Forced by Police to reveal the pin/password to GrapheneOS

aqua-ghostly

If this is your threat model no OS will fix it. You would need to rely on some serious tradecraft.

DeletedUser471

IMO, best workaround would be to set duress password to open decoy profile or at least main profile (configured as decoy) and silently wipe esims / private space / secondary profiles for plausible deniability.

justletmereply

First of all, thanks for this great project. I really love it.

About this topic, my first assumption about people who say "this doesn't help" is that they have not actually been in this situation or lived in countries like this.

Let me share my own experience living in Iran:

It is very common for authorities to enter your home, with or without a warrant, beat everyone, pick someone, and take that person with them to their base, which is almost always an unknown location. While doing this, it is also very common for them to search phones and other electronic devices in the house. They usually do not seize every device, but instead force everyone to give their passwords and check the devices on the spot. I honestly do not even know what they are looking for.
Starting last month (because of some "development" in our human rights), authorities are now allowed to stop you in the middle of the street in busy areas and quickly check your phone. Again, they force you to give your password and inspect the device right there for about five minutes.

In both cases, the feature that was requested in this forum would actually help. The forces are not technical at all, and they probably would not even notice that a specific profile looks suspiciously empty. They only have a few minutes to inspect your device. Obviously, in both situations, refusing to give your password puts you at much greater risk.

As a side note, I am a developer myself, and I know that some features are very hard to implement. We usually want our code to be clean, consider all possible situations and side effects, and think about all the what ifs before adding new features. We also tend to view new feature requests with a grain of salt. I completely understand the feeling when someone asks for a feature you think is useless. But this goes back to my first point: most people have never lived in situations like this.

So I would be very thankful if the GOS developers would at least consider adding a feature like this. I honestly do not care how it is implemented, whether it is a fake profile or something similar. I would also appreciate it if people who have never been in situations like this would avoid comments like "it won't help", "you should understand", or "they will eventually suspect something". We are just trying to avoid another beating or another night in a cell. In moments like that, a solution with "they will probably find out anyway" at the end of it, DOES look like the best solution.

Thanks again.

« Previous Page