Practical Privacy, Security, and Speech Guide
A field guide to modern privacy, security, and freedom of speech.

3.3 Plausible deniability and hidden volumes

Padlock on a dark surface
Encryption and access control.

Protection under coercion

Plausible deniability is the idea that, if you are pressured to reveal your data, you can disclose something that looks complete and reasonable while keeping more sensitive information concealed. It is not a promise that you will “get away with it”. It is a design goal: reduce what can be proved and make it harder to distinguish between an innocent setup and a protected one.

In practice, plausible deniability is about making your explanation and your technical setup align. It works best when your device contains an ordinary set of files that you are willing to show and the hidden material leaves no obvious traces. That does not make it foolproof, and it does not remove the risk of coercion. It only changes what can be confidently demonstrated.

What a hidden volume is

A hidden volume is a second encrypted storage area that sits inside another encrypted container or partition. Both areas are protected by different passwords. If you unlock the outer volume, you see a normal set of files. If you unlock the hidden volume with the separate password, a different set of files appears. To an observer, both arrangements look like ordinary encrypted data; the hidden volume is designed to be indistinguishable from random noise within the outer volume.

A common use is a laptop that holds everyday documents, photos and a work archive in the outer volume, while a smaller hidden volume contains a journalist’s sources, a whistleblowing draft, or a domestic abuse survivor’s planning notes. The outer volume looks natural, and the device behaves normally when unlocked with the “decoy” password.

Hidden volumes are a feature of specific encryption tools rather than a general property of “encrypted files”. They also require careful behaviour because the outer and inner volumes share the same physical space. That means you can accidentally overwrite hidden data if you are not paying attention.

Behavioural discipline required

The technical mechanism only works if your day-to-day habits do not contradict it. If you claim the outer volume is all there is, the visible files must look complete and believable. That can mean having ordinary, dull data in place: bank statements, family photos, emails, a few work documents, and the usual clutter that builds up on a real machine. An empty or oddly tidy volume can raise questions.

Discipline also means managing when and where you unlock each volume. If you frequently unlock the hidden volume at home, and then travel with the same laptop, the hidden data could be exposed by cached file lists, recently opened documents, or cloud sync logs. The obvious mitigation is to keep hidden volumes off devices that routinely connect to services or are used for casual browsing.

Another practical behaviour is to avoid mixing accounts. Logging into a work email or a social media account while the hidden volume is open can leave traces outside the encrypted space: browser history, file previews, thumbnails, indexing databases, or application logs stored on the system drive. Minimising such leak paths is essential, and it often means using a separate operating system or a dedicated device for the sensitive volume.

How deniability fails in practice

The most common failure is not cryptographic. It is inconsistency. If a person claims they only have a small set of documents but their public-facing work suggests more, the mismatch invites further scrutiny. A campaign organiser who has five files and no drafts, or a researcher who cannot account for their datasets, will look implausible even if the encryption is perfect.

Another failure point is metadata outside the encrypted container. Many operating systems keep caches of recently opened files, thumbnail previews, or search indexes. If those are on an unencrypted system drive, they can reveal the existence or shape of hidden content. The mitigation is to encrypt the system drive as well and to disable or routinely clear caches, but that adds friction and is easy to get wrong.

Devices also leak through backups and synchronisation. Cloud storage clients can quietly copy filenames or document hashes before you realise. Even if the contents are encrypted, the pattern of what was backed up can indicate that more exists than you are showing. A practical approach is to keep hidden volumes on storage that never touches consumer cloud services and to disable automatic indexing and sync on the host system.

In the UK, there are legal powers to compel disclosure of encryption keys in certain circumstances. That is a legal context, not a technical one, and it affects how plausible deniability is judged. Even if a hidden volume exists and cannot be proven, a refusal to provide a key may have consequences. This is not a reason to ignore privacy tools; it is a reason to understand the difference between technical protection and legal obligation.

Psychological pressure matters just as much. Under stress, people make mistakes, contradict themselves, or forget which password unlocks what. Practical mitigation is to keep the operational routine simple and well-practised, and to avoid complicated stories that are hard to maintain. Some people choose to keep a small, innocuous hidden volume that they are prepared to reveal if pressured, while keeping a second sensitive store elsewhere. This does not remove risk, but it can reduce the chance of panic errors.

Why backups often undermine deniability

Backups are essential for data safety, but they are hostile to deniability. A hidden volume that is backed up to an external drive or cloud account may leave fingerprints: duplicate blocks, unusual file sizes, or encryption containers that stand out. Even if the backup itself is encrypted, the mere existence of an additional archive can be used to argue that more data exists than is disclosed.

A typical everyday scenario is a laptop that uses a hidden volume for sensitive work and an automatic backup tool that copies the entire disk each night. That backup, sitting in a cupboard or syncing to a cloud provider, becomes a second point of exposure. The risk is not theoretical: recovery tools, IT support staff, or investigators can discover archives you forgot were running.

Mitigations are limited and require trade-offs. You can choose not to back up the hidden volume, accepting the risk of data loss. You can keep backups offline, encrypted, and physically controlled, reducing exposure but still creating artefacts. Or you can design the hidden data so that it is replaceable, for example by keeping only short-lived working files and storing long-term records elsewhere. None of these remove the underlying tension: deniability and dependable backup pull in opposite directions.