fun fact, in the UK the offence is “failing to decrypt the device when required to do so” making these measures quite dangerous.
That said, unless you are being charged under a national security crime, the maximum sentence for “failing to decrypt the device when required to do so” is up to two years, so the game’s the game.
I always thought that they were a worse police state than the US. Cameras everywhere, jail time for letter openers and keychain swords let alone fucking knives. Absolutely a lack of free speech. US has the camps now do we’re definitely worse atm but the UK hates being free.
I wonder how they’d look at it if previous cracking attempts wiped the device. Is that “failure” to unlock punishable or not? The phone was wiped already - the user can’t unlock it even if he wanted to.
Similarily, is it possible to make it impossible to prove the device was wiped due to the PIN and not beforehand?
I had the same question. The best would be to consult a lawyer and see if there’s any precedent already set.
I could imagine police could easily film the process and a video would be enough proof for any judge. The phone shows a pin entry, a reboot, and then a welcome screen just like a factory reset has been done. Right?
The first one is legal - if the person asked to surrender credentials surrenders them, and the device turns out to be reset (assuming no foul play), does this constitute the crime of not surrendering the credentials?
If the answer to one is “yes”, the technological question begs itself: How to make a duress pin indistinguishable from the real one?
I still dont know if i would trust Google hardware.
Call me paranoid but what are the chances of mentaloutlaw beeing a psyop “get this very specific hardware and software setup so the police cant hack you” sounds a lot like encrochat.
Have a read up on GrapheneOS, they seem like they take their shit very seriously and their product is pretty solid (though their communications are a bit… “opinionated”). And yes, it is an amusing irony that the most secure devices are made by Google.
For awareness you can achieve the same on CalyxOS by setting it to automatically wipe the phone after either 5 or 10 failed unlock attempts. Though this does mean a child (or childish friend) could do it accidentally. I’d prefer a duress PIN, but then I’d probably forget it if I ever really needed it.
There’s also a less nuclear ‘panic trigger’, that allows you to hide apps or choose to uninstall any apps you like. No PIN needed, simply hold the power button and select ‘Panic Trigger’, there’s then a fullscreen 5 second countdown before your select private/sensitive data is obliterated… unless you hit cancel. The user can set up in advance what the panic trigger does - eg which apps to uninstall (deleting their data and auth keys), all cloud provider apps with sensitive data such as email apps or cloud storage provider apps are recommended.
Just saw the mentaloutlaw video. Graphene OS has a “duress pin” that wipes the phone when given a certain pin.
There is also an app called duress if you don’t have graphene
fun fact, in the UK the offence is “failing to decrypt the device when required to do so” making these measures quite dangerous.
That said, unless you are being charged under a national security crime, the maximum sentence for “failing to decrypt the device when required to do so” is up to two years, so the game’s the game.
Wow the UK is a turd too.
You know about brexit right? Turd move right before the US went full turd on Trump a few months later.
Russian troll farms paid off big at that point.
Yeah, go to the UK and say “I support Palestine Action” and see what happens. They’re having a rough time of it right now.
I always thought that they were a worse police state than the US. Cameras everywhere, jail time for letter openers and keychain swords let alone fucking knives. Absolutely a lack of free speech. US has the camps now do we’re definitely worse atm but the UK hates being free.
I wonder how they’d look at it if previous cracking attempts wiped the device. Is that “failure” to unlock punishable or not? The phone was wiped already - the user can’t unlock it even if he wanted to.
Similarily, is it possible to make it impossible to prove the device was wiped due to the PIN and not beforehand?
I had the same question. The best would be to consult a lawyer and see if there’s any precedent already set.
I could imagine police could easily film the process and a video would be enough proof for any judge. The phone shows a pin entry, a reboot, and then a welcome screen just like a factory reset has been done. Right?
I thought of it as two seperate problems:
The first one is legal - if the person asked to surrender credentials surrenders them, and the device turns out to be reset (assuming no foul play), does this constitute the crime of not surrendering the credentials?
If the answer to one is “yes”, the technological question begs itself: How to make a duress pin indistinguishable from the real one?
What the fuck. When are you required to do so?
I still dont know if i would trust Google hardware. Call me paranoid but what are the chances of mentaloutlaw beeing a psyop “get this very specific hardware and software setup so the police cant hack you” sounds a lot like encrochat.
Have a read up on GrapheneOS, they seem like they take their shit very seriously and their product is pretty solid (though their communications are a bit… “opinionated”). And yes, it is an amusing irony that the most secure devices are made by Google.
For awareness you can achieve the same on CalyxOS by setting it to automatically wipe the phone after either 5 or 10 failed unlock attempts. Though this does mean a child (or childish friend) could do it accidentally. I’d prefer a duress PIN, but then I’d probably forget it if I ever really needed it.
There’s also a less nuclear ‘panic trigger’, that allows you to hide apps or choose to uninstall any apps you like. No PIN needed, simply hold the power button and select ‘Panic Trigger’, there’s then a fullscreen 5 second countdown before your select private/sensitive data is obliterated… unless you hit cancel. The user can set up in advance what the panic trigger does - eg which apps to uninstall (deleting their data and auth keys), all cloud provider apps with sensitive data such as email apps or cloud storage provider apps are recommended.
For the duress PIN, an easy way to remember it would be to reverse your regular PIN
You’re right, that is easy to remember!
This is really cool, can’t wait to get my google pixel.
Sounds like they would do you for destruction of evidence.
Now that’s a good idea!
Holy based