Compartmentalization

No Trace Project > Threat Library > Mitigations > Compartmentalization

Compartmentalization is a security principle in which different identities (or projects) are kept separate so that they cannot be connected, and the compromise of one is isolated from the compromise of the others. This principle can be applied to both digital and non-digital identities.

Examples of digital compartmentalization include:

• Using different email accounts for different digital identities, such as one account for work, another for friends, another for a specific sensitive project, etc. This way, if an adversary knows your work email address and discovers your sensitive email address after seizing a computer in a house raid, because the email addresses are different, they won't be able to link the sensitive email address to your identity.
• Using different Tails^[1] USB sticks or Qubes OS^[2] virtual machines for different digital identities. This way, if an adversary compromises one stick or virtual machine with malware, the compromise won't spread to other sticks or virtual machines.

Examples of non-digital compartmentalization include:

• Using different names in different contexts, such as using your civil name with your family and an alias with your friends. An alias can be specific to a place, time, or group of people you interact with. This way, if an adversary compromises one of your names, it won't necessarily lead to the compromise of the others.
• Applying the need-to-know principle by sharing sensitive information only when it is necessary to do so, and only to the extent necessary.

Compartmentalization can be a useful tool for remembering to apply mitigations consistently within a project. For example, you may want to always take anti-surveillance measures when traveling as part of a specific project, but not make the same effort for another, less sensitive project.

Techniques addressed by this mitigation