Merge pull request 'main' (#3) from Robert/blog-contributions:main into main

Reviewed-on: https://git.datura.network/nihilist/blog-contributions/pulls/3
This commit is contained in:
nihilist 2024-08-09 16:42:17 +02:00
commit d3df3e1811

View File

@ -54,8 +54,8 @@
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/robert.png" width="50px" height="50px"> <ba>Robert - 06 / 08 / 24</ba></p> <a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/robert.png" width="50px" height="50px"> <ba>Robert - 06 / 08 / 24</ba></p>
<h1>Why Anonymity isnt enough for sensitive use ?</h1> <h1>Why isnt Anonymity enough for Sensitive Use?</h1>
<p>In this post we are going to see why Anonymity is not enough for Sensitive use, and what can be done about it.</p> <p>In this post we are going to see why Anonymity is not enough for Sensitive Use, and what can be done about it.</p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->
@ -67,18 +67,18 @@
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h2><b>What happens when you are forced to give out your password ?</b></h2> <h2><b>What happens when you are forced to give out your password?</b></h2>
<p>Let's say that Bob is using a popular online forum to leak information about a government agencys unethical behavior. To stay anonymous, he makes sure to connect to the forum using at least Tor to connect there. He uses a burner email address to sign up there, to upload the sensitive files. His Anonymity while doing this sensitive action remains solid.</p> <p>Lets say that Bob is using a popular online forum to leak information about a government agencys unethical behavior. To stay anonymous, he makes sure to connect to the forum using Tor at the very minimum. He uses a burner email address to sign up to the forum and upload the sensitive files. His Anonymity during this sensitive action remains intact.</p>
<img src="1.png" class="imgRz"> <img src="1.png" class="imgRz">
<p>However, there are only 10 people who could have originally had access to the leaked information, and Bob is one of those 10 potential suspects. </p> <p>However, there are only 10 people who could have originally had access to the leaked information, and Bob is one of those 10 potential suspects. </p>
<p>The adversary makes use of the key disclosure legislation to issue search warrants to all 10 people, to get to know the contents of their personal drives. Essentially, they don't have anything solid against Bob, as the anonymity of the perpetrating party is solid, <b>but they are doing some guess work to try and find anything incriminating against him anyway, to make sure.</b> </p> <p>The adversary makes use of the key disclosure legislation to issue search warrants to all 10 people, and to get to know the contents of their personal drives. Essentially, they dont have anything solid against Bob, as the anonymity of the perpetrating party is intact, <b>but they are doing some guess work to try and find something incriminating anyway.</b> </p>
<img src="6.png" class="imgRz"> <img src="6.png" class="imgRz">
<p>Problem is, the adversary now busts down Bob's door, and <b>forces him to unlock his laptop, and unlock every encrypted volume on his laptop.</b> What then ?</p> <p>Heres the problem: the adversary busts down Bobs door and <b>forces him to unlock his laptop, including every encrypted volume.</b> What happens then?</p>
<img src="../encryption/4.png" class="imgRz"> <img src="../encryption/4.png" class="imgRz">
<p><img src="../de2.png"> <b>Bob didn't implement Deniable Encryption</b>, therefore the adversary forces Bob to unlock his harddrives, and he has no other choice but to comply. He shows all the incriminating evidence contained in there, where he isn't able to deny implications with said Sensitive activity.</p> <p><img src="../de2.png"> <b>Since Bob has no other choice but to comply when the adversary forces him to unlock his hard drives, and since e didnt implement Deniable Encryption</b>, he has to show all the incriminating evidence, and therefore he can no longer deny implications with the sensitive activity.</p>
<img src="5.png" class="imgRz"> <img src="5.png" class="imgRz">
<p> Bob's setup, although suitable for Anonymous Use, is not suitable for Sensitive use, <b>due to the lack of Deniable encryption</b></p> <p> Bobs setup, although suitable for Anonymous Use, is not suitable for Sensitive Use <b>due to the lack of Deniable Encryption</b></p>
<p><img src="../de0.png">For instance, if Bob had implemented <a href="../veracrypt/index.html">VeraCrypts deniable encryption</a> to store all that sensitive data, <b>he could've given the password A to open the decoy volume to the adversary, and claimed that there was no hidden volume, and the adversary wouldn't have a way to prove otherwise.</b></p> <p><img src="../de0.png">For instance, if Bob had implemented <a href="../veracrypt/index.html">VeraCrypts deniable encryption</a> to store the sensitive data, <b>he couldve given password A to open the decoy volume for the adversary, and couldve claimed that there was no hidden volume. The adversary wouldn have no way to prove otherwise.</b></p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->
</div> <!-- /container --> </div> <!-- /container -->
@ -123,3 +123,4 @@
</body> </body>
</html> </html>