How to safely store & encrypt your own video/content

[TheFlash]

So, seems some people are reluctant to record their activities for their own little porn stash, because it is too risky. Some people are storing their goodies in flash drives or even in cloud storage, and even worse, some store things on their smartphones.

One way to mimigate risk is to safely store your goodies locally. In the olden days we used to encrypt folders as encrypted zip files (among other formats) but this can be cumbersome and most of them are easily hacked open these days. Cloud storage is well... someone else's computer and typically subject to all sorts of gov backdoors and so on and employees can see your content, so cloud storage not really an option. Some people use home-grade NAS drives, which can also be a security risk if on your network for most brands.

So what we want is something simple, local and secure.

If you use Windows 10/11, it has a feature called "BitLocker Drive Encryption" in control panel. This tool is useful to encrypt drives fully, as well as your boot drive. It works great and I've used it for years. But that's only half of the equation. Windows can also create virtual harddrives (VHD).. which is basically a big file that lives on your disk, which you can mount in the file explorer and it then behaves as a normal storage device. When you unmount it it, you can freely move this one big file around and so on. You can have multiple of them and use them for different purposes and they can have different sizes.

The beauty is, you can use BitLocker to actually encrypt all of your VHD's after they've been mounted. Which is great. If someone steals you gear, they cannot see your content if you place it inside this encrypted container.

If you don't like or trust Windows, or are on Linux or macOS, there is a similar tool called VeraCrypt. It's is a successor to TrueCrypt. It also allows you to create virtual disk containers that's encrypted. If on linux you can also use LUKS to encrypt specific partitions, but they are not portable/cross platform and just a bit harder to manage.

The Bitlocker + VHD setup works extremely well and it's super easy.

Since you are not going to use cloud storage (seriously, don't do it - all the big tech companies employees can see your data.......), you should have a proper backup system in place. Meaning, you need a place that you can reliable push your few hundred gigabytes worth of VHD's to. As a first line of defence, I use a RAID mirror using Windows Storage Spaces, to basically have a clone of my main storage drive where the VHD's live. Typically you would need to buy two of the same drive, with the same firmware to keep things rock solid. I've used it for almost a decade and it works flawlessly. But that only protects you against a single drive failure in that same machine, so buy an external HDD with a 5 year warranty that can hold all your VHD's and make a backup once a month. If you are on linux, checkout ZFS Mirror pools if you feel the need to make software raids on linux. For macos.. I have no idea. Ha!

If you don't have a desktop pc and have a laptop only, it is still worthwhile to make VHD's and make backups to external drives. That way, someone can steal your laptop and you will still be okay. I would recommend against storing anything on flash drives, as they extremely bad endurance, meaning after a couple thousand writes, they start corrupting data and eventually just die. So stick to SSD and HDD tech where possible, anything with a 5 year warranty is fine.

As for mobile devices and their supposed encryption and secure folders... I don't trust it all, so whatever you record, get it off that device as soon as possible. Do not use any dodgy photo/video editing apps on smart phones, a good chunk of them are malicious and will steal your content while you sleep. So record what you need and then get it into your encrypted containers asap and delete it from your phone once you are certain it is in the VHD.

If you follow this little guide, you are 99% safe and would never have an issue during normal use. You are still suscetible to malware and viruses, so get good adblockers, don't click links in random emails, stop using pirated software and enable UAC password prompts alongside a standard user account (for windows). On Linux, you should already be familiar with how user accounts works, passwords and the sudo command - basically do not run your normal user account as Root/Admin. Pirated software and running as root will get you pawned, so don't do it.


Hope that helps! Just ask if you need clarification.

 

[pes]

This is all nice.
But it is just one stage.
The device that you are using to make porn is the first problem.
If it is a phone, you are fucked, done, nothing more to add there. You can not effectively clean one file from a phone and be reasonably sure it is actually gone.
If you are using a camera which nowadays uses some kind of flash storage, you have to make sure that flash disk is clean after use which is also quite tricky. And requires rewriting the whole disk after use and even that is not 100% reliable with solid state storage.

 

[Wronguser]

Use a VHS camera from the 90s and just burn the tape when shit happens

 

[Knotpockets]

I'm more interested in the removal of metadata from video.

 

[pes]

I'm more interested in the removal of metadata from video.

exiftool -overwrite_original -all:all= <file>

 

[TheFlash]

Nice.

You can also just re-encode the video with ffmpeg, that way you can resize it if you want, strip out audio, put watermarks on it. This will generate a completely new file. It will not modify the old file so you can keep your originals intact.

On Windows that could look something like this (assuming ffmpeg is on your path):

ffmpeg.exe -ss 00:00:00 -t 00:00:25 -i .\input.mp4 -c:v libx264 -b:v 10M -s 1280x720 -r 30 -c:a copy -an -vf "drawtext=text='your watermark text':x=(w-text_w)/2:y=(h-text_h)/2:fontfile=C:/WINDOWS/FONTS/GABRIOLA.TTF:fontsize=80:fontcolor=pink" output.mp4

where:
-ss = where you want to start the video from, (in this case from the start)
-t = how much time you want it take march forward, (in this case first 25s)
-i = your original input file, I rename mine to input.mp4 to make the command cleaner.
-c:v = which codec (in this case we want h264, universally playable)
-b = bitrate, so 10Mb/s, if this value is too low for the resolution, it will be come blurry. 8M for 720p is great.
-s = output size, so you can go from 4K to 720p. You can upscale but it will blur, even with high bitrates. Need ML/AI if you want proper upscaling.
-r = framerate, 30 or 60 is good.
-c:a = audio codec, in this case it will copy audio as-is
-an = disable audio completely, so the file will only have a video channel. Remove this flag if you want audio.
-vf = this part is what I use to place a watermark - it looks complicated but it will place it in the center of the video, using pink. You can choose your font and size too.

and then the last parameter is what filename you want to use for the resulting video, in this case just output.mp4

Test your output files afterwards, sometime the orientation will cause a distortion if you recorded in portrait mode on a phone, so just change 1280x720 to 720x1280.

ffmpeg is magic and runs in every single studio and media company, it is fundamental to our society actually, it is the underlying tool for many billion dolar companies. It's open source and a mature project. It can solve almost anything you want media related. You can make videos from images, make stop motion videos with it.. you can encode some really crazy stuff with it. It really just works, and on any hardware too (codecs might be a problem in rare cases). You can also take one big video, grab a bunch of small snippets from it and then glue them together again into one file. That way you can avoid using blurring etc and just cut out certain pieces that you want in it.

Have fun!

 

[Wronguser]

Wtf you're about to record if so much effort is put into it... just give a f-ing axe to the device

 

[p a]

This is all nice.
But it is just one stage.
The device that you are using to make porn is the first problem.
If it is a phone, you are fucked, done, nothing more to add there. You can not effectively clean one file from a phone and be reasonably sure it is actually gone.
If you are using a camera which nowadays uses some kind of flash storage, you have to make sure that flash disk is clean after use which is also quite tricky. And requires rewriting the whole disk after use and even that is not 100% reliable with solid state storage.

There are third-party apps that can do full NSA-level data overwrites to SSD storage devices.

One problem is that you have to have them hooked into your computer (not phone) until it is done, and the more secure the overwrite, the longer it takes.

Another problem with this is that if you do this often, you will have to replace said SSD device more often, as they have a limitd number of writes before they fail.

 

[TheZipper]

Wtf you're about to record if so much effort is put into it... just give a f-ing axe to the device

The Hillary method! For those really stubborn files, don’t forget the BleachBit!

 

[K9GuyinTX]

Nice guide and thank you for taking the time to write it!

I agree on the EXIF data thing. To this day I still find geo-location data embedded in videos posted because they were made with modern smart phones where geo-tagging was turned on. EXIF tool and ffmpeg are both great resources for managing this EXIF data.

Another word of caution - even if content is not made with a smart phone, modern cameras like GoPro and most DSLRs embed their serial numbers in the native EXIF data. It is a good practice to strip this data out of any pictures that will ultimately be connected to the internet regardless of their content (even an innocent picture of your favorite potted plant should not reveal more about you or your device than necessary).

Thrift stores are a great resource for older digital cameras. Many still shoot video great pics and vids in HD and most are not WiFi or GPS capable which means that the device itself will probably not tell any secrets.

And while this sounds like a lot of work, it really is not. Once you learn how to do this stuff, it only adds a few minutes (at most) to your editing processes.

 

[TheFlash]

I prefer always re-encoding to a new file for uploading purposes, that way I know exactly what is in it, audio channels, exif meta and my originals stays untouched, that I can then stash in my vhd's/encrypted containers. NEVER upload original files to the web, even benign stuff on social media.

 

[mdog79]

Can anyone explain how to set up and secure a vhd on a imac?

 

[pes]

Can anyone explain how to set up and secure a vhd on a imac?

VeraCrypt - Free Open source disk encryption with strong security for the Paranoid

VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic...

veracrypt.eu

The steps are going to be extremely similar on any os, there are videos about it on youtube.

 

[Goattobeloved]

I'd be weary of Bitlocker as if you lose your password, Microsoft can help recover your data -> So if the government agency asks them to help recover some encrypted HDD they will most likely comply.

VeraCrypt is way to go. Has a number of nice features like... not knowing it a disk is actually veracrypted or just unformatted (plausible deniability)

Also the possibility of using really long hashes in an external key to decrypt. Use it or not, if something happens, step on *any* thumb dtive, say -that- was the only copy of the required decrypt key.

And always remember a long easy to remember pass like "MyDogHasSuchABigCockItWouldBreakYourAssIfYouTried!!" is harder to brute force than "#34yQDs34+z" (and easier to remember)

edit:
Those who remember, Veracrypt was an spawn of TrueCrypt, which was suddenly discontinued and taken offline "for security concerns". Being open source, and no explanation as to what was the issue, the most common explanation was.... It was too safe for the government to be comfortable with it out there.

I am still using Truecrypt and seems to work

 

[pes]

Microsoft and other cloud storage providers literally try to decrypt your encrypted files using words you use in affiliated chat or email programs.
So if you encrypted volume password is anywhere in plain text on your system or you sent it to anyone and the files are in the cloud, they have been seen by at least the automated pedo scanner.

Go look for articles about it, even youtube videos.
Closed source encryption is as good as no encryption when it comes to more advanced adversaries than your family.

 

[mdog79]

Thanks so much guys x

 

[rk9ssrb]

So, seems some people are reluctant to record their activities for their own little porn stash, because it is too risky. Some people are storing their goodies in flash drives or even in cloud storage, and even worse, some store things on their smartphones.

One way to mimigate risk is to safely store your goodies locally. In the olden days we used to encrypt folders as encrypted zip files (among other formats) but this can be cumbersome and most of them are easily hacked open these days. Cloud storage is well... someone else's computer and typically subject to all sorts of gov backdoors and so on and employees can see your content, so cloud storage not really an option. Some people use home-grade NAS drives, which can also be a security risk if on your network for most brands.

So what we want is something simple, local and secure.

If you use Windows 10/11, it has a feature called "BitLocker Drive Encryption" in control panel. This tool is useful to encrypt drives fully, as well as your boot drive. It works great and I've used it for years. But that's only half of the equation. Windows can also create virtual harddrives (VHD).. which is basically a big file that lives on your disk, which you can mount in the file explorer and it then behaves as a normal storage device. When you unmount it it, you can freely move this one big file around and so on. You can have multiple of them and use them for different purposes and they can have different sizes.

The beauty is, you can use BitLocker to actually encrypt all of your VHD's after they've been mounted. Which is great. If someone steals you gear, they cannot see your content if you place it inside this encrypted container.

If you don't like or trust Windows, or are on Linux or macOS, there is a similar tool called VeraCrypt. It's is a successor to TrueCrypt. It also allows you to create virtual disk containers that's encrypted. If on linux you can also use LUKS to encrypt specific partitions, but they are not portable/cross platform and just a bit harder to manage.

The Bitlocker + VHD setup works extremely well and it's super easy.

Since you are not going to use cloud storage (seriously, don't do it - all the big tech companies employees can see your data.......), you should have a proper backup system in place. Meaning, you need a place that you can reliable push your few hundred gigabytes worth of VHD's to. As a first line of defence, I use a RAID mirror using Windows Storage Spaces, to basically have a clone of my main storage drive where the VHD's live. Typically you would need to buy two of the same drive, with the same firmware to keep things rock solid. I've used it for almost a decade and it works flawlessly. But that only protects you against a single drive failure in that same machine, so buy an external HDD with a 5 year warranty that can hold all your VHD's and make a backup once a month. If you are on linux, checkout ZFS Mirror pools if you feel the need to make software raids on linux. For macos.. I have no idea. Ha!

If you don't have a desktop pc and have a laptop only, it is still worthwhile to make VHD's and make backups to external drives. That way, someone can steal your laptop and you will still be okay. I would recommend against storing anything on flash drives, as they extremely bad endurance, meaning after a couple thousand writes, they start corrupting data and eventually just die. So stick to SSD and HDD tech where possible, anything with a 5 year warranty is fine.

As for mobile devices and their supposed encryption and secure folders... I don't trust it all, so whatever you record, get it off that device as soon as possible. Do not use any dodgy photo/video editing apps on smart phones, a good chunk of them are malicious and will steal your content while you sleep. So record what you need and then get it into your encrypted containers asap and delete it from your phone once you are certain it is in the VHD.

If you follow this little guide, you are 99% safe and would never have an issue during normal use. You are still suscetible to malware and viruses, so get good adblockers, don't click links in random emails, stop using pirated software and enable UAC password prompts alongside a standard user account (for windows). On Linux, you should already be familiar with how user accounts works, passwords and the sudo command - basically do not run your normal user account as Root/Admin. Pirated software and running as root will get you pawned, so don't do it.


Hope that helps! Just ask if you need clarification.

What about cloud storage but with encrypted rar/zip files with password? Still not safe enough?

 

[Goattobeloved]

What about cloud storage but with encrypted rar/zip files with password? Still not safe enough?

Better than plain video, of course. But... clouds. Why would you handle someone else your data in first place?

 

[pes]

What about cloud storage but with encrypted rar/zip files with password? Still not safe enough?

Storing your data on someone else's computer is not a good idea.
Especially large companies do try to decrypt your encrypted files using anything they can for dubious legal purposes like "scanning for child porn or terrorism" which must be such a problem that they do not even mention it is done because the government is just really interested in your stuff.
Of course every terrorist and pedo is going to use google drive to do illegal stuff, makes sense that they are not going to use tor and one of the well known better encrypted communicators.

They will use words from your email or chat communication and so on to try to decrypt your files. Look for it online, people have found and reported this is done.
Store your files locally. The moment you send them somewhere else they are no longer yours and they fall under the laws where the server is.

 

[inamorata008]

Anyone got any views on storage from Proton.me? I use their email as it's one preferred by this site, their storage is 100% encrypted and subject to Swiss privacy laws. I'm also going to do some research on VeraCrypt, thanks for the tip...

 

[K9GuyinTX]

It is a great question about Proton's storage. I would imagine that they are still obligated to release whatever they have if some court orders them to do so. It would be interesting to see who holds the keys in that scenario because if they can't decrypt it, the data may not be useful to whoever gets it.

 

[inamorata008]

Swiss are pretty hot on privacy, which is why I was curious. Certainly the banks are 100% discrete, never heard of anyone managing to force a bank to release data.
While we're on the subject, would love to be able to share videos with a friend by streaming them to her device. Is there a Media Centre equivalent for Linux, and how secure are these streams? Have considered DropBox, but assume that's completely insecure, and I'm not sure I want to upload stuff there.

 

[IHO]

I actually have an "eraser" from the 90's that is literally a high-powered, plug-in electro-magnet that looks like a small iron (like you would use to de-wrinkle a garment). Swipe that thing across any electronic storage device and it's fucked forever. Also throwing removable media into a microwave for a few seconds botches them up pretty good (with a bit of a tiny lightening show... bizzzot!). This, of course, would only be useful if you are looking to wipe out your files completely with no hope of recovery.

 

[Goattobeloved]

I actually have an "eraser" from the 90's that is literally a high-powered, plug-in electro-magnet that looks like a small iron (like you would use to de-wrinkle a garment). Swipe that thing across any electronic storage device and it's fucked forever. Also throwing removable media into a microwave for a few seconds botches them up pretty good (with a bit of a tiny lightening show... bizzzot!). This, of course, would only be useful if you are looking to wipe out your files completely with no hope of recovery.

I would not rely on the gausser for SSD type devices, and I would not rely on microwave for metal platters. (electronics will be gone, but magnetyc surface in a metal box might easily survive and be read with a new electronic)

Easy, old way... hammer or pickaxe. Be sure SSD chips are cracked, or platters twisted and bended for good. (I once shot one with a .22, bumped both platters, but a big pickaxe does far more damage)

I actually threw once a HD into a wood stove in winter, and next day it was aluminium drops and only the bearing was identifiable. Get that, CSI

 

[inamorata008]

I'd be weary of Bitlocker as if you lose your password, Microsoft can help recover your data -> So if the government agency asks them to help recover some encrypted HDD they will most likely comply.

VeraCrypt is way to go. Has a number of nice features like... not knowing it a disk is actually veracrypted or just unformatted (plausible deniability)

Also the possibility of using really long hashes in an external key to decrypt. Use it or not, if something happens, step on *any* thumb dtive, say -that- was the only copy of the required decrypt key.

And always remember a long easy to remember pass like "MyDogHasSuchABigCockItWouldBreakYourAssIfYouTried!!" is harder to brute force than "#34yQDs34+z" (and easier to remember)

edit:
Those who remember, Veracrypt was an spawn of TrueCrypt, which was suddenly discontinued and taken offline "for security concerns". Being open source, and no explanation as to what was the issue, the most common explanation was.... It was too safe for the government to be comfortable with it out there.

I am still using Truecrypt and seems to work

Installed VeraCrypt the other day, I run it from Linux, had to Google the installation instructions, but they were clear and easy to follow. All went well, and i now have a completely encrypted 500Gb volume which is invisible to the filesystem until I mount it. So very happy with this.

 

[Goattobeloved]

Installed VeraCrypt the other day, I run it from Linux, had to Google the installation instructions, but they were clear and easy to follow. All went well, and i now have a completely encrypted 500Gb volume which is invisible to the filesystem until I mount it. So very happy with this.

Good.
There are even portable versions of VeraCrypt if you do not want to install.

Be aware that if corrupted you have few recovery options.
For one, DO the header backup option Veracrypt suggests, and keep it handy.

For the other, I usually keep two 500G HD sync in case one dies for whatever reason. (last time it was Windows starting up to find a "broken" disk, and deciding formatting it without asking was the best option )

 

[TheFlash]

In the past I've used Veracrypt with containers of about 500GB each, for about 3 years with zero corruption that I've noticed. That said, I won't encrypt the drive directly, just make a container volume/file instead. Way easier to backup and move between storage devices etc.

Good.
There are even portable versions of VeraCrypt if you do not want to install.

Be aware that if corrupted you have few recovery options.
For one, DO the header backup option Veracrypt suggests, and keep it handy.

For the other, I usually keep two 500G HD sync in case one dies for whatever reason. (last time it was Windows starting up to find a "broken" disk, and deciding formatting it without asking was the best option )

 

[TheFlash]

Found a new way to make encrypted containers that works very well.

A little more advanced, sorry for the technical terms.

If you use linux, the kernel ships with a bunch of encryption utilities, which you can use to encrypt any block device. After digging around a bit to figure out a workflow to use it, archwiki mentions a tool called Tomb. It is just a wrapper around the linux/kernel tools that makes it significantly easier to work with.

The project is hosted at ~ github . com /dyne/tomb ~ (don't know if I can post links) and should basically work any linux kernel. I've made a container that is over 700GB with this tool and it lives on a software raid mirror (mdadm) and so far its been rock solid, drives sync fine and copy speeds are normal (100+ mb/s). It behaves almost just like vhd's and veracrypt containers, its just a huge file thats gets mounted as a virtual drive.

If this solution stays stable for the next month, I will most likely keep this method for all future encrypted containers. Even for servers. Cannot believe I only found this now. Will probably start using it at work too.

This solution only works on linux and is NOT cross platform. You will need to know how to use linux & the terminal to install and use it.