We have this interesting feature proposal for /e/OS: a second "panic" PIN code that can fully erase the device in case of emergency. It's been rejected by Google for Android.

Do you think we should implement it?

hello...sent you a mail some time ago to the mail was in german, maybe the problem... ;-)

@gael probably not the most urgent thing to do, but indeed a nice feature to differentiate /e/OS from its competitors

@fla @gael

À utiliser avec précaution, ça peut faire des malheurs.

The Kodachi Linux live operating system also got that feature, called a "nuke" password. It does that at the decryption partition prompt, I suppose it silently erase it and just "break it" instead of voluntarily describing the formatting process.

I appreciate the compliment. *(Except if it is for the Kodachi example, in which, it isn't mine obviously)*.

@gael is it a valid defense scheme? Like dumping the data is not done before asking you the password like you would do on a PC? It's a question not a criticism.

It is, in a case of a non-expert interrogation by criminal groups, industries, or police.
Of course, this would have been useful extracting the file before hand, if it wasn't already encrypted via the Android filesystem encryption option.

@gael yes but definitely don't forget that this feature will be used more often by mistake than in a real emergency situation😉

@gael It could be a very good idea with some security checks :)

@gael unless you have strong reasons to believe this matches the needs of your userbase or you think it would be really fast and easy to implement, I'd say there are other priorities

@gael that will land you in jail for destroying evidence. it's different from not giving out a crypto password

@bonifartius @gael

Depends on jurisdiction. Do not assume all the world is like US or EU. The ticket describes a specific use cases in specific countries, where people are not legally protected from self-incrimination and are literally beaten to reveal the password, which results in further incrimination of themselves and other people.

@kravietz haven't read the ticket, maybe just extracting some recipes, cat pictures and sms from mom to the empty device would be a better decoy :)

@kravietz i mean.. if i know that there will be rubberhose cryptanalysis, it's better to present a decoy with some really non-incriminating things than a completely empty device.

from what i've heard, some western countries already want you to show them your social media accounts when traveling to them, "i don't have one" doesn't count as excuse as well.

_maybe_ the best thing would be to not store anything which could be used against you on the device but online in another country. just removing the traces of these accounts from the device, while leaving said messages from mom and kitten pictures in place.

it's easy to think that these things have a technical solution, but i fear there isn't one.


> it's better to present a decoy

That's a great feature, and it has been suggested in the original ticket, but way more complex to implement than a simple "panic PIN" wipe.

> the best thing would be to not store anything

If you are on a demonstration against authoritarian regime and make photos of police abuse, it's hard not to store photos or videos if the very point of you being there is to witness them.

@kravietz @bonifartius have you heard of "cryptocam" its an app from fdroid that has a public key stored and encrypts every picture/video taken immediately.
then back at a safe place you have the private key to encrypt later after the chaos is over.

@glowl @bonifartius

I did and actually installed it just a week ago after reading about it here on Mastodon!

What's with the people, taking other peoples phones and getting them locked by trying all sorts of combinations? Could be a very rare case of total disaster. ^^

@gael Yes, that'd definitely be nice.
Just have it send out a message to everyone you mark as "ICE" in your contacts list.

Not sure if this is your target group. For journalists and activists it may be useful though

@gael it'd be better to have the second pin get you to an alternate partition which gives you some plausible deniability

Sign in to participate in the conversation

The original server operated by the Mastodon gGmbH non-profit