I saw a link on embedding a TrueCrypt volume in a playable video file. I was thinking about how important things like this are for dissidents in some of the world’s regimes, but also about how useless this particular example would be in the real world. Any minimally-competent police state could easily detect that you’d tried to hide data and could decrypt it with rubber hose cryptanalysis. Simply possessing the tools needed to keep secrets would make you a suspect for keeping secrets.
But what if everyone had those tools, so that anyone could use them without standing out for having them? To this end, I propose an application that:
- Upon installation, creates a file with cryptographically random contents, occupying up to 1% of the user’s hard drive.
- Runs in the background, updating the “last written” timestamps on that file at frequent, random intervals and periodically making a new copy of the file and deleting the old one, simulating a human updating the file.
- Is installed by default, without prompting, on popular operating systems.
- Is easy to uninstall so that people who don’t want to devote one-hundredth of their hard drive to global freedom don’t have to.
Should this become popular, a huge chunk of the population would own big files that were indistinguishable from real secrets. Need to hide a video of a government assassination? Encrypt it, delete the random file from #1, and rename your secret file with the same name. All a police agency would know is that you have a big chunk of random-looking data - just like everyone else in your country.
1 and 2 are easy. Microsoft would never go along with #3, so you’d have to make it a social campaign: “show your solidarity with Libyan protesters by installing this app!” Apple might be persuaded to join, and their inevitable media campaign would make people want to participate. There’s no reason why popular Linux distributions couldn’t roll this out quickly.
I bet there are lot of people worldwide who would be extremely grateful to have an excuse for possessing large pools of random data on their computers. Why don’t we give them one?