Sniffer dog finds child abuse images

rotun wrote: »

Store your files on the cloud?
Presuming they're all legal of course

An excellent idea Rotun, I suppose you could encrypt before uploading. Before switching to USB, I used to have an encrypted file container stored in Dropbox.

bappelbe wrote: »

Fair enough.

I suppose it goes back to rotun's phrase "Presuming they're all legal", if the data is secured for a legit reason (perhaps even legaly required - data protection act) then you have no problem, just making life for people doing illegal stuff more difficult.

No harm really unless you live in an opressive regieme eg North Korea.

As we discussed above bappelbe, the problem we have here is that this "nothing to hide" notion often works against innocent people. Even information as innocuous as your whereabouts at a particular time or the fact you corresponded with a certain person can be used to help incriminate you - ask the Birmingham Six what they have to say on the matter!

The data I have is for my eyes only but it doesn't automatically follow that everyone who feels the same way is automatically a paedophile/terrorist etc.

Edit : If you're still unconvinced why you should keep your private data just so, please see Moxie Marlinspike's thoughts on the matter.

Anyone interested in tc-play, can see a step by step guide on my tech blog here. I'm a shameless plug I know..

Chance The Rapper wrote: »

I'd imagine it would. Regardless, aren't you technically complying? Unless they can prove that there is another hidden volume

Hi Chance,

Technically speaking RIPA requires you to surrender any and all keys in your possession, although from a technical point of view it's impossible to prove from analysing a volume header alone whether there is a hidden volume, once you've supplied the password to the outer one.

The answer to your question is that as far as I can see in the UK at least, this point hasn't been tested in court. Some people have been jailed for refusing to hand over their passwords, however from my judicious googling I've not yet encountered a case where someone was jailed because the court believed that the person had handed over a password to an outer volume.

Of course I think it pays to be prudent, so you need to make the data in your outer volume look legitimate. As stated before, I keep a backup of my Bitcoin/Litecoin wallets in mine and a list of passwords for things like internet banking and e-mail - i.e information the Police could see if they wished anyway.

The scary part of it is, as this article points out, if you were to keep files of random data on your computer e.g astronomical noise and/or the Police became convinced that you were hiding data stegenographically in files e.g your holiday snaps, they might demand passwords where none exist. The onus is then upon you, the suspect to demonstrate this isn't the case before a court. This is why I think it's better either to encrypt an entire drive or to put your data in the cloud, where no one will know about it.

Capt'n Midnight wrote: »

multiple layers of stenography

https://xkcd.com/538/


[edit] you could have a very large "one time pad" on your drive

Hi Captain,

I remember this cartoon came up last time we discussed one time pads - gave me a giggle but as you say it's not much good to an adversary if you have plausible deniability when it comes to encryption.

This is one of the beauties of Truecrypt and tcplay over traditional stego tools as the presence of the programs on your hard drive doesn't conclusively prove that you've hidden data.

Unfortunately this works both ways - if an adversary finds your holiday snaps, even if there isn't any data hidden inside them, they still might keep at you with a wrench until you give up a password - if that's the case then you both are in for a very long night as naturally you wouldn't be able to tell them anything!

I agree an exchange of hard drives filled with random data would be a good idea - however I'd still suggest having pads of a standard size as otherwise an adversary would be able to tell the file size roughly.

My own suggestion for using these tools would be to zip a text file and possibly an image or two into a single file and send.

For larger files you could just encrypt these in the usual way, upload them to a file-sharing site and put the link and very long password into your text document - do you think this makes sense?