Folder sets/plausible deniability

Started by botchla, June 19, 2013, 11:08:04 PM

Previous topic - Next topic

botchla

Hi,

Sorry if this is covered elsewhere; please direct me if so!

I have experimented with creating folder sets and they work fine (I am doing this on an external hard drive). The problem I have is that each of these folders gets its own sparsebundle file, which then seems to make it very obvious to anyone that there are encrypted folders! So, even if I just unlock a certain folder set, it is still clear for anyone to see that there are other encrypted folders that are locked, because of the sparsebundle files. Am I doing something wrong, or is there a way round this?

zsolt

No, there is no way to get around this. We have to store the data somewhere and it will always be a sparse bundle. So if one knows this, can search for them on the internal hard, unless, as you do, store them on external drive, so you can just disconnect the drive...
Yes, I know, it is not perfect.
You can hide them by renaming them to start with a dot character, still the find command fill find them.
It all depends who is hacking the data, and how much he knows about espionage.
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

greg

#2
Quote from: botchla on June 19, 2013, 11:08:04 PMThe problem I have is that each of these folders gets its own sparsebundle file, which then seems to make it very obvious to anyone that there are encrypted folders! So, even if I just unlock a certain folder set, it is still clear for anyone to see that there are other encrypted folders that are locked, because of the sparsebundle files. Am I doing something wrong, or is there a way round this?

One step we've taken to mitigate this is to make sure that no information leaks out about the contents of the sparsebundle. There is no evidence that that sparsebundle belongs to Espionage, and it's given a random name that means nothing. It's also protected with a very long, randomly generated password, so it would be basically impossible with today's (or tomorrow's) technology for any entity to brute force the password (unless some bug is discovered in Apple's encryption).

If you want to hide the sparsebundle, that is possible. You can use Espionage to move the sparsebundle into some hidden location (for example, inside of an invisible folder). To move the disk image, click on the popup that shows its name:



Then select the folder you want to move it to.

Keep in mind that if you're hoping to hide the disk image from some professional security agency (like the NSA), then hiding it will probably only draw more attention to it. It's easy to run a 'find' command (as Zsolt mentioned above) on the entire drive to search for files ending in "sparsebundle".

You can also bury it deep inside of a bunch of folders, and play dumb, either saying you don't know the password to it (which is in fact true, as you only know the master password to Espionage, not to the disk image), or you have no idea what it is or how it got there. :-p
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

botchla

Thanks to both of you for the replies; very useful!