda setup will prevent you from
| flying under the radar, instead, you are painting a nice
| target on your back. This is gonna bite you in particular
| if you are already a person that your adversaries are
| keeping an eye on.
| aforensics wrote:
| Right. So all we can do at our end is better document the
| risks and limitations, and then work on the political
| advocacy side of things to promote diversity and
| nonconformity.
|
| Such is the spirit of Linux. Is every Linux user
| automatically suspicious to various enemies? If so, the
| work to be done is not in our code repositories.
|
| If we could incorporate some steganography in the future
| that could also help. Open to ideas.
| lovetocode wrote:
| So does Tails run as the root OS but displays a separate OS in a
| VM? For example, does it look like your booting into Windows when
| really it's just a VM inside Linux? If so, does that Windows VM
| or whatever it is you choose act like what is essentially a read
| only OS?
| aforensics wrote:
| Yes and yes. No, the VM is not read-only. (But you can run a VM
| as read-only.)
| lovetocode wrote:
| Interesting, thank you for sharing.
| louwrentius wrote:
| I wonder if it isn't easier to buy a laptop with two drives.
| Install a regular OS on the first, hide the second in the BIOS
| and nobody will notice.
|
| The people doing the cloning / data theft would have to know
| about your particular model. Obviously, you encrypt the second
| drive, that in itself contains a hidden partition in case they do
| discover it.
| jmnicolas wrote:
| Wouldn't they see that the laptop have 2 drives on their x-ray
| scanner ?
| raxxorrax wrote:
| The project here is quite neat. But I wonder if your idea would
| also work and ask myself how competent the forensic teams of
| airport security really are. Or even if they are, they
| certainly don't have a lot of time per device.
|
| IT specialists are expensive and it would be shame if we waste
| that on something benign as airport security which was mainly
| established by paranoia and the wish to save face.
|
| An what exactly are they targeting? Are they looking for
| howToBlowUpAnAirplane.txt? Just some industrial espionage? Just
| some display of authority? I don't really get what would prompt
| these measures.
|
| Was there ever anything they found on a device someone took on
| a plane?
| IanSanders wrote:
| >An what exactly are they targeting?
|
| journalists, I heard
| raxxorrax wrote:
| That doesn't seem it would increase airport security too
| much.
| wpietri wrote:
| But it definitely increases the security of the people
| who control airport security.
| nkrisc wrote:
| If you're only trying to slip by a cursory inspection, mount
| the second drive in your computer but don't attach any cables
| to it. Could be trickier depending on how drives are mounted in
| your laptop.
| haunter wrote:
| How about running from RAMdisk? Feels like that would be the
| safest
| GekkePrutser wrote:
| It would be, but how do you go through the whole install every
| time you need it?
| kchr wrote:
| Please consider an acronym other than "HVM", which already has
| meaning in virtualization context (Hardware Virtualized Machine).
___________________________________________________________________
(page generated 2020-03-05 23:00 UTC)