Extending plausible deniability to other volumes

Started by brian163, September 13, 2014, 10:01:55 PM

Previous topic - Next topic

brian163

I downloaded the trial of Espionage 3.6 and have been becoming familiar with it. With several different internal/external volumes mounted on my Mac, one of the things I successfully tested is saving the data file (sparsebundle) of a folder on an external volume to the same external volume. However, something that stands out to me is that I feel this may somewhat undermine the value of the plausible deniability feature. Unlike in the default ~/Library/Application Support/com.taoeffect.Espionage3/Data folder, there are no "fake" sparsebundle files in these other data file locations. I considered copying the ones the wizard process created at first launch to this location. However, that strikes me as problematic as well as I believe the duplication would undermine the intent of the randomness of these fake files.

Is there anyway you could add a preferences option that would allow a user to use the same wizard process/interface to generate additional fake sparsebundles in other data file locations?


greg

#1
Hmm. Yes, that is an interesting use case. Keep in mind that this would require some additional plausible deniability (PD) logic fenangaling on the part of the user:


  • The difference between the Data folder PD and the PD you're describing is that Espionage takes care of creating fake data for *everyone* for the Data folder.
  • Therefore, it would be known that unlike every other Espionage user, you chose to manually run the assistant to generate fake data on the external drive.
  • Therefore, it would be likely (depending on how you set things up) that on that drive you have one "real" disk image, one or more decoys that you manually created to show off, and one or more fake disk images that Espionage created.

That is still *much* better than having just one disk image on that drive. Also, you don't have to do it that way. You could, for example, create fake disk images on *all* of your external drives, increasing your PD even more.

To be honest, implementing this feature request is fairly low on our priority list, as I'm guessing it's not something most users will find themselves wanting to do.

For now, however, what you can do is quit Espionage and rename the com.taoeffect.Espionage3 folder to something else (*don't delete it or you will lose your data!*). The next time you start Espionage it will re-run the PD assistant and will create a new "fresh" (but randomly timestamped) batch of fake disk images for you in the Data folder. You can move these to your external drive as you desire. After you're done, quit Espionage and restore the original com.taoeffect.Espionage3 folder, making sure to place it where it was in ~/Library/Application Support.

Finally, make sure to create at least one decoy Folder Set and encrypt some semi-incriminating folders on your external drive (make of that what you will ;)). If the folders that you drag into Espionage are located on that external drive, it will ask you to choose where to save the disk image, so you can place it next to the fake disk images.

Hope that's helpful! Let us know if you have any other questions!
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

greg

It should also be noted that Espionage's PD in the Data folder actually extends somewhat to the external volumes already, without any action required from users. The reason is that if, say, the data is on a laptop, and only your laptop is stolen, the "real" data on your external drives might not even be known to exist (to whoever stole your laptops). So it's important to have decoy Folder Sets set up, and to encrypt some semi-incriminating data locally.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

brian163

#3
While I agree with your point about portable data/removable devices, I was focused on my particular test scenario where I have two external storage arrays attached "permanently" (without intent of being regularly disconnected) to a desktop tower. I understand that may not be the case for many of your customers and I appreciate you taking the time to provide the details of the steps I can use to do it myself.

If you did implement something like this in the future, I'm guessing the simplest way to handle this would be to have Espionage offer the option to create fake disks on any mounted volume at the time the wizard is run. So at initial launch you would get a dialog like:

Select the volumes on which you want to create PD images:
X Volume1
X Volume2
O Volume3

And as you said it would take some knowledge on behalf of the user to choose appropriately, select the location on each volume for the Data folder, etc. (Perhaps this could be handled by requiring the user to select an advanced option dialog before see the options.)

Of course that only handles the scenario where all of the volumes you want to include are mounted at the time you first run Espionage. The fact that may not always end up being the case is what lead me to suggest allowing the wizard to be run on demand. But I can see how that would add complexity as you would probably want to identify/recognize which volumes already have PD images on them in presenting that dialog to the user, etc.

The truth is I have a very limited need for encryption myself. But as a security professional and Mac fan seeking out alternatives to TrueCrypt, I was intrigued by the considerations you had for the value of PD and incorporated into your product. Kudos!  8)