Just thought I would share this article here. Perhaps some software design insight could be gleaned from a glimpse of our impending future with privacy.
There are techniques that involve having a “hidden” encrypted partition. Nobody can ask you to decrypt something they don’t know you have.
I wonder if you couldn’t just sign in as another “user” that didn’t have root privileges…
Veracrypt has this feature - for those who may find it useful.
I’m not sure if hiding an encrypted partition of feature would be beneficial.
The fact that someone could hide his data will be known from everyone sooner or later.
So there could very well be an escalation of distrust from security staff about people saying that they hide nothing.
In the end, won’t they even try something like lie detector ?
Just like the article says, you should leave any useful data at home or separately from your phone.
Would it be possible to have it on an encrypted microSD card which could be removed at any moment ?
I asked myself, too, what an encrypted disk shall help if you hit certain situations.
- somebody - without your knowledge - wants to copy your disk
- dito wants to install something on your disk
- somebody wants to force you to show the content of your disk
The only solution in the latter case is to open the box for the intruder. If you’d be able to open a secondary encrypted disk/partition without him noticing, everything would be fine. If you’d have to decrypt your primary, everything’s lost.
If you do the hiding and encryption properly, you have full deniability, assuming there is no other evidence of the existence or contents of the hidden data.
Torture and lie detectors are interesting, however. You could be tricked or forced into generating said evidence.
The downside to these hidden volumes is that the OS you would be providing access to will show little to no use over the past x number of months. Those solutions offering the feature, actually recommend NOT using or writing to your decoy system after setting up the hidden volume.
Sure you could tell them you never use the laptop and just bring it for travel. The idea being you cannot prove a negative.
Some encryption software offer a feature that says “Hard disk Failure” on boot. But it really accepts a password.