I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy
dependent on computers. There's a small but finite chance that innocent
people might get their systems seized and my understanding is that it
may take months or years to get the hardware and data back. In such a
case, they are instantly out of business *unless* they have all their
data backed up in the cloud, in which case it is just a case of buying a
new laptop and carrying on.

Now, I don't mind having my contacts and calendar together with my
spotify playlist in the cloud. Email is already there. But *some* of my
client data can't go there.

Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems
to me to be a real (if low probability) threat. If you keep an off-site
backup that you don't declare to the police, presumably you are
committing an offence.

On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

Write a program that writes 55H to every byte of every unallocated sector?


2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

To easy to corrupt and lose the thread


3. Still working on data that has to be kept indefinitely,
watch this space.


--
Socialism is the philosophy of failure, the creed of ignorance and the
gospel of envy.

Its inherent virtue is the equal sharing of misery.

Winston Churchill

On 01/08/2019 11:36, newshound wrote:

Gareth's stuff above is a bit tinfoil hat to me

Civil liberties, my dear chap.

But you raise an interesting concern, and that it
the tendency of the plodderies to seize all
computers and phones on the merest pretext and
thereby completely destroying your well being
in a digital world.

There has to be a way of maintaining one's
well being despite the unwarranted attacks
by the plodderies.

newshound posted

Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems
to me to be a real (if low probability) threat. If you keep an off-site
backup that you don't declare to the police, presumably you are
committing an offence.

No, I don't think so. You're not generally obliged to answer police
questions after arrest, and there is of course no law requiring
disclosure of all backups *before* arrest.

--
Evremonde

On 01/08/2019 12:03, Gareth's was W7 now W10 Downstairs Computer wrote:
On 01/08/2019 11:36, newshound wrote:

Gareth's stuff above is a bit tinfoil hat to me

Civil liberties, my dear chap.

But you raise an interesting concern, and that it
the tendency of the plodderies to seize all
computers and phones on the merest pretext and
thereby completely destroying your well being
in a digital world.

There has to be a way of maintaining one's
well being despite the unwarranted attacks
by the plodderies.


cross backup strategies with neigbours and friends


--
The biggest threat to humanity comes from socialism, which has utterly
diverted our attention away from what really matters to our existential
survival, to indulging in navel gazing and faux moral investigations
into what the world ought to be, whilst we fail utterly to deal with
what it actually is.

On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

Create a hidden partition on an encrypted disk like you can with TrueCrypt.

--
Max Demian

On 01/08/2019 11:36, newshound wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy
dependent on computers. There's a small but finite chance that innocent
people might get their systems seized and my understanding is that it
may take months or years to get the hardware and data back. In such a
case, they are instantly out of business *unless* they have all their
data backed up in the cloud, in which case it is just a case of buying a
new laptop and carrying on.

It is an interesting question. I would demand carbon copies of the
working drives seized since without them the job stops. I wish them luck
finding anything recognisable in my highly compressed chess databases.

The first thing they should do after seizure is bitwise clone the
original drives so if they make an extra copy at that point I'd be
happy. Annoying to have hardware taken away but not a show stopper.

Having all the backups and email archives seized and unavailable would
be much more of an annoyance. And their sheer volume would tie up a lot
of resources to scan though even with automatic tools.

Now, I don't mind having my contacts and calendar together with my
spotify playlist in the cloud. Email is already there. But *some* of my
client data can't go there.

Won't the police insist on locking that down too and inspecting it?

Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or
encrypted on a server hosted in some lawless region of the internet.

Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems
to me to be a real (if low probability) threat. If you keep an off-site
backup that you don't declare to the police, presumably you are
committing an offence.

I no longer use hard encryption routinely since I think the security
services need all the help they can get. Back when the USA was
persecuting Phil Zimmerman for PGP I routinely exchanged emails with
like minded tech folk with the hardest encryption then available.
I stopped after 9/11.

--
Regards,
Martin Brown

On 01/08/2019 13:56, Max Demian wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

Create a hidden partition on an encrypted disk like you can with TrueCrypt.

That would immediately raise their suspicions.
"Hidden" partitions are not very hidden from digital forensics.

Various obscure forms of steganography might work though if the
proportion of data you wanted to hide was relatively modest and you
don't mind slightly degrading your digital media.

This technique of hiding things in plain sight goes back a long way:

https://en.wikipedia.org/wiki/Steganography

--
Regards,
Martin Brown

On 01/08/2019 13:56, Max Demian wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

Create a hidden partition on an encrypted disk like you can with TrueCrypt.


All of which techniques are well known to the plodderies and their ilk
from which knowledge they can demand the keys.

On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:

I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings

No harm in that...

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

While I understand the desire, these are far from trivial problems to
solve, and your suggestions in 1 and 2 above suggest you are currently
sufficiently out of your depth in this particular domain, as to make any
solutions less than useful.

Most people are capable of devising a security system so good that they
themselves could not break it... alas that does not mean it is free from
flaws or of any practical use, or that a security researcher or
cryptanalyst would not compromise it in five minutes.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 01/08/2019 15:25, John Rumm wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:

I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings

No harm in that...

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

While I understand the desire, these are far from trivial problems to
solve, and your suggestions in 1 and 2 above suggest you are currently
sufficiently out of your depth in this particular domain, as to make any
solutions less than useful.

Retired software engineer with digital electronics background;
relatively trivial programming exercise for me.

On 01/08/2019 15:29, Gareth's was W7 now W10 Downstairs Computer wrote:
On 01/08/2019 15:25, John Rumm wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:

I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings

No harm in that...

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

While I understand the desire, these are far from trivial problems to
solve, and your suggestions in 1 and 2 above suggest you are currently
sufficiently out of your depth in this particular domain, as to make
any solutions less than useful.

Retired software engineer with digital electronics background;
relatively trivial programming exercise for me.

That kind of reinforces the point. Security is a system wide and
procedural issue, not just a technical programming one. Many notionally
secure systems are routinely compromised even when using recognised
crypto systems, simply down to procedural flaws, or lack of
understanding of parts of the system that the designer had no awareness of.

For example, even if your database is not "moved" by the OS, how do you
ensure that fragments of it are not held in currently unused and non
accessible pages of an SSD being managed by a wear levelling algorithm?
Or in a reallocated sector of a hard drive? Or that the powers that be
are not able to infer what you are typing with a covert listening
device? Or see your non tempest secured screen remotely? Or are able to
simply attack the other less security aware party you are communicating
with?

The list is nearly endless!


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

Martin Brown wrote:
On 01/08/2019 11:36, newshound wrote:
Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy
dependent on computers. There's a small but finite chance that innocent
people might get their systems seized and my understanding is that it
may take months or years to get the hardware and data back. In such a
case, they are instantly out of business *unless* they have all their
data backed up in the cloud, in which case it is just a case of buying a
new laptop and carrying on.

It is an interesting question. I would demand carbon copies of the
working drives seized since without them the job stops. I wish them luck
finding anything recognisable in my highly compressed chess databases.

The first thing they should do after seizure is bitwise clone the
original drives so if they make an extra copy at that point I'd be
happy. Annoying to have hardware taken away but not a show stopper.

What about virtual machines? How can the police (or anyone) sieze
them? The *physical* machine is owned by someone else and may even be
in a different country.

--
Chris Green
·

On 01/08/2019 16:03, John Rumm wrote:
On 01/08/2019 15:29, Gareth's was W7 now W10 Downstairs Computer wrote:
On 01/08/2019 15:25, John Rumm wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:

I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings

No harm in that...

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

While I understand the desire, these are far from trivial problems to
solve, and your suggestions in 1 and 2 above suggest you are
currently sufficiently out of your depth in this particular domain,
as to make any solutions less than useful.

Retired software engineer with digital electronics background;
relatively trivial programming exercise for me.

That kind of reinforces the point. Security is a system wide and
procedural issue, not just a technical programming one. Many notionally
secure systems are routinely compromised even when using recognised
crypto systems, simply down to procedural flaws, or lack of
understanding of parts of the system that the designer had no awareness of.

It is interesting to visit Bletchley Park and try your hand at an Enigma
code cracking crib diagram. Traffic analysis can get you a long way and
if you know that "0600 weather report" (or some other crib) is in the
plaintext it cuts down the number of possibilities enormously.

For example, even if your database is not "moved" by the OS, how do you
ensure that fragments of it are not held in currently unused and non
accessible pages of an SSD being managed by a wear levelling algorithm?
Or in a reallocated sector of a hard drive? Or that the powers that be
are not able to infer what you are typing with a covert listening
device? Or see your non tempest secured screen remotely? Or are able to
simply attack the other less security aware party you are communicating
with?

Reading a classic CRT was astonishingly easy with relatively simple
radio astronomy kit. Modern LCDs would put up more of a fight.

The list is nearly endless!




--
Regards,
Martin Brown

On 01/08/2019 13:56, Max Demian wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

Create a hidden partition on an encrypted disk like you can with TrueCrypt.


You don't think gchq doesn't know how to find that?

On Thu, 1 Aug 2019 15:29:48 +0100
Gareth's was W7 now W10 Downstairs Computer
wrote:

On 01/08/2019 15:25, John Rumm wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer
wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings

No harm in that...

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

While I understand the desire, these are far from trivial problems
to solve, and your suggestions in 1 and 2 above suggest you are
currently sufficiently out of your depth in this particular domain,
as to make any solutions less than useful.

Retired software engineer with digital electronics background;
relatively trivial programming exercise for me.

https://www.youtube.com/watch?v=BdnH19KsVVc

Gareth's was W7 now W10 Downstairs Computer wrote:
On 01/08/2019 15:25, John Rumm wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:

I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings

No harm in that...

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

While I understand the desire, these are far from trivial problems to
solve, and your suggestions in 1 and 2 above suggest you are currently
sufficiently out of your depth in this particular domain, as to make any
solutions less than useful.

Retired software engineer

It would be more accurate to say €œinvoluntarily retired software engineer€�,
and even more accurate to say €œunemployable for decades€�. HTH.

--
M0TEY // STC
www.twitter.com/ukradioamateur

On 01/08/2019 12:14, The Marquis Saint Evremonde wrote:
newshound posted

Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems
to me to be a real (if low probability) threat. If you keep an
off-site backup that you don't declare to the police, presumably you
are committing an offence.

No, I don't think so. You're not generally obliged to answer police
questions after arrest, and there is of course no law requiring
disclosure of all backups *before* arrest.

True but you might be interviewed under caution after a seizure. You
could of course decline to answer any questions at that stage but if you
did "fail to disclose" that might be a black mark if you were actually
guilty.

Especially if forensic investigation found a batch file of the form

Copy really dirty stuff to secret location
Delete and overwrite really dirty stuff

On 01/08/2019 11:36, newshound wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy
dependent on computers. There's a small but finite chance that innocent
people might get their systems seized and my understanding is that it
may take months or years to get the hardware and data back. In such a
case, they are instantly out of business *unless* they have all their
data backed up in the cloud, in which case it is just a case of buying a
new laptop and carrying on.

Some years ago a friend of mine, who was an Independent Financial
Advisor, heard a knock at the door and a dozen or more police burst in.
They confiscated his computers, excorted him to his business premises
and confiscated the ones there.

He had backups and was able to buy a few more machines and get
everything up and running again, but it cost him days of lost work.

The regulator then banned him and his company from most of his work,
relaxing it after a few weeks, but leaving him banned from dealing with
pensions - the main part of his business.

He was questioned under caution and remained on police bail for 18
months, although the regulator allowed him to start dealing with
pensions again after about four months.

Eventually the regulator and police agreed he'd done nothing wrong.

What had happened was that he and another company had been recommending
a third company for private pensions, but unknown to them, the third
company was involved in a kick-back deal with some other financial
advice companies and so they were suspected of being part of it.

It is as easy as that to be accused and have vital computers and data
taken away.

Now, I don't mind having my contacts and calendar together with my
spotify playlist in the cloud. Email is already there. But *some* of my
client data can't go there.

Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems
to me to be a real (if low probability) threat. If you keep an off-site
backup that you don't declare to the police, presumably you are
committing an offence.

That probably depends upon the data. You don't have to answer any
questions the police ask, so you don't have to reveal the whereabouts or
even the existence of a backup. However you are open to having new
machines immediately confiscated if the data itself is suspected of
being illegal.

SteveW

On 01/08/2019 14:05, Martin Brown wrote:
On 01/08/2019 11:36, newshound wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy
dependent on computers. There's a small but finite chance that
innocent people might get their systems seized and my understanding is
that it may take months or years to get the hardware and data back. In
such a case, they are instantly out of business *unless* they have all
their data backed up in the cloud, in which case it is just a case of
buying a new laptop and carrying on.

It is an interesting question. I would demand carbon copies of the
working drives seized since without them the job stops. I wish them luck
finding anything recognisable in my highly compressed chess databases.

The first thing they should do after seizure is bitwise clone the
original drives so if they make an extra copy at that point I'd be
happy. Annoying to have hardware taken away but not a show stopper.

Having all the backups and email archives seized and unavailable would
be much more of an annoyance. And their sheer volume would tie up a lot
of resources to scan though even with automatic tools.

Now, I don't mind having my contacts and calendar together with my
spotify playlist in the cloud. Email is already there. But *some* of
my client data can't go there.

Won't the police insist on locking that down too and inspecting it?

Well they will want your IDs and Passwords, but presumably for "normal"
cloud like Google Drive or OneDrive they have an access route anyway.


Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or
encrypted on a server hosted in some lawless region of the internet.

But in principle they can pick it up in transit, and even with end to
end encryption it's an offence not to disclose the key.


Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems
to me to be a real (if low probability) threat. If you keep an
off-site backup that you don't declare to the police, presumably you
are committing an offence.

I no longer use hard encryption routinely since I think the security
services need all the help they can get. Back when the USA was
persecuting Phil Zimmerman for PGP I routinely exchanged emails with
like minded tech folk with the hardest encryption then available.
I stopped after 9/11.

My view too (I never felt the need to start). When I was working on
(government) Confidential and above that was on LANs with no internet
connection at all.

On 01/08/2019 16:05, Chris Green wrote:
Martin Brown wrote:
On 01/08/2019 11:36, newshound wrote:
Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy
dependent on computers. There's a small but finite chance that innocent
people might get their systems seized and my understanding is that it
may take months or years to get the hardware and data back. In such a
case, they are instantly out of business *unless* they have all their
data backed up in the cloud, in which case it is just a case of buying a
new laptop and carrying on.

It is an interesting question. I would demand carbon copies of the
working drives seized since without them the job stops. I wish them luck
finding anything recognisable in my highly compressed chess databases.

The first thing they should do after seizure is bitwise clone the
original drives so if they make an extra copy at that point I'd be
happy. Annoying to have hardware taken away but not a show stopper.

What about virtual machines? How can the police (or anyone) sieze
them? The *physical* machine is owned by someone else and may even be
in a different country.

See Snowden / Glenn Greenwald. The transmissions are archived.

On 01/08/2019 14:16, Martin Brown wrote:
On 01/08/2019 13:56, Max Demian wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

Create a hidden partition on an encrypted disk like you can with
TrueCrypt.

That would immediately raise their suspicions.
"Hidden" partitions are not very hidden from digital forensics.

The hidden partition just appears as random data in the encrypted disk's
free space. You have to know the hidden partition's password even to
know it's there.

Renaming the .tc file as .mp4 would also be a quick and dirty way, as it
would appear to be a corrupt video file.

--
Max Demian

On Thu, 01 Aug 2019 11:36:13 +0100, newshound wrote:

Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems
to me to be a real (if low probability) threat. If you keep an off-site
backup that you don't declare to the police, presumably you are
committing an offence.

I don't see why on earth that would be a problem, provided as you say
it's just related to your legitimate business.



--
Leave first - THEN negotiate!

On 01/08/2019 18:10, dennis@home wrote:
On 01/08/2019 13:56, Max Demian wrote:
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

Create a hidden partition on an encrypted disk like you can with
TrueCrypt.


You don't think gchq doesn't know how to find that?

Most people aren't important enough to interest GCHQ. Most police
computer forensics is outsourced to various private outfits of variable
competence I imagine, with the vast amount of data that has to be processed.

--
Max Demian

On Thu, 01 Aug 2019 11:56:39 +0100, The Natural Philosopher wrote:

Write a program that writes 55H to every byte of every unallocated
sector?

You lose your "plausible deniability" if you do that, though. Best over-
write with random garbage.


--
Leave first - THEN negotiate!

newshound wrote:
On 01/08/2019 16:05, Chris Green wrote:
Martin Brown wrote:
On 01/08/2019 11:36, newshound wrote:
Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy
dependent on computers. There's a small but finite chance that innocent
people might get their systems seized and my understanding is that it
may take months or years to get the hardware and data back. In such a
case, they are instantly out of business *unless* they have all their
data backed up in the cloud, in which case it is just a case of buying a
new laptop and carrying on.

It is an interesting question. I would demand carbon copies of the
working drives seized since without them the job stops. I wish them luck
finding anything recognisable in my highly compressed chess databases.

The first thing they should do after seizure is bitwise clone the
original drives so if they make an extra copy at that point I'd be
happy. Annoying to have hardware taken away but not a show stopper.

What about virtual machines? How can the police (or anyone) sieze
them? The *physical* machine is owned by someone else and may even be
in a different country.

See Snowden / Glenn Greenwald. The transmissions are archived.

But since they're encrypted in a way that even the 'owner' of the data
can't decrypt I don't see how that helps much.

I'm also not convinced that there's enough storage space anywhere to
'archive' all the transferred data. I synchronise data between a home
machine and a virtual machine and thus every time I make even trivial
changes there's data flowing back and forth, I doubt very much that
anyone archives each and every one of those changes.

--
Chris Green
·

newshound wrote:

Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or
encrypted on a server hosted in some lawless region of the internet.

But in principle they can pick it up in transit, and even with end to
end encryption it's an offence not to disclose the key.

'I' don't know the key, it's negotiated between the two machines
between which I'm transferring data.

--
Chris Green
·

"newshound" wrote in message
o.uk...
On 01/08/2019 10:56, Gareth's was W7 now W10 Downstairs Computer wrote:
I've been giving some thought as to how to
protect one's privacy from the ever growing
snoopings of the Brit monarchy and all its
lapdogs and subordinate dogs' dinners
such as GCHQ, the MIxs and the po lice,
and to kill off RIPA and the sending of innocent
people to jail for not revealing their
passwords and security keys to the plodderies.

1. In case of computers being seized, you have to
guard against previous data being scattered around
the disk in various deletions. The solution here would
be to store all data in an indexed data base file of
such a size that it won't be moved willy nilly by
the OS. Then, by overwriting records at fixed and
known locations, previous data can be guaranteed
to be deleted.

2. When receiving encyphered messages, the one-time key
is to be the previously received message, giving only
one opportunity to read your message before it takes the
place of the previously received message at the fixed
location in the indexed data base.

3. Still working on data that has to be kept indefinitely,
watch this space.

Not answering the above, but on an associated topic there must be many
people, like myself, who do some consultancy work that is wholy dependent
on computers. There's a small but finite chance that innocent people might
get their systems seized and my understanding is that it may take months
or years to get the hardware and data back. In such a case, they are
instantly out of business *unless* they have all their data backed up in
the cloud, in which case it is just a case of buying a new laptop and
carrying on.

Now, I don't mind having my contacts and calendar together with my spotify
playlist in the cloud. Email is already there. But *some* of my client
data can't go there.

Trivial to encrypt it so it can go there.

Gareth's stuff above is a bit tinfoil hat to me, but my scenario seems to
me to be a real (if low probability) threat. If you keep an off-site
backup that you don't declare to the police, presumably you are committing
an offence.

Corse you arent.

On Fri, 2 Aug 2019 09:02:56 +1000, clinically insane, pedophilic, serbian
bitch Razovic, the resident psychopath of sci and scj and Usenet's famous
sexual cripple, making an ass of herself as "jew pedophile Ron Jacobson (jew
pedophile Baruch 'Barry' Shein's jew aliash)", farted again:

FLUSH the auto-contradicting senile asshole's latest troll****

--
dennis@home to retarded senile Rot:
"sod off rod you don't have a clue about anything."
Message-ID:

On 01/08/2019 23:23, Chris Green wrote:
newshound wrote:

Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or
encrypted on a server hosted in some lawless region of the internet.

But in principle they can pick it up in transit, and even with end to
end encryption it's an offence not to disclose the key.

'I' don't know the key, it's negotiated between the two machines
between which I'm transferring data.

I'm not a big data user: all the sensitive data I own can be contained
in one memory stick. In fact all the sensitive data I own IS contained
in one, hardware encrypted, password protected ten-false-guesses-and-it
wipes-itself memory stick.

I can't possibly memorise the password so when I travel abroad, I write
it down on a piece of paper......

....and post it in advance to my destination address. It's quite safe
because the paper is useless without the memory stick and the memory
stick is useless without the piece of paper. Apart from thwarting any
bad actors and possibly annoying people at immigration control am I
doing anything illegal by being unable to divulge a password I don't know?


Incidentally, does anybody know how these ten false guesses work? If I
do five false guesses and remove the memory stick, am I back at ten
tries next time or do I still have only five? Kingston Datatraveller G3
here.

(I would answer the question experimentally myself except I'm overseas
at the moment and the last thing I want to do is accidentally wipe all
my data!!!)

Nick

"Gareth's was W7 now W10 Downstairs Computer" wrote
in message ...
On 01/08/2019 11:36, newshound wrote:

Gareth's stuff above is a bit tinfoil hat to me

Civil liberties, my dear chap.

But you raise an interesting concern, and that it
the tendency of the plodderies to seize all
computers and phones on the merest pretext and
thereby completely destroying your well being
in a digital world.

There has to be a way of maintaining one's
well being despite the unwarranted attacks
by the plodderies.

There is. encrypt everything, full offsite backup
that they know nothing about.

On Fri, 2 Aug 2019 09:14:32 +1000, jleikpkwk, better known as cantankerous
trolling senile geezer Rodent Speed, wrote:


Civil liberties, my dear chap.

But you raise an interesting concern, and that it
the tendency of the plodderies to seize all
computers and phones on the merest pretext and
thereby completely destroying your well being
in a digital world.

There has to be a way of maintaining one's
well being despite the unwarranted attacks
by the plodderies.

There is. encrypt everything, full offsite backup
that they know nothing about.

There isn't, senile asshole! You'll get convicted for not decrypting! Just
HOW senile are you, you senile designer of a computer OS? BG

--
Senile Rot about himself:
"I was involved in the design of a computer OS"
MID:

"Nick Odell" wrote in message
...
On 01/08/2019 23:23, Chris Green wrote:
newshound wrote:

Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or
encrypted on a server hosted in some lawless region of the internet.

But in principle they can pick it up in transit, and even with end to
end encryption it's an offence not to disclose the key.

'I' don't know the key, it's negotiated between the two machines
between which I'm transferring data.

I'm not a big data user: all the sensitive data I own can be contained in
one memory stick. In fact all the sensitive data I own IS contained in
one, hardware encrypted, password protected ten-false-guesses-and-it
wipes-itself memory stick.

I can't possibly memorise the password so when I travel abroad, I write it
down on a piece of paper......

...and post it in advance to my destination address. It's quite safe
because the paper is useless without the memory stick and the memory stick
is useless without the piece of paper. Apart from thwarting any bad actors
and possibly annoying people at immigration control am I doing anything
illegal by being unable to divulge a password I don't know?

Nope.

On 01/08/2019 23:02, Cursitor Doom wrote:
On Thu, 01 Aug 2019 11:56:39 +0100, The Natural Philosopher wrote:

Write a program that writes 55H to every byte of every unallocated
sector?

You lose your "plausible deniability" if you do that, though. Best over-
write with random garbage.


That what a brand new disk has. IIRC.

OTOH you could simply tranfer whole chapters of Finnegans Wake.

A enardrndon garbage as anything else.

because random garbage is also very suspicious.


--
€œIt is dangerous to be right in matters on which the established
authorities are wrong.€�

ۥ Voltaire, The Age of Louis XIV

newshound posted
On 01/08/2019 12:14, The Marquis Saint Evremonde wrote:
newshound posted

Gareth's stuff above is a bit tinfoil hat to me, but my scenario
seems to me to be a real (if low probability) threat. If you keep an
off-site backup that you don't declare to the police, presumably you
are committing an offence.
No, I don't think so. You're not generally obliged to answer police
questions after arrest, and there is of course no law requiring
disclosure of all backups *before* arrest.

True but you might be interviewed under caution after a seizure. You
could of course decline to answer any questions at that stage but if
you did "fail to disclose" that might be a black mark if you were
actually guilty.

Clearly the risk scenarios are different depending on whether you are
"guilty" or "innocent", and in particular on whether the data you are
concealing is intrinsically illegal just to possess.

In terms of black marks: Refusing to answer police questions can only be
used against you at trial if you produce something in your defence that
you didn't disclose earlier. I don't think that concealing an offsite
backup could qualify for that, although of course it could make the
prosecution more vengeful.

Especially if forensic investigation found a batch file of the form

Copy really dirty stuff to secret location
Delete and overwrite really dirty stuff

If they can do that, and in particular if secret location is
identifiable, then you're probably stuffed anyway.

--
Evremonde

Nick Odell posted
I'm not a big data user: all the sensitive data I own can be contained
in one memory stick. In fact all the sensitive data I own IS contained
in one, hardware encrypted, password protected ten-false-guesses-and-it
wipes-itself memory stick.

I can't possibly memorise the password so when I travel abroad, I write
it down on a piece of paper......

...and post it in advance to my destination address. It's quite safe
because the paper is useless without the memory stick and the memory
stick is useless without the piece of paper. Apart from thwarting any
bad actors and possibly annoying people at immigration control am I
doing anything illegal by being unable to divulge a password I don't know?

The pertinent question is not whether you are doing anything illegal but
whether you can be convicted. And the answer to that [in the UK] is, yes
you can, because a court will assume that you know the password, unless
you can persuade them otherwise.

Moreover, if you try this at US immigration, they will probably just put
you on the next flight back without even arguing about it, because they
can.
--
Evremonde

Steve Walker posted

What had happened was that he and another company had been recommending
a third company for private pensions, but unknown to them, the third
company was involved in a kick-back deal with some other financial
advice companies and so they were suspected of being part of it.

It is as easy as that to be accused and have vital computers and data
taken away.

And, as we know, it's even easier where the alleged data is
intrinsically illegal just to possess.

--
Evremonde

On Fri, 2 Aug 2019 15:17:19 +1000, jleikpkwk, better known as cantankerous
trolling senile geezer Rodent Speed, wrote:


Nope.

Did you just get another one of your tiny senile online orgasms, you
subnormal trolling senile asshole from Oz? BG

--
Website (from 2007) dedicated to the 85-year-old trolling senile
cretin from Oz:
https://www.pcreview.co.uk/threads/r...d-faq.2973853/

On 02/08/2019 00:12, Nick Odell wrote:
On 01/08/2019 23:23, Chris Green wrote:
newshound wrote:

Otherwise all anyone needs do is keep their dodgy stuff in the Cloud or
encrypted on a server hosted in some lawless region of the internet.

But in principle they can pick it up in transit, and even with end to
end encryption it's an offence not to disclose the key.

'I' don't know the key, it's negotiated between the two machines
between which I'm transferring data.

I'm not a big data user: all the sensitive data I own can be contained
in one memory stick. In fact all the sensitive data I own IS contained
in one, hardware encrypted, password protected ten-false-guesses-and-it
wipes-itself memory stick.

I can't possibly memorise the password so when I travel abroad, I write
it down on a piece of paper......

...and post it in advance to my destination address. It's quite safe
because the paper is useless without the memory stick and the memory
stick is useless without the piece of paper. Apart from thwarting any
bad actors and possibly annoying people at immigration control am I
doing anything illegal by being unable to divulge a password I don't know?

Why are you unable to divulge the password? AFAICS you can do so by
disclosing the address to which you posted it. Or the location of a
back-up copy of the password.


--
Robin
reply-to address is (intended to be) valid