Consider creating a persistence by default for plausible deniability
Rationale
The "Warnings about persistence" page states "The persistent volume is not hidden. An attacker in possession of the USB stick can know that there is a persistent volume on it."
If every Tails USB stick had a persistent volume automatically created (with a random passphrase not known to the user), there would be no way to tell that the user had set up a persistent volume rather than just leaving the automatically created one in place. This would mean that a user who had created a persistent volume could plausibly claim that he/she hadn’t.
Of course, this wouldn’t protect against being tricked, and will be of at best variable efficiency against ‘rubber-hose cryptanalysis’, but it would be useful in a country like the UK where a court can compel you, on penalty of imprisonment, to reveal cryptographic keys and passphrases if it can prove that you know them.
Implementation
Implies modifying liveusb-creator
and tails-persistence-setup
.
Subtasks
Related issues
- Related to #6621
- Related to #7269 (closed)
- Related to #7544 (closed)
- Related to #8861 (closed)
- Related to #11679 (closed)
- Related to #15292 (closed)
- Related to #15653 (closed)
- Related to #16485 (closed)
- Has duplicate #7541 (closed)
- Has duplicate #7630 (closed)
- Has duplicate #11076 (closed)
- Has duplicate #16750 (closed)
Original created by @tails on 5929 (Redmine)