this post was submitted on 16 Oct 2024
98 points (97.1% liked)

Privacy

1209 readers
84 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Sterile_Technique@lemmy.world 9 points 4 weeks ago (2 children)

Vaguely recall reading about a way to set your phone with two PINs, your normal one, and a security one that's like a completely separate user account. So just install some BS apps on it, take some photos, and give that PIN when you need to.

[–] synapse1278@lemmy.world 25 points 4 weeks ago (2 children)

Interesting idea!

A bit different, is the Duress Password from GrapheneOS:

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

The wipe does not require a reboot and cannot be interrupted.

Features: Duress - GrapheneOS.org

[–] jet@hackertalks.com 7 points 4 weeks ago (3 children)

I am not a lawyer, always consult with a lawyer in your local jurisdiction.

I believe giving a duress password to the police, which destroys data, will definitely be a crime, destruction of evidence at the minimum. Or obstruction.

I'm all for having a duress code, I just want to be clear about the trade-offs

[–] Wildly_Utilize@infosec.pub 5 points 3 weeks ago (1 children)

Perhaps one could set the duress pin to something easily guessable if they were worried about a brute force

[–] jet@hackertalks.com 3 points 3 weeks ago

That's a great idea

[–] Fuck_u_spez_@sh.itjust.works 4 points 4 weeks ago (2 children)

The burden is on them to prove that I didn't confuse my two passwords accidentally. I have SO many passwords, officer. Silly me.

[–] jet@hackertalks.com 7 points 4 weeks ago

Only in theory... most likely they will load you up with at least 5 federal charges and offer you a Faustian plea bargain where you admit guilt to avoid a lifetime in jail.

Now if you had a list of codes in your wallet, one of which was a duress code... it's not your fault they tried the code while you exercise your right to remain silent.

[–] eldavi@lemmy.ml 3 points 4 weeks ago

i tried to share an article from a decade ago of a man who used a defense like this and the judge held him jail in contempt for several years; but both the internet or i have have a short memory and my only point was to be prepared to spend a couple of years behind bars if you do this and have a shitty judge (like most are).

[–] NotMyOldRedditName@lemmy.world 2 points 4 weeks ago* (last edited 4 weeks ago)

The way around this could be a duress profile where it deletes everything on the phone except a premade profile with a few apps installed and a picture or two.

[–] lambalicious@lemmy.sdf.org 1 points 3 weeks ago (1 children)

If they have physical access to the device, this won't help.

They can simply produce a binary copy of the (still encrypted) information inside, via specialized hardware or backdoors via the CIA / Israel, then if you given them a duress code all they lose is either the original or the copy.

[–] synapse1278@lemmy.world 2 points 3 weeks ago (1 children)

It depends what the law is in your country, but wouldn't it be illegal for police to take away your phone without a warrant? Also, I find it not so probable that any cop has access to the top-secret-deep-state-backdoor.

[–] lambalicious@lemmy.sdf.org 1 points 3 weeks ago

For something to be illegal, the victim has to be able to press charges. And that doesn't change the fact that once they got their hands on the device they've got the info, a mandate of law doesn't make them "magically" forget the info.

[–] kautau@lemmy.world 3 points 4 weeks ago* (last edited 4 weeks ago)

That’s been around for awhile on the PC encryption side under https://veracrypt.eu/en/Hidden%20Volume.html