Well they will want your IDs and Passwords, but presumably for "normal" cloud like Google Drive or OneDrive they have an access route anyway.
But in principle they can pick it up in transit, and even with end to end encryption it's an offence not to disclose the key.
My view too (I never felt the need to start). When I was working on (government) Confidential and above that was on LANs with no internet connection at all.
See Snowden / Glenn Greenwald. The transmissions are archived.
The hidden partition just appears as random data in the encrypted disk's free space. You have to know the hidden partition's password even to know it's there.
Renaming the .tc file as .mp4 would also be a quick and dirty way, as it would appear to be a corrupt video file.
I don't see why on earth that would be a problem, provided as you say it's just related to your legitimate business.
Most people aren't important enough to interest GCHQ. Most police computer forensics is outsourced to various private outfits of variable competence I imagine, with the vast amount of data that has to be processed.
You lose your "plausible deniability" if you do that, though. Best over- write with random garbage.
But since they're encrypted in a way that even the 'owner' of the data can't decrypt I don't see how that helps much.
I'm also not convinced that there's enough storage space anywhere to 'archive' all the transferred data. I synchronise data between a home machine and a virtual machine and thus every time I make even trivial changes there's data flowing back and forth, I doubt very much that anyone archives each and every one of those changes.
'I' don't know the key, it's negotiated between the two machines between which I'm transferring data.
I'm not a big data user: all the sensitive data I own can be contained in one memory stick. In fact all the sensitive data I own IS contained in one, hardware encrypted, password protected ten-false-guesses-and-it wipes-itself memory stick.
I can't possibly memorise the password so when I travel abroad, I write it down on a piece of paper......
...and post it in advance to my destination address. It's quite safe because the paper is useless without the memory stick and the memory stick is useless without the piece of paper. Apart from thwarting any bad actors and possibly annoying people at immigration control am I doing anything illegal by being unable to divulge a password I don't know?
Incidentally, does anybody know how these ten false guesses work? If I do five false guesses and remove the memory stick, am I back at ten tries next time or do I still have only five? Kingston Datatraveller G3 here.
(I would answer the question experimentally myself except I'm overseas at the moment and the last thing I want to do is accidentally wipe all my data!!!)
Nick
There is. encrypt everything, full offsite backup that they know nothing about.
Nope.
That what a brand new disk has. IIRC.
OTOH you could simply tranfer whole chapters of Finnegans Wake.
A enardrndon garbage as anything else.
because random garbage is also very suspicious.
Clearly the risk scenarios are different depending on whether you are "guilty" or "innocent", and in particular on whether the data you are concealing is intrinsically illegal just to possess.
In terms of black marks: Refusing to answer police questions can only be used against you at trial if you produce something in your defence that you didn't disclose earlier. I don't think that concealing an offsite backup could qualify for that, although of course it could make the prosecution more vengeful.
If they can do that, and in particular if <secret location> is identifiable, then you're probably stuffed anyway.
Nick Odell snipped-for-privacy@themusicworkshop.plus.com> posted
The pertinent question is not whether you are doing anything illegal but whether you can be convicted. And the answer to that [in the UK] is, yes you can, because a court will assume that you know the password, unless you can persuade them otherwise.
Moreover, if you try this at US immigration, they will probably just put you on the next flight back without even arguing about it, because they can.
Steve Walker snipped-for-privacy@walker-family.me.uk> posted
And, as we know, it's even easier where the alleged data is intrinsically illegal just to possess.
Why are you unable to divulge the password? AFAICS you can do so by disclosing the address to which you posted it. Or the location of a back-up copy of the password.
That is why I prefer a pass phrase for very secure encryption. I also have a rule for generating very secure ordinary passwords and weaker passwords for sites which insist I must have one. My wife uses the same rule and whenever she has IT support work on her machine they have to write it down to be able to enter it. Unless you know the generating rule the pattern of characters looks meaningless.
You know where the password is available. If you refuse to say when asked where that is you will be guilty of an offence in the UK.
I think the counter is reset to zero when you put the right password in but you have only 10 goes from the first time that you make mistake.
If you would care to put up a small .tc file for ftp I will run a couple of the more obvious tests against it. Appears as random data to a human is not the same as appears as random to statistical tests.
It is conceivable that you might be lucky and get their untrained YTS student or unpaid summer intern doing it, but I'd expect any half decent digital forensics expert to be able to spot any of the common hidden data techniques (including most of the steganography ones). They might not be able to find the hidden data "content" but they will be able to see that it is there. Then they will ask questions of the owner.
The outsourcing of forensic drug tests to the cheapest supplier has been something of an unmitigated disaster so I expect there is an element of cheap and cheerful but ineffective outsourced digital forensics too.
Indeed, the crib could eliminate loads of possible daily keys, and thus get the remaining problem reduced to a scale that the mechanical Bombe "computers" could then brute force the rest.
For all the talk of how good the Enigma codes were, they are relatively easy to break on modern hardware - even without cribs. (ISTR a real world demo they did a few years back where they recreated realistic conditions for people to have a go at - i.e. real on air morse radio traffic to capture, and then attempt to crack. The "winner" turned in a result in fairly short order using nothing more than an ageing (possibly
286) machine). You could probably have a Raspberry Pi do it without breaking a sweat!Harder, certainly... but as always its a case of "know your enemy". Deterring casual snoopers requires different levels of protection from protection from more determined hackers, and yet another level against nation states and security services.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.