Pages:
Author

Topic: Bitcoin-ready linux distro - page 2. (Read 880 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
February 02, 2023, 05:19:38 AM
#46
it's all very easy


without the header, there's no way to prove that a disk is encrypted

so:
  • encrypt disk
  • copy header
  • fill the header up (on encrypted disk) with random data

It could work, but this is definitely overkill considering OP mention his goal is holiday and very complex even for tech geek.

There is no gurantee that this distribution i.e. Linux Tail is not Eavesdropping on you.

But compared with most OS, Tails is probably one of best OS for privacy. It's open source, has been around for >10 years, trusted by various group and actively used by people who really need privacy/security.

If you talk about Linux then there are many tools (Linux Unified Key Setup (LUKS) that can encrypt your data and even if someone was able to login to your device he wont be able to see the data.

But on device with disk encryption, you usually need to decrypt it before you can login to OS user account.
hero member
Activity: 1120
Merit: 571
20BET - Premium Casino & Sportsbook
February 02, 2023, 04:38:33 AM
#45
If you download a distribution other than from the main source, i.e Ubuntu, Kubuntu, Slackware, Fedora or whatever it might be assume it's compromised, and don't consider it a trusted machine. That's including private key generation, and the Blockchain itself, since ultimately your operating system has control, unless it's been overridden via the hardware itself.

There are so many flavors of Linux available in the market and its difficult to distinguished between clean and compromised ones. Best practise is to use  reliable distributions like Ubuntu, Fedora and Mint. I wasnt aware that there is a linux distribution that protect you againest surveillance and censorship. There is no gurantee that this distribution i.e. Linux Tail is not Eavesdropping on you.
 
You can get around a lot of these problems like putting tamper evident or security seals on each component of your laptop. You can make them actually mark the casing if they're removed. You could potentially get these custom made. I've got tamper evident seals on my laptop for use when traveling, as well as a lock pad on it. I've never had an issue, and they've never even asked me to unlock the padlock to see if it turns on or anything. I've got some looks at times, but I've seen other travelers do this as well. As long, as you follow the instructions, and place it outside of a bag they usually don't have a issue. Plus, its usually setup in a way that you can watch how they are handling your stuff.

Data on laptop or anyother digital devices should never be kept unencrypted specially if you are traveling (by road or air). If you talk about Linux then there are many tools (Linux Unified Key Setup (LUKS) that can encrypt your data and even if someone was able to login to your device he wont be able to see the data.
Just few simple cautions and you are good to go. 
legendary
Activity: 2268
Merit: 18771
February 01, 2023, 02:36:58 PM
#44
You don't need to have any special encryption app if you are using hidden accounts on GrapheneOS that are already encrypted isolated space by default.
But the encrypted data is not hidden. Sure, the user profile is encrypted, and maybe you can even hide the profile from various menus on the OS, but I doubt very much the entire volume is hidden when the phone's storage is directly examined. The header and the rest of the necessary data to decrypt and log in to that profile will still be there. And so you can be coerced in to decrypting it.

If you want to use open source app I think there is one called EDS for that purpose.
You need to buy the full version if you want hidden volume support, and the full version is not open source.
legendary
Activity: 2212
Merit: 7064
February 01, 2023, 01:58:44 PM
#43
Depending on the phone, it takes me 30 minutes to 2 hours. Especially Apple phones are designed to break and easily replace screens.
Unless you are working as smartphone repairman, you can easily break your display like this or damage your phone being water resistant.
I can disassemble laptops much easier but I wouldn't dare doing that with any modern smartphones.

Is there a reputable open source encryption app which will produce hidden volumes on a phone?
You don't need to have any special encryption app if you are using hidden accounts on GrapheneOS that are already encrypted isolated space by default.
If you want to use open source app I think there is one called EDS for that purpose.
legendary
Activity: 2268
Merit: 18771
February 01, 2023, 12:44:01 PM
#42
so:
  • encrypt disk
  • copy header
  • fill the header up (on encrypted disk) with random data
There are methods of encrypting data so the header itself is indistinguishable from random data. Then you don't need to copy or overwrite anything, which adds complexity and risk.

If you are using GrapheneOS you can have multiple users with encrypted drives, and you can even use some random eSIM or old sim card in other account.
The point I'm making is that encrypting data is not enough when being subjected to a targeted search crossing a border. They will simply detain you until you decrypt it. You need plausible deniability.

Why would this be any different with smartphone, you can probably do exact same thing with them.
Is there a reputable open source encryption app which will produce hidden volumes on a phone?
legendary
Activity: 2730
Merit: 7065
February 01, 2023, 12:41:19 PM
#41
That's not even remotely the same thing. That's about a man who possessed children pornography and was suspected of having more content on the encrypted hard drives. His laptop had proof that he downloaded children pornography and copied it to the drives. Mysteriously, he "forgot" his password.

Here is a newer article that mentions that he spend 4 years in prison, although they couldn't legally hold him longer than 18 months. Still, not a pleasant situation to find yourself in whether you are right or wrong.
https://arstechnica.com/tech-policy/2020/02/man-who-refused-to-decrypt-hard-drives-is-free-after-four-years-in-jail/   
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
February 01, 2023, 10:23:20 AM
#40
Please try this experiment for yourself and tell me how long it took for you to replace the screen, but they can always just plug in external screen if they want.
Depending on the phone, it takes me 30 minutes to 2 hours. Especially Apple phones are designed to break and easily replace screens.
legendary
Activity: 2212
Merit: 7064
February 01, 2023, 10:19:53 AM
#39
Not entirely sure about the phone. How would you be hiding the wallet on it? And what are you going to say under a targeted search when they ask you why you have an airgapped phone with no SIM card in it?
It's probably easier to hide it on phone than on laptop.
If you are using GrapheneOS you can have multiple users with encrypted drives, and you can even use some random eSIM or old sim card in other account.
It's easy to disable/enable accounts and add separate PIN for each account.

Alternatively, it is easy to hide in a hidden volume on your laptop, which you could decrypt to show copies of sensitive documents such as your passport or travel insurance. Impossible to prove the hidden volume even exists.
Why would this be any different with smartphone, you can probably do exact same thing with them.

Since we seem to go to extreme measures: crack the screen, drain the battery, and nobody will ask you if there's any Bitcoins on it. Buy a replacement screen on your vacation address, and replace it on your own Cheesy
Please try this experiment for yourself and tell me how long it took for you to replace the screen, but they can always just plug in external screen if they want.

How many Bitcoins do you need on vacation anyway?
If wife (or someone else) is coming with me than I guess we need much more Bitcoin on vacation.  Cheesy

Not really. A knife, axe or a phone allows for plausible denniability. "I was carring the knife to cut some bread, the axe to chop some trees, and the phone to make some calls".

However, when you are found with a HW, what are you going to say? Exactly.
Exactly what?
What you saying it's ridiculous, and if I have hardware wallet that doesn't mean it 100% have any Bitcoin there.
Good luck explaining to authorities that you use knife for bread, and not to kill someone, and btw if you don't carry bread with knife or wood with axe than you are a liar.
legendary
Activity: 3430
Merit: 3080
February 01, 2023, 08:08:33 AM
#38
it's all very easy


without the header, there's no way to prove that a disk is encrypted

so:
  • encrypt disk
  • copy header
  • fill the header up (on encrypted disk) with random data

Oompah-loompa - "why doesn't it switch on?"
you - "broken"
Oompah-loompa - "why did you bring a broken phone?"
you - "it broke on the way here"
Oompah-loompa - "why didn't you fix it?"
you - "if I knew what was wrong with it, I would already have fixed it"


...then just copy the header back again when you want to use the disk

copper member
Activity: 126
Merit: 35
February 01, 2023, 07:50:54 AM
#37
Is there such a thing being developed and kept updated? What I mean is a distro that comes with preinstalled software that you would need for any Bitcoin related business (full node software like Core, another lightweight software like Electrum, all libraries pre-installed, Tor, some other useful tools and everything else declutted)

I ask this because if you were to for instance land in another country, and you needed to install everything from scratch, it would take a ton of time. If you could have everything in an .iso more or less ready to run, you would just get your laptop (which you wiped before crossing any borders) and install your linux Bitcoin distro, and leave it there installing everything while you chill on your hotel's swimming pool or something. After a while everything is ready so you just enter your passphrase or recover your wallet.dat which you temporarily left somewhere in the cloud encrypted and get your coins ready.

I know Tails has Electrum but it doesn't have Bitcoin Core. It also has a ton of stuff I don't need and Electrum is always outdated.

The idea would be a minimalist setup, with some sort of system that automatically downloads, verifies and compiles the required software and libraries during the installation process.

It is really bad to trust on an entire OS when we cannot even trust a single binary file. Always verify before using using any tool and software. So it is better to use a secure OS like Tails OS and then download and configure wallets by yourself. Never trust pre-built software.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
February 01, 2023, 05:58:36 AM
#36
However, if you want some sort of pruned node, you can make an encrypted volume as a file (see veracrypt) and when you have all the data you need you copy that file onto the USB stick (with a generic data.dat like name), then delete it. The stick will look empty and recovering the data will be just fine as long as nothing new is written onto it.
This will only fool the most cursory of investigations - i.e. plug it in, it looks empty, oh well nothing to see here. Anything beyond that will clearly show the header of your encrypted file, and then you are back at the issue of being asked to decrypt it.

Well, then you can put some documents there like you'd write a book or a paper. Or.. use your imagination...
Also, the beauty of veracrypt volume files is that there's no clear header or anything to be read or understood. It can really be anything there.
legendary
Activity: 2268
Merit: 18771
February 01, 2023, 05:21:57 AM
#35
On many country, there are prepaid SIM card which targeted towards foreign tourist or businessman. So you could say you'll buy it later (e.g. after you pass the border or enter hotel). I'm fairly sure you can buy one at most airport.
Yeah, that's a good solution. Your regular phone with no trace of bitcoin related stuff on it as everyone would have, and your dummy phone which you say you are going to use in your destination country with a local SIM.

However, if you want some sort of pruned node, you can make an encrypted volume as a file (see veracrypt) and when you have all the data you need you copy that file onto the USB stick (with a generic data.dat like name), then delete it. The stick will look empty and recovering the data will be just fine as long as nothing new is written onto it.
This will only fool the most cursory of investigations - i.e. plug it in, it looks empty, oh well nothing to see here. Anything beyond that will clearly show the header of your encrypted file, and then you are back at the issue of being asked to decrypt it.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
February 01, 2023, 05:10:14 AM
#34
I think a USB live distro with encryption + persistance could do the trick. Electrum / pruned node on it

We're going back to circle. Someone already mention the worker at border might perform random search and ask you to decrypt it. If they find cryptocurrency wallet/software, they could suspect you're trying to evade "crypto travel rule" from FATF or other similar rule.

While this can easily be a solution for the case you get lucky, it's not something to rely on.
However, if you want some sort of pruned node, you can make an encrypted volume as a file (see veracrypt) and when you have all the data you need you copy that file onto the USB stick (with a generic data.dat like name), then delete it. The stick will look empty and recovering the data will be just fine as long as nothing new is written onto it. ...But if, for some reason, something gets written onto that stick.. tough luck.

But I think that the airgap phone + the seed on pieces of paper + downloading a SPV at arrival is easier and more straightforward and doesn't rely on "getting lucky" or not.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
February 01, 2023, 05:01:22 AM
#33
--snip--
And what are you going to say under a targeted search when they ask you why you have an airgapped phone with no SIM card in it?

On many country, there are prepaid SIM card which targeted towards foreign tourist or businessman. So you could say you'll buy it later (e.g. after you pass the border or enter hotel). I'm fairly sure you can buy one at most airport.

I think a USB live distro with encryption + persistance could do the trick. Electrum / pruned node on it

We're going back to circle. Someone already mention the worker at border might perform random search and ask you to decrypt it. If they find cryptocurrency wallet/software, they could suspect you're trying to evade "crypto travel rule" from FATF or other similar rule.
hero member
Activity: 504
Merit: 1065
Crypto Swap Exchange
February 01, 2023, 04:25:26 AM
#32
I think a USB live distro with encryption + persistance could do the trick. Electrum / pruned node on it

You can find 500GB usb, 1-2 TB sd cards

You can travel with your usb stick, and buy the cheapest laptop if needed once arrived / bring yours with a fresh OS install

legendary
Activity: 2268
Merit: 18771
February 01, 2023, 04:20:51 AM
#31
You don't want to end up in a situation where you are forced to decrypt:
Hence why I have repeatedly mentioned hidden volumes. There are other methods of deniable encryption as well, such as encrypting the entire external storage device and making in indistinguishable from simply have being wiped and overwritten with junk data. I prefer hidden volumes, though, since you can still decrypt them and hand over your decoy data, without revealing the existence of the hidden volume or the data you are actually hiding inside.

"It's a gift for a friend."
"Turn it on and show us."

Meanwhile, your name is added to a list of "People potentially trying to take large amounts of money across a border without declaring it". It's all unnecessary attention.
hero member
Activity: 504
Merit: 1065
Crypto Swap Exchange
February 01, 2023, 04:01:30 AM
#30
Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content
Let's not make it look as if this happens for no reason.
I'm curious how they found file hashes on an encrypted device though.

You can look at page 4 : https://cdn.arstechnica.net/wp-content/uploads/2017/03/rawlsopinion.pdf#page=5&zoom=auto,-99,637

I
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
February 01, 2023, 03:49:49 AM
#29
However, when you are found with a HW, what are you going to say? Exactly.
"It's a gift for a friend."

Quote
Not really. A knife, axe or a phone allows for plausible denniability. "I was carring the knife to cut some bread, the axe to chop some trees, and the phone to make some calls".
Here, chopping trees gets you in more trouble than carrying a hardware wallet.

Quote
So don't do this:
Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content
Let's not make it look as if this happens for no reason.
I'm curious how they found file hashes on an encrypted device though.
sr. member
Activity: 322
Merit: 449
January 31, 2023, 09:00:58 PM
#28
HW's are anti privacy because it already reveals by default you are holding Bitcoin.
This is so wrong....with your logic if you carry a knife or axe with you than you are already a killer right?
On your laptop or phone you can carry much more than bitcoin keys, including bunch of your sensitive information.

Not really. A knife, axe or a phone allows for plausible denniability. "I was carring the knife to cut some bread, the axe to chop some trees, and the phone to make some calls".

However, when you are found with a HW, what are you going to say? Exactly.


If you are not being specifically targeted for a search, then all of this conversation is moot. You could carry across a laptop with a full node installed, every piece of bitcoin software under the sun, and wallets holding thousands of bitcoin, and no one will be any the wiser. But if you want to be protected against an individual search, then you need to think of ways to sanitize your devices and carry a seed phrase unnoticed.

There are random searches:

https://www.reddit.com/r/privacy/comments/w0rxbu/comment/ightvoj/

You don't want to end up in a situation where you are forced to decrypt:
https://www.bleepingcomputer.com/news/legal/man-who-refused-to-decrypt-hard-drives-still-in-prison-after-two-years/
legendary
Activity: 2268
Merit: 18771
January 31, 2023, 03:26:03 PM
#27
You will (re)install it when you arrive. You will put the seed into it only when you arrive or when you actually need it first.
Ahh right, I'm with you now. Essentially take the phone to use as a surrogate airgapped device when you are on vacation, as opposed to storing the wallet on the phone as you cross the border. Yes, that could work. You can even disguise said phone as a regular phone, and you can remove the SIM card and factory reset it when you arrive before installing your chosen bitcoin wallet, and then reset it again to remove all traces before taking it back across the border on your way home.

Seen we seem to go to extreme measures: crack the screen, drain the battery, and nobody will ask you if there's any Bitcoins on it.
No, but they might wonder why you are taking a broken phone which won't turn on to another country. Seems a bit suspicious.

Maybe I was just lucky, but no one ever showed interest in the data on my electronic devices.
If you are not being specifically targeted for a search, then all of this conversation is moot. You could carry across a laptop with a full node installed, every piece of bitcoin software under the sun, and wallets holding thousands of bitcoin, and no one will be any the wiser. But if you want to be protected against an individual search, then you need to think of ways to sanitize your devices and carry a seed phrase unnoticed.
Pages:
Jump to: