[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)
Greg
greg at kinostudios.com
Mon Oct 6 13:52:12 PDT 2014
Dear Steve,
On Oct 6, 2014, at 9:48 AM, Steve Weis <steveweis at gmail.com> wrote:
> Hello Greg. I tried out Espionage.app and it was easy to distinguish
> real encrypted images from fake images via filesystem metadata. I
> don't think Espionage offers any realistic notion of plausible
> deniability, especially against "totalitarian regimes" as the webpage
> claims.
Espionage manipulates the filesystem metadata for sparsebundles, so it's unclear to me whether you actually were able to distinguish them or not, but if you were, please send an email to contact at taoeffect.com with your results and we'll fix it!
GPG: https://www.taoeffect.com/other/A884B988.asc
Thanks for having a look.
Kind regards,
Greg Slepak
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
>
> This took no special skills and only a few minutes to find. Someone
> who knows more about disk forensics or the journaled filesystem can
> likely recover much more detailed usage information. I'm also suspect
> of Espionage's internal database leaking information, but did not look
> at it closely.
>
> On Sat, Sep 27, 2014 at 7:15 PM, Greg <greg at kinostudios.com> wrote:
>> I work for Tao Effect LLC, our software is on that list, and you can read
>> about how its plausible deniability compares to TrueCrypt's here...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141006/712feaae/attachment.html>
More information about the liberationtech
mailing list