Tao Effect Forums

Espionage => Espionage 3 => Topic started by: botchla on June 19, 2013, 11:08:04 PM

Title: Folder sets/plausible deniability
Post by: botchla on June 19, 2013, 11:08:04 PM
Hi,

Sorry if this is covered elsewhere; please direct me if so!

I have experimented with creating folder sets and they work fine (I am doing this on an external hard drive). The problem I have is that each of these folders gets its own sparsebundle file, which then seems to make it very obvious to anyone that there are encrypted folders! So, even if I just unlock a certain folder set, it is still clear for anyone to see that there are other encrypted folders that are locked, because of the sparsebundle files. Am I doing something wrong, or is there a way round this?
Title: Re: Folder sets/plausible deniability
Post by: zsolt on June 21, 2013, 01:44:00 PM
No, there is no way to get around this. We have to store the data somewhere and it will always be a sparse bundle. So if one knows this, can search for them on the internal hard, unless, as you do, store them on external drive, so you can just disconnect the drive...
Yes, I know, it is not perfect.
You can hide them by renaming them to start with a dot character, still the find command fill find them.
It all depends who is hacking the data, and how much he knows about espionage.
Title: Re: Folder sets/plausible deniability
Post by: greg on June 23, 2013, 06:47:19 PM
Quote from: botchla on June 19, 2013, 11:08:04 PMThe problem I have is that each of these folders gets its own sparsebundle file, which then seems to make it very obvious to anyone that there are encrypted folders! So, even if I just unlock a certain folder set, it is still clear for anyone to see that there are other encrypted folders that are locked, because of the sparsebundle files. Am I doing something wrong, or is there a way round this?

One step we've taken to mitigate this is to make sure that no information leaks out about the contents of the sparsebundle. There is no evidence that that sparsebundle belongs to Espionage, and it's given a random name that means nothing. It's also protected with a very long, randomly generated password, so it would be basically impossible with today's (or tomorrow's) technology for any entity to brute force the password (unless some bug is discovered in Apple's encryption).

If you want to hide the sparsebundle, that is possible. You can use Espionage to move the sparsebundle into some hidden location (for example, inside of an invisible folder). To move the disk image, click on the popup that shows its name:

(http://www.espionageapp.com/EspionageHelp/images/movediskimage.png)

Then select the folder you want to move it to.

Keep in mind that if you're hoping to hide the disk image from some professional security agency (like the NSA), then hiding it will probably only draw more attention to it. It's easy to run a 'find' command (as Zsolt mentioned above) on the entire drive to search for files ending in "sparsebundle".

You can also bury it deep inside of a bunch of folders, and play dumb, either saying you don't know the password to it (which is in fact true, as you only know the master password to Espionage, not to the disk image), or you have no idea what it is or how it got there. :-p
Title: Re: Folder sets/plausible deniability
Post by: botchla on June 24, 2013, 04:08:59 AM
Thanks to both of you for the replies; very useful!