[Santosh83]

Maybe good for hiding activity when you're already below the radar. If you're a person of interest for a large enough state then they can and will use all manner of dirty tactics to nail you and simply encrypting is not enough. You will have to flee like Snowden did. And once they bring in legislation that says a govt agent can ask for your decryption keys under reasonable doubt then everyone is in soup since encrypted data is easy enough to detect as such. One may have to shift to steganography of increasing sophistication. Basically this fight has to be clinched politically. While technology can help it can't ensure absolute privacy/security against an all-powerful state. The key question is if a state should be all-powerful at all in the first place...

[tuxxy]

> everyone is in soup since encrypted data is easy enough to detect...

This is only half-true. Any secure encryption is going to result in ciphertext that is indistinguishable from random data.

In cases where the ciphertext is designated by a header or file format, then it's trivial to know that something is encrypted. Then there are cases where we can try to forensically determine that there's encrypted data via the existence of an encryption tool (e.g. VeraCrypt).

If you wipe a disk with random data, for example, then it would be relatively difficult to determine whether or not the disk is encrypted (implying that there are no headers on it). In fact, one method of wiping disks is to generate a random encryption key and encrypt a stream from /dev/zero to fill the disk (https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparat...).

This tool is making use of a VeraCrypt hidden volume which is a rather really interesting application of plausible deniability in cryptography. Essentially, this let's you have two volumes where both are encrypted, but each has a different key. In this setup, you'd put some files on one of the volumes to make it appear that it's your "used" volume. On the other "hidden" volume, you'd place the real files you want to keep safe.

In a case where the government is demanding that you release your encryption keys, you would give up the keys to the "fake" volume. Unless you divulge the keys to the "real" volume, the attackers wouldn't necessarily know that it exists.

Unless there's evidence of you using one (maybe chat logs or google searches asking for help on using it, for example), there's no reason for anyone to suspect you use it.

The VeraCrypt documentation explains the technical details (https://www.veracrypt.fr/en/Hidden%20Volume.html) well enough.

[ansible]

> This is only half-true. Any secure encryption is going to result in ciphertext that is indistinguishable from random data.

A new SSD with very little data in the filesystem isn't going to have many, many sectors filled with random bytes. They're going to be blank instead.

A used drive will have free sectors (not used by the filesystem) containing unencrypted contents of old files that have since been deleted or something. This is also not random data. Chunks of movies, pictures, applications and music will be identifiable, easily.

[Piskvorrr]

A previously-used disk, wiped to NIST standards, will be filled with random data - that's exactly the point of the wipe.

[ansible]

> A previously-used disk, wiped to NIST standards, will be filled with random data - that's exactly the point of the wipe.

Yes, and that is suspicious. Random data is suspicious.

[wpietri]

Exactly. Something being suspicious is about small differences from what's expected, differences that correlate with something bigger. Whether the disk is full of random data because it's encrypted or because it was securely wiped, either way it correlates with somebody having something they're working to hide.

[Piskvorrr]

Or a second-hand computer: I do not wish to carry previous owner's use history into my usage, and neither should anyone else. Do not conflate "unusual" with "therefore hiding stuff", and don't even try "hiding stuff, therefore bad".

There are legitimate reasons for wiping data...can't believe we're having this discussion, here of all places.

[Piskvorrr]

Suspicious, true. But in such case, you could be in trouble for refusing to provide the password to a suspected hidden drive which doesn't exist. How does that even make sense? (Rhetorical question)

[ansible]

From your point of view, it doesn't of course. You know that you don't have an encrypted partition.

But from the authorities' point of view, they will beat you until they're convinced you don't have anything of interest you can give up. That could last quite a while...

[Turing_Machine]

Okay, so why not wipe to NIST standards (multiple random overwrites or whatever is the latest best practice) and then zero it out to an "unused" state afterward?

[ansible]

If all you're going to do is just securely delete data without drawing suspicion, that's a good plan.

If you wanted to hide data in an encrypted partition that looks like random data, that's not going to work.

[laumars]

> Any secure encryption is going to result in ciphertext that is indistinguishable from random data.

While that's technically true it feels a bit like a moot point because if you have random data that cannot be attributed to any other application (such as large volumes of randomness) then it's a reasonable conclusion that you've just detected an encrypted volume.

> In a case where the government is demanding that you release your encryption keys, you would give up the keys to the "fake" volume. Unless you divulge the keys to the "real" volume, the attackers wouldn't necessarily know that it exists.

Unless they inspect the storage properties (either physically or how it registers itself on the host) and see that it's a 1TB drive with only a 500GB mountable volume. Again, it wouldn't be a forgone conclusion that the individual has other hidden volumes but it would be suspicious enough to warrant further investigation / interrogation.

As always though, it really depends on the risk level you're trying to protect yourself against.

[ajphdiv]

I would also assume the ‘dummy’ operating system wouldn’t have much activity. Since the user would be using the hidden OS. So that coupled with the unaccounted for space would raise more flags.

[aforensics]

Indeed. Software is a supplement to the physical world. But we do what we can, and at least in the realm of software, we can have freedom.

It's possible Tor and Tails is dangerous software to use in certain states. But if they can safely use it, it's here for them.

[rsync]

"... since encrypted data is easy enough to detect as such ..."

I am not sure what you mean here - properly encrypted data is indistinguishable from random data ...