The saving grace is it is licensed under AGPLv3 so community can take over if something happen.
umami_wasbi
joined 1 year ago
Any source on this?
The point is they don't have to proof if a piece of random data is indeed an encrypted blob.
Imagine you passing border security and got selected for search. They found a piece of data on your device with high entropy without known headers in the wrong place. You can claim you know nothing about it, yet they can speculate the heck out of you. In more civil nations, you might got on to a watch list. In a more authoritive nations, they can just detain you.
They don't have to prove you hiding something. The mere fact of you have that piece of high entroy data is a clue to them, and they have the power to make your life hard. Oh you said you deny them for a search? First congrats you still have a choice, and secondly that's also a clue to them.
For more info, read cryptsetup FAQ section 5.2 paragraph 3, 5.18, and 5.21. It is written by Milan Brož who is way more experienced than me on this matter.
IMO, deniable ~~something~~ encryption is just not practical in real life. Authorites can make you life real hard, or just throw you straight into jail, just by suspecting you have encrypted materials.
I thought not connecting it to the internet will make it OK?
XMPP isn't any better in terms of metadata. OMEMO is an afterthought that slaps on to XMPP. Many metadata are still attached to the message. The threat model only protects the content and doesn't guard aginst metadata and traffic analysis. Even OMEMO extension is still in experimental status. Not to mention, users still need to signup an account using their email.
Honestly, I think SimpleX is better in everyway. No account required, minimal metadata (at least from the technical whitepaper and other sources I read), fully open source (AGPLv3), an ok mobile and desktop client, and audited. The register friction is almost non existance. You just need to install, set a name, and off you go. The only worry I have with them is they took VC funds.
ADD: XMPP is still better for company internal communication, especially when compliances require conversation archiving.
Describe your use case.
Sops, or OpenBao
Does that counts as emtrapment?
So how are they going to detect, proof, and enforce?
I guess that would only happen you don't step out of your room and social. How counld they prevent one steping outside and say hello to anyone?
It is simply no hope aginst an automated scanner. No one search for files manually today.