Robert/blog-contributions
1
0
Fork 0
forked from nihilist/blog-contributions
Code Pull Requests Activity

Update servers/anonsensitive/index.html

Browse Source
This commit is contained in:
Robert 2024-08-14 19:01:49 +02:00
parent fdf85877f9
commit f89ddf2bf5
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
servers/anonsensitive/index.html
View File

@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Why Anonymity isnt enough for Sensitive use ?</title>
<title>Why isnt Anonymity enough for Sensitive Use?</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -70,12 +70,12 @@
<h2><b>What happens when you are forced to give out your password?</b></h2>
<p>Lets say that Bob is using a popular online forum to leak information about a government agencys unethical behavior. To stay anonymous, he makes sure to connect to the forum using Tor at the very minimum. He uses a burner email address to sign up to the forum and upload the sensitive files. His Anonymity during this sensitive action remains intact.</p>
<img src="1.png" class="imgRz">
<p>However, there are only 10 people who could have originally had access to the leaked information, and Bob is one of those 10 potential suspects. </p>
<p>The adversary makes use of the key disclosure legislation to issue search warrants to all 10 people, and to get to know the contents of their personal drives. Essentially, they dont have anything solid against Bob, as the anonymity of the perpetrating party is intact, <b>but they are doing some guess work to try and find something incriminating anyway.</b> </p>
<p>However, there are only 10 people who could have originally had access to the leaked information, and Bob is one of those 10 suspects. </p>
<p>The adversary makes use of key disclosure legislation to issue search warrants to all 10 people, and to get to know the contents of their personal drives. Essentially, the adversary doesnt have anything solid against any of them, since the perpetrators anonymity is intact, <b>but some guess work is being done to try and find something incriminating anyway.</b> </p>
<img src="6.png" class="imgRz">
<p>Heres the problem: the adversary busts down Bobs door and <b>forces him to unlock his laptop, including every encrypted volume.</b> What happens then?</p>
<p>Heres the problem: the adversary can just bust down Bobs door and <b>force him to unlock his laptop, including every encrypted volume.</b> What happens then?</p>
<img src="../encryption/4.png" class="imgRz">
<p><img src="../de2.png"> <b>Since Bob has no other choice but to comply when the adversary forces him to unlock his hard drives, and since e didnt implement Deniable Encryption</b>, he has to show all the incriminating evidence, and therefore he can no longer deny implications with the sensitive activity.</p>
<p><img src="../de2.png"> <b>Since Bob has no other choice but to comply when the adversary forces him to unlock his hard drives, and since he didnt implement Deniable Encryption</b>, he has to show all the incriminating evidence, and therefore he can no longer deny implications with the sensitive activity.</p>
<img src="5.png" class="imgRz">
<p> Bobs setup, although suitable for Anonymous Use, is not suitable for Sensitive Use <b>due to the lack of Deniable Encryption</b></p>
<p><img src="../de0.png">For instance, if Bob had implemented <a href="../veracrypt/index.html">VeraCrypts deniable encryption</a> to store the sensitive data, <b>he couldve given password A to open the decoy volume for the adversary, and couldve claimed that there was no hidden volume. The adversary would have no way to prove otherwise.</b></p>