In addition to encrypting sensitive data with a password, also consider additionally encrypting it in a way that requires solving a CAPTCHA-like puzzle. Details remain about how to implement it and what the UI should look like.
Threat model: the legitimate user already knows what documents he or she wants to access, so can go directly to it, solving a few CAPTCHAs. The illegitimate user -- e.g., surveillance or forensics -- wants to scan the entire computer or system or stream for something but will have to solve a CAPTCHA for each item -- each file -- scanned.
No comments :
Post a Comment