Vaguely recall reading about a way to set your phone with two PINs, your normal one, and a security one that’s like a completely separate user account. So just install some BS apps on it, take some photos, and give that PIN when you need to.
A bit different, is the Duress Password from GrapheneOS:
GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).
The wipe does not require a reboot and cannot be interrupted.
If they have physical access to the device, this won’t help.
They can simply produce a binary copy of the (still encrypted) information inside, via specialized hardware or backdoors via the CIA / Israel, then if you given them a duress code all they lose is either the original or the copy.
It depends what the law is in your country, but wouldn’t it be illegal for police to take away your phone without a warrant? Also, I find it not so probable that any cop has access to the top-secret-deep-state-backdoor.
For something to be illegal, the victim has to be able to press charges. And that doesn’t change the fact that once they got their hands on the device they’ve got the info, a mandate of law doesn’t make them “magically” forget the info.
I am not a lawyer, always consult with a lawyer in your local jurisdiction.
I believe giving a duress password to the police, which destroys data, will definitely be a crime, destruction of evidence at the minimum. Or obstruction.
I’m all for having a duress code, I just want to be clear about the trade-offs
Only in theory… most likely they will load you up with at least 5 federal charges and offer you a Faustian plea bargain where you admit guilt to avoid a lifetime in jail.
Now if you had a list of codes in your wallet, one of which was a duress code… it’s not your fault they tried the code while you exercise your right to remain silent.
i tried to share an article from a decade ago of a man who used a defense like this and the judge held him jail in contempt for several years; but both the internet or i have have a short memory and my only point was to be prepared to spend a couple of years behind bars if you do this and have a shitty judge (like most are).
The way around this could be a duress profile where it deletes everything on the phone except a premade profile with a few apps installed and a picture or two.
Vaguely recall reading about a way to set your phone with two PINs, your normal one, and a security one that’s like a completely separate user account. So just install some BS apps on it, take some photos, and give that PIN when you need to.
Interesting idea!
A bit different, is the Duress Password from GrapheneOS:
Features: Duress - GrapheneOS.org
If they have physical access to the device, this won’t help.
They can simply produce a binary copy of the (still encrypted) information inside, via specialized hardware or backdoors via the CIA / Israel, then if you given them a duress code all they lose is either the original or the copy.
It depends what the law is in your country, but wouldn’t it be illegal for police to take away your phone without a warrant? Also, I find it not so probable that any cop has access to the top-secret-deep-state-backdoor.
For something to be illegal, the victim has to be able to press charges. And that doesn’t change the fact that once they got their hands on the device they’ve got the info, a mandate of law doesn’t make them “magically” forget the info.
I am not a lawyer, always consult with a lawyer in your local jurisdiction.
I believe giving a duress password to the police, which destroys data, will definitely be a crime, destruction of evidence at the minimum. Or obstruction.
I’m all for having a duress code, I just want to be clear about the trade-offs
Perhaps one could set the duress pin to something easily guessable if they were worried about a brute force
That’s a great idea
The burden is on them to prove that I didn’t confuse my two passwords accidentally. I have SO many passwords, officer. Silly me.
Only in theory… most likely they will load you up with at least 5 federal charges and offer you a Faustian plea bargain where you admit guilt to avoid a lifetime in jail.
Now if you had a list of codes in your wallet, one of which was a duress code… it’s not your fault they tried the code while you exercise your right to remain silent.
i tried to share an article from a decade ago of a man who used a defense like this and the judge held him jail in contempt for several years; but both the internet or i have have a short memory and my only point was to be prepared to spend a couple of years behind bars if you do this and have a shitty judge (like most are).
The way around this could be a duress profile where it deletes everything on the phone except a premade profile with a few apps installed and a picture or two.
That’s been around for awhile on the PC encryption side under https://veracrypt.eu/en/Hidden Volume.html