How to quickly delete data

Thinking like, one is a journalist on a plane. Suddenly the plane is being forced down to an airport where I suspect my previous articles are not liked.

No Internet available on plane. Have perhaps fifteen minutes. Can not do a complete, secure delete.

What is already in Qubes to remove information that might not be helpful?

This is a protocol you can setup beforehand and have it ready. All would probably be needed is delete the encryption key file to unlock the disk. But doing that in a anti-forensics way may not be trivial. If this is anyone’s case it’s probably better to talk to professionals and not take forum advice to heart :wink:

I guess that if your hard drive is encrypted, then no one can restore the data without the password. You simply switch your laptop off (and forget your password).

Some legislations will force you to reveal your password.

Anyway deleting the luks key slot in dom0 is a 1s task. You can find all necessary instructions in the cryptsetup manpage or somewhere on the net. It’s not Qubes OS specific after all.

I’m not 100% sure whether it overwrites the old key, but I’d guess so (otherwise it would be quite a severe bug). In theory one could still attempt to brute force that key, but that has unacceptable complexity.

1 Like

I guess that if your hard drive is encrypted, then no one can restore
the data without the password. You simply switch your laptop off (and
forget your password).

Nah, as long as you can unlock/recover the data … they will find a way
to make you do it. Much better for you if you can convince them early on
that you have no way to recover the data.

If your data is on the hard drive you need to wipe the key as thoroughly
as possible.

Better would be to have all your sensitive data on a little SD card
(encrypted of course) and only access it with disposable qubes. Then
when you find yourself in that situation you can chew and swallow it
(not sure about health implications) or break it and flush it down the

Forget about hiding it. Humans are much easier to break then encryption,
so they won’t bother with a technical solution. So whenever they find
out what and how you did, it better be impossible to recover.

Also, what @deeplow said: talk to Freedom of the Press Foundation and
the EFF and not random strangers in a forum :wink:

1 Like

Specifically, you’d want to wipe the LUKS header. It is presently believed that the encrypted data remaining on disk would be effectively equivalent to random bits and therefore impossible to recover in practice.


Thanks for the replies. Obviously I based the question on . . . It is incorrect to speak of specific cases, as it is off the beam of the forum.

I would hope that I might find a means to delete parts of the drive, to keep it from being immediately apparent that I had removed information. Except for the story I was working on claiming I had been miss led and was now a supporter of the current government.

Also important is if I am carrying a back up drive.

The technical capability to do whatever good computer experts recommend, needs to be built into Qubes, and immediately apparent how to start, when needed.

Perhaps it is better to think of using Qubes on a different set of threat models.
The time when many are most likely to create a new idea, that should be profitable to originator of the Idea, is when they are University age. After they graduate they will be required to sign a Statement to sign over all their Patent, Ideological property rights.

I suggest when they are at a University age, they protect their future Ideological Property Rights, from being stolen from them by other students or by corporate espionage, they use Qubes. After one signs the statement, the individual will need to follow the law.

So, as mentioned above, this is already built into LUKS/dmcrypt, which is used in many Linux OSes. A “user-friendly” way to wipe the LUKS header may or may not make sense. If it did, it would make more sense for this to be part of whatever upstream OS we choose to use in dom0. It doesn’t really make sense for the comparatively tiny Qubes OS Project to take on the task of making every security-relevant thing used in Linux distros more user-friendly. There are gigantic upstream projects with orders of magnitude larger teams and more funding who are better equipped to handle those things. It makes more sense for the small Qubes team to specialize in Qubes-specific things that only they can do.

1 Like

Well said.

For the “cover story” you’d need hidden volumes. That’s harder though - also from a usage perspective. It is simply unplausible that you didn’t use an OS for 3+ months, but it is your main OS. And why did you send that “I hate the government” mail just yesterday and it’s not in your outbox?

Anyway there have been a few related topics on the forum & mailing list, just search for it.

tripleh, It is nice of you to take the time to reply.

Hidden Volumes are usually recoverable. Never presume your adversary is not technologically capable to understand whatever one has set up. I think you are correct in implying that we need one section to quickly delete, leaving the rest of Qubes there. Even if I delete email. And change my email Password, so someone can not use my email account as part of claiming to be me. And getting my contacts list. Validating themselves as me in other places, like Twitter, Facebook. My point being, hoping one has a Colleague somewhere to recognize the situation, and change the Password on their email, so no one can beat it out of you.

Sven is correct. People are easier to break than Encryption.

Deeplow, ADW are correct, I brought this up in the wrong arena. Qubes OS Developers are involved with creating a stable product that has a variety of uses, it is up to those who have specialty uses to develop their own means of protecting themselves and their group. I suspect Human Rights groups and Journalists have some very technically capable individuals.

1 Like