Plausible deniability

[passingby]

Is there a way (probably using the reveal widget?) to replace the contents of a tiddler with some standard text based upon a state tiddler? 

Perhaps something like this: https://groups.google.com/d/msg/tiddlywiki/07WVZmjsopE/zWa7_aKZBAAJ ?

What I was is to hide the actual content of a tiddler and replace it with some standard text "Enter your text here..". The hidden mode should work both in view and edit mode. 

I understand that I can just hide the actual tiddler itself too, but I do not want to do that. For example in my side bar menu of 'thoughts & ideas' I need to add some ideas which I do not want anyone to read. But they need to be under that menu item because I do not want to keep idea tiddlers in two places.

[TonyM]

Passingby

Have you considered keeping the secret info in an encrypted tiddler and showing its content when desired using the view edit templates when decrypted?

Perhaps you could describe what you want rather than how it may be done.

If I understand correctly I belive there may be a number of ways to do this.

Regards
Tony

[PMario]

Hi,

I think, the only way that makes sense is encrypting them.

-m

[Mark S.]

Just a thought. It seems like you want comments associated with tiddlers that you only see. Perhaps you could do that with the comments plugin. You can enable/disable the comments plugin depending on what mode you're in.

[passingby]

There are sometimes thoughts/opinions/reflections which are recurring, and I wish to write them down so I can capture them, come back to them, or just create a record of personal self. Right now these are scattered in some files. But this has hampered my creativity and productivity. I now want to get everything on one file, a sort of diary, which has everything on it, organised under headings or topics. So what I am planning is sidebar menu which has table of contents tree, which would have various 'topics' such as health, money, relationships, occasions, events, imp dates, food, goals, tasks, etc. Most of the entries under these topics would be of mundane nature but some maybe more private which I do not wish to share.

What I want is that the sensitive tiddlers remain present in the lists in the sidebar where everything else is, but when clicked to view, they should not readily reveal their contents. I do not need encryption per say, just hiding of contents. But if a tiddler comes to view and says 'this tiddler is encrypted', then its a clear give away that I have some secret. That I do not want. What I want is plausible deniability, the ability to say, 'oh this tiddler? its empty.' or 'Oh yes, I haven't added anything to this one yet.'

What would be a good way to achieve this?

On Thursday, June 13, 2019 at 5:50:18 AM UTC-7, passingby wrote:

[TonyM]

Passingby,

I have build a quick solution to this in the attached json file of tiddlers

• You must have a check box set and a user name set and the notes will be private to each user name.
• Notes are stored in a long and complex title which includes the created date and time, qualified by user name and a seed which never changes
• At any moment clicking the checkbox will hide the whole private notes system, and notes will be retained.

Improvements possible

• Allow editing of the notes inline in the tiddler
• Use a different user name config tiddler that does not update createdby or Modifiedby or a password that no one can find (easily)

Regards

Tony

[TonyM]

PS,

Currently it does not tolerate the primary tiddler being renamed. The notes become disconnected, I Can fix that.

Regards

Tony

Regards

Tony

[Jed Carty]

I don't know of any simple way to get plausible deniability when the person looking understands tiddlywiki. The best I can think of in a single file wiki is to have the contents in a json tiddler where each key and value are encrypted.

At the moment I don't think we have a plugin that allows this, but it probably wouldn't be too difficult to make a good enough (non-cryptographically secure, but not trivial) encryption plugin to do this.

If you can run the node version of tiddlywiki there are other options, I have an extension of Bob that gives login and access control that lets you have multiple wikis and only ones that the logged in person is allowed to see show up. But at the moment the file system is not encrypted and the existence of a wiki is visible on the file system. I am planning on adding a database back-end that would help with that.

Real plausible deniability, in the sense that it works against people familiar with TiddlyWiki and with access to the computer it is on, is going to be difficult but using encryption and a data tiddler that has fake entries might work.

[passingby]

Tony,

This is very neat :-) Thank you! Yes this would work. I want to understand how this is working but that can come later, maybe on a weekend. I shall also want to modify it a bit to suit my taste, but its very good right as it is.

In my use case, all i want is to hide information from a casual onlooker, family member or a friend, who happens to be nearby when I have my file open. And this suits it well.

Thank you.

-Passingby

[h0p3]

Plausible deniability seems to work best when you can present legitimate appearing content. I wouldn't want it blank; I'd want it to say something innocuous (even if slightly embarrassing). I would still keep the real content encrypted since you won't be editing unless you know no one is looking, and especially because it can otherwise show up in searches (or you need to fix that). I'm a fan of steganography, but encryption is necessary.

I'm also reminded of this: https://www.truecrypt71a.com/documentation/plausible-deniability/ (which is real plausible deniability).

Perhaps you should reconsider how to resolve shoulder-surfing and/or others using your computer here (there's no perfect solution, if you want to go all the way down the rabbithole). I'm not convinced unifying your public and private content is going to be easy. I think it's easy to screw up using single-tiddler encryption too (I shouldn't have to remember to lock the door in this case), else I'd use my wiki quite differently.

I'm going to recommend using two wikis. If you really need to unify them (which I strongly appreciate), you can. In that case, have one public and one public+private. Most of the time you can edit public and there's literally nothing to worry about (even given an adversary familiar with TW). When you need to do something private (which can be secured in many ways), import the public into it and continue your mixed public+private work, then export the public again (I'd probably keep private tagged). This allows you to keep the private wiki content secured and still keep your public wiki integrated into it when you decide you are in a safe place to edit private content (you will still have to be mindful about how you mix content, but that was always a given).