Incomplete plausible deniability feature for Cwtch app profiles #544
Labels
No Label
applications
BLOCKED
bug
design
duplicate
enhancement
fixed?
funding-needed
help wanted
infrastructure
invalid
payments
qubes
question
ready-for-implementation
refactor
spam
tapir-server
testing
tor
wontfix
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: cwtch.im/cwtch#544
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hello,
I see the cwtch application has been designed around plausible deniability, hence you're supposed to deny the existance of a profile by requiring to type a password to reveal the existance of a profile initially, after a cwtch app shutdown.
However i see that the application creates separate files that clearly shows that there are 2 different profiles in the ~/.cwtch/profiles/ directory.
Threat model: an adversary captures someone's phone in a public protest, and the individual is forced to give passwords, the adversary browses the local files of the application on the phone / laptop. There, the user gives the password to the decoy profile, but the adversary browses the local files and now finds the ~/.cwtch/profiles directory which reveals the existance of the second profile.
I feel like this needs to be adressed, the existance of profiles must be completely deniable, like veracrypt hidden partitions