On 03/13/2012 11:23 AM, Daniel Kahn Gillmor wrote [abridged] : > How does (or how could) a FreedomBox help a user avoid giving up their > authentication credentials in the face of heavy-handed coercion by a > powerful authority figure? This is not a rhetorical question; i'd > really like to hear explanations or proposals! > > It seems to me like FreedomBox would help the user by limiting the > authorities' ability to bypass the user entirely and demand access from > the service provider directly. > > I haven't seen any proposals for how FreedomBox could help the user > themselves resist disclosure of their own credentials.
While I don't have any idea about resisting the giving of credentials... What about a truecrypt full disk encryption / hidden operating system approach?[1] It may be possible to do something fancy with Truecrypt whereby a key file on a removable media (i.e. USB flash drive) could boot the hidden OS without a password. I have no idea, really. If not, then the user's home directory could be encrypted in hidden volume style, such that they would have to access the FreedomBox over ssh or web gui and "unlock" their data. This would require an Unhosted-like[2] approach to all sensitive data, and some fancy scripting and configuration so that there would be a way for a mounted hidden volume to be unmounted and the outer volume mounted when the "under duress" password was entered, even into the services themselves. Boy, that doesn't sound easy, but i can begin to imagine a way to make it work. The big problem is using applications and protocols that separate the user's data from the application and store each user's data separately in the filesystem. [1] http://www.truecrypt.org/hiddenvolume [2] http://unhosted.org/ (Note: I do not know the architecture and if it would allow for each user of an instance to seperately encrypt their data as in a home directory fashion. Perhaps other Personal Data Store projects would better suit) _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
