Home |
Search |
Today's Posts |
|
UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
Reply |
|
|
LinkBack | Thread Tools | Display Modes |
#1
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual against theintrusive state.
I've been giving some thought as to how to
protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. |
#2
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. Not answering the above, but on an associated topic there must be many people, like myself, who do some consultancy work that is wholy dependent on computers. There's a small but finite chance that innocent people might get their systems seized and my understanding is that it may take months or years to get the hardware and data back. In such a case, they are instantly out of business *unless* they have all their data backed up in the cloud, in which case it is just a case of buying a new laptop and carrying on. Now, I don't mind having my contacts and calendar together with my spotify playlist in the cloud. Email is already there. But *some* of my client data can't go there. Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. |
#3
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. Write a program that writes 55H to every byte of every unallocated sector? 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. To easy to corrupt and lose the thread 3. Still working on data that has to be kept indefinitely, watch this space. -- Socialism is the philosophy of failure, the creed of ignorance and the gospel of envy. Its inherent virtue is the equal sharing of misery. Winston Churchill |
#4
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 11:36, newshound wrote:
Gareth's stuff above is a bit tinfoil hat to me Civil liberties, my dear chap. But you raise an interesting concern, and that it the tendency of the plodderies to seize all computers and phones on the merest pretext and thereby completely destroying your well being in a digital world. There has to be a way of maintaining one's well being despite the unwarranted attacks by the plodderies. |
#5
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
newshound posted
Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. No, I don't think so. You're not generally obliged to answer police questions after arrest, and there is of course no law requiring disclosure of all backups *before* arrest. -- Evremonde |
#6
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 12:03, Gareth's was W7 now W10 Downstairs Computer wrote:
On 01/08/2019 11:36, newshound wrote: Gareth's stuff above is a bit tinfoil hat to me Civil liberties, my dear chap. But you raise an interesting concern, and that it the tendency of the plodderies to seize all computers and phones on the merest pretext and thereby completely destroying your well being in a digital world. There has to be a way of maintaining one's well being despite the unwarranted attacks by the plodderies. cross backup strategies with neigbours and friends -- The biggest threat to humanity comes from socialism, which has utterly diverted our attention away from what really matters to our existential survival, to indulging in navel gazing and faux moral investigations into what the world ought to be, whilst we fail utterly to deal with what it actually is. |
#7
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. Create a hidden partition on an encrypted disk like you can with TrueCrypt. -- Max Demian |
#8
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 11:36, newshound wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. Not answering the above, but on an associated topic there must be many people, like myself, who do some consultancy work that is wholy dependent on computers. There's a small but finite chance that innocent people might get their systems seized and my understanding is that it may take months or years to get the hardware and data back. In such a case, they are instantly out of business *unless* they have all their data backed up in the cloud, in which case it is just a case of buying a new laptop and carrying on. It is an interesting question. I would demand carbon copies of the working drives seized since without them the job stops. I wish them luck finding anything recognisable in my highly compressed chess databases. The first thing they should do after seizure is bitwise clone the original drives so if they make an extra copy at that point I'd be happy. Annoying to have hardware taken away but not a show stopper. Having all the backups and email archives seized and unavailable would be much more of an annoyance. And their sheer volume would tie up a lot of resources to scan though even with automatic tools. Now, I don't mind having my contacts and calendar together with my spotify playlist in the cloud. Email is already there. But *some* of my client data can't go there. Won't the police insist on locking that down too and inspecting it? Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or encrypted on a server hosted in some lawless region of the internet. Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. I no longer use hard encryption routinely since I think the security services need all the help they can get. Back when the USA was persecuting Phil Zimmerman for PGP I routinely exchanged emails with like minded tech folk with the hardest encryption then available. I stopped after 9/11. -- Regards, Martin Brown |
#9
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 13:56, Max Demian wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. Create a hidden partition on an encrypted disk like you can with TrueCrypt. That would immediately raise their suspicions. "Hidden" partitions are not very hidden from digital forensics. Various obscure forms of steganography might work though if the proportion of data you wanted to hide was relatively modest and you don't mind slightly degrading your digital media. This technique of hiding things in plain sight goes back a long way: https://en.wikipedia.org/wiki/Steganography -- Regards, Martin Brown |
#10
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 13:56, Max Demian wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. Create a hidden partition on an encrypted disk like you can with TrueCrypt. All of which techniques are well known to the plodderies and their ilk from which knowledge they can demand the keys. |
#11
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to protect one's privacy from the ever growing snoopings No harm in that... 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. While I understand the desire, these are far from trivial problems to solve, and your suggestions in 1 and 2 above suggest you are currently sufficiently out of your depth in this particular domain, as to make any solutions less than useful. Most people are capable of devising a security system so good that they themselves could not break it... alas that does not mean it is free from flaws or of any practical use, or that a security researcher or cryptanalyst would not compromise it in five minutes. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#12
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 15:25, John Rumm wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings No harm in that... 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. While I understand the desire, these are far from trivial problems to solve, and your suggestions in 1 and 2 above suggest you are currently sufficiently out of your depth in this particular domain, as to make any solutions less than useful. Retired software engineer with digital electronics background; relatively trivial programming exercise for me. |
#13
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 15:29, Gareth's was W7 now W10 Downstairs Computer wrote:
On 01/08/2019 15:25, John Rumm wrote: On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings No harm in that... 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. While I understand the desire, these are far from trivial problems to solve, and your suggestions in 1 and 2 above suggest you are currently sufficiently out of your depth in this particular domain, as to make any solutions less than useful. Retired software engineer with digital electronics background; relatively trivial programming exercise for me. That kind of reinforces the point. Security is a system wide and procedural issue, not just a technical programming one. Many notionally secure systems are routinely compromised even when using recognised crypto systems, simply down to procedural flaws, or lack of understanding of parts of the system that the designer had no awareness of. For example, even if your database is not "moved" by the OS, how do you ensure that fragments of it are not held in currently unused and non accessible pages of an SSD being managed by a wear levelling algorithm? Or in a reallocated sector of a hard drive? Or that the powers that be are not able to infer what you are typing with a covert listening device? Or see your non tempest secured screen remotely? Or are able to simply attack the other less security aware party you are communicating with? The list is nearly endless! -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#14
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
Martin Brown wrote:
On 01/08/2019 11:36, newshound wrote: Not answering the above, but on an associated topic there must be many people, like myself, who do some consultancy work that is wholy dependent on computers. There's a small but finite chance that innocent people might get their systems seized and my understanding is that it may take months or years to get the hardware and data back. In such a case, they are instantly out of business *unless* they have all their data backed up in the cloud, in which case it is just a case of buying a new laptop and carrying on. It is an interesting question. I would demand carbon copies of the working drives seized since without them the job stops. I wish them luck finding anything recognisable in my highly compressed chess databases. The first thing they should do after seizure is bitwise clone the original drives so if they make an extra copy at that point I'd be happy. Annoying to have hardware taken away but not a show stopper. What about virtual machines? How can the police (or anyone) sieze them? The *physical* machine is owned by someone else and may even be in a different country. -- Chris Green Β· |
#15
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 16:03, John Rumm wrote:
On 01/08/2019 15:29, Gareth's was W7 now W10 Downstairs Computer wrote: On 01/08/2019 15:25, John Rumm wrote: On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings No harm in that... 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. While I understand the desire, these are far from trivial problems to solve, and your suggestions in 1 and 2 above suggest you are currently sufficiently out of your depth in this particular domain, as to make any solutions less than useful. Retired software engineer with digital electronics background; relatively trivial programming exercise for me. That kind of reinforces the point. Security is a system wide and procedural issue, not just a technical programming one. Many notionally secure systems are routinely compromised even when using recognised crypto systems, simply down to procedural flaws, or lack of understanding of parts of the system that the designer had no awareness of. It is interesting to visit Bletchley Park and try your hand at an Enigma code cracking crib diagram. Traffic analysis can get you a long way and if you know that "0600 weather report" (or some other crib) is in the plaintext it cuts down the number of possibilities enormously. For example, even if your database is not "moved" by the OS, how do you ensure that fragments of it are not held in currently unused and non accessible pages of an SSD being managed by a wear levelling algorithm? Or in a reallocated sector of a hard drive? Or that the powers that be are not able to infer what you are typing with a covert listening device? Or see your non tempest secured screen remotely? Or are able to simply attack the other less security aware party you are communicating with? Reading a classic CRT was astonishingly easy with relatively simple radio astronomy kit. Modern LCDs would put up more of a fight. The list is nearly endless! -- Regards, Martin Brown |
#16
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 13:56, Max Demian wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. Create a hidden partition on an encrypted disk like you can with TrueCrypt. You don't think gchq doesn't know how to find that? |
#17
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On Thu, 1 Aug 2019 15:29:48 +0100
Gareth's was W7 now W10 Downstairs Computer wrote: On 01/08/2019 15:25, John Rumm wrote: On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings No harm in that... 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. While I understand the desire, these are far from trivial problems to solve, and your suggestions in 1 and 2 above suggest you are currently sufficiently out of your depth in this particular domain, as to make any solutions less than useful. Retired software engineer with digital electronics background; relatively trivial programming exercise for me. https://www.youtube.com/watch?v=BdnH19KsVVc |
#18
Posted to uk.d-i-y,uk.radio.amateur,uk.net.news.management,uk.politics.misc
|
|||
|
|||
DIY privacy and security, the rights of the individualagainst the intrusive state.
Gareth's was W7 now W10 Downstairs Computer wrote:
On 01/08/2019 15:25, John Rumm wrote: On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings No harm in that... 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. While I understand the desire, these are far from trivial problems to solve, and your suggestions in 1 and 2 above suggest you are currently sufficiently out of your depth in this particular domain, as to make any solutions less than useful. Retired software engineer It would be more accurate to say involuntarily retired software engineer, and even more accurate to say unemployable for decades. HTH. -- M0TEY // STC www.twitter.com/ukradioamateur |
#19
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 12:14, The Marquis Saint Evremonde wrote:
newshound posted Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. No, I don't think so. You're not generally obliged to answer police questions after arrest, and there is of course no law requiring disclosure of all backups *before* arrest. True but you might be interviewed under caution after a seizure. You could of course decline to answer any questions at that stage but if you did "fail to disclose" that might be a black mark if you were actually guilty. Especially if forensic investigation found a batch file of the form Copy really dirty stuff to secret location Delete and overwrite really dirty stuff |
#20
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 11:36, newshound wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. Not answering the above, but on an associated topic there must be many people, like myself, who do some consultancy work that is wholy dependent on computers. There's a small but finite chance that innocent people might get their systems seized and my understanding is that it may take months or years to get the hardware and data back. In such a case, they are instantly out of business *unless* they have all their data backed up in the cloud, in which case it is just a case of buying a new laptop and carrying on. Some years ago a friend of mine, who was an Independent Financial Advisor, heard a knock at the door and a dozen or more police burst in. They confiscated his computers, excorted him to his business premises and confiscated the ones there. He had backups and was able to buy a few more machines and get everything up and running again, but it cost him days of lost work. The regulator then banned him and his company from most of his work, relaxing it after a few weeks, but leaving him banned from dealing with pensions - the main part of his business. He was questioned under caution and remained on police bail for 18 months, although the regulator allowed him to start dealing with pensions again after about four months. Eventually the regulator and police agreed he'd done nothing wrong. What had happened was that he and another company had been recommending a third company for private pensions, but unknown to them, the third company was involved in a kick-back deal with some other financial advice companies and so they were suspected of being part of it. It is as easy as that to be accused and have vital computers and data taken away. Now, I don't mind having my contacts and calendar together with my spotify playlist in the cloud. Email is already there. But *some* of my client data can't go there. Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. That probably depends upon the data. You don't have to answer any questions the police ask, so you don't have to reveal the whereabouts or even the existence of a backup. However you are open to having new machines immediately confiscated if the data itself is suspected of being illegal. SteveW |
#21
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 14:05, Martin Brown wrote:
On 01/08/2019 11:36, newshound wrote: On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. Not answering the above, but on an associated topic there must be many people, like myself, who do some consultancy work that is wholy dependent on computers. There's a small but finite chance that innocent people might get their systems seized and my understanding is that it may take months or years to get the hardware and data back. In such a case, they are instantly out of business *unless* they have all their data backed up in the cloud, in which case it is just a case of buying a new laptop and carrying on. It is an interesting question. I would demand carbon copies of the working drives seized since without them the job stops. I wish them luck finding anything recognisable in my highly compressed chess databases. The first thing they should do after seizure is bitwise clone the original drives so if they make an extra copy at that point I'd be happy. Annoying to have hardware taken away but not a show stopper. Having all the backups and email archives seized and unavailable would be much more of an annoyance. And their sheer volume would tie up a lot of resources to scan though even with automatic tools. Now, I don't mind having my contacts and calendar together with my spotify playlist in the cloud. Email is already there. But *some* of my client data can't go there. Won't the police insist on locking that down too and inspecting it? Well they will want your IDs and Passwords, but presumably for "normal" cloud like Google Drive or OneDrive they have an access route anyway. Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or encrypted on a server hosted in some lawless region of the internet. But in principle they can pick it up in transit, and even with end to end encryption it's an offence not to disclose the key. Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. I no longer use hard encryption routinely since I think the security services need all the help they can get. Back when the USA was persecuting Phil Zimmerman for PGP I routinely exchanged emails with like minded tech folk with the hardest encryption then available. I stopped after 9/11. My view too (I never felt the need to start). When I was working on (government) Confidential and above that was on LANs with no internet connection at all. |
#22
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 16:05, Chris Green wrote:
Martin Brown wrote: On 01/08/2019 11:36, newshound wrote: Not answering the above, but on an associated topic there must be many people, like myself, who do some consultancy work that is wholy dependent on computers. There's a small but finite chance that innocent people might get their systems seized and my understanding is that it may take months or years to get the hardware and data back. In such a case, they are instantly out of business *unless* they have all their data backed up in the cloud, in which case it is just a case of buying a new laptop and carrying on. It is an interesting question. I would demand carbon copies of the working drives seized since without them the job stops. I wish them luck finding anything recognisable in my highly compressed chess databases. The first thing they should do after seizure is bitwise clone the original drives so if they make an extra copy at that point I'd be happy. Annoying to have hardware taken away but not a show stopper. What about virtual machines? How can the police (or anyone) sieze them? The *physical* machine is owned by someone else and may even be in a different country. See Snowden / Glenn Greenwald. The transmissions are archived. |
#23
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 14:16, Martin Brown wrote:
On 01/08/2019 13:56, Max Demian wrote: On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. Create a hidden partition on an encrypted disk like you can with TrueCrypt. That would immediately raise their suspicions. "Hidden" partitions are not very hidden from digital forensics. The hidden partition just appears as random data in the encrypted disk's free space. You have to know the hidden partition's password even to know it's there. Renaming the .tc file as .mp4 would also be a quick and dirty way, as it would appear to be a corrupt video file. -- Max Demian |
#24
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights ofthe individual against the intrusive state)
On Thu, 01 Aug 2019 11:36:13 +0100, newshound wrote:
Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. I don't see why on earth that would be a problem, provided as you say it's just related to your legitimate business. -- Leave first - THEN negotiate! |
#25
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 18:10, dennis@home wrote:
On 01/08/2019 13:56, Max Demian wrote: On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. Create a hidden partition on an encrypted disk like you can with TrueCrypt. You don't think gchq doesn't know how to find that? Most people aren't important enough to interest GCHQ. Most police computer forensics is outsourced to various private outfits of variable competence I imagine, with the vast amount of data that has to be processed. -- Max Demian |
#26
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On Thu, 01 Aug 2019 11:56:39 +0100, The Natural Philosopher wrote:
Write a program that writes 55H to every byte of every unallocated sector? You lose your "plausible deniability" if you do that, though. Best over- write with random garbage. -- Leave first - THEN negotiate! |
#27
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
newshound wrote:
On 01/08/2019 16:05, Chris Green wrote: Martin Brown wrote: On 01/08/2019 11:36, newshound wrote: Not answering the above, but on an associated topic there must be many people, like myself, who do some consultancy work that is wholy dependent on computers. There's a small but finite chance that innocent people might get their systems seized and my understanding is that it may take months or years to get the hardware and data back. In such a case, they are instantly out of business *unless* they have all their data backed up in the cloud, in which case it is just a case of buying a new laptop and carrying on. It is an interesting question. I would demand carbon copies of the working drives seized since without them the job stops. I wish them luck finding anything recognisable in my highly compressed chess databases. The first thing they should do after seizure is bitwise clone the original drives so if they make an extra copy at that point I'd be happy. Annoying to have hardware taken away but not a show stopper. What about virtual machines? How can the police (or anyone) sieze them? The *physical* machine is owned by someone else and may even be in a different country. See Snowden / Glenn Greenwald. The transmissions are archived. But since they're encrypted in a way that even the 'owner' of the data can't decrypt I don't see how that helps much. I'm also not convinced that there's enough storage space anywhere to 'archive' all the transferred data. I synchronise data between a home machine and a virtual machine and thus every time I make even trivial changes there's data flowing back and forth, I doubt very much that anyone archives each and every one of those changes. -- Chris Green Β· |
#28
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
newshound wrote:
Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or encrypted on a server hosted in some lawless region of the internet. But in principle they can pick it up in transit, and even with end to end encryption it's an offence not to disclose the key. 'I' don't know the key, it's negotiated between the two machines between which I'm transferring data. -- Chris Green Β· |
#29
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
"newshound" wrote in message o.uk... On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote: I've been giving some thought as to how to protect one's privacy from the ever growing snoopings of the Brit monarchy and all its lapdogs and subordinate dogs' dinners such as GCHQ, the MIxs and the po lice, and to kill off RIPA and the sending of innocent people to jail for not revealing their passwords and security keys to the plodderies. 1. In case of computers being seized, you have to guard against previous data being scattered around the disk in various deletions. The solution here would be to store all data in an indexed data base file of such a size that it won't be moved willy nilly by the OS. Then, by overwriting records at fixed and known locations, previous data can be guaranteed to be deleted. 2. When receiving encyphered messages, the one-time key is to be the previously received message, giving only one opportunity to read your message before it takes the place of the previously received message at the fixed location in the indexed data base. 3. Still working on data that has to be kept indefinitely, watch this space. Not answering the above, but on an associated topic there must be many people, like myself, who do some consultancy work that is wholy dependent on computers. There's a small but finite chance that innocent people might get their systems seized and my understanding is that it may take months or years to get the hardware and data back. In such a case, they are instantly out of business *unless* they have all their data backed up in the cloud, in which case it is just a case of buying a new laptop and carrying on. Now, I don't mind having my contacts and calendar together with my spotify playlist in the cloud. Email is already there. But *some* of my client data can't go there. Trivial to encrypt it so it can go there. Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. Corse you arent. |
#30
Posted to uk.d-i-y
|
|||
|
|||
cantankerous trolling geezer Rodent
On Fri, 2 Aug 2019 09:02:56 +1000, clinically insane, pedophilic, serbian
bitch Razovic, the resident psychopath of sci and scj and Usenet's famous sexual cripple, making an ass of herself as "jew pedophile Ron Jacobson (jew pedophile Baruch 'Barry' Shein's jew aliash)", farted again: FLUSH the auto-contradicting senile asshole's latest troll**** -- dennis@home to retarded senile Rot: "sod off rod you don't have a clue about anything." Message-ID: |
#31
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 01/08/2019 23:23, Chris Green wrote:
newshound wrote: Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or encrypted on a server hosted in some lawless region of the internet. But in principle they can pick it up in transit, and even with end to end encryption it's an offence not to disclose the key. 'I' don't know the key, it's negotiated between the two machines between which I'm transferring data. I'm not a big data user: all the sensitive data I own can be contained in one memory stick. In fact all the sensitive data I own IS contained in one, hardware encrypted, password protected ten-false-guesses-and-it wipes-itself memory stick. I can't possibly memorise the password so when I travel abroad, I write it down on a piece of paper...... ....and post it in advance to my destination address. It's quite safe because the paper is useless without the memory stick and the memory stick is useless without the piece of paper. Apart from thwarting any bad actors and possibly annoying people at immigration control am I doing anything illegal by being unable to divulge a password I don't know? Incidentally, does anybody know how these ten false guesses work? If I do five false guesses and remove the memory stick, am I back at ten tries next time or do I still have only five? Kingston Datatraveller G3 here. (I would answer the question experimentally myself except I'm overseas at the moment and the last thing I want to do is accidentally wipe all my data!!!) Nick |
#32
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
"Gareth's was W7 now W10 Downstairs Computer" wrote in message ... On 01/08/2019 11:36, newshound wrote: Gareth's stuff above is a bit tinfoil hat to me Civil liberties, my dear chap. But you raise an interesting concern, and that it the tendency of the plodderies to seize all computers and phones on the merest pretext and thereby completely destroying your well being in a digital world. There has to be a way of maintaining one's well being despite the unwarranted attacks by the plodderies. There is. encrypt everything, full offsite backup that they know nothing about. |
#33
Posted to uk.d-i-y
|
|||
|
|||
More Heavy Trolling by Senile Nym-Shifting Rodent Speed!
On Fri, 2 Aug 2019 09:14:32 +1000, jleikpkwk, better known as cantankerous
trolling senile geezer Rodent Speed, wrote: Civil liberties, my dear chap. But you raise an interesting concern, and that it the tendency of the plodderies to seize all computers and phones on the merest pretext and thereby completely destroying your well being in a digital world. There has to be a way of maintaining one's well being despite the unwarranted attacks by the plodderies. There is. encrypt everything, full offsite backup that they know nothing about. There isn't, senile asshole! You'll get convicted for not decrypting! Just HOW senile are you, you senile designer of a computer OS? BG -- Senile Rot about himself: "I was involved in the design of a computer OS" MID: |
#34
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
"Nick Odell" wrote in message ... On 01/08/2019 23:23, Chris Green wrote: newshound wrote: Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or encrypted on a server hosted in some lawless region of the internet. But in principle they can pick it up in transit, and even with end to end encryption it's an offence not to disclose the key. 'I' don't know the key, it's negotiated between the two machines between which I'm transferring data. I'm not a big data user: all the sensitive data I own can be contained in one memory stick. In fact all the sensitive data I own IS contained in one, hardware encrypted, password protected ten-false-guesses-and-it wipes-itself memory stick. I can't possibly memorise the password so when I travel abroad, I write it down on a piece of paper...... ...and post it in advance to my destination address. It's quite safe because the paper is useless without the memory stick and the memory stick is useless without the piece of paper. Apart from thwarting any bad actors and possibly annoying people at immigration control am I doing anything illegal by being unable to divulge a password I don't know? Nope. |
#35
Posted to uk.d-i-y
|
|||
|
|||
DIY privacy and security, the rights of the individual againstthe intrusive state.
On 01/08/2019 23:02, Cursitor Doom wrote:
On Thu, 01 Aug 2019 11:56:39 +0100, The Natural Philosopher wrote: Write a program that writes 55H to every byte of every unallocated sector? You lose your "plausible deniability" if you do that, though. Best over- write with random garbage. That what a brand new disk has. IIRC. OTOH you could simply tranfer whole chapters of Finnegans Wake. A enardrndon garbage as anything else. because random garbage is also very suspicious. -- It is dangerous to be right in matters on which the established authorities are wrong. Voltaire, The Age of Louis XIV |
#36
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
newshound posted
On 01/08/2019 12:14, The Marquis Saint Evremonde wrote: newshound posted Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to me to be a real (if low probability) threat. If you keep an off-site backup that you don't declare to the police, presumably you are committing an offence. No, I don't think so. You're not generally obliged to answer police questions after arrest, and there is of course no law requiring disclosure of all backups *before* arrest. True but you might be interviewed under caution after a seizure. You could of course decline to answer any questions at that stage but if you did "fail to disclose" that might be a black mark if you were actually guilty. Clearly the risk scenarios are different depending on whether you are "guilty" or "innocent", and in particular on whether the data you are concealing is intrinsically illegal just to possess. In terms of black marks: Refusing to answer police questions can only be used against you at trial if you produce something in your defence that you didn't disclose earlier. I don't think that concealing an offsite backup could qualify for that, although of course it could make the prosecution more vengeful. Especially if forensic investigation found a batch file of the form Copy really dirty stuff to secret location Delete and overwrite really dirty stuff If they can do that, and in particular if secret location is identifiable, then you're probably stuffed anyway. -- Evremonde |
#37
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
Nick Odell posted
I'm not a big data user: all the sensitive data I own can be contained in one memory stick. In fact all the sensitive data I own IS contained in one, hardware encrypted, password protected ten-false-guesses-and-it wipes-itself memory stick. I can't possibly memorise the password so when I travel abroad, I write it down on a piece of paper...... ...and post it in advance to my destination address. It's quite safe because the paper is useless without the memory stick and the memory stick is useless without the piece of paper. Apart from thwarting any bad actors and possibly annoying people at immigration control am I doing anything illegal by being unable to divulge a password I don't know? The pertinent question is not whether you are doing anything illegal but whether you can be convicted. And the answer to that [in the UK] is, yes you can, because a court will assume that you know the password, unless you can persuade them otherwise. Moreover, if you try this at US immigration, they will probably just put you on the next flight back without even arguing about it, because they can. -- Evremonde |
#38
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of the individual against the intrusive state)
Steve Walker posted
What had happened was that he and another company had been recommending a third company for private pensions, but unknown to them, the third company was involved in a kick-back deal with some other financial advice companies and so they were suspected of being part of it. It is as easy as that to be accused and have vital computers and data taken away. And, as we know, it's even easier where the alleged data is intrinsically illegal just to possess. -- Evremonde |
#39
Posted to uk.d-i-y
|
|||
|
|||
More Heavy Trolling by Senile Nym-Shifting Rodent Speed!
On Fri, 2 Aug 2019 15:17:19 +1000, jleikpkwk, better known as cantankerous
trolling senile geezer Rodent Speed, wrote: Nope. Did you just get another one of your tiny senile online orgasms, you subnormal trolling senile asshole from Oz? BG -- Website (from 2007) dedicated to the 85-year-old trolling senile cretin from Oz: https://www.pcreview.co.uk/threads/r...d-faq.2973853/ |
#40
Posted to uk.d-i-y
|
|||
|
|||
Computer seizure (was DIY privacy and security, the rights of theindividual against the intrusive state)
On 02/08/2019 00:12, Nick Odell wrote:
On 01/08/2019 23:23, Chris Green wrote: newshound wrote: Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or encrypted on a server hosted in some lawless region of the internet. But in principle they can pick it up in transit, and even with end to end encryption it's an offence not to disclose the key. 'I' don't know the key, it's negotiated between the two machines between which I'm transferring data. I'm not a big data user: all the sensitive data I own can be contained in one memory stick. In fact all the sensitive data I own IS contained in one, hardware encrypted, password protected ten-false-guesses-and-it wipes-itself memory stick. I can't possibly memorise the password so when I travel abroad, I write it down on a piece of paper...... ...and post it in advance to my destination address. It's quite safe because the paper is useless without the memory stick and the memory stick is useless without the piece of paper. Apart from thwarting any bad actors and possibly annoying people at immigration control am I doing anything illegal by being unable to divulge a password I don't know? Why are you unable to divulge the password? AFAICS you can do so by disclosing the address to which you posted it. Or the location of a back-up copy of the password. -- Robin reply-to address is (intended to be) valid |
Reply |
|
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
{OT] Preventing Tracking, Blocking Ads, Stopping Malware, EnhancingFacebook, Managing Privacy Settings on Facebook and LinkedIn | Home Repair | |||
Laws banning discrimination against queers should only apply tothe state | Metalworking | |||
Best Buy and Geek Squad computer privacy issues | Electronics Repair | |||
Concrete block posts and horizontal wood 'picket' privacy fence idea. | Home Ownership |