[HN Gopher] PAM Duress - Alternate passwords for panic situations
___________________________________________________________________
PAM Duress - Alternate passwords for panic situations
Author : xanthine
Score : 728 points
Date : 2021-08-22 18:15 UTC (1 days ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| f1refly wrote:
| There's always a big issue with systems like this: Any
| sophisticated attacker will have an image of the machine he's
| trying to get into at hand to stop exactly what this pam module
| is trying to achieve from happening.
|
| All this would do is make you appear in a worse light to the
| deciding judge when it comes to trial or get your other kneecap
| shattered in a not so civil situation.
| t0mas88 wrote:
| Lawenforcement yes, but I'm not sure most criminals are digital
| enough. Especially if it all looks just normal logged in, but
| in the background deletes some hidden files.
| f1refly wrote:
| People who would want the data of someone knowledgable enough
| to install a custom pam module and write a script to utilize
| it are most likely also sophisticated and informed enough to
| know what to look for. This is not some street thug, it's
| most likely either law enforcement or organized crime who
| know very well what they want and that it's supposed to be on
| your machine.
| intellix wrote:
| So you're saying if I'm held at gunpoint or forced to surrender
| my password at the US airport that a password to clear my
| account of anything would be useless?
|
| Neither of them know anything about me.
|
| It reminds me of the Trezor hardware wallet that allows you to
| have multiple passwords into your account. If your forced to
| give access you can log into the version with little in it.
| Nobody knows that you have secondary accounts with more in
| it...
| jeroenhd wrote:
| If you're held under gunpoint, that script that wipes your
| entire hard drive will only make your day worse.
|
| AFAIK if you actually get detained and questioned at
| airports, your drive will already get imaged before any
| password is even tried. You may be able to get away with this
| on a mobile device where this feature isn't generally
| expected (because who uses Linux on a smartphone in the first
| place).
|
| I always wonder at what scenarios like these are supposed to
| be about. If saying no is not an option, pissing off your
| captors by giving them fake info probably isn't either.
|
| I don't know what law enforcement would be looking for on my
| work drive, but if saying no is no longer an option, my
| encryption password isn't worth getting shot over.
| Spooky23 wrote:
| It's silly nerd porn.
|
| The "real" problem is either: (a) You know the authorities
| want access to your data because <x>, and you travel across
| a border with it. (b) You possess sensitive information and
| are not aware of law enforcement's desire to get it; (c)
| You're swept up at random; (d) You're a criminal, or carry
| a paper trail of potential illegal activity.
|
| Solutions:
|
| (a) Means you are stupid. The only way to win is not to
| play.
|
| (b) Means you either didn't follow your employer's security
| guidelines or aren't aware of the risks associated with
| whatever is on your device. You can't solve that problem
| without understanding that.
|
| (c) You should use discretion re: what you cross a border
| with and either accept the risk or do something else.
|
| (d) Don't really care. See (a).
| AussieWog93 wrote:
| (e) You are a whistleblower who doesn't want to be
| dragged off to a military prison and tortured
| Sebb767 wrote:
| Which is the same as (a). Either have an USB stick with
| plausibly-deniable encryption or, better yet, store the
| data somewhere online (in encrypted form, of course) and
| download it once you crossed the border. There is no
| reason to have it readily available on your laptop.
| drvdevd wrote:
| I think the focus on Law Enforcement as the sole source
| of duress is no longer correct. Just as one example, we
| now live in an era where any entry point to a corporate
| network can equal millions or billions in eventual ransom
| payouts, right? As endpoint security mitigations improve,
| duress will not just be a silly nerd porn, and will
| probably not be limited to "high level" people, either.
| TeeMassive wrote:
| > If you're held under gunpoint, that script that wipes
| your entire hard drive will only make your day worse.
|
| Then I'll just use a script that doesn't make it look like
| I deleted everything.
| mschuster91 wrote:
| > AFAIK if you actually get detained and questioned at
| airports, your drive will already get imaged before any
| password is even tried.
|
| Good luck doing that on 2016ff MacBook Pro's (they all have
| soldered storage) or any Windows 10 laptop with TPM-backed
| Bitlocker encryption.
| nudpiedo wrote:
| Why not honeypot into a docker with fake data? Everyone
| would be happy (during a first moment). Sure if the attacks
| t is well informed then they will double check whether the
| target they got in is real or not.
| ljm wrote:
| "Okay okay! The password is hunter2, go on and try it,
| just don't shoot me!"
|
| _Bad guy types in honeypot password_ A
| new update to Docker is available. Restart now to
| apply the update or subscribe to a Pro account
| to delay this update.
|
| "Oh, bugger."
| nudpiedo wrote:
| Sorry, my bad for assuming a system admin has enough
| reasoning capacity to avoid dumb mistakes.
| varjag wrote:
| It doesn't have to wipe your drive, just do reasonable
| things like kill your sensitive messenger accounts and
| clean up the history.
| shawnz wrote:
| What does it matter if your drive is imaged if you are
| using full disk encryption?
| dailyanchovy wrote:
| They can try their luck again at having you give access.
| shawnz wrote:
| The duress login shouldn't reveal that anything is
| happening, so they have no reason to suspect you're using
| such a feature at all. Thus there would be no reason to
| ask you to log in again, and even if they do, you can
| simply use the duress credentials a second time.
| eurasiantiger wrote:
| If they can monitor network connections, they can see the
| duress connections, too.
| shawnz wrote:
| You don't need to make it take any network actions, but
| even if you wanted to do that you could just use TLS. It
| would easily blend in with all the other services that
| use TLS as part of their normal operation.
| o-__-o wrote:
| https://serverfault.com/questions/574405/tcpdump-server-
| hell...
| shawnz wrote:
| Won't be possible with ESNI, and regardless you could
| just use an inconspicuous domain name, for example by
| piggybacking on a common cloud service.
| dredmorbius wrote:
| https://xkcd.com/538/
| shawnz wrote:
| The duress credentials are exactly how you avoid the
| "pipe wrench" scenario. The point of the FDE in that case
| is simply to prevent them from looking on the disk
| without your supervision.
| dredmorbius wrote:
| The duress credentials keep the pipe wrench from being
| _useful_.
|
| They don't keep it from being _applied_.
| shawnz wrote:
| If the pipe wrench is getting applied regardless, that's
| a much different situation. In that case you could simply
| not comply at all.
|
| The duress credentials are meant to create plausible
| deniability of non-compliance, by giving the appearance
| of a genuine login which just reveals nothing.
| dredmorbius wrote:
| Understood and agreed. This depends heavily on what the
| investigator expects to find. If the duress key removes
| information known to be present ... out comes the wrench.
|
| Or you could just be dealing with someone who DGAF. This
| ultimately seems to be a chief characteristic of many
| situations in which strong crypto is proposed. It's the
| breakdown of civil liberties, rights, and rule of law
| which might be the true ur-problem here.
| dredmorbius wrote:
| Revisiting:
|
| Keep in mind that the duress credentials serve several
| purposes.
|
| 1. Give the appearance of compliance. It's possible that
| the investigator will be satisfied and abandon further
| search attempts. Wrench averted.
|
| 2. Provide the opportunity to perform a duress action,
| without the immediate appearance of doing so. This has a
| wide range of possibilities, including removing or
| disabling access to information, triggering warnings or
| notices to allies or supporters, revealing innocuous
| content, enabling a set of additional countermeasures
| (e.g., attacks from within the investigator's own space
| or network, or against the investigator's own tools, see
| Signal's response to Celebrite:
| https://signal.org/blog/cellebrite-vulnerabilities/).
| Note that a protocol which denies the investigation
| subject access to a device would prevent this. The
| presumption that a subject would provide an access
| password provides opportunity for defences.
|
| Whether or not the pipe wrench (or any analogous or
| equivalent means of coercion) is applied is almost a moot
| point. With a duress password, you're largely assuming it
| will be. The objective isn't to prevent the wrench. It's
| to render it ineffective.
|
| Or at least that's the way I read it.
| nudpiedo wrote:
| If the attack is in hot the data is unencrypted, so
| getting the login password will (usually) also give
| access to the unencrypted disk (already mounted)
| [deleted]
| tedunangst wrote:
| Without knowing what your captor already knows about your
| device, deleting data they may expect to find is a pretty
| high risk gambit.
| Sebb767 wrote:
| If you think that them finding your data is the better
| option, you can always revert to using your normal login
| credentials.
| EamonnMR wrote:
| If your attacker has a full image of your system why are they
| bothering with duress?
| dogma1138 wrote:
| Also depending on the jurisdiction depending on the
| circumstances triggering it can be a felony the same as
| destroying evidence or tampering with an investigation, if a
| court compelled you congrats you've just earned yourself a
| contempt of court charge that can last pretty indefinitely.
|
| In a jurisdiction that doesn't adhere to the rule of law you
| are already screwed.
|
| What people often don't seem to comprehend is that if you get
| picked up by a "secret police" in the middle of the night
| it's pretty much game over already.
| trothamel wrote:
| Deleting data, if someone can prove it, also opens you up
| to Adverse Inference, which means the jury can consider the
| plaintiff's reasonable inference as to what the destroyed
| documents contained.
|
| https://en.wikipedia.org/wiki/Adverse_inference
| bigiain wrote:
| Because it's encrypted?
|
| And these days, it's common for the decryption keys to exist
| only in a Secure Enclave type thing that makes extracting
| those keys many orders of magnitude more difficult that
| asking you for your password while they hit you with a
| wrench.
| [deleted]
| moonchild wrote:
| My understanding is that, with veracrypt (which implements
| something similar to the linked system), if you enter the
| duress password, the hidden areas appear to simply be
| unallocated disc space.
| new_guy wrote:
| Nice idea! I have this on my social site, people have two
| passwords, their regular one and an 'under duress' one that wipes
| their profile/locks it down.
|
| I always wondered why more services don't offer it.
|
| The reason we have it is it's a fairly political place (not by
| design, but when you offer 'free speech' you get everyone booted
| from every other place) and we've had a fair few members
| arrested, and I'd hate to think my site contributes to that so
| easy wipe.
| nickdothutton wrote:
| I miss the SecurID stress PIN.
| yawaworht1978 wrote:
| Do not carry devices with sensitive data around if not necessary,
| simple as. All this hidden user stuff will go nowhere. Have the
| data encrypted on a server and access it remotely.
|
| Anything else is simply not safe at all or might cost you prison
| time, check the UK laws on this.
| hannofcart wrote:
| Nice, this actually tries to mitigate XKCD's famous $5 security
| backdoor.
|
| https://xkcd.com/538/
| thrwyoilarticle wrote:
| >~/.duress
|
| A project that's 2 days old should be using $XDG_CONFIG_HOME. My
| home directory is where I need a clean slate, not your clutter.
| t0mas88 wrote:
| You could set this up with three possible passwords, #1 for
| normal login, #2 for what looks like normal login but deletes
| most sensitive things and #3 that wipes the disk encryption keys
| and reboots. If forced by criminals or a not so free government
| enter #2 and pretend everything is normal. If pressured by the US
| or EU government with your lawyer present enter #3, see it fail
| and claim you forgot the encryption keys to make it boot (which
| is technically true, just never admit you made it delete them
| since that's illegal in most places)
| loup-vaillant wrote:
| Using #3 could land you in jail indefinitely in the UK I
| believe: if they don't believe you forgot the password, they
| can interpret that as a refusal to give them the password (or
| unlock the computer), and jail you for this... until you give
| them the password.
|
| Which you can't, because there _is_ no password at this point.
| So either you admit that you just wiped your computer with the
| panic password, or you can shut up and rot in jail until you
| die.
|
| You need a way to make them believe you. Covertly wiping your
| computer is probably not going to end well.
| jrockway wrote:
| Depends on the crime, I guess. If you face execution for
| murder or treason because of the data on your hard drive,
| life in prison is an upgrade.
| akerl_ wrote:
| This is why I don't keep evidence of committing
| murder/treason on my computer.
| dredmorbius wrote:
| Evidentiary tests may change.
| drexlspivey wrote:
| So in the UK they can put you in prison for life without
| being charged or found guilty of any crime unless "they
| believe you"? Any source on that?
| macintux wrote:
| A story from the US:
|
| https://nakedsecurity.sophos.com/2016/04/28/suspect-who-
| wont...
| zelse wrote:
| It's a theoretical thing under the Regulation of
| Investigatory Powers Act, IIR. It hasn't been tested. In
| practice under the law it'd probably be a stretch under a
| sensible judiciary since you can't prove a negative and
| thus can't prove you don't know something.
|
| In a number of countries there is a defined offense, like
| in Australia if they don't believe you they can jail you
| for six months under the Cybercrime Act, 2001, or possibly
| 2 years (failure to obey a court order under the Crimes
| Act, 1914).
| gnicholas wrote:
| I hate when my bank calls me about something and then asks to
| confirm my identity prior to giving out details about my account.
| Even when I think I know what it is about (e.g., a transaction
| with my card was declined just before the phone call), I feel
| very strange giving out any information to an inbound caller.
|
| One thing I have thought about doing is providing mistaken
| information to the caller and see if they go along with it. I
| came up with this idea when one bank said they could send me a
| text message and I could read back the number to them (huge red
| flag).
|
| Does anyone else have any ideas for how to authenticate a BigCorp
| caller whose corporate policies do not allow them to provide any
| account information to the people they are calling?
| nucleardog wrote:
| > Does anyone else have any ideas for how to authenticate a
| BigCorp caller whose corporate policies do not allow them to
| provide any account information to the people they are calling?
|
| I mean, it's really their problem, isn't it?
|
| If you need something from them, call their customer line and
| ask. If they need something from you, then they'll figure it
| out.
|
| I had a financial institution call me one time and ask
| "Is this nucleardog?" "Yes." "Alright, this is
| reallyfastwords can we start by verifying your date of birth?"
| "No. You called me. I didn't even catch who you are. What can I
| help you with." "I'm with really fast words. I can't
| tell you anything until I verify your identity." "You
| called me. You verify your identity first." "If you
| don't verify, then I can't tell you why I called!"
| "That's fine."
|
| There was a loooong pause before she finally decided on "Okay,
| what _day_ in June of 1985 were you born?" and apparently that
| was satisfactory.
| jmiserez wrote:
| Banks themselves tell you not to give out their info, so that
| scenario plays out more often than you think. I've had it
| happen and they just sent a letter by mail instead.
| gnicholas wrote:
| I've tried having them give me a checksum of the last four
| digits of my card number. They refused.
| gjs278 wrote:
| that's the stupidest request to make of a customer service
| rep. good lord.
| sReinwald wrote:
| Tell them you feel uneasy giving out details over the phone to
| an inbound caller, hang up and call their service line
| directly.
|
| The only way you can be sure you are talking to your bank is if
| you are calling them.
| gnicholas wrote:
| Yeah that works, but it's usually time-consuming to get to
| the specific department that actually called. I wish these
| companies could route your call to their fraud dept if their
| fraud dept had just called you, but sadly this doesn't seem
| to have caught on yet.
| solarengineer wrote:
| In Singapore, Banks send regular reminders that they will
| never ask us for our personal information over a phone
| call. It is slowly becoming "common knowledge" among the
| non-tech-savvy folk I meet in everyday life.
| GoblinSlayer wrote:
| Then there's an antifraud scenario, when the bank still
| calls you and asks stuff, now you need precise
| classification what they can ask you and what you can
| tell them.
| Angostura wrote:
| Wait a couple of minutes or call back from a different phone.
| In the UK it may still be possible for an attacker to hold
| the line open after you hang up - and then simulate the dial
| tone.
| theshrike79 wrote:
| How? If I explicitly push the red button on my mobile
| phone, how does the line still stay open?
|
| I can understand this attack via land line, but who
| seriously has a land line in 2021? Even my 93 year old
| grandma has a mobile phone. (Albeit we did get her one that
| looks like a land line phone :D )
| stordoff wrote:
| My grandmother (80s) and her circle of friends all use
| landlines to communicate. Technically her's is a VoIP
| line since about six months ago, but it's designed as a
| drop in replacement (uses the same phones/numbers) so I
| wonder if there's a possibility the attack is still open.
|
| I also use a landline fairly often (mostly out of habit),
| and most companies only have my landline number as I
| don't want them contacting me while I'm out/busy.
|
| You're right that it's a dwindling number, but it's
| certainly not at zero yet.
| sebzim4500 wrote:
| I've heard this, but I don't understand it. Doesn't the UI
| feel completely different when it comes to placing a call
| versus using the keypad on an existing call? On android at
| least you have to explicitly show the keypad.
| VMG wrote:
| Can you really be _sure_ though?
|
| How hard is it really to redirect outgoing calls?
| nextlevelwizard wrote:
| You'd have to have access to the cell tower your phone is
| connected to. At that point the attack is pretty
| sophisticated and very targeted.
| nobody9999 wrote:
| >Does anyone else have any ideas for how to authenticate a
| BigCorp caller whose corporate policies do not allow them to
| provide any account information to the people they are calling?
|
| Definitely. Hang up the phone and call the phone number on the
| card associated with your account or look up the appropriate
| telephone number and call them back.
|
| If they're legit, they will be perfectly fine with that. If
| not, they'll likely squawk about it.
|
| Either way, the correct process begins with you hanging up
| without providing _any_ information to the caller.
|
| My bank will also send SMS "fraud alerts" with a request to
| confirm or deny a transaction. That's the same situation, IMHO
| and the right action is to call the _known to be valid_ phone
| number for their customer service.
|
| Perhaps there are other, fancier ways to do something like
| this, but as a general rule, scammers can't change the customer
| service phone number printed on your card, or hack third party
| services just to give you a fake phone number online.
| abestic9 wrote:
| Google called me wanting to confirm my business address and
| asked me a bunch of personal details, as well as a 6 digit code
| that was going to be sent to my number (the one they called me
| on?). I refused and told them to give me a number to call them
| back on and they said they didn't have that facility. I then
| asked if they could email me or point me to a form and they
| said they could only do it on that same call.
|
| After 10 minutes in a verification tug-of-war, the rep
| escalated me to someone who did provide proof they were
| actually Google (using a field I updated in my account). All up
| it took 15 minutes and felt very fraudulent until they finally
| gave me some helpful context.
| ThrustVectoring wrote:
| > told them to give me a number to call them back on
|
| I hope you managed to communicate that you needed it to be
| able to independently verify that this number belonged to the
| purported caller. Eg, if it's from your "credit card
| company", the number should show up on the credit card
| company's website.
| egberts1 wrote:
| ummmm, caller ID are easily spoofed, no?
| wildfire wrote:
| yes.
|
| And they are starting to understand more and people know
| that too.
|
| Typically banks, when challenged here in Australia, will
| ask you to hang up and call the number on the back of
| your card (debit or credit).
|
| Normally they give you a reference number so when you are
| speaking with someone, you can bypass things and pick-up
| with the person you were originally speaking with.
| [deleted]
| theshrike79 wrote:
| Out here in developed-land I get a link mid-call via SMS, which
| I can confirm with the CS rep on the phone.
|
| I click the link and authenticate with my bank credentials or
| mobile auth certificate.
|
| The CS rep gets my info, which is authenticated to be correct
| and we get on with our day.
| bennyp101 wrote:
| Most banks here (UK) have a mobile app, so I've always wondered
| why they don't use that to auth the call?
| Bank: Hey I'm calling from HSBC, want to verify it? Me:
| Sure Bank: Ok, so open you mobile app, and enter 637482
| Me: Ok, cool thats given me 274893 Bank: Yep, that's
| all confirmed so ...
| adwww wrote:
| Should even be possible for the apps to trigger a
| notification saying a valid inbound call is about to happen.
| CubityFirst wrote:
| I feel like training users to input codes into their banking
| app could lead to other less safe practices.
| another-dave wrote:
| That would save you giving out personal details to
| authenticate yourself, but may lull people into dropping
| their guard & divulging personal details before the bank
| authenticates on _their side_ -- as in, nothing in that
| script prevents a scammer saying "Yep, that's all confirmed"
| no matter what the person says & then a lay person may feel
| more secure even though they've proved nothing
| gnicholas wrote:
| This is exactly why I've thought of giving a fake reply,
| since the only way for me to know that they're who they say
| they are is to see if they can recognize both an invalid
| response and a valid one.
| bennyp101 wrote:
| I was thinking more that once you put the code in, it says
| that it is a valid call (or not) then you get the response
| code to give back - at that point they can continue as
| normal
| aymendjellal wrote:
| I remember Kali Linux had a patched LUKS implementation for full
| disk encryption with self destruction password
|
| https://www.kali.org/blog/emergency-self-destruction-luks-ka...
| idlewords wrote:
| Real password:
|
| woD3PRBgELFHH9nuABH]ksD
|
| Duress password:
|
| duress123
| t0mas88 wrote:
| Duress password "1234", just make sure you have a very good
| backup and disable SSH password login. Anyone trying to snoop
| around is going to trigger it.
| bredren wrote:
| This is a joke, but the person under duress also has to sell
| that they are under duress. This isn't something you can really
| "train" the average person to do on command.
|
| It reminds me a bit of Jon Lovitz Pathological Liars Anonymous
| bit. "Okay! Here's the password...ya that's the ticket."
|
| https://youtu.be/hV85E2S-Idw?t=45
| pessimizer wrote:
| https://en.wikipedia.org/wiki/Rubberhose_(file_system)
| als0 wrote:
| What I never quite understand is how this can work in practice.
| When someone is under real duress, they do not always behave in a
| logical way and may be too stressed to remember certain details
| like a password that they never use...
| drexlspivey wrote:
| You don't understand how someone can remember a password under
| stress?
| Sebb767 wrote:
| If you used that password twice two years ago when you
| installed the module and you're suddenly pulled in an
| interrogation room in a foreign country? When you have about
| one chance to enter it right while some very angry officers
| look over your shoulder?
|
| I can absolutely see that.
| atoav wrote:
| This is why usually these trigger-passwords are just a
| variation suffix away. If your real password was 123456 +
| Ok a system like that would trigger if you e.g. append a
| certain sign to it: 123451 + Ok. So you don't have to
| remember a different password, you just have to remember
| the one character or button that makes it call security.
| RealStickman_ wrote:
| Maybe using a prefix would be better. Similar ease of
| remembering it but you won't have to fight your muscle
| memory at the end of the password.
| INTPenis wrote:
| I completely agree. I have long passphrases.
|
| The only way I can imagine remembering a duress passphrase is
| to make it slightly different in some way.
|
| So that means I'd have to keep updating my duress passphrase
| alongside my regular passphrase.
|
| Either way I love this idea and I might actually start using
| it. I'm just trying to figure out how to set a practical
| passphrase I will be able to remember. My passphrases generally
| are in muscle memory after having entered them for a few days.
|
| Edit: A simple system I just came up with is to use one of the
| numbers in the passphrase and increment it by one to indicate
| each level of duress.
| Arbalest wrote:
| Interesting idea. I find that it's pretty hard to modify the
| end of a password though, I'm likely to press enter rather
| than add anything else. Probably a good idea to change the
| first character, so you have the rest of the password to
| remember that you're supposed to do that.
| C19is20 wrote:
| Practise.
| MonadIsPronad wrote:
| 'In practice' is correct, no?
| marton78 wrote:
| I think they meant "you should practise your duress
| password".
| joefife wrote:
| Don't be that person, especially when you're wrong. Both
| forms are acceptable.
|
| "In Australian and British English, 'practise' is the verb
| and 'practice' is the noun. In American English, 'practice'
| is both the verb and the noun."
| bonzini wrote:
| I thought he wrote that reply as a suggestion, i.e. that
| you should practise typing the duress password beforehand.
| salawat wrote:
| I thought he was demonstrating how. Make your password a
| very unlikely but relevant typo of your actual one.
|
| Now tge real question is, was the poster in a state of
| duress when thy typed that response?
| brokenmachine wrote:
| I'm Australian. Never seen "practise", only "practice".
| michael-ax wrote:
| perhaps i could use that as a screensaver password to share with
| my girlfriend? it would close spreadsheets, emacs, un-mount
| journals and personal drives. PAM's used to reauth from the
| screen-saver, right?
| wowaname wrote:
| Depends on your locking program but yes, PAM can be used for
| that.
| michael-ax wrote:
| Thank you, I think I'll rig that up.
| mgbmtl wrote:
| Might be easier to create a separate login?
|
| Some partners expect to share passwords as a trust thing, but
| my work does not allow it (and most personal devices have
| access to work stuff).
| michael-ax wrote:
| Yes, those _are good, i have an Alt-F9 alternate desktop for
| guests, but a 2 letter password for her to bypass the screen-
| lock and change the music or something would in fact remove
| my sometimes duress, i think..
| wowaname wrote:
| I don't understand why partners willingly share passwords.
| michael-ax wrote:
| why do passwords cover accounts not scopes?
|
| if passwords also covered account scopes -- which is what
| this tool enables one to monkey-patch into the OS, i could
| give you my password so you could gorge on my code without
| me having to worry about you reading my journals or abusing
| ~/.ssh
|
| other than that, i second your notion.
|
| I'm thrilled by the idea of using passwords to switch
| between the sorts of things i do without having to log-out.
| DangitBobby wrote:
| This could result in serious personal harm if the individual(s)
| causing the duress sense something is up, which they almost
| certainly will if things start magically disappearing or locking
| up. You better make sure that whatever you are protecting with
| this is more important than your personal safety.
| bredren wrote:
| I think they would be more likely to notice that you did not
| put up enough fight. Most people are not great actors.
|
| Also, if you're being physically compelled to provide a
| passwords it seems your personal safety is already compromised.
| DangitBobby wrote:
| Your safety is compromised, but that does not mean the danger
| cannot be escalated. If you are mugged at gunpoint, are you
| going to hand over all your cash and keep your hands up as
| much as possible or are you going to swiftly cut up your
| credit cards?
| solatic wrote:
| I mean, that's pretty cool, but who enables password logins for
| SSH anymore? If I'm an attacker, I'm going to wonder why my
| target of duress is giving me a password and not a private key;
| most likely if I have access to my target of duress, then I have
| access to some kind of client / endpoint that my target uses to
| connect to the network, and that client will have the SSH private
| keys likely already loaded into ssh-agent.
|
| Maybe a more modern concept would be to both a) have a duress
| private key, that triggers duress scripts in the same way, b) an
| implementation of ssh-agent that adds the duress private key when
| a duress password is entered?
| jstanley wrote:
| I don't think this is specific to SSH.
|
| You could just as easily use this on your client machine and
| have it delete your private keys if you try to login with the
| duress password.
| tyingq wrote:
| Pam is for more than just ssh. This could wipe data on a Linux
| machine for a local login, gdm, sudo, and so on.
| taneliv wrote:
| Yes, and perhaps _not_ use pam_duress for remote logins, in
| case you want to keep your duress password simple (think
| "password" or something similar, actually memorable in a
| duress situation).
| wowaname wrote:
| I use an authentication PGP subkey for SSH so I have to unlock
| it with a passphrase before using it. Normal SSH keys can be
| encrypted similarly, and either gpg-agent or ssh-agent can save
| your passphrase in memory for an amount of time.
| ttul wrote:
| We need this on iPhones.
| nubela wrote:
| How can I have a duress password for MacOSX that triggers a
| script on login?
| xaduha wrote:
| I think it should be pretty trivial to have a hidden dualboot,
| let's say you have some plain boring Windows that takes 10% of
| you drive and 90% is unassigned. In reality that's encrypted LVM
| disk with bootloader on a flash drive that is easily tossed away
| if necessary. Or zapped in a microwave if you watched too much of
| Mr. Robot.
| zeusk wrote:
| or you know, just a vm disk image that is deleted with the
| duress password.
| mszcz wrote:
| I think VeraCrypt already enables this. It's called Hidden OS
| or something like that.
| sodality2 wrote:
| https://veracrypt.eu/en/docs/hidden-operating-system/
|
| Not sure if there's a linux alternative.
| flenserboy wrote:
| Would love this as a standard option for phones / desktop logins.
| ascar wrote:
| > _This is transparent to the person coersing the password from
| the user as the duress password will grant authentication and
| drop to the user 's shell._
|
| I would assume the user shouldn't understand that he was given a
| duress password, so is transparent the right term here?
| rafael859 wrote:
| Nice, pretty cool stuff. In high-school I worked on something
| similar (https://github.com/rafket/pam_duress), though this seems
| to have a somewhat cleaner implementation which is nice to see,
| and hopefully a more eager maintainer.
| codetrotter wrote:
| I'm reading the readme of your project, and got to the part
| where it says
|
| > for example a mail could be automatically sent from his
| computer to a rescuer, a script could delete sensitive files in
| his hard-disk or a certain Rick Astley song could be
| appropriately played
|
| And I'm just imagining someone having set two duress passwords;
| one for kidnapping situations and one that they put there as a
| joke. And then they get kidnapped and they try to input the one
| supposed to call for help, but they misremember so they input
| the rickroll trigger instead.
|
| And the kidnappers are like "hey what the hell, you think this
| is funny man? turn that off" and the kidnapped person cries for
| having messed up their one chance at calling for help.
| qorrect wrote:
| Was a good story :).
| wowaname wrote:
| There are some issues with nuvious' pam-duress that allow for
| untrusted string inputs when handling scripts with system()
| call, and I sent a patch to them via E-mail in an attempt to
| highlight the issues and provide a basis for a better way to
| handle it.
| oasisbob wrote:
| Training is very important in duress systems.
|
| I once worked in a place with a keypad duress code on the
| security system. If you prefixed your security PIN with NN-, it
| was the duress version of the code and would trigger a silent
| alarm.
|
| This was setup long-ago, and not communicated. One night, the
| keypad was acting glitchy. Partially out of frustration
| (countdown is running), and partially to test, I ended up
| accidentally engaging the duress code by tapping a convenient
| corner number, which resulted in NNNNNNNNN-PIN.
|
| After law enforcement had surrounded the building, a quick chat
| and search alongside a few officers got it all sorted.
| dheera wrote:
| An interesting way to use this PAM-Duress system would be to
| write a program that
|
| (a) begins recording your microphone and webcam video
| immediately upon login
|
| (b) Aggressively try the hell out of every passwordless Wi-Fi
| network it can detect, then use headless chrome to aggressively
| smack every button to get past the stupid login pages
|
| (c) Stream that video and audio to a server that saves it.
| dredmorbius wrote:
| Use Emergency SOS on your iPhone
|
| https://support.apple.com/en-us/HT208076
| emmelaich wrote:
| There's also (for Aus users), Emergency+
|
| https://play.google.com/store/apps/details?id=com.threesixt
| y...
| __d wrote:
| Also for iOS https://apps.apple.com/au/app/emergency-
| plus/id691814685
| unglaublich wrote:
| or use a cellular network
| Sebb767 wrote:
| > begins recording your microphone and webcam video
| immediately upon login
|
| If your camera has an activity light, this might
| inadvertently worsen your situation.
| dheera wrote:
| Just disconnect the light
| techrat wrote:
| > Just disconnect the light
|
| Thanks, I'm cured.
|
| 1) A lot of laptops are sealed with glue. "Just
| disconnecting the light" would involve prying layers
| apart.
|
| 2) Companies may frown upon that if you should try to
| modify a company issue laptop.
|
| 3) Disabling a recording indicator may be illegal where
| you live.
| dheera wrote:
| 1) Put a tiny dot of Black 2.0, not very noticeable and
| blocks the light very well.
|
| 2) Don't do personal stuff on your company laptop. If the
| company doesn't let you modify it, joke's on them, only
| company files will get leaked. Your personal stuff
| shouldn't be on that laptop.
|
| 3) Fuck that, if there are photons you can collect them
|
| Worst case just do the microphone only.
| gorgoiler wrote:
| Out of interest, were you arrested?
|
| As part of a duress protocol -- where your extortioner is
| likely observing you -- law enforcement would be _required_ to
| go through the motions of arresting you and taking you offsite.
| You can expect to be held for X hours regardless of whether
| they believed you had simply made a mistake.
|
| Long and unavoidable administrative delays make it much harder
| for villains to subvert protocols. See also time-delay bank
| vaults and mandatory two-week vacations for pension fund
| managers, where they are locked out of corpnet.
| oasisbob wrote:
| No arrests. False alarms on silent alarm systems are common.
| Other factors made it clear that a real threat was unlikely.
|
| All orgs should consider locking out all employees for at
| least one uninterrupted week a year. Very easy way to shake
| out all sorts of problems.
| matrixagent wrote:
| > All orgs should consider locking out all employees for at
| least one uninterrupted week a year. Very easy way to shake
| out all sorts of problems.
|
| Could you give some examples?
| 35fbe7d3d5b9 wrote:
| As JulianMorrison notes, this is common in finance. The
| FDIC strongly recommends that banks enforce this[1] - you
| can't cook the books when you have no access to the
| systems.
|
| But sometimes it's not just about cooking the books: the
| last "SSL cert expiration" fire I lived through happened
| because the person who had credentials to Digicert had to
| take sick leave. It was never a documented/defined
| process because "just flip Tim an email" was always
| sufficient, Tim didn't mind doing the work, and Tim
| didn't like going on vacation.
|
| Two week lockouts mean there's no chance of shadow
| IT/back channel work happening, and forces you to
| document your processes.
|
| [1]: https://www.fdic.gov/news/financial-institution-
| letters/1995...
| matrixagent wrote:
| Thank you, that's another good example, to which I wish I
| could relate less. ;)
| JulianMorrison wrote:
| IIRC, over here, banks are required to give employees at
| least one two-week contiguous block of leave, during
| which they can't get into the office, use work systems,
| or log in remotely. The idea being that oh-so-clever
| scams generally require the operator to be there keeping
| all the balls in the air, and locking them out will
| reveal their tricks.
| solatic wrote:
| Mostly cases where businesses rely on individuals instead
| of process.
|
| As a simple example, it's very easy, when starting a
| company, to issue personalized email addresses to early
| employees and then people communicate using those email
| addresses. It's perfectly fine to email the CTO at first-
| name@example.com, because everyone knows everyone else
| and it works.
|
| As you grow large, it becomes important for people to
| address roles rather than individuals. This way, if
| people leave their role, they can (semi-transparently) be
| replaced by someone else taking that role who will then
| continue to receive all of the same emails, be able to
| respond to them, etc. So then it becomes important to
| have e.g. a cto@example.com address. When the CTO takes a
| vacation, their email gets routed to someone taking over
| their duties, you don't need to communicate to everyone
| to start emailing somebody-else@example.com instead.
| matrixagent wrote:
| Thanks, that's a great example. I've actually encountered
| this exact thing at my current employer as well.
| oofoe wrote:
| My old company locked us out several years ago for a period
| of time that continues to be uninterrupted.
|
| It certainly did shake out lots of problems...
|
| (My point is that after having had that happen to me, if it
| EVER happens again and isn't cleared up within minutes, the
| sonic boom you hear will be my tactical resume deployment.
| I dismissed the warning signs as "minor glitches". Never
| again. However, if it is something planned and I agreed to
| it beforehand, I guess that's OK. On second reading, you
| might have been describing something like that.)
| pyuser583 wrote:
| Is it legal for them to arrest you simply to keep up the
| appearance? You haven't done anything illegal.
| inglor wrote:
| Not from the US, but here at a bank I worked with: If you
| trigger the silent alarm they'd have reason to suspect you
| are threatened and would take you to custody to make sure
| you are safe and release you once it's sorted out (probably
| an hour or so).
| pyuser583 wrote:
| That makes sense. Sorting things out takes time. But
| trying to create an illusion that no alarm was triggered
| to prevent criminals from gaining knowledge: not a reason
| to imprison an innocent person.
| nextlevelwizard wrote:
| >imprison an innocent person.
|
| Kind a hard word to use for an arrest. In many places
| police can arrest you for some period if they suspect you
| have committed a crime. This is no different. No need for
| sensational language.
| pyuser583 wrote:
| In the US they can't do anything unless they have
| "probable cause" you committed a crime. That's broad, but
| it excludes "this guy pushed the number 6 three times in
| a row."
|
| And "imprison" and "arrest" are pretty darn close. In the
| US, when you are arrested, you are usually searched,
| fingerprinted, and a mugshot is taken.
|
| The mugshot can become a public record. There are
| websites that match mugshots to names, and make money by
| being paid to take mugshots down.
|
| Nobody wants the google result for their name to be a
| mugshot.
| johnmaguire wrote:
| In the US, they cannot arrest you without probable cause.
| They can however detain you while they figure out what's
| going on.
|
| Imprisoning is a much later step after being arrested.
| When you're arrested you may end up in a holding cell, or
| you may not.
| nextlevelwizard wrote:
| Probable cause isn't "pushed button multiple times" it is
| "silent alarm was triggered and this guy is on the only
| guy in the building".
|
| If US is doing stupid shit then US is doing stupid shit.
| What else can we expect a third world country to do? In
| civilized world you are processed yes, but since you are
| just arrested and not accused you will just be held until
| the pre-investigation has concluded
| [deleted]
| inglor wrote:
| This thread is long dead and off the frontpage - and this
| likely won't be seen by anyone (or even you
| nextlevelwizard) but here goes.
|
| > What else can we expect a third world country to do?
|
| We can criticise the largest economy in the world as much
| as we want inside a browser developed mostly in the US on
| infrastructure (the internet) whose large parts were
| developed in the US talking on a website created and
| owned by a US based company investing capital in one of
| the largest tech markets in the world (the valley).
|
| That said - the fact they have police/healthcare/tuition
| problems does not in fact make it a third-world county.
|
| A developing country ("third world") is typically one
| with low human development index (HDI) (the US is "very
| high"). Low economic output (the US is the largest
| economy) etc.
| jaywalk wrote:
| In the US, what you're talking about is referred to as
| "detainment" which is very different from an arrest. I
| think that's where a lot of the confusion is coming from.
| nonameiguess wrote:
| People can be taken into protective custody without any
| suspicion they committed a crime, though typically this
| is mostly done with children and they're taken to foster
| care, not county detention. It has been used in the past
| to protect people from getting lynched after being
| publicly accused of a crime even if the police don't
| suspect them, and is used to protect confidential
| informants by arresting them along with everyone else
| just to keep up appearances, though in this case they
| usually agree to it in advance.
| sokoloff wrote:
| I had a similar false trigger trying to make an international
| call from our office phones. I didn't know the exact
| incantation of the prefix, but knew it was 9 for an outside
| line and at home I used 011 then the country code. That didn't
| seem to work, so I thought maybe I needed to drop the zero,
| resulting in me inadvertently dialing 911 and hanging up when
| that didn't give me the dial tone I expected. I found the right
| sequence and was interrupted multiple times in the call as our
| floor fire coordinator showed up, then a few minutes later
| facilities, then a few minutes later local police.
|
| I guess the system worked and I never forgot the correct prefix
| after that.
| Timothee wrote:
| I had the same issue happen but on a fax machine. Naturally,
| I couldn't hear anything when the 911 operator picked up, so
| I continued to try out various combinations, until the
| watchman and a cop showed up to check on the situation: just
| me trying to fax something abroad late at night.
| wycy wrote:
| To dial out at my office, you have to dial 991. It's only a
| matter of time before I either accidentally dial 911 at work
| or accidentally dial 991 in an actual emergency.
| SamBam wrote:
| I always find it crazy when systems make you dial 9 for an
| outside line, for this very reason.
|
| Did the same thing myself my first week in college. Got the
| police. Told them what I did and I could hear the eye-roll on
| the other end of the line, and was told I was the third
| person that day.
| moftz wrote:
| We stopped extensions since there were multiple exchanges
| being used on campus so you have to dial someone's entire
| number. But, you will have to dial 9 and 1 and then the
| number. Everyone has externally accessible phone numbers so
| why are we still dialling 91 when youve got to dial the
| whole thing anyway?
| benelvin wrote:
| I'd always assumed (UK) that 9 was a deliberate choice to
| make it easier to dial the emergency number, 999, because
| you can just mash 9 until something happens. I guess if
| it's the same number in all other countries who have a
| range of emergency numbers, then that might not be the
| reason.
| jtnag wrote:
| My working theory is that in old times phones had rotary
| dial instead of key pad. Number 1 was the longest to
| dial, 9 was the shortest (as I remember from childhood
| days). Thus, fastest way to dial 3 digit code was to use
| numbers with as much as 9 as possible (997,998,999).
| [deleted]
| jaclaz wrote:
| I would add that 911 is a "queer" choice (for rotary
| phones), in other countries the emergency numbers are
| lowish numbers, in Italy 112 or 113 (or 115), and there
| are several records in the past of people managing to
| "dial" them by quickly pushing and releasing the hook
| switch.
|
| There was another reason for this as it was common, many,
| many years ago, to restrict the possibility to make phone
| calls by using a little lock on the dial, like this:
|
| https://www.ebay.it/itm/402554995319?hash=item5dba25c277:
| g:~...
|
| it was placed on the #3 hole, so that you could dial 112
| or 113 even when the lock was on.
| BrandoElFollito wrote:
| > in Italy 112
|
| Did you introduce the EU emergency number as the national
| one? If so - good choice.
|
| In France we have the plethora of numbers (15, 17, 18 - I
| actually do not know what 16 does), and also 112.
|
| We are still teaching "18" as the primary number (you get
| the firemen who will either come for a fire, or for an
| accident, or dispatch). We could go for 112 (and keep the
| older number for a generation, redirecting them to 112)
| and not rely on people to know which number to call.
|
| UPDATE: I just asked my 17 yo son which number he would
| call in an emergency and he said 112. So there is hope :)
| jaclaz wrote:
| JFYI, besides and before the EU emergency number, in
| Italy we traditionally had:
|
| 112 Carabinieri (one of the two national "police" corps)
|
| 113 Polizia (the other national police corps)
|
| 115 Pompieri (Fire Brigade)
|
| 118 Ambulanza (Ambulance)
|
| In Italian it is a common phrase "roba da chiamare il
| 112" o "roba da chiamare il 113" (something that needs a
| call to 112 or 113) as a synonym of "a serious emergency"
| and of course if you called those numbers they would
| anyway forward the call to the appropriate service (like
| ambulance, fire brigade, etc.).
|
| The EU emergency number is slowly being introduced (some
| regions have it already, some not yet), but the 112 is
| already well in the minds of anyone.
| sokoloff wrote:
| How does/did a citizen make the decision of which police
| force to call?
| Symbiote wrote:
| The EU standardised on 112 a few years ago. Old numbers
| continue to work.
|
| Also, the GSM system (so almost all mobile phones, world
| wide) must support 112.
| cmehdy wrote:
| If you can read french, here's a page about why 16 isn't
| used (anymore!)
| https://www.guichetdusavoir.org/viewtopic.php?t=36236
|
| TL;DR Running out of numbers and putting in temporary
| measures requiring the 16 as prefix. Measures that likely
| didn't scale as well as expected since we moved on to a
| different system within basically 10 years.
| monooso wrote:
| I heard a very interesting explanation (on BBC R4) of the
| reason for choosing 9 (one of the slowest numbers to
| dial), rather than 1 (the quickest).
|
| The old overhead telephone lines could knock against each
| other in the wind, producing a pulse which (to the
| system) appeared to be a 1. This could easily happen
| three times in a row, resulting in an unwanted call to
| the emergency services.
| stephenr wrote:
| I grew up with a rotary phone. From memory, 1 was the
| shortest to dial, 9 the longest.
| jtnag wrote:
| I stand corrected then!
| TuringTest wrote:
| Pedantic tidbit of archaic lore: this was so because each
| digit was represented by the number of clicks that the
| rotating disc triggered on the line (with 10 clicks for
| 0).
| addingnumbers wrote:
| If the dial was locked or missing, you could still "dial"
| a number by quickly tapping it with the on-hook switch
| the receiver would rest on, because that was the same
| effect the rotary dial mechanism was producing
| magicalhippo wrote:
| Actually this is country specific AFAIK. Wikipedia has a
| picture[1] of a phone from New Zealand which has 9 as the
| shortest.
|
| [1]: https://en.wikipedia.org/wiki/Rotary_dial#/media/Fil
| e:New_Ze...
| tech2 wrote:
| This might also explain why the Kiwi emergency number is
| 111 as a counterpoint to the UK's 999. Interesting!
| stephenr wrote:
| Kiwis don't count /s
| andrewshadura wrote:
| One was the shortest to dial since it's just one pulse,
| nine was the longest one. The purpose was to make it hard
| to dial 999 accidentally.
| lisper wrote:
| You have it backwards. 1 is the shortest to dial. Zero is
| longest. 9 is second longest.
| RKearney wrote:
| Was the arrangement of the numbers backwards from the US
| rotary phone? Because in the US 1 was the shortest.
| That's why large cities like New York got 212 and Los
| Angeles got 213 which were the fastest to dial on a
| rotary phone.
| ahofmann wrote:
| On rotaryphones 0 takes the longest to dial, then comes
| the 9. 1 was the fastest to dial, I think this is the
| reason why emergency numbers tend to have the lower
| numbers.
|
| https://en.wikipedia.org/wiki/Rotary_dial
| stordoff wrote:
| According to Wikipedia:
|
| > The 9-9-9 format was chosen based on the 'button A' and
| 'button B' design of pre-payment coin-operated public
| payphones in wide use (first introduced in 1925) which
| could be easily modified to allow free use of the 9 digit
| on the rotary dial in addition to the 0 digit (then used
| to call the operator), without allowing free use of
| numbers involving other digits
|
| There's a citation, but it's a book from 1950, so not
| particularly easy to verify.
|
| https://en.wikipedia.org/wiki/999_(emergency_telephone_nu
| mbe...
| unixhero wrote:
| Is it really called "duress systems"? I work in the IT security
| field and have never heard that term :)
| Cthulhu_ wrote:
| I found out the hard way that a job I had once (DIY store) had
| a hidden panic button under the counter. I was just fidgeting
| while we were closing up, hands found it and did their
| exploration thing.
|
| I mean it happens, the security company sent out a van already
| (as they should) and called to confirm. They charge a fee (just
| over EUR100 I believe? Or EUR250? I forgot) for false alarms,
| but that's fair enough. Better safe than sorry.
|
| Anyway, a DIY store with at most 100K in the safe (weekly
| takings at the time, most of that was probably electronic) is
| probably a lot less serious than whatever you were working for,
| to have it surrounded by law enforcement.
| yosito wrote:
| Comments are full of gunpoint scenarios, but I think a far more
| likely scenario for most HN readers is law enforcement / customs
| agents asking you to unlock your device during travel or some
| other random checkpoint so they can scan it. In that case, I
| doubt the officer would even have a clue about the use of a
| duress password to selectively and silently delete some private
| data. I think the biggest risk would be that a scan of your
| device could detect the PAM config and duress script which could
| be a flag to monitor you more closely, or might possibly be
| considered illegal itself in some jurisdictions.
| BLKNSLVR wrote:
| A factory reset phone is a travel-friendly phone. That's what I
| did last time I traveled... an increasingly depressingly long
| time ago.
|
| Probably good practice to take a phone from 'scratch' to
| 'setup' regularly anyway. Like restoring backups.
| nullc wrote:
| On linux distros, at least before wayland, it was easy to make
| your account hidden from the gdm chooser (e.g. by putting it in
| a different group).
|
| Then you could setup a dummy account that doesn't have too much
| of interest in it.
|
| Combined with pam crypto to encrypt your home on login, the
| result is something that is reasonably private against casual
| inspection.
|
| I used to use this back when I couldn't afford to travel with a
| disposable use laptop...
| o-__-o wrote:
| > Forensics agent pulls and mounts hard drive > Agent
| sees /home/hiddenuser > Government seeks search warrant
| for content > DA demonstrates recent knowledge/use of
| /home/hiddenuser > Judge holds you in contempt until
| you provide encryption keys
| nullc wrote:
| No basis for such a warrant for some US citizen entering
| the country. No such case has ever occurred, at least at
| the time when I received legal advice on the subject.
|
| Consider the alternative: You're not worse off than you
| would be if you didn't hide it.
|
| Hiding your login is a good security practice against all
| kinds of potential coercion.
| jc01480 wrote:
| Forgetting the keys is established as protected speech
| under 1A. Don't have the case handy atm. Fairly new.
| Knowing the keys and intentionally withholding them has yet
| to be established either way. But there will be a case soon
| enough. Funny thing about law is that both sides (prosec. &
| defense) often don't want many things clarified further
| because they usually have far-reaching impacts to parallel
| legal issues. Roe v Wade is a perfect example.
| atoav wrote:
| > Forensics agent pulls and mounts hard drive
|
| Is this what the typical airport threat scenario looks
| like? How do they do this with soldered in drives?
| > Agent sees /home/hiddenuser
|
| Or they see nothing, because your drive is encrypted. They
| come to ask you for the key, you comply they see
| $blandaccount with some seemingly important company data
| and a scary corporate message as the desktop background (as
| justification why there is even encryption). Bonus points
| if you complain about it yourself ("If you ask me all of
| this is a bit paranoid"). Afterwards you use the real key
| and see $realaccount, because you thought about plausible
| deniability and how to use it propperly - if you still
| trust the integrity of your device, that is.
| leephillips wrote:
| That is a gunpoint scenario.
| Spooky23 wrote:
| In the US, at minimum you're lying to a federal agent. Never a
| good idea.
| yosito wrote:
| I don't know the legal implications, but if the duress
| password unlocks your device and simply deletes a directory
| or two, and the officer only asked you to unlock your device
| (without a warrant, by the way), how is that lying?
| hirundo wrote:
| Even if it isn't lying, it's destruction of evidence. 18
| U.S. Code 1519:
|
| > Whoever knowingly alters, destroys, mutilates, conceals,
| covers up, falsifies, or makes a false entry in any record,
| document, or tangible object with the intent to impede,
| obstruct, or influence the investigation or proper
| administration of any matter within the jurisdiction of any
| department or agency of the United States or any case filed
| under title 11, or in relation to or contemplation of any
| such matter or case, shall be fined under this title,
| imprisoned not more than 20 years, or both.
| R0b0t1 wrote:
| Not clear. You can argue you were afraid for your life or
| property in the case you did not expect the agent or
| courts to react reasonably to the now-concealed
| information. As well, they would need to prove you
| concealed or destroyed information.
|
| Similar case law exists in this context, but for actions
| like running from the police.
| o-__-o wrote:
| Do not do this unless you have strict guidance from a
| lawyer immediately before this happens. One small mistake
| could open you up to criminal liability and a world of
| hurt. Better to just plan ahead, bring a burner phone and
| show the photos to the agent when asked.
|
| IANAL but play one on tv
| [deleted]
| R0b0t1 wrote:
| Are you insane? Going along with the courts is usually
| not in your best interests. Hiding the evidence and never
| going to trial certainly is. If we are talking about
| information that you definitely need to hide then the
| penalty for your obstruction of justice, whatever its
| form, will be a rounding error on your sentence. If it
| does not definitely need to be hidden then should they
| find out they are unlikely to charge you.
|
| An attorney will tell you what is legal. An excellent
| attorney will tell you what you can get away with.
|
| Strong language I know, but prisons are full of innocent
| people.
| yosito wrote:
| Would that apply to a warrantless search?
| salawat wrote:
| Yes. Sadly.
| brigandish wrote:
| If they can prove it, you're in trouble. How are they
| going to prove it?
| GoblinSlayer wrote:
| Does it prohibit encryption?
| Aeolun wrote:
| > investigation or proper administration of any matter
| within the jurisdiction of any department or agency of
| the United States
|
| I mean, you're not seeking to obstruct anything other
| than a federal agent looking at your personal pictures,
| which they explicitly do not need to fulfill their duty.
|
| Now if you were removing evidence of your crimes.
|
| Anyway, I know it doesn't work that way, but I think it
| should.
| Spooky23 wrote:
| Despite rumors to the contrary, the police aren't stupid.
| They are trained to ask questions in ways that elicit a
| confession or falsehood.
|
| The simplest example is asking "Do you know why I pulled
| you over?". Typically, people spontaneously confess to
| speeding, sometimes they break down and admit that someone
| is wrapped up in a rug in the trunk.
|
| The courts have consistently ruled that customs is
| different and you can be searched without a warrant. Don't
| cross borders with contraband or evidence of criminal
| acts/dissident identity/your email correspondence with
| foreign agents/etc.
| o-__-o wrote:
| >The simplest example is asking "Do you know why I pulled
| you over?". Typically, people spontaneously confess to
| speeding, sometimes they break down and admit that
| someone is wrapped up in a rug in the trunk.
|
| I was asked this once, after I read a hilarious reddit
| comment, and found myself in a similar situation. I
| looked at the cop and said "it's not because of the pot
| in my trunk is it?". "Step out and open your trunk, sir".
| He opened the trunk to find a crock pot I had just
| purchased. I could tell he was flipping through emotions
| from stifling laughter to being highly annoyed. They
| eventually let me go and told me to slow down with a half
| smirk.
|
| I don't recommend doing this, and I have zero plans to
| ever do it again as it wasn't as simple as stepping out
| and showing my guilt/joke. I was detained, backup units
| showed up, even a K9. They didn't search the inside of my
| car, but they did inspect other items inside the trunk to
| make sure I wasn't pulling a fast one on them.
| jaywalk wrote:
| Yeah, what you did was not smart. If you're being pulled
| over for a minor traffic infraction and you already know
| that you're guilty, simply admitting to it is usually the
| best option. I've gotten out of many tickets this way,
| because cops really do appreciate when you're not trying
| to BS them.
|
| I was also pulled over once and accused of running a stop
| sign that I knew I didn't run, because I had seen the cop
| sitting there as I pulled up to the stop sign and made
| extra sure to completely stop. Due to the time of day, I
| believe he was (illegally) fishing for a DUI stop, and
| had considered filing a complaint with the department but
| never did.
| _fat_santa wrote:
| Yeah but one other thing to consider is just how
| technically advanced having a duress password is for the
| average joe. I think about it like this. Say you're a CBP
| border agent on the US/Canada border. You inspect peoples
| phones for images of contraband, etc upon entry. You
| probably inspect ~150-200 phones per day, now say among
| the sea of people that are coming through, one of the
| people's whose phone you searched was actually in "duress
| mode" and was hiding the real data on the phone. You
| can't tell me an officer is going to pick that out unless
| it's something really obvious.
|
| I would go as so far as to say that most border agent's
| that search phones are probably not even aware that this
| is a thing that people do. Sure they might have gotten
| training in a classroom for it, but as far as real world
| experience goes, maybe 1 out of every 5000 people has a
| setup like this.
| tjmc wrote:
| This reminds me of a physics joke:
|
| "Dr Heizenburg, do you know how fast you were driving?"
|
| "No, but I know exactly where I am"
| Mordisquitos wrote:
| >This reminds me of a physics joke:
|
| >"Dr Heizenburg, do you know how fast you were driving?"
|
| >"No, but I know exactly where I am"
|
| To which the police officer replies _" You were driving
| at 145 km/h!"_
|
| Heisenberg whispers to his passenger, _" Great Erwin, now
| thanks to this idiot we're lost_". The officer overhears
| him, and angrily orders them out of the car. He searches
| their glove compartment, and then opens the car boot. He
| reels back in shock:
|
| _" Did you know there's a dead cat in your boot!?"_
|
| The passenger grumbles _" Well, we do _now _... "_
| isatty wrote:
| Time to post this again:
| https://www.youtube.com/watch?v=d-7o9xYp7eE (Don't talk
| to the police)
| Sebb767 wrote:
| Customs is different in two crucial points:
|
| 1. The probability of your being in a stressful situation
| without the option to leave is high - you probably
| arrived via plane, so you can't simply go back, and you
| don't know the local laws well.
|
| 2. You usually know that a customs checkpoint is
| upcoming.
|
| So, in that case, it's far better to prepare (i.e. don't
| bring things you don't want searched/compromised) and
| cooperate.
| wildfire wrote:
| Indeed.
|
| I was once "detained" whilst going from France to England
| while the customs official searched my bag.
|
| I complained to the UK immigration and the _same_ customs
| officier called me back, searched my bag again, and said
| "unless you agree to withdraw your complaint, we are
| going to have to continue searching your bag until the
| train departs and you miss it".
|
| i.e. costing me about PS150 in expenses.
|
| As expected, I withdraw it and went on my way.
|
| However I now make a point to record the name / number of
| custom officials I make a complaint to -- in case they
| turn out to be jerks like the UK one was.
| [deleted]
| dijit wrote:
| Everytime this is posted I feel the need to mention to
| Brits specifically: this does not apply.
|
| "It may harm your defence if when questioned you fail to
| mention something you will later rely on in court".
|
| Failure to answer can seriously harm your defence and
| I've heard of people I personally know (though I wasn't
| in the courtroom) where the prosecution hammered the
| point that they "came up with a plausible sounding story"
| after the arrest.
|
| Obviously Border Patrol is not the same as being
| arrested; but this is an important caveat for the video
| posted.
|
| Talk to british police. If you feel like lying, keep your
| story straight or give basic facts.
| brigandish wrote:
| The right to silence _began_ in England and it 's only
| because of the endless undercutting of rights going on
| there and the lack of backbone for standing up to this
| (liberalism is now seemingly a historical footnote for
| the UK) that it has _caveats_ , the right to silence has
| still not disappeared entirely.
|
| As even the Wikipedia article on it[1] notes:
|
| > If this failure occurs at an authorised place of
| detention (e.g. a police station), no inferences can be
| drawn from any failure occurring before the accused is
| allowed an opportunity to consult a legal advisor.
|
| The "Don't talk to the police" is not the full point made
| in that video, it's "Don't talk to the police... until
| you've spoken to your legal advisor and not without a
| legal advisor present".
|
| So, *don't talk to the police*, they're not your friends
| and they don't have your best interests at heart and it's
| _their_ job to get evidence against you, not yours.
|
| [1] https://en.wikipedia.org/wiki/Right_to_silence_in_Eng
| land_an...
| sebzim4500 wrote:
| While you do not have a right to avoid self incrimination
| in the UK, you do have a right to have a lawyer present
| when you are being questioned.
| [deleted]
| muti wrote:
| "You could even spawn a process to remove the pam_duress module
| so the threat actor won't be able to see if the duress module
| was available"
|
| This scenario was considered by the author
| Nextgrid wrote:
| Technically you'd also need to rewrite the logs in a
| plausible manner (removing the mentions of the PAM module and
| potentially replacing it with their "normal" equivalents) and
| depending on your threat model, actually securely erase the
| files so that disk recovery software can't later restore the
| deleted files.
| Sebb767 wrote:
| If your threat model is someone that will even invest the
| time to sift through your logs, it might be wise to disable
| (persistent) logging in the first place.
| yosito wrote:
| Ah, thanks! I didn't read closely enough.
| stalkingvictim wrote:
| Is my account still censored? Why?
| ape4 wrote:
| I'd like an option like this for Password Safe
| sleavey wrote:
| The Hello World example shows echoing to stdout from the duress
| script. Seems like a bad idea. I don't want to get beaten or shot
| when some rm -rf fails with an I/O error, alerting the attacker
| to what's going on. It seems like it would be more sensible for
| the module to suppress all output by design.
| dheera wrote:
| Just do this in your script rm -rf
| /secret/files > /dev/null 2>&1
|
| That pipes STDOUT to /dev/null and redirects STDERR to STDOUT.
| sleavey wrote:
| Seems like this should be baked in to the module. There don't
| seem to be any circumstances where you would want
| stdout/stderr from duress.d scripts to appear.
| wowaname wrote:
| You have the freedom to do whatever you want with the
| script. It's trivial to `exec >/dev/null 2>/dev/null` first
| thing in a script if you want it to be silent.
| sleavey wrote:
| Do you want to first find that out when you're under
| duress? Sensible defaults matter.
| wowaname wrote:
| Are you seriously writing a script when the cops are at
| your door? No, you aren't. You always need to verify that
| your protective mechanisms work before actually relying
| on them.
| bredren wrote:
| The "guy with the gun" narrative comes up a lot, so this seems to
| counter that? I love the concept. It seems like something that
| would work well in a movie but fail miserably in real life.
| simonlc wrote:
| This is really good, I've had a gun pointed at my head more
| than enough times with all my bitcoins wiped, finally a
| solution to my every day problem.
| bredren wrote:
| I got a chuckle out of this. Only the paranoid HODL.
| mgerdts wrote:
| The company that was pitching my employer retina scanners on data
| center doors 20 years ago had an idea like this. Left eye gets
| you in, right eye gets you in and alerts security.
| LeonM wrote:
| This is also very typical for regular alarm systems with a
| keypad.
|
| A PIN disarms the alarms system, the same PIN + 1 disarms the
| alarm system and notifies security.
| MrStonedOne wrote:
| in ncis there was a security system where the pin had to be
| entered twice, only once would alert security.
| thomascgalvin wrote:
| I worked at a place where the duress code was ROT5: 1234 was
| your normal access code, 6789 lerted security.
| Biganon wrote:
| You're supposed to ROT5 mentally while in a state of high
| stress?
| tragomaskhalos wrote:
| Also consider that most of us recall an oft-used PIN as
| much via muscle memory as a pattern on the keypad rather
| than as the actual digits, which would make ROT5'ing it
| that much harder.
| thomascgalvin wrote:
| It wasn't a well-considered plan. It also wasn't highly
| advertised. I found out because someone happened to
| mention it to me one day.
| danachow wrote:
| It doesn't sound quite as onerous if you just memorize
| two 4 digit numbers by rote. But yes I agree the ROT5 is
| a dumb flourish.
| HPsquared wrote:
| Could use the method in The Wire: press the key on the
| opposite side to the usual key (e.g. 8 instead of 2, 6
| instead of 4, etc.)
| Haegin wrote:
| Better hope nobody uses 5555 as their pin then!
| accountofme wrote:
| 5 and 0 also swap
|
| Edit: made it make sense
| HPsquared wrote:
| This could also work with fingerprint scanners.
| koolba wrote:
| Could also blink Morse code.
|
| It's been done before:
| https://m.youtube.com/watch?v=rufnWLVQcKg
| eps wrote:
| If you wonder whether it's a video of an american pow
| blinking "torture" during an interview - yes, it is.
| tazjin wrote:
| As long as the sides are the employee's choice (i.e. the threat
| actor needs to not be able to know which eye is the duress
| one).
| hanniabu wrote:
| Good point, that's a very important requirement
| HomeDeLaPot wrote:
| And you'd want to hide the eye choosing/scanning process so
| nobody could just watch an employee to figure out their
| preference.
| Verdex wrote:
| Scanner is something you look in with both eyes. And then
| while your eyes are completely hidden you close one eye.
|
| Heck. You could set it up so that it scans both eyes and
| then does a second scan where you choose what your ok
| signal is (both eyes, right only, left only, no eyes).
| Draken93 wrote:
| Yeah i think technicaly it could work. But I actually
| think that is a terrible idea. Humans have a lot less
| self control then we think. This will lead to many false
| alarms.
| unixhero wrote:
| This is highly unlikely, but; What is someone guesses your duress
| password and triggers your fail safe commands to delete
| everything?
| kuschkufan wrote:
| Then everything worked as intended. Your privacy is still safe.
| withinboredom wrote:
| If your threat model is "guy with guns," they'll just follow you
| and snatch it when you think you're safe and unlock the device.
| If your threat model is "government at border" just mail the
| device or data to yourself overnight. Don't be that guy...
|
| I was flying into Atlanta (Intl) with "radioactive" rocks (not on
| purpose, just picked some up near a volcano, they looked cool)
| and they flipped their collective shit. I was taken to a separate
| area where they dumped my stuff next to another guy who got
| pulled into "routine" inspection. This other guy "forgot" his
| phone pin earlier that day... he was still there four hours
| later, after my four hours of reasonably straight forward BS.
| ChrisMarshallNY wrote:
| It's a very cool idea, but I think it would be most useful if
| applied to things like phones. I suspect most people pressed for
| passwords, are using a GUI system.
| lights0123 wrote:
| It uses the same authentication system everything else uses, so
| it would work in any login screen on a system that uses PAM
| (Linux and macOS), not just a terminal.
| luismedel wrote:
| Exactly. It would be great to have a secondary pin (or my
| middle finger fingerprint, for example) in my phone to enter in
| a dummy environment with a few games, some family pics and so.
| lisnake wrote:
| The feature exactly like that exists in Xiaomi phones. It's
| called Second space, and basically allows you to have second
| profile with different apps or accounts. Interesting thing is
| that you can set it up to open when unlocking the phone with
| specific fingerprint. The idea is to fill that Second space
| with dummy info, and unlock it with your little finger, for
| example (or vice versa, use it for sensitive information).
| Obviously, it wouldn't fool thorough phone scan (and if you
| dig deep enough in the settings you can see if the feature is
| enabled) but can be useful at quick cursory scans, like if
| you need to provide your phone at the border
| ChrisMarshallNY wrote:
| It would need to be baked into the OS. With FaceID, I guess I
| could use eyes crossed, as a queue.
| bartvk wrote:
| That'd be neat. With Touch ID, it would be very intuitive
| to configure the middle finger as the trigger to run a
| duress script.
| laurent92 wrote:
| Always configure a non-obvious part of your thumb (or
| left thumb) as Touch-ID. Then when under duress, use your
| normal thumb to make it fail.
| SalimoS wrote:
| You can push the lock button many time (when pulling you
| phone from the pocket for example) and it will require
| lock the phone and require to use your passcode
| anigbrowl wrote:
| I do not understand why any security concerned person would
| use biometric identification for anything, ever.
| dredmorbius wrote:
| If that's what's mandated, you may have little choice.
| bonzini wrote:
| Somebody mandates using biometric identification
| _instead_ of a PIN?!?
| dredmorbius wrote:
| Biometric passports: https://www.dhs.gov/e-passports
|
| Face ID: https://support.apple.com/en-us/HT208109
|
| Fingerprint Readers:
| https://www.samsung.com/us/support/answer/ANS00082563/
|
| These are extant, and either part of or _required_ within
| numerous presently-used systems.
| anigbrowl wrote:
| Sure, but nobody can pre-emptively mandate you use facial
| recognition on your personal communications device, and
| then put sensitive information in there. I can see a
| situation in a repressive country where if you buy a
| phone they set it up with facial recognition in the store
| and make you activate it, but then you know not to store
| stuff there. You could just physically damage the camera
| at a later date and claim you weren't able to make use of
| that any more.
| dredmorbius wrote:
| I'm nowhere near that sanguine about this.
|
| I've a device (Onyx BOOX) which apparently can only be
| password-secured if I create a vendor-based account on
| it. (I've been trying to see if this is bypassable, so
| far, no dice.) That's not biometrics, but it's a case of
| being strongly limited by a system architecture.
|
| If you're using a device at the obligation of an
| employer, you may well find that it has, and/or
| organisational policy requires, biometrics.
|
| It's increasingly difficult to find devices that _don 't_
| include some form of biometrics-based functionality. The
| notion that that becomes the primary or only means of
| securing access is not entirely far-fetched.
|
| Capabilities, possibilities, and dependencies have a
| really funny way of becoming hard requirements over time.
|
| I could speak the Celtic of my ancient ancestors or
| communicate in cuneiform or ancient Egyptian
| hyroglyphics, if really wanted to. My ability to
| integrate and participate in modern life would be quite
| limited. The online and digital world are rapidly
| approaching this state.
| lxgr wrote:
| Why would being security conscious automatically
| disqualify biometrics?
|
| Security is all about threat models, and I can imagine
| quite a few scenarios where biometrics might fare better
| than passwords. Shoulder surfing and trivial
| passwords/PINs come to mind, for example.
|
| And who said that it's biometrics vs. anything else? It's
| quite advisable to combine authentication factors.
| anigbrowl wrote:
| Shoulder surfing and weak passwords are both something
| you can control at any time. Biometric identification can
| be exploited involuntarily by someone literally using
| force to apply your finger to a device or similar. I
| shouldn't need to say this, it's so obvious that it's a
| common plot device in action movies.
| sabas123 wrote:
| And with a little bit more force they beat the password
| out of me anyway regardless which system I use...
| anigbrowl wrote:
| If you are so easily swayed, you would probably not be in
| an adversarial situation with a government anyway.
|
| But this article is about a system for giving up
| passwords under duress without necessarily compromising
| all your security, such that your antagonist has no way
| of knowing or showing that there's another password
| concealing more important information.
| lxgr wrote:
| > If you are so easily swayed, you would probably not be
| in an adversarial situation with a government anyway.
|
| Complying in the face of threats of physical violence is
| equivalent to "being easily swayed"?
|
| You seem to have a pretty specific threat/defense model
| that you didn't clarify. I wouldn't generalize from that
| to "biometrics are bad for all users in all situations".
| anigbrowl wrote:
| People who realistically anticipate opponents (the state,
| kidnappers) using force to get at information on a
| personally targeted basis are likely willing to deal with
| a degree of real pressure, as shown by the long-term
| intransigence of many political prisoners through
| history.
|
| What I'm saying is that if such threats are unacceptable
| to a person, chances are they are not going to involve
| themselves in the sort of activities that require keeping
| secrets in the first place, or are sufficiently
| disciplined to have weak device security because they
| don't write _anything_ down.
| bigiain wrote:
| Pretty sure Guantanamo Bay and "enhances interrogation"
| has shown us that after your antagonist has used the $5
| wrench to beat a working password out of you, they then
| keep on beating you every day for another few weeks just
| in case there's more you should have told them.
|
| If "those guys" are your adversary, you were fucked
| before you started.
| ikiris wrote:
| https://xkcd.com/538/
| lxgr wrote:
| > Shoulder surfing and weak passwords are both something
| you can control at any time.
|
| How, exactly? And "require users to watch out for
| shoulder surfing and use strong passwords" does not
| count.
|
| Any chance you are thinking about pretty specific
| circumstances here (security-aware, technical employees
| generally not having to enter passwords in public
| spaces)?
| anigbrowl wrote:
| I don't understand why you wouldn't think those count. At
| some point security rests upon the discipline and good
| judgment of the person with information to secure. I
| don't believe you can make a technological system which
| offers perfect security and perfect convenience.
| Biometrics are very convenient, but can be exploited by
| force. Strong passwords and environmental awareness (of
| snoopers) are quite robust, but at a considerable loss of
| convenience.
| SalimoS wrote:
| Because there is a difference between identification and
| authentication and unfortunately the Touch/Face ID mixed
| then
| dheera wrote:
| I think on Android you can set up multiple users.
| squarefoot wrote:
| I don't think they hide their existence from each other
| however. If they're like Unix users, then one might see
| something like /home/user1 /home/user2 /home/user3, etc. so
| that all usernames would be clearly visible and the user
| could be then forced to reveal all passwords. The aim is to
| obtain plausible deniability, that is logging in as the
| safest user according to the situation, while at the same
| time hiding all others.
| canada_dry wrote:
| I'd love that feature (android 9+) if it allowed me to
| install some of the gazillion apps (e.g. every bloody fast
| food place that only has deals via their app) but restricts
| them from accessing my real user contacts, emails, msgs,
| gps/location, etc.
|
| Blackberry phones had this feature and it was pretty
| bulletproof.
| dheera wrote:
| I believe users cannot access each others' data. So yes
| you can use it this way. I'm pretty sure it existed at
| Android 9. Are you running stock Android or some Samsung
| bull?
| mimimi31 wrote:
| Have a look at Shelter[1] or Insular[2]. Both make use of
| Android's work profile feature to completely isolate apps
| in a separate environment.
|
| [1] https://f-droid.org/en/packages/net.typeblog.shelter
|
| [2] https://f-droid.org/en/packages/com.oasisfeng.island.
| fdroid
| awinter-py wrote:
| yeah there's that one guy who tried to cross the border from
| canada and got blocked for having scruff on his phone
|
| https://www.huffingtonpost.ca/2017/02/22/canadian-man-custom...
|
| 5 years on we're somehow all managing our own crypto keys, the
| phone is the key to unlock our digital lives, so we're all in the
| counterintelligence game. more tools like this.
| yhoneycomb wrote:
| Good old US. Land of the free. Canadian border agents are
| equally bad, in my experience. Guess it's just part and parcel
| with living in the Anglosphere.
| necovek wrote:
| There are multiple levels of protection one might want.
|
| I.e. when you are being selected for random questioning entering
| US as a non-US citizen, you'd benefit from steganography-like
| approach: you give a password, and relatively bland, non-personal
| stuff shows up, giving appearance of full access to a system.
|
| If you only care about your privacy, the next one is to have a
| destroy-everything script (and it's not that hard: usually,
| passphrases are only used to decrypt the actual encryption keys,
| so overwriting those keys should be super fast). This would also
| work against unsophisticated attacks which are not going to
| really cost you your life.
|
| If there is a potential for you to be a target of a sophisticated
| attack and the attacker does not care about taking your life, the
| biggest benefit is to have a way to inform someone of your
| whereabouts while you are actually giving access, ideally in a
| way that buys you time (eg. "webcam has detected stress on your
| face, please wait another 6 hours before trying to log in again"
| -- sorry, company mandated software, when it happens usually, we
| call support).
| mimimi31 wrote:
| >usually, passphrases are only used to decrypt the actual
| encryption keys, so overwriting those keys should be super fast
|
| I'm not sure if it's really that simple with modern flash
| storage. There might be no guarantee that attempting to
| overwrite some data will actually affect the particular memory
| cells where it is stored. You would probably have to trigger a
| secure erase to reset all memory cells and hope that it is
| correctly implemented by the storage device's firmware.
| IgorPartola wrote:
| This would happen inside the TCM no?
| Nursie wrote:
| This is something TPMs are good for I guess.
| Cthulhu_ wrote:
| I'd only bring a burner device, keep code and the like (company
| secrets) on HQ's server, and memorize some passwords.
|
| I mean yeah, a blank laptop looks suspicious, but they can't
| keep you for having a blank laptop.
|
| edit: not a lawyer, this is not legal advice. The US puts
| people in dehumanizing concentration camps without due process.
| nextlevelwizard wrote:
| US can deny non-US citizens entry for any arbitrary reason.
| Blank laptop might be one of them.
| Razengan wrote:
| I think all of that could be easily implemented by logging into
| different accounts by entering a different password/passcode.
|
| So UserA:regularPassword would be one's usual account, but
| UserA:obviousToGuess123 would actually log into UserB, and
| UserA:ohshithelp would log into UserC which has a startup
| script to secretly call police or whatever.
| technological wrote:
| I love multiple accounts in Android. When at airport I can
| switch to non personal account and show anything they want
| zeven7 wrote:
| What do they ask you to show them at airports?
| cortesoft wrote:
| Text messages, maybe photos
| cutemonster wrote:
| > Text messages
|
| Is that from apps like WhatsApp and Telegram? And SMS?
| What about email?
|
| What happens if you'd say that you can't, because it's
| your employer's laptop and data, and it's confidential?
| techrat wrote:
| Personal accounts can be configured to simply not have
| access to those apps.
|
| "Oh, I don't use Whatsapp."
| cortesoft wrote:
| Customs will confiscate your laptop, then.
| R0b0t1 wrote:
| Which countries do this? I am pretty sure TSA can only
| ask you to demonstrate the device functions as intended,
| usually by powering it on.
| andrepew wrote:
| They're referring to customs rather than TSA. Only
| applicable entering/leaving a country.
| cortesoft wrote:
| US customs will do this, not TSA. It is only when
| entering the country.
| zachberger wrote:
| Even US Citizens are subject to search at the border without
| warrant or probable cause.
|
| Recently I had a CBP officer at SFO ask to search photo gallery
| when returning from vacation.
| grecy wrote:
| Does a US Citizen have to comply?
| m-ee wrote:
| They cannot refuse entry because of but they make take your
| device indefinitely.
| jjeaff wrote:
| Yes. Courts have upheld that a manual search of your phone
| by customs is legal. But more invasive, forensic
| investigation of your devices has been found to be
| unconstitutional. I'm not sure exactly where or how the
| line is drawn between the two.
|
| https://www.americanbar.org/groups/business_law/publication
| s...
| gnicholas wrote:
| Relatedly, make sure you trigger the password lock on
| your device before handing it over. They may be able to
| compel you to give your biometrics but not your password
| (the latter is considered compelled speech, and the
| courts have not fully litigated whether the former is
| treated the same).
| csunbird wrote:
| For iphones, just tap the power button repeatedly, it
| will force a password entry to unlock.
| jaywalk wrote:
| 5 presses, to be exact.
| 35fbe7d3d5b9 wrote:
| If you have Siri enabled, you can also say "Hey Siri,
| whose phone is this?" - Siri will answer whose phone it
| is, but also will disable Touch/Face ID.
|
| Do one of these things at the beginning of any custodial
| situation.
| Ikatza wrote:
| Nova Launcher on Android (and maybe other launchers, I do
| not know) has a nifty little feature to activate password
| lock bypassing biometrics with a gesture. Which comes in
| handy everytime I go through the border.
| adrianba wrote:
| The law here is not completely developed. The US Supreme
| Court has not ruled on the extent to which electronic
| devices of a US person may be searched at a border.
|
| In practice, courts have generally allowed manual, cursory
| searches of electronic devices (such as looking at recent
| photos) as being similar to a search of luggage. However,
| courts have disagreed on how intrusive the search can be
| and whether a more invasive search at the border can be
| conducted without some additional suspicion.
| k12sosse wrote:
| Plausible deniability!
| amelius wrote:
| Of course James Bond would have an unlock + wait 10 seconds +
| explode option ...
| 35fbe7d3d5b9 wrote:
| > I.e. when you are being selected for random questioning
| entering US as a non-US citizen, you'd benefit from
| steganography-like approach: you give a password, and
| relatively bland, non-personal stuff shows up, giving
| appearance of full access to a system.
|
| DO NOT DO THIS UNDER ANY CIRCUMSTANCE unless you have first
| talked with a lawyer about this idea.
|
| 18 USC 1001 says (in part):
|
| > whoever, in any matter within the jurisdiction of the
| executive, legislative, or judicial branch of the Government of
| the United States, knowingly and willfully falsifies, conceals,
| or covers up by any trick, scheme, or device a material fact
| shall be fined under this title [and] imprisoned not more than
| 5 years
|
| Prosecuting lies to federal agents is a _very common_ technique
| used by US Attorneys to essentially bootstrap felony
| charges[1], and federal courts have stretched "materiality"
| pretty far[2] so saying "oh, I didn't have anything illegal on
| the 'secret partition'" might not save you.
|
| IANAL, but this looks awfully close to a felony.
|
| [1] https://www.popehat.com/2010/02/26/rule-2-go-re-read-
| rule-1/
|
| [2] https://www.justice.gov/archives/jm/criminal-resource-
| manual...
| packet_nerd wrote:
| > I.e. when you are being selected for random questioning
| entering US as a non-US citizen, you'd benefit from
| steganography-like approach: you give a password, and
| relatively bland, non-personal stuff shows up, giving
| appearance of full access to a system.
|
| Is there a practical way to implement this today with Linux? I
| know VeraCrypt supports hidden operating systems, but I think
| only Windows?
| poopslide wrote:
| The practical way is to mail yourself an encrypted microsd
| card. Internal drive contains Windows and some porn, but no
| hidden data.
| roblabla wrote:
| It's possible to have a truly "hidden container" with
| LUKS/cryptsetup, but it's not exactly a "supported" setup.
| Here's some information:
| https://blog.linuxbrujo.net/posts/plausible-deniability-
| with...
| Shmebulock wrote:
| What does "PAM" mean?
| [deleted]
| harry8 wrote:
| Pluggable Authentication Module
|
| https://en.wikipedia.org/wiki/Linux_PAM
| dclowd9901 wrote:
| I always thought it would be great if Apple allowed a duress
| iPhone faceid (say, you making a certain face) that could be used
| to erase the phone.
| Razengan wrote:
| Just like how ancient games and screen savers had a "Boss Mode"
| shortcut that showed a fake screenshot of Excel or whatever, all
| modern devices should have an "Allow limited or fake access to
| someone else to avoid the socially awkward situation of saying
| No" option.
|
| Call it Duress/Panic/Boss/Jealous Boy//Girlfriend/Puritan Family
| Mode or whatever.
|
| iOS has something called Guided Access which sorta helps a little
| bit but is very obvious to the other party.
| delgaudm wrote:
| If I understand correctly, this appears to be Linux only?
| raziel2p wrote:
| It's based on PAM (pluggable authentication module) which
| should exist on MacOS and BSDs as well.
| [deleted]
| cortesoft wrote:
| You all live much more interesting lives than me
___________________________________________________________________
(page generated 2021-08-23 23:03 UTC)