Comment by jonex
7 hours ago
Feature request: Make it default behavior on phones that you can have multiple passwords, connected to different profiles. With no way to determine how many profiles a phone have.
I'm sure there's some people here working on mobile operating systems, might be worth considering?
"This profile doesn't have anything on it. Give us the password for the real profile."
Or even worse, you did give them the real password, but because your phone supports the feature and your profile is kind of barren, they don't believe you. Now you are in a very bad lose-lose situation.
With LLMs, it should be easier than ever to fake generate text messages, notes, emails, etc.
You do use your "fake" profile regularly, just for "sanitized" activities. Check in on official sanctioned news sources, do your "legit" banking and financial stuff, etc.
I suppose that you could have the phone listening in real time and generating profiles that are hidden and embarrassing but not illegal.
So when they ask for the real profile it shows in the next unlock a profile that makes it very clear you have a deeply embarrassing ASMR addiction.
It could cross reference your local laws to ensure to not spill the beans on something locally illegal.
xkcd 538
https://imgs.xkcd.com/comics/security.png
So put stuff on it, duh
"This isn't what we expected to find. Give us the real password."
2 replies →
Veracrypt e.g. has had this for a long time.
https://en.wikipedia.org/wiki/Plausible_deniability
Crypto wallets work like that. Put in a different password (in addition to the seed) and it's a different account, preferably with some chump change on it for plausibility.
This whole PRC law (system) is designed to condemn already targeted individuals, there's no big difference if there's nothing on the phone. Chinese laws are specifically formulated in this pattern: "A, B, C, or at the discretion of the relevant authorities". Since there's no attorney-client privilege in PRC, once you're targeted, the "discretion" can always be found.
As others have pointed out this would likely not save you in this case, but there are some phones which do support this, and I know people in Brazil that use these features in order to be able to comply when getting mugged without giving away access to your bank etc.
Another feature request:
Allow the device user to create a different (duress) password, which when entered, will immediately wipe the phone without any secondary warnings. The user could then provide that password to the people who seized their device, and be in compliance with all laws, while maintaining information security.
Android has a "Private Space" feature. As far as I can tell it's only a single extra profile you can create, but I think you can keep it "hidden" (at least in as much as you can't tell if it's been created without unlocking it).
https://source.android.com/docs/security/features/private-sp...
Software isn't going to save you in this scenario. If you're worried about local laws violating your privacy then buy a burner and only put data on there that's necessary for your travels.
> Provide fake credentials? Three years behind bars.
They would be real credentials, just to a separate profile. Are they going to make multiple profiles illegal?
Yes.
Genius.