Thread Status:
Not open for further replies.
  1. thewannacryguy

    OP thewannacryguy Advanced Member
    Newcomer

    Joined:
    Dec 16, 2019
    Messages:
    90
    Country:
    Korea, North
    My boyfriend and I intend to record a private video of ourselves. I am trying to take every reasonable precaution against the possibility of the video getting leaked. Open systems are more secure so this leads me to post my method here for others to audit.

    - Inspect the room for signs of hidden cameras and lock the door.
    - Buy a new SD card and record the video using a digital camera without any wifi support.
    - Inspect the keyboard for signs of a hardware keylogger.
    - Boot a custom copy of Arch Linux from a USB stick which contains Veracrypt and VLC player and no network drivers.
    - Use Veracrypt to create an encrypted USB stick containing a hidden volume. The passwords must contain at least 20 unique characters.
    - The outer volume should contain some embarrassing fetish porn.
    - The inner volume should contain the video of my boyfriend and I.
    - Use Veracrypt to create an encrypted SD card with no files on it. This should securely delete the video.
    - Only use the copy of Arch Linux to watch the video and only watch the video using the copy of Arch Linux. lock the door and check for hidden cameras and hardware keyloggers before watching the video.

    There are a few flaws in this method but I think it's good enough except for the last one.

    - Using specialized equipment it is possible for others to view the screen from a short distance away even in another room. To work around this we would have to watch the video in a Faraday cage. I'm not worried about this because there will be a drop in visual quality and when you're dealing with a video visual quality is extremely important.
    - The bigger flaw I can see is the possibility of someone using a microphone to analyze the sounds released by the keyboard while typing the password or the sound of the CPU decrypting the video. I assume that to work around this we would have to play keyboard sounds and CPU sounds while typing the password and decrypting the video.
    - We might forget the passwords.
    - Veracrypt doesn't support nuke passwords.
    - Maybe in a few decades it will be feasible to decrypt the USB using a quantum computer. This is a very serious concern.
     
    Last edited: Dec 27, 2019
  2. Serberker

    Serberker Advanced Member
    Newcomer

    Joined:
    Jan 13, 2019
    Messages:
    83
    Country:
    Hungary
    I kinda thought its real until ...

    Q-s won't be used to decrypt your porn. However they can be used to find the global minimum on an arbitrary error surface.

    Let's assume you can try out a zillion password combinations per second.
    - If you were to steal someone's account, then you know you've succeded if the page redirects you to their homepage.
    - Now imagine that you are trying to decrypt a raw binary. How would you tell which decryption is the real one?
    If you look for the .mkv or .mp4 format at the first few bytes (the header of the file) only, that won't guarantee that the rest of the file has been decrypted properly.
    You need a human supervisor who looks at each decryption one by one and tell if its good or not. And this way Q comps performance overhead is nullified.

    In your case the best option is to not record it at all.
     
    Last edited: Dec 27, 2019
    Seriel likes this.
  3. FAST6191

    FAST6191 Techromancer
    Reporter

    Joined:
    Nov 21, 2005
    Messages:
    29,586
    Country:
    United Kingdom
    Personally I would say easier not to have personal/private files.

    If you are the sort of person that has to worry about hardware key loggers and hidden cameras then you have bigger problems. That said are you sure your graphics card will not have been tampered with to include the option to screen grab? I mean we have seen viruses for them, BIOS and hard drives (which your machine might also want to lack) at this point.

    Similarly a Faraday cage prevents electronics signal transmission. If you are worried about the reflected light style recreations or telescopes then your electrified chicken wire is not going to do much. It does also not do much if there is a device within the room for later retrieval, which would likely also be immune to a basic bug sweep and I doubt you are going to do a lens detection sweep (to say nothing of modern pinhole devices).

    Stuffing an outer volume with hard to handle stuff is a reasonable plan. What about stuffing the inner volume with the results of a session on those face swap algorithms as well?

    As for someone making a practical implementation of Shor's algorithm then will it matter in a couple of decades? Oh and what about physical security until then, conversion to quantum crypto at that point and then destruction of old method.
     
    ThoD likes this.
  4. ghjfdtg

    ghjfdtg GBAtemp Advanced Fan
    Member

    Joined:
    Jul 13, 2014
    Messages:
    550
    Country:
    https://www.xkcd.com/936/

    No, it's not meant to securely overwrite the entire flash. Fill up the entire physical device with data from /dev/urandom 2 or 3 times and if your card reader supports it use blkdiscard on it to erase all sectors. This is the very least you can do but programs specialized for secure flash memory overwriting will probably know tricks i did not mention.
     
    Kwyjor likes this.
  5. Taleweaver

    Taleweaver Storywriter
    Member

    Joined:
    Dec 23, 2009
    Messages:
    7,358
    Country:
    Belgium
    Sorry, but is this thread for real? I get that the last thing you want is your personal stuff on the internet, but what you've written down is paranoia (perhaps unless you've got a stalking nerdy ex-boyfriend or if you and /or your friend are super models or something). If that's really a worry, you shouldn't make a video to begin with. Because nobody will be able to give 100% proof of safety, the more security you add will just remind you more of things that might compromise it, no matter how far fetched.

    Besides... Posting the plan online in this thread may not be the best start (what's the point of having a honeypot if you're already saying there's more down the line?).



    Oh, right... And one thing to do : keep the curtains closed. Goes without saying, but ey... :wink:
     
  6. YOUCANTSTOPME

    YOUCANTSTOPME GBAtemp Regular
    Member

    Joined:
    May 7, 2012
    Messages:
    264
    Country:
    Canada
    I can't tell if this is a troll thread or not.
     
    Last edited: Dec 28, 2019
    LonelyPhantom and Japermen like this.
  7. thewannacryguy

    OP thewannacryguy Advanced Member
    Newcomer

    Joined:
    Dec 16, 2019
    Messages:
    90
    Country:
    Korea, North
    I am not trolling. I am well aware that this thread does go into paranoia territory but I still feel more comfortable taking extra precautions. Nobody here knows my real life identity and nobody I know in real life knows about this account so I think it is safe to post my plan here.
     
  8. sarkwalvein

    sarkwalvein There's hope for a Xenosaga port.
    Member

    Joined:
    Jun 29, 2007
    Messages:
    7,756
    Country:
    Germany
    You should cease to think, the moment you thought about this private video and pictured it, hackers may have already intercepted your brain waves and obtained a clear copy of the video exactly how you pictured in your most vivid fantasies even before you recorded it. This is serious stuff.
     
    Seriel and MythicalData like this.
  9. MythicalData

    MythicalData GBAtemp Advanced Maniac
    Member

    Joined:
    May 11, 2017
    Messages:
    1,542
    Country:
    United States
    I believe before most of these things would be a problem people would have the technology to make high quality counterfeit videos of you and your boyfriend
     
  10. Lacius

    Lacius GBAtemp Legend
    Member

    Joined:
    May 11, 2008
    Messages:
    12,037
    Country:
    United States
    You really only need to do the following, assuming you don't have a compromised device:
    1. Film the video
    2. Encrypt the video with a strong passphrase using something like 7zip
    3. Delete all unencrypted versions of the video
    4. Optional: Write zeros to the free space of any device that previously contained the unencrypted file
    Anything else is overkill and truly unnecessary.
     
    MythicalData likes this.
  11. thewannacryguy

    OP thewannacryguy Advanced Member
    Newcomer

    Joined:
    Dec 16, 2019
    Messages:
    90
    Country:
    Korea, North
    I think that the safest way to do this would be to buy a new laptop, install Veracrypt on it, remove the wireless module, record and encrypt the video then lock the laptop in a high security safe. But even I think this is overkill. I think a more reasonable solution would be to do a thorough malware scan then disconnect my computer from the internet before decrypting and watching the video.
    My experiments with John The Ripper indicate that files encrypted with 7zip are less secure than files encrypted with Veracrypt. I have heard of cases where private videos were leaked because the file was not securely deleted; the last step is not optional.
     
    Last edited: Dec 29, 2019
  12. Lacius

    Lacius GBAtemp Legend
    Member

    Joined:
    May 11, 2008
    Messages:
    12,037
    Country:
    United States
    It and Veracrypt are probably using the same type of encryption.
     
  13. thewannacryguy

    OP thewannacryguy Advanced Member
    Newcomer

    Joined:
    Dec 16, 2019
    Messages:
    90
    Country:
    Korea, North
    To start, I'm not an expert in cryptography and the philosophical debate of whether truly random numbers actually exist is beyond the the scope of this post.

    In 7-zip you can only add a password. I don't know how 7-zip generates random numbers to use as the key. I assume it uses your computer's random number generator which is likely just a long list of pre-calculated values which can be guessed. Maybe it uses truly random numbers if the computer has a TPM installed. I don't know which encryption algorithm 7-zip uses.

    Veracrypt allows you to use passwords, a custom PIM, keyfiles and access tokens. It prompts the user to move the mouse as randomly as possible to create a truly random key. It also allows you to combine two different encryption algorithms.

    When I experimented with John The Ripper, it couldn't return the correct password for my Veracrypt volume, even when the password was included in the dictionary. I don't know why this happened. I haven't tried using Hashcat (yet).
     
  14. MythicalData

    MythicalData GBAtemp Advanced Maniac
    Member

    Joined:
    May 11, 2017
    Messages:
    1,542
    Country:
    United States
    Think you have a gripe with the word random, not rng then.
    Also your computer doesn't have a built in random number generator in the way that you're thinking.
    Look up a basic encryption explanation and basically multiply the odds in your favor exponentionally
    You should look into the necessary work to crack a 256 aes key encryption to put your mind at ease.
    You can't really combine two encryption methods unless you're encrypting then re encrypting.
    If it's two methods combined you're just using a new singular method.
    To be honest most of this is all overkill. Keep the file in one place, keep it encrypted, and make sure you only know the password.

    — Posts automatically merged - Please don't double post! —

    You have higher odds to win the lottery than for your files being compromised in such a situation (one where you keep it encrypted, only you know the password, you're not using a compromised device, and so on)
     
  15. Lacius

    Lacius GBAtemp Legend
    Member

    Joined:
    May 11, 2008
    Messages:
    12,037
    Country:
    United States
    7-Zip uses AES-256, as does Veracrypt. When it comes to the strength of the encryption, there's no difference.
     
  16. eyeliner

    eyeliner Has an itch needing to be scratched.
    Member

    Joined:
    Feb 17, 2006
    Messages:
    981
    Country:
    Portugal
    Blur your faces when editing the video.

    Delete the originals afterwards and use extensively write operations on the disk.

    Use condom.

    Upload edited file on Pornhub, deleting the file from your computer afterwards.

    Get dressed and start watching the view count rise. You might monetize the video later.

    No need to thank me.
     
    Brizas99 and ThoD like this.
  17. Brizas99

    Brizas99 Member
    Newcomer

    Joined:
    Nov 8, 2018
    Messages:
    24
    Country:
    Lithuania
    perhaps, the best solution on this thread
     
    eyeliner likes this.
  18. The_Debt_Collector

    Newcomer

    Joined:
    Feb 6, 2020
    Messages:
    18
    Country:
    Australia
    I would not use Winrar or 7-zip. To watch the video the file will get extracted and stored in a temporary folder in unencrypted form. The chance of a temporary file getting found and leaked is low but it is an unnecessary risk.

    — Posts automatically merged - Please don't double post! —

    Well you are trolling but I will provide a serious response. This only works on magnetic disk drives. If you're using flash memory you have to overwrite the entire disk.

    Source: https://tails.boum.org/doc/encryption_and_privacy/secure_deletion/index.en.html
     
  19. Kwyjor

    Kwyjor GBAtemp Advanced Fan
    Member

    Joined:
    May 23, 2018
    Messages:
    679
    Country:
    Canada
    I think you should just assume this is going to leak eventually, and decide if its inevitable exposure is worth having it in the first place.

    Maybe you'll be safe if you record it in some old analog format like 8mm that no one can duplicate without some trouble.
     
  20. D34DL1N3R
    This message by D34DL1N3R has been removed from public view by AlanJohn, Feb 7, 2020, Reason: Stupid post.
    Feb 7, 2020 Show
  21. AlanJohn

    AlanJohn くたばれ
    Moderator

    Joined:
    Jan 6, 2011
    Messages:
    3,616
    Country:
    Ukraine
    I cannot imagine being this paranoid. Somebody must have screwed you over (lol) real bad a long time ago. I recommend you to stop watching shows like CSI and seek professional help, you obviously have some kind of ego problems thinking people are actively attempting to see you having sex. NOBODY CARES.

    You have been given sound advice as to how to encrypt your files and hide your identity. Thread closed.
     
Loading...

Hide similar threads Similar threads with keywords - completely, personal, secure

Thread Status:
Not open for further replies.