veracrypt.mdwn 19 KB
Newer Older
sajolida's avatar
sajolida committed
1
[[!meta title="VeraCrypt support in GNOME"]]
anonym's avatar
anonym committed
2

sajolida's avatar
sajolida committed
3
[[!toc levels=2]]
4
5
6
7

User research
=============

sajolida's avatar
sajolida committed
8
9
10
11
12
Research questions
------------------

### Success

sajolida's avatar
sajolida committed
13
14
15
16
1. How many people use VeraCrypt in Tails after our work in
   comparison with before?
2. How many people who were using VeraCrypt outside of Tails but
   couldn't use it in Tails use it after our work?
sajolida's avatar
sajolida committed
17
18
19

### Scope

sajolida's avatar
sajolida committed
20
21
22
23
24
25
26
1. Which fraction of VeraCrypt volume are encrypted file containers?
   encrypted partitions?
2. Are people encrypting their full operating system with VeraCrypt?
3. Which fraction of users are using hidden volumes?
4. Which fraction of users are using keyfiles? Why? How?
5. Which fraction of users are using the old TrueCrypt format?
   - In VeraCrypt this requires checking the "TrueCrypt mode" check box.
27
6. Can we rely on file containers having a .tc or .hc extension?
sajolida's avatar
sajolida committed
28
29
30

### Behaviors

sajolida's avatar
sajolida committed
31
1. How do people share files with other people who don't use Tails?
sajolida's avatar
sajolida committed
32

33
34
### Technical knowledge

35
1. How technical are VeraCrypt users? Tails+VeraCrypt users?
sajolida's avatar
sajolida committed
36
   - For example: Are they used to GNOME Disks?
37

sajolida's avatar
sajolida committed
38
39
<a id="survey"></a>

40
41
42
Results of the online survey on *file storage encryption*
---------------------------------------------------------

sajolida's avatar
sajolida committed
43
44
45
46
47
NB: By *Tails+VeraCrypt* we mean people who use both Tails and
VeraCrypt, but not necessarily VeraCrypt in Tails already as this is
currently for expert users only as it requires going through the command
line.

sajolida's avatar
sajolida committed
48
49
50
51
52
53
### Summary

- Justification of our work:

  - 40% of Tails users are also VeraCrypt users, both inside and outside
    Tails.
sajolida's avatar
sajolida committed
54

sajolida's avatar
sajolida committed
55
  - 60% of Tails+VeraCrypt users only use VeraCrypt outside of Tails.
sajolida's avatar
sajolida committed
56
57
58

  - Most of Tails+VeraCrypt users are regular users of VeraCrypt.

sajolida's avatar
sajolida committed
59
60
  - VeraCrypt is of more interest to people who are not using Linux as
    their primary operating system.
sajolida's avatar
sajolida committed
61

sajolida's avatar
sajolida committed
62
63
  - VeraCrypt is still a reference when people think about encrypting
    files.
sajolida's avatar
sajolida committed
64
65
66

  - Integrating VeraCrypt in Tails will prevent dangerous behaviors:

sajolida's avatar
sajolida committed
67
    *« I need to be able to open TrueCrypt file containers in Tails in
sajolida's avatar
sajolida committed
68
69
    order to move files securely between Tails and Windows. Right now, I
    have to copy my files unencrypted between Tails and Windows and this
sajolida's avatar
sajolida committed
70
    is quite dangerous. »*
sajolida's avatar
sajolida committed
71
72
73

- Definition of the scope of our work:

sajolida's avatar
sajolida committed
74
  - 85% of Tails+VeraCrypt users mostly don't use the .TC or .HC file extension.
sajolida's avatar
sajolida committed
75
76
77
78
  - 76% of Tails+VeraCrypt users use file containers.
  - 65% of Tails+VeraCrypt users use partitions.
  - 65% of Tails+VeraCrypt users use hidden volumes.
  - 55% of Tails+VeraCrypt users have legacy TrueCrypt volumes.
sajolida's avatar
sajolida committed
79
  - 42% of Tails+VeraCrypt users use keyfiles.
sajolida's avatar
sajolida committed
80
81
82
83
84
85
86
87
88

- Technical knowledge of Tails users:

  - Tails is still quite complicated for Windows users but not *that*
    hard either.
  - A majority of our user base is "*basic*".

### Methodology

89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
We advertised an online survey on the homepage of *Tor Browser* in Tails
between October 17 and December 1.

The survey was not advertised as being about VeraCrypt but as being
about file storage encryption in general.

The following banner was displayed on *https://tails.boum.org/home* once
every 20 views:

[[!img contribute/reports/SponsorW/2017_10/survey.png link="no"]]

We got 1011 complete answers (and zero spam!) for a participation rate
of 1.97% (51431 views in total). We think this is a great success!

The structure of our survey is available as a LimeSurvey Survey
Structure file: [[survey.lss]].

We limited the mandatory questions to the bare minimum. Except for one
open-ended question, we used only closed questions with multiple choices
to maximize the answer rate and make it easier to analyze the results.
Still, we allowed comments on many of the closed questions.

It was the first time that we asked our users to answer an online survey
and seeing the high participation it seems to be a very good way of
learning about our users and their needs. People seem eager to
contribute to Tails by sharing information about themselves if done with
their consent.

Here is a summary of our results.

### How many people use VeraCrypt in Tails before our work?

*Q: Do you use VeraCrypt?*

| Question | Answers | Fraction |
|--|--|--|
| No | 418 | 41% |
| Yes, but only outside of Tails | 238 | 24% |
| I don't know what VeraCrypt is | 193 | 19% |
| Yes, both inside and outside of Tails | 162 | 16% |
| *Total answers* | | 1011 |

- **60% of Tails+VeraCrypt users only use VeraCrypt outside of Tails.**

  These people are a first target of our work.

  Unfortunately, our survey didn't allow us to know if they don't use
  VeraCrypt in Tails because it's too complicated at the moment (it
  requires using the command line) or because they don't have a use for
  it. We should have added a another question about this in particular.

- **40% of Tails users are also VeraCrypt users, both inside and outside Tails.**

  This is a big overlap which proves that a lot of people who use Tails
  also have a need for VeraCrypt.

  After our work:

  - If this number increases, it could mean that integrating VeraCrypt
    in Tails made Tails useful for more people.

    These people are a second target of our work.

  - If this number decreases, it could mean that our user base expanded
    to include a bigger fraction of users who don't have a need for
    VeraCrypt. For example if they only use Tails to browser the
    Internet anonymously and not to exchange sensitive documents from
    Tails with other operating systems.

*Q: How many VeraCrypt volumes do you have (not counting the hidden volumes inside them)?*

| Question | Answers | Fraction |
|--|--|--|
| 2-5 | 183 | 52% |
| 1 | 83 | 24% |
| 6-10 | 45 | 13% |
| More than 10 | 39 | 11% |
| *Total answers* | 350 | |

- **Most of Tails+VeraCrypt users are serious and regular users of VeraCrypt**.

  They have more than one VeraCrypt volume and not only curious about
  VeraCrypt or tried it once.

### Comments on the questions

Our survey allowed people to add comments to some questions. Some people
described the lack of VeraCrypt support in Tails as part of a workflow
including Windows, often leading to dangerous practices.  The comments
were rewritten to prevent stylometry.

- *« **When I move files between Windows and Tails, I have to remove the
  TrueCrypt encryption and copy the files unencrypted to another USB
  stick. Then I have to securely delete the files from the USB stick and
  that takes a lot of time. This is dangerous as an attacker could
  access my files during the process.** »*

- *« **I need to be able to open TrueCrypt file containers in Tails in
  order to move files securely between Tails and Windows. Right now, I
  have to copy my files unencrypted between Tails and Windows and this
  is quite dangerous.** »*

### Which fraction of VeraCrypt volume are encrypted file containers? Encrypted partitions?

*Q: What type of VeraCrypt volumes are you using?*

| Question | Answers | Fraction |
|--|--|--|
| Only encrypted file containers | 117 | 32% |
| Mostly encrypted file containers, some encrypted partitions | 89 | 24% |
| Mostly encrypted partitions, some encrypted file containers | 75 | 20% |
| Only encrypted partitions | 74 | 20% |
| I don't know the difference between encrypted partitions and encrypted file containers | 13 | 4% |
| *Total answers* | 368 |

- The difference between encrypted file containers and partition is well
  understood.

- **76% of Tails+VeraCrypt users use file containers.**

- **65% of Tails+VeraCrypt users use partitions.**

### Are people encrypting their full operating system with VeraCrypt?

*Q: Is your Windows operating system encrypted using VeraCrypt?*

| Question | Answers | Fraction of Tails+Windows users | Fraction of Tails users |
|--|--|--|--|
| No | 135 | 72% | 35% |
| Yes | 49 | 26% | 13% |
| I don't know | 3 | 2% | 1% |
| *Total answers* | 187 |

### Which fraction of users are using hidden volumes?

*Q: How often do you create a hidden volume in your VeraCrypt volumes?*

| Question | Answers | Fraction |
|--|--|--|--|
| Sometimes | 159 | 44% |
| Never | 119 | 33% |
| Always or almost always | 50 | 14% |
| Most of the time | 27 | 7% |
| I don't know what a hidden volume is | 7 | 2% |
| *Total answers* | 362 |

- **65% of Tails+VeraCrypt users use hidden volumes.**

### Which fraction of users are using keyfiles?

*Q: What do you use to protect your VeraCrypt volumes?*

| Question | Answers | Fraction |
|--|--|--|--|
| Only passwords | 211 | 58% |
| Mostly passwords, sometimes keyfiles | 130 | 36% |
| Mostly keyfiles, sometimes passwords | 18 | 5% |
| Only keyfiles | 6 | 2% |
| *Total answers* | 365 |

- **42% of Tails+VeraCrypt users use keyfiles.**

### Which fraction of users are using the old TrueCrypt format?

*Q: How many of your volumes are TrueCrypt volumes and how many are VeraCrypt volumes?*

| Question | Answers | Fraction |
|--|--|--|--|
| All my volumes are VeraCrypt volumes | 151 | 45% |
| All my volumes are TrueCrypt volumes | 92 | 27% |
| Most of my volumes are VeraCrypt volumes, some are TrueCrypt volumes | 49 | 14% |
| Most of my volumes are TrueCrypt volumes | 47 | 14% |
| *Total answers* | 339 |

- **55% of Tails+VeraCrypt users have legacy TrueCrypt volumes.**

  The reasons given for that in the comments to this question include:

  - Not having done the effort of migrating.
  - Having to migrate too much data to be practical (1TB!).
  - Not trusting VeraCrypt has it hasn't been audited.

### Can we rely on file containers having a .tc or .hc extension?

*Q: Does the name of your file containers include the .TC or .HC extension?*

| Question | Answers | Fraction |
|--|--|--|--|
| Never | 91 | 39% |
| I don't know what the extension of my file containers is | 72 | 31% |
| Sometimes | 33 | 14% |
| Always or almost always | 27 | 12% |
| Most of the time | 8 | 3% |
| | 231	|

- **85% of Tails+VeraCrypt users mostly don't use the .TC or .HC file extension.**

### How technical are Tails users? Tails+VeraCrypt users?

*Q: Which operating system other than Tails do you use the most?*

| Question | Tails users | Fraction | Tails+VeraCrypt users | Fraction |
|--|--|--|--|
| Windows | 456 | 45% | 201 | 52% |
| Debian or Ubuntu | 355 | 35% | 129 | 34% |
| macOS | 69 | 7% | 26 | 7% |
| Arch Linux | 21 | 2% | 9 | 2% |
| Linux Mint | 16 | 2% | 4 | 1% |
| openSUSE | 12 | 1% | 6 | 2% |
| Fedora | 12 | 1% | 3 | 1% |
| Qubes OS | 10 | 1% | 6 | 2% |
| *Total answers > 10* | 951 |  | 384 |  |

By OS families:

| Question | Tails users |  | [Global market share](https://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Desktop_and_laptop_computers) | Different in VeraCrypt usage among Tails users |
|--|--|--|--|--|
| Windows | 456 | 48% | 91% | +4% |
| Linux | 426 | 45% | 3% | &minus;4% |
| macOS | 69 | 7% | 6% |  |
| Total answers | 951 |  |  |  |

- We suppose that people choose Linux over Windows or macOS because of
  technical reasons, ethical reasons, or both. Both are also good
  reasons to use Tails, either because their technical skills make it
  easier to get started or use Tails or because their ethical motivation
  aligns with the values of Tails.

  There is a huge difference between the fraction of Tails users and the
  global market share for Windows (in negative) and Linux (in positive)
  but at the same time, almost half of Tails users are otherwise mostly
  Windows users. So it seems like **Tails is still quite complicated for
  Windows users but not *that* hard either**.

- Tails+Windows users are using VeraCrypt more than Tails users in
  general (+4%). This confirms that **VeraCrypt is of more interest to
  people who are not using Linux as their primary operating system**.

  This aligns with our objective of making Tails easier to integrate in
  workflows involving other operating systems.

*Q: How familiar are you with GNOME Disks?*

| Question | Answers | Fraction |
|--|--|--|
| I can use GNOME Disks to do advanced operations | 438 | 43% |
| I don't know what GNOME Disks is | 410 | 41% |
| I can use GNOME Disks to do basic operations | 163 | 16% |
| *Total answers* | 1011 |  |

This seems to mean that:

- **A majority of our user base is "*basic*"**: not well-versed in Linux
  and GNOME, not skilled enough to manipulate partitions, or not using
  Tails to manipulate sensitive documents outside of the persistent
  volume.

- A good share of the rest of our user base is "*advanced*" and more
  technically skilled and knowledgeable about Linux and GNOME.

*Q: Imagine that you want to share a big video footage with someone else
who doesn't use Tails. You can meet in person or communicate online. For
security reasons, you want the exchange to be encrypted. How would you
do that?*

Due to the huge numbers of answers (626) to this question which was very
open-ended, it is challenging and very time consuming to extract
insights from all the answers.

We manually flagged the encryption techniques mentioned in the first 472
answers (75%) to get an overview of what Tails users would do to
exchange sensitive information between Tails and another operating
system.

While flagging the answers, we flagged some techniques that were only
mentioned implicitly. For example, some people implicitly referred to:

  - LUKS when they proposed to store the footage in the persistent
    volume of a Tails USB stick and exchange this USB stick in person.
  - OpenPGP when they proposed to encrypt the file doing
    *right-click*&nbsp;▸*Encrypt&hellip;* from the file browser.

The answers often included mixed strategies to either:

  - Design both online and offline strategies, as the question made it
    possible to either meet in person or communicate online.
  - Combine several encryption techniques, for example to encrypt and
    send the footage using some techniques and to exchange a password or
    other credential information using other techniques.
  - Design several strategies depending on the threat model or technical
    knowledge of the person they were sharing the footage with.

We cannot know from if people would know how to apply the strategies
they described. For example, if they already know how to use the
techniques that they mentioned or if they only heard of them.

| Encryption technique | Mentions | Fraction |
|--|--|--|
| OpenPGP | 134 | 28% |
| - OpenPGP (unspecified) | 79 | 17% |
| - OpenPGP (asymmetric) | 39 | 8% |
| - OpenPGP (symmetric) | 16 | 3% |
| VeraCrypt | 107 | 23% |
| I don't know | 78 | 17% |
| LUKS | 49 | 10% |
| ZIP with password | 49 | 10% |
| OnionShare | 46 | 10% |
| Signal, WhatsApp, Telegram | 25 | 5% |
| *Total answers analyzed* | 472 |  |

- VeraCrypt was the second most frequently mentioned encryption
  technique.

  **VeraCrypt is still a reference when people think about encrypting
  files**.

- We were surprised to see OpenPGP as the most frequently mentioned
  encryption technique. This could either mean that:

  - Tails users are especially knowledgeable about OpenPGP or only heard
    of it as an encryption technique.

  - Tails users rely a lot <span class="command">seahorse-nautilus</span>
    which allows to encrypt files from the file browser
    (*right-click*&nbsp;▸*Encrypt&hellip;*). This allows to use
    symmetric encryption ("*password encryption*") without the need to
    master the complex key management of OpenPGP.

- We were also surprised to see OnionShare mentioned almost as
  frequently as LUKS or ZIP with password. Good news for Micah Lee!
sajolida's avatar
sajolida committed
419
420
421
422
423
424

<a id="scope"></a>

Scope of our work
=================

425
426
We structure the scope of our work in four iterations, based on our
preliminary research work on user needs and technical feasibility.
sajolida's avatar
sajolida committed
427

428
429
We will implement and upstream each iteration one after the other and go
as far as the budget allows.
sajolida's avatar
sajolida committed
430

431
432
1. Unlocking partitions
-----------------------
sajolida's avatar
sajolida committed
433

434
435
436
This iteration is the bare minimum for this project but also the
foundation work which makes all subsequent iterations possible. It
covers:
sajolida's avatar
sajolida committed
437

438
- The unlocking of partitions, which is relevant to 65% of Tails+VeraCrypt
sajolida's avatar
sajolida committed
439
440
  users.

441
- The opening of hidden volumes, which has a very good cost/benefit ratio
sajolida's avatar
sajolida committed
442
443
  and will please the users of this very popular feature.

444
- The opening of legacy TrueCrypt volumes, which will come with almost no
sajolida's avatar
sajolida committed
445
446
  UX or backend cost.

447
- The opening with keyfiles and opening of system partitions, which
sajolida's avatar
sajolida committed
448
449
450
  will also be very cheap to add to the custom dialogs that we will
  already have to implement for the opening of hidden volumes.

451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
2. Unlocking file containers
----------------------------

This iteration extends the work done on the unlocking of partitions to
also unlock file containers.

File containers are very important to support as 76% of Tails+VeraCrypt
users use file containers. They are also interesting because using a
single file to store a whole file system is a possibility which is not offered
by the other encryption techniques in Tails.

But they are more challenging in terms of user interactions and
integration code:

- It's a new concept for users ("*mounting a file*").

- We cannot rely on file containers having a .TC or .HC extension as
  discovered during the survey.

- GNOME Files cannot automatically identify and flag file containers as
  such.

- Displaying the file name of the containers when unlocking it through
sajolida's avatar
sajolida committed
474
  GVfs will require an additional patch upstream.
sajolida's avatar
sajolida committed
475

476
477
3. Creating and modifying partitions and containers
---------------------------------------------------
sajolida's avatar
sajolida committed
478

479
480
481
482
483
484
485
486
487
488
489
Since our main objective for integrating better VeraCrypt in Tails is to
allow for cross-platform sharing of encrypted files, we consider making
it possible to create VeraCrypt volumes in Tails as optional since users
can continue creating volumes from their other operating systems.
This iteration covers:

- The creation of new partitions, for which we already have a solid UX
  design.

- The creation of new file containers, which will be harder to discover
  for users but will almost come for free once we support creating new
sajolida's avatar
sajolida committed
490
491
  partitions.

492
493
494
495
496
- The modification of existing volumes, which will be very similar to
  the creation of new volumes.

4. *VeraCrypt Mounter*
----------------------
sajolida's avatar
sajolida committed
497

498
499
500
501
*VeraCrypt Mounter* is a very simple application wrapper that we
designed and tested. It makes it easier for users to learn how to use
VeraCrypt in Tails and makes it faster to open file containers.
*VeraCrypt Mounter* would only be available in Tails.
sajolida's avatar
sajolida committed
502

503
504
505
If we cannot create *VeraCrypt Mounter* in time, we will replace it with
a link to our documentation which should lead to similar success rates
but a bit less comfort for first time users.
sajolida's avatar
sajolida committed
506
507
508
509

Non goals
---------

510
511
512
513
514
515
Opening of loop-AES and dm-crypt volumes. Loop-AES and dm-crypt
volumes are other encryption formats that are indistinguishable from
VeraCrypt volumes while they are locked (both look like random data).
Even if some of our work could be make it easier to support Loop-AES
and dm-crypt, we won't do that because these formats are not popular
enough.
sajolida's avatar
sajolida committed
516
517
518
519
520
521
522
523

<a id="ui"></a>

User interface
==============

### Changes to GNOME Disks

sajolida's avatar
sajolida committed
524
<img src="https://labs.riseup.net/code/attachments/download/1833/disks-format-partition.png">
sajolida's avatar
sajolida committed
525

sajolida's avatar
sajolida committed
526
<img src="https://labs.riseup.net/code/attachments/download/1834/disks-format-partition-password.png">
sajolida's avatar
sajolida committed
527

sajolida's avatar
sajolida committed
528
### Unlock dialog in GVfs
sajolida's avatar
sajolida committed
529

sajolida's avatar
sajolida committed
530
<img src="https://labs.riseup.net/code/attachments/download/1843/gvfs-monitor-unlock-veracrypt-volume.png">
sajolida's avatar
sajolida committed
531

sajolida's avatar
sajolida committed
532
### *VeraCrypt Mounter* (optional)
sajolida's avatar
sajolida committed
533

sajolida's avatar
sajolida committed
534
<img src="https://labs.riseup.net/code/attachments/download/1842/veracrypt-mounter.png">