Thanks for the detailed reply, I really appreciate it.
I only ask that you continue to make that 3rd point clear to people who might be considering using it because although yes it is not a scenario most of us will likely ever face, what you have built is absolutely going to attract people who are at risk of torture and I don’t think it’s conscionable to put this in their hands unless they are extremely clear on the fact that with this tool they literally won’t have a way of being able to clear their name in that situation because I think that might not actually be obvious to them until it’s too late and maybe they would make other choices if they knew that ahead of time. I’d personally see it as a huge liability but everybody’s situation is different obviously.
But at a minimum I think just helping them to understand where a tool like this fits into the bigger picture and what other steps they should take because otherwise people will do really dumb shit with this because they put all of their faith in it and skipped a lot of other fundamental things that might have helped them because my experience with this topic is that they are absolutely going to get those passwords from you one way or the other and if your plan is to trick them you’re going to have a really shit time.
It may even be worth getting in touch with some folks who have been on the receiving (or giving) end of the wrench scenario to just chat with them about what you’ve built here and if it is something they think would have helped them or not.
You raise a good point, and we try our best to say that Shufflecake is not a toy, that users must be conscious, etc. I think what is missing is a proper user manual as a central source of documentation, we'll need to work on that.
But we cannot save the users from themselves. We do our best to make things easy and secure, but at the end of the day plausible deniability is one of those things that are kind of "hardcore".
To be more clear, I don't think I can see a reasonable scenario where using Shufflecake would put you in trouble but using VeraCrypt would not. I'd be happy to talk with people at the "receiving end of the wrench" (lol) and this is also part of our ongoing outreach campaign, but so far all of the cases I've seen are either "we cannot prove you're a criminal so we release you" or "even if we're convinced that you gave us all you have, we will still kill/torture you just because". For me, it's either you go plausible deniability "all-in", or you don't bother at all. And of course you're right that one needs to consider many things and adopt all sort of other precautions on top of that, but still a solution like Shufflecake is sorely missing right now.
But, yes, you are absolutely right that we must continue to put a big disclaimer for the users, and help them to understand the risk of using this.
I’m actually with you on all these points for the record and again, this is a very specific scenario that isn’t going to be relevant to most people thankfully but for those people, it’s as you said… not a toy.
It’s also realistically not on you to give them the training required to operate in that environment because a tool like this is going to only be a tiny part of it.
In my mind there is a very specific kind of individual I’m thinking of who has maybe a bit more enthusiasm than brains or experience who will reach for a tool like this if it’s positioned to them a certain way who is going to get themselves into a very preventable world of trouble unless somebody can step in to just remind them that they should be sensible and think very carefully about what exactly they are doing because things can sound great from a technical point of view but really mess you up in the real world and I think this is one of those things in that situation.
I only ask that you continue to make that 3rd point clear to people who might be considering using it because although yes it is not a scenario most of us will likely ever face, what you have built is absolutely going to attract people who are at risk of torture and I don’t think it’s conscionable to put this in their hands unless they are extremely clear on the fact that with this tool they literally won’t have a way of being able to clear their name in that situation because I think that might not actually be obvious to them until it’s too late and maybe they would make other choices if they knew that ahead of time. I’d personally see it as a huge liability but everybody’s situation is different obviously.
But at a minimum I think just helping them to understand where a tool like this fits into the bigger picture and what other steps they should take because otherwise people will do really dumb shit with this because they put all of their faith in it and skipped a lot of other fundamental things that might have helped them because my experience with this topic is that they are absolutely going to get those passwords from you one way or the other and if your plan is to trick them you’re going to have a really shit time.
It may even be worth getting in touch with some folks who have been on the receiving (or giving) end of the wrench scenario to just chat with them about what you’ve built here and if it is something they think would have helped them or not.