I seen at this site http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/a9Kr7 this article what are your thoughts about that, and will it be better than enabling persistent mode in tails, so i can keep things persistent with deniability? Here is that part of article:
Persistent Plausible Deniability using Whonix & Tails
Consider checking the https://github.com/aforensics/HiddenVM project for Tails.
This project is a clever idea of a one-click self-contained VM solution that you could store on an encrypted disk using plausible deniability (see [The Whonix route:] first chapters and also for some explanations about Plausible deniability, as well as the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section at the end of this guide for more understanding).
This would allow the creation of a hybrid system mixing Tails with the Virtualization options of the Whonix route in this guide.
Note: See [Pick your connectivity method][Pick your connectivity method:] in the Whonix Route for more explanations about Stream Isolation
In short:
-
You could run non-persistent Tails from one USB key (following their recommendations)
-
You could store persistent VMs within a secondary container that could be encrypted normally or using the Veracrypt plausible deniability feature (these could be Whonix VMs for instance or any other).
-
You do benefit from the added Tor Stream Isolation feature (see [Tor over VPN] for more info about stream isolation).
In that case, as the project outlines it, there should be no traces of any of your activities on your computer and the sensitive work could be done from VMs stored into a Hidden container that should not be easily discoverable by a soft adversary.
This option is particularly interesting for “traveling light” and to mitigate forensics attacks while keeping persistence on your work. You only need 2 USB keys (one with Tails and one with a Veracrypt container containing persistent Whonix). The first USB key will appear to contain just Tails and the second USB will appear to contain just random garbage but will have a decoy volume which you can show for plausible deniability.
You might also wonder if this will result in a “Tor over Tor” setup, but it will not. The Whonix VMs will be accessing the network directly through clearnet and not through Tails Onion Routing.
In the future, this could also be supported by the Whonix project themselves as explained here: but it is not yet recommended as of now for end-users.
Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration:
Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means.
See
CAUTION: Please see [Appendix K: Considerations for using external SSD drives][Appendix K: Considerations for using external SSD drives] and [Understanding HDD vs SSD][Understanding HDD vs SSD:] sections if you consider storing such hidden VMs on an external SSD drive:
-
Do not use hidden volumes on SSD drives as this is not supported/recommended by Veracrypt
-
Use instead file containers instead of encrypted volumes.
-
Make sure you do know how to clean data from an external SSD drive properly.
Here is my guide on how to achieve this:
First Run
-
Download the latest HiddenVM release
-
Download the latest Whonix XFCE release
-
Prepare a USB Key/Drive with Veracrypt
-
Create a Hidden Volume on the USB/Key Drive (We would recommend at least 16GB for the hidden volume)
-
In the Outer Volume, place some decoy files
-
In the Hidden Volume, place the HiddenVM appimage file
-
In the Hidden Volume, place the Whonix XFCE ova file
-
-
Boot into Tails
-
Setup the Keyboard layout as you want.
-
Select Additional Settings and set an administrator (root) password (needed for installing HiddenVM)
-
Start Tails
-
Connect to a safe wi-fi (this is a required step for the rest to work)
-
Go into Utilities and Unlock your Veracrypt (hidden) Volume (do not forget to check the hidden volume checkbox)
-
Launch the HiddenVM appimage
-
When prompted to select a folder, select the Root of the Hidden volume (where the Whonix OVA and HiddenVM app image files are).
-
Let it do its thing (This will install Virtualbox within Tails with one click)
-
When it is done, it should automatically start Virtualbox Manager.
-
Import the Whonix OVA files (see [Whonix Virtual Machines:])
I deleted some links bcs can’t post more than2, but all is in that site