Anonymous persistent data without local storage

[Knight Hider]

I need tips to store a small amount of data online without ever losing it.
My goal is to have access to my accounts without persistent local storage or paper notes.

Currently, I have private keys and account details written down. I want plausible deniability under any circumstances, which means no local storage. I can remember complicated passwords or 12 words but not everything. I need one key to derive them all. How can I do this?

--Knight Hider

[n0nce]

If you want all your accounts and data to be secured with one single key that you only keep in memory ^{(I advise HEAVILY against this!!)}, it's quite simple:

1) Create Tails Linux bootable USB stick
2) Boot a computer from that, maybe take out all the drives before and remove Wi-Fi antenna as well
3) Now you have an air-gapped computer, good good
4) Create an encrypted text file on this computer:

Code:

$ vim -x filename.txt

5) Enter all passwords and private keys and save it.
6) Then transfer the encrypted file to an online machine e.g. via a USB stick, and upload to as many clouds, online storage providers, email servers etc. as you possibly can.

DO NOT DO THIS. You can and will forget the password. Or you will decrypt the file on an online, compromised machine and all passwords and private keys will be accessible in clear text.

This is where HSM's come into play. These can be clunky big crypto-coprocessors, but also smartcards, U2F keys and Bitcoin hardware wallets. Only issue is the plausible deniability aspect. In case you're really in the 1-in-a-million scenario that your government is super authoritarian and corrupt and checks your home all the time and shit, you actually don't have many options other than doing what I described above; basically storing the master key to everything in your memory.

[BlackHatCoiner]

I read some paranoid stuff such as Wi-Fi antennas' removal and said to join.

6) Then transfer the encrypted file to an online machine e.g. via a USB stick, and upload to as many clouds, online storage providers, email servers etc. as you possibly can.

Hehe, this reminds me of an old saying.

Yes, you, justifiably, feel like you're sharing information that can't ever be read by anyone. By that assumption, you're safe to even message the whole world about the encrypted message. But, how can you be so sure that it'll remain infeasible forever? I mean, yeah, those clouds can't read the content, but that may be just temporary.

It may remain as is in terms of feasibility to break the encryption scheme, but what if it doesn't? What if after many years, these texts you've hidden from everyone could be read? Wouldn't you wish to have never shared them?

I've deepened it, but the way I see it is that saving the encrypted text in all these clouds is like denying science controversy which is what has brought us to the current science progress. So, in my opinion, since we've rejected these absolute attitudes long time now, I'd just save the txt on my hard drives and sleep easy.

(Assuming the content is very sensitive!)


As for having an easy way to carry both private and public key without remembering long strings neither weak passwords, check Booknemonic. Just generate your mnemonics and write them down on a paper.

[n0nce]

I read some paranoid stuff such as Wi-Fi antennas' removal and said to join.

You're always welcome to join me on my paranoiac thought escapades, my friend!

How can you be so sure that it'll remain infeasible forever? I mean, yeah, those clouds can't read the content, but that may be just temporary.

That's an interesting (even though probably off-)topic. From what we know today about today's (computers) and tomorrow's (quantum) technology, symmetric crypto is still completely safe for quite a while (until we get something even more advanced than quantum computers).

While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks

But I agree that if your information is extremely sensitive and it must be secure for a very long time, it's best not to even share it in encrypted format. That can be one of the reasons why I repeatedly recommended not to follow my 'guide' for accomplishing what Knight Hider wants to do.

As for having an easy way to carry both private and public key without remembering long strings neither weak passwords, check Booknemonic. Just generate your mnemonics and write them down on a paper.

I didn't know this existed, pretty nifty stuff! It will land in my bookmarks, thanks..

[hatshepsut93]

What sort of plausible deniability are you looking for in online storage? If authorities will know your online accounts, they will be able to ask the storage providers to give your data, and after that they will be pressuring you to decrypt it. So, same situation as finding your local storage.

So, use throwaway emails and privacy tools like TOR when registering on sites that provide storage, and do a lot of online backups, because there's no guarantee that all these providers will be around in 10-20 years or that they won't lose your files.

[ABCbits]

I need tips to store a small amount of data online without ever losing it.

Since we're talking about data stored online, there's possibility the data will be removed or can't be accessed. Whatever method you chose to store your data, you should store it on more than 1 place.

1) Create Tails Linux bootable USB stick

Since OP mentioned he need plausible deniability under any circumstances, i should mention this part of Tails documentation.

Tails makes it clear that you are using Tor and probably Tails

Everything you do on the Internet from Tails goes through the Tor network.

Tor and Tails don't protect you by making you look like any random Internet user, but by making all Tor and Tails users look the same. It becomes impossible to know who is who among them.

• Your Internet service provider (ISP) and local network can see that you connect to the Tor network. They still cannot know what sites you visit. To hide that you connect to Tor, you can use ?Tor bridges.

[Knight Hider]

A year later, I still use a backup on paper. I don't trust any online solution 100%. Many online storage providers means remembering many accounts and making it more difficult.

--Knight Hider

[lednikirastayut]

A year later, I still use a backup on paper. I don't trust any online solution 100%. Many online storage providers means remembering many accounts and making it more difficult.

--Knight Hider

Which doesn't make your data safe, since our brains are visible to satellites flying at Earth orbit. There are military satellites of governmental intelligence agencies, and if you don't want them to know your keys, it is better to use some mix of hardware solutions, cause everything you see with eyes and press with keyboard, is compromised by default, since we are able to do MRI scans in general. Honestly, I am looking for a solution too.