This project has moved and is read-only. For the latest updates, please go here.

Doubts about hidden OS deniability

Topics: Technical Issues, Users Discussion
May 9, 2016 at 7:40 PM

I hope it is just my misunderstanding but from what I read in the documentation about hidden OS follows that if you want to protect your hidden volume from rewriting then there are two alternative cases:
  1. Password for hidden volume should be used inside decoy OS (in the Hidden Volume Protection option) and so this password can be relatively easily compromised.
  2. You should not write to hidden volume partition at all while being in decoy OS and so files in the outer volume (of hidden volume partition) are not changed (from decoy OS) from the moment when hidden OS was created and this is obvious proof of hidden volume existence.
Both these cases are unacceptable from deniability point of view.
Please show me where I am mistaken.

Thanks in advance.
May 24, 2016 at 8:52 AM
You understand it wrong.
  1. Read how the hidden volume work. You mount either with correct password, or the decoy password (the one you will tell to the airport stuff, etc), not one after another. You can mount decoy with correct password and VC will protect the hidden in case you need it, so it won't get overwritten, but if you use decoy pass, vc won't protect and it will behave like there is no hidden OS at all (and adversary can not tell for sure there is one, if thats's all they have on you).
  2. Decoy should stay decoy, if you will work with private files from decoy, there will be trails of course. From decoy OS you do not have the access to the hidden data (on the same partition), but vc can protect the hidden data if correct password was provided. Of course decoy OS holds evidence too: file time stamps, event manager holds the info when the computer was started and shut down, what and when was launched, etc, and they can compare this with intel they have on you. So if you will tell them the decoy pass and they boot decoy OS, but they will see clear mismatch between evidence from the decoy os and the intel (logs from ISP, surveillance, etc.)
Decoy can be useful against weak adversaries (airport stuff, jealous wife, etc), but police is not stupid, they will be watching you for quite some time before they will bust you, and if they will do it at the right time, they won't need any proof because they will seize it mounted. If you are not extra paranoid, extremely cautious and clever, they will likely gather more evidence than you use just have hidden os. Decoy is good for the occasion you are forced to tell some working password, but do not expect it will protect you from a trial, it always depends on what they have gathered on you, what they can prove and the price you have paid for the lawyer :-) Learn how to testify (I don't understand the question, I don't remember... speech is silver, silence is golden) and never ever confess. Never trust police, never cooperate with them, never tell anything on your buddies, you will never get any benefit for being a rat, you will just make it easy for them. A lot of "evidence" is based on what they think, but usually they can't prove it, so good lawyer can save you as long as you do not admit it.