[Freedombox-discuss] School intimidates girl to give up Facebook password

Sean Leonard meanderingcode at aetherislands.net
Tue Mar 13 17:50:58 UTC 2012


On 03/13/2012 11:23 AM, Daniel Kahn Gillmor wrote [abridged] :
> How does (or how could) a FreedomBox help a user avoid giving up their
> authentication credentials in the face of heavy-handed coercion by a
> powerful authority figure?  This is not a rhetorical question; i'd
> really like to hear explanations or proposals!
> 
> It seems to me like FreedomBox would help the user by limiting the
> authorities' ability to bypass the user entirely and demand access from
> the service provider directly.
> 
> I haven't seen any proposals for how FreedomBox could help the user
> themselves resist disclosure of their own credentials.

While I don't have any idea about resisting the giving of credentials...

What about a truecrypt full disk encryption / hidden operating system
approach?[1]

It may be possible to do something fancy with Truecrypt whereby a key
file on a removable media (i.e. USB flash drive) could boot the hidden
OS without a password.  I have no idea, really.

If not, then the user's home directory could be encrypted in hidden
volume style, such that they would have to access the FreedomBox over
ssh or web gui and "unlock" their data.  This would require an
Unhosted-like[2] approach to all sensitive data, and some fancy
scripting and configuration so that there would be a way for a mounted
hidden volume to be unmounted and the outer volume mounted when the
"under duress" password was entered, even into the services themselves.
 Boy, that doesn't sound easy, but i can begin to imagine a way to make
it work.  The big problem is using applications and protocols that
separate the user's data from the application and store each user's data
separately in the filesystem.

[1] http://www.truecrypt.org/hiddenvolume
[2] http://unhosted.org/ (Note: I do not know the architecture and if it
would allow for each user of an instance to seperately encrypt their
data as in a home directory fashion.  Perhaps other Personal Data Store
projects would better suit)




More information about the Freedombox-discuss mailing list