Do I need to follow a weekly routine and use software like Eraser to delete all unused space (using a drive erasure method like pseudorandom data) on every USB drive I have that doesn’t have encryption and that I use to transfer data from my PC to my GrapheneOS phone for backup purposes? My threat model is the government. Thanks!
I’m not sure I entirely understand this question. If your threat model is government then that’s sort of vague, but I’m assuming you mean like if your USB’s end up in the hands of the authorities correct? Also if your threat model includes a likely confiscation by the government, I would think backing up the data on your phone (which is also likely to be confiscated) would be a less than ideal scenario. In short, I would say yes, if your USB’s aren’t encrypted than writing a bunch of random data to them is a good way to cover up a forensic analysis. What I’m unsure about is why the data is being backed up to the phone. My personal recommendation would be to get yourself an external drive and encrypt it, back it up with the data, and then physically hide it somewhere. That way if your computer, phone, and USB’s all get confiscated, you could have like drive hidden with all your important shit on it (wallet seeds, bank account info, whatever really). This doesn’t necessarily mean they won’t find that drive either though, so it would be up to you to find a spot no one would look. For example, a relative or close friends house. Something not directly connected to you.
2 Likes
Yes, if the government takes all my devices. I use a USB drive to share content from my PC to my phone. The problem is that GrapheneOS doesn’t support VeraCrypt. Do you think I can find an encryption method for USB drives that can be decrypted by both GrapheneOS and Linux/Windows 11?
I can’t say because I don’t use GrapheneOS. I’m very Stallmanistic when it comes to phones, lol. Maybe someone else can chime in. Veracrypt does work on pretty much every external hard drive though. So you could encrypt a drive and open it on pretty much any desktop or laptop. That goes without saying USBs as well
You can use cryptomator locally for Android or Picocrypt using termux, then use cryptomator desktop or Picocrypt desktop for this.
Or if you are familiar with terminal commands and LUKS, you can use Termux on Android to manage LUKS too.
2 Likes
If you are on Linux, I suggest you use LUKS on the USB.
For use cases that require windows interoperability, encrypting prior to copying to the drive with PeaZip or PicoCrypt would be desirable.
Do not wear out your USB with secure erase tools. NAND technologies within the drives have a wear minimization algorithm that will just flag cells as available for overwriting rather than actually overwriting them. The manufactures will also put slightly more than the actual capacity in order to mitigate these normal cell wear and tear. The theoretical threat is, unencrypted files or parts of it, can potentially stay in one of these “extra” “spent” NAND cells that the algorithm has already replaced. It could potentially be readable with the right software tools that the manufacturer haven’t made publicly available because it deals with proprietary low level firmware.
1 Like