TutaCanada wants to #backdoor #encryption.
But we are saying no.
#NoToBackdoors 💪
Read our comment on Canada's C-2 Bill: 👉 https://tuta.com/blog/canada-bill-c2-surveillance
Bill Zaumen@Tutanota I have a flash drive on my keyring (the one holding the house key), with a LUKS encrypted file system on it, to be mounted using the loopback device. The password is also on it but GPG encrypted, and my GPG keyring is not on this flash drive. The flash drive was reformatted so it contains an EXT4 file system, so someone plugging it in might not even be able to get started. Would that be illegal? I use it as an "in case the house burns down" backup.
Taylor@bzdev @Tutanota Legality aside, something like VeraCrypt which is built to be plausibly deniable would probably be a better means to this end. Having a hidden LUKS filesystem obscured by an EXT4 filesystem would get in the way of somebody naive, but wouldn't do anything to get in the way of a forensics expert or even anybody who has had to recover deleted files before. An expert will take an image of the full drive before doing anything and will take special care to examine unallocated space, and the LUKS header is easily discernible (unless you store that header detached on another device).
Legally, if they you are in a jurisdiction where authorities can compel you to decrypt encrypted data, it's illegal for you to not do so. The question becomes whether you can get away with that illegal thing, or feasibly hide the data in a way that is undetectable. Your way is very detectable. There are also some disagreements on the value and merits of plausible deniability, though; see the luks FAQ that discusses this.
Legally, if they you are in a jurisdiction where authorities can compel you to decrypt encrypted data, it's illegal for you to not do so. The question becomes whether you can get away with that illegal thing, or feasibly hide the data in a way that is undetectable. Your way is very detectable. There are also some disagreements on the value and merits of plausible deniability, though; see the luks FAQ that discusses this.
VeraCrypt - Free Open source disk encryption with strong security for the Paranoid
VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files.
@taylor @Tutanota What I set up actually works quite well in practice. The data I'd want to protect are things like passwords for my bank & the text of a book I'm working on (don't want it public until I get a copyright but am still editing it). At an airport or whatnot, if some "security" guy wants me to decrypt it, I can legitimately say I can't because I'd have to go home first. And of course, I'd demand a search warrant, which gives me a paper trail.
@bzdev @Tutanota Well yes, but you don't have to hide the volume for that. Do you want it hidden to the point that nobody could prove that the data is actually there, or do you want it clearly encrypted, relying on the fact that you are unable or unwilling to decrypt it at that point in time? I just don't see much point in the decoy EXT4 filesystem without going all-in on plausible deniability. Non-expert tamperers aren't going to be able to access the data in the encrypted filesystem either way.
@taylor @Tutanota I put an EXT4 file system on the flash drive for two reasons: (1) convenience and (2) if I lose the drive and someone picks it up, they will most likely think it isn't working and just throw it away. This disk includes a very large file for the encrypted file system and a GPG-encrypted LUKS key. The LUKS key (~32 characters long) can be encrypted so that multiple individuals can decrypt it using their GPG private keys.