> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/drive-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/drive-support/security-model/create-a-new-vault-2.md).

# What Shadow Layers do not protect against

Shadow Layers give you strong, cryptographic plausible deniability. But no feature protects against every threat, and being honest about the gaps is what keeps you safe. Here's what Shadow Layers (and Oten Drive generally) **cannot** do.

### They don't hide your behavior <a href="#they-dont-hide-your-behavior" id="they-dont-hide-your-behavior"></a>

* **Someone watching you type** a second password, or noticing you open the app twice, learns something the software can't hide. Deniability depends on your discipline, not just the crypto.
* **Naming, notes, or cross-references** that hint at hidden content betray it. Keep everything neutral and never label a layer.

### They don't defeat a compromised device <a href="#they-dont-defeat-a-compromised-device" id="they-dont-defeat-a-compromised-device"></a>

* **Malware, keyloggers, or screen recording** on your device can capture passwords and plaintext *while a layer is open*. Encryption at rest can't help once you've decrypted in front of a compromised system.
* **Someone with your unlocked session** sees whatever that layer contains. Lock when you step away.

### They don't erase metadata <a href="#they-dont-erase-metadata" id="they-dont-erase-metadata"></a>

* The server can see *that* activity and blobs exist, their timing, and rough sizes — it just can't read them. Patterns of activity are not hidden.

### They don't rescue lost credentials <a href="#they-dont-rescue-lost-credentials" id="they-dont-rescue-lost-credentials"></a>

* **Forgotten password + lost recovery key = permanent loss.** There is no backdoor, for you or anyone.
* A recovery key **found on your device** can hint that a vault has extra layers. Store keys off the device.

### They aren't a substitute for legal/physical safety <a href="#they-arent-a-substitute-for-legalphysical-safety" id="they-arent-a-substitute-for-legalphysical-safety"></a>

* Deniability is a *technical* property. It does not protect you from physical coercion continuing, from being compelled under law where that applies, or from consequences outside the software's reach. Understand your real-world threat model.

> Read this alongside [How Shadow Layers work](/drive-support/shadow-layers/how-shadow-layers-work.md) and [Operational security tips](/drive-support/staying-safe/create-a-new-vault.md). The cryptography is sound; the human layer is where care is required.
