Feature request: Make it default behavior on phones that you can have multiple passwords, connected to different profiles. With no way to determine how many profiles a phone have.<p>I'm sure there's some people here working on mobile operating systems, might be worth considering?
"This profile doesn't have anything on it. Give us the password for the real profile."<p>Or even worse, you did give them the real password, but because your phone supports the feature and your profile is kind of barren, they don't believe you. Now you are in a very bad lose-lose situation.
I suppose that you could have the phone listening in real time and generating profiles that are hidden and embarrassing but not illegal.<p>So when they ask for the real profile it shows in the next unlock a profile that makes it very clear you have a deeply embarrassing ASMR addiction.<p>It could cross reference your local laws to ensure to not spill the beans on something locally illegal.
With LLMs, it should be easier than ever to fake generate text messages, notes, emails, etc.
You do use your "fake" profile regularly, just for "sanitized" activities. Check in on official sanctioned news sources, do your "legit" banking and financial stuff, etc.
xkcd 538<p><a href="https://imgs.xkcd.com/comics/security.png" rel="nofollow">https://imgs.xkcd.com/comics/security.png</a>
So put stuff on it, duh
Veracrypt e.g. has had this for a long time.<p><a href="https://en.wikipedia.org/wiki/Plausible_deniability" rel="nofollow">https://en.wikipedia.org/wiki/Plausible_deniability</a>
Android has a "Private Space" feature. As far as I can tell it's only a single extra profile you can create, but I think you can keep it "hidden" (at least in as much as you can't tell if it's been created without unlocking it).<p><a href="https://source.android.com/docs/security/features/private-space" rel="nofollow">https://source.android.com/docs/security/features/private-sp...</a>
As others have pointed out this would likely not save you in this case, but there are some phones which do support this, and I know people in Brazil that use these features in order to be able to comply when getting mugged without giving away access to your bank etc.
Software isn't going to save you in this scenario. If you're worried about local laws violating your privacy then buy a burner and only put data on there that's necessary for your travels.
Genius.
> Provide fake credentials? Three years behind bars.
Wow, what a free society! In the UK if you refuse to unlock your device you can be imprisoned indefinitely! In HK it's just one year!
In UK you can be imprisoned for liking a post on Facebook that is considered "hate speech".
The police must obtain appropriate permission from a judge to obtain a s.49 RIPA notice.<p>Before a judge grants the notice, they must be satisfied that:<p>The key to the protected information is in the possession of the person given notice.
Disclosure is necessary in the interest of national security, in preventing or detecting crime or in the interests of the economic wellbeing of the UK.
Disclosure is proportionate.
If the protected information cannot be obtained by reasonable means.
Why are you misrepresenting about UK law?<p>Yes, it can be a criminal offence. But the maximum tariff for this under RIPA 2000 is five years. If it’s not about nation security or CSAM, it’s two.<p>(Incidentally, the USA is a real outlier in this topic)
Are we damning the UK with faint praise now?<p>I'm not even sure how much practical difference there is between 5 and indefinite in practice, 5 years is a long time. I imagine it is pretty life-destroying. Especially for the crime of having something on your phone that you want to keep private.<p>> If it’s not about nation security or CSAM, it’s two.<p>I am sure we all get what you mean, but there is a comic interpretation in vaguely-Soviet style here where if someone hasn't done anything wrong they only get 2 years. I'm going to spend some time this weekend making sure my encryption is plausibly deniable where possible.
Oh just 5 years, that's OK then.
[dead]
[flagged]
What happens if you just say "I don't know it, only answer calls on it."
It would be nice if phones had a feature where you can define more than one pin, but only one is for your actual phone contents - the other ones leave you to a completely harmless but otherwise indistinguishable looking smartphone interface that contains no or only completely bogus data.
It would be nice if I didn't get beaten with a hose in a vain attempt to prove that I unlocked the "real" one.
If your country has this problem, you’re way past worrying about phones, and you need to be acquiring arms and training.
<i>> with a hose</i><p>You mean wrench? <a href="https://xkcd.com/538/" rel="nofollow">https://xkcd.com/538/</a>
I maintain that the series "24" back in the day did us all a great disservice by promoting the value of torture to "save the world".<p>I'm hard pressed to find any reason for any citizen to be compelled to share their secrets with the police because the police had "suspicions".<p>The 4th and 5th are paramount for a free society.
Almost every chinese android variant has that. On Oppo it’s called clone system
My Oppo Find N6 allows multiple user accounts
I think everyone's glossing over that this extends to anyone who knows the password. Your sysadmin, your business partner, your spouse. Hong Kong just turned your company's entire key management chain into a legal liability.
Ah, finally catching up to ... The UK, Australia, Ireland, France, the Netherlands, and probably a lot more.
The horrible bastion of despotism that is China-run Hong Kong has now caught up to the rule of law utopias of enlightened thought in the US and UK.
>in the US and UK<p>???<p>Of all the issues with the US justice system, being compelled to disclose passwords isn't one of them. It is an issue for UK, though.
> Of all the issues with the US justice system, being compelled to disclose passwords isn't one of them.<p>This is not totally true. It is also a US issue: CBP has been asking for passwords (or to unlock the device) for phones and computers for more than a year now. Last year, multiple people got turned around because they disagreed with US policies and political views that differ from those of the US's current president.
I don't approve of CBP's approach here, but being denied entry to the country isn't punishment, even if it might feel like it at the time. And that only applies to non-citizens, where entry is fairly reasonably at the government's discretion. Citizens must be admitted regardless.<p>Rules at the border tend to be pretty restrictive almost everywhere. You can literally get in trouble for having a sandwich in your bag. I'd wager Hong Kong border control was also empowered to request phone passwords and turn away refusers long before this change.
You don't have the protections of U.S. law at the border.<p>CBP is also <i>asking</i>, not compelling. You don't have to give them your password. If you don't, and you're a foreigner, you may be turned away. If you're a citizen, and I remember correctly, they can seize your device for up to two days if they want.<p>But they're not going to put you in prison for refusing like the U.K. and Hong Kong will.
CBP has absolutely put me in jail (not prison) for refusing to answer questions (including the strip search and being put in chains and handcuffs). As well as threatening to revoke my passport (though they could not). On another occasion they threatened to deport me even though I'm a US citizen. On yet another, they faked a drug dog hit then dragged me to multiple hospitals, racking up bills in my name while claiming I was packing drugs up my ass. I am still being chased by debt collectors for the last one.<p>I've contacted multiple lawyers and the answer got was they've tried cases like these before and they always lose so they don't take them anymore. Though this was pre-Trump, now it's suddenly in vogue to take up longshot border or immigration cases.
> Last year, multiple people got turned around because they disagreed with US policies and political views<p>so they were not in US
technically?
Funny how it's a horrible misrepresentation slurring the honor of the United Kingdom to exaggerate the penalty of not unlocking your phone for His Majesty's Law Enforcement, but US border cops being allowed to ask foreigners for the same thing upon pain of not being allowed to enter the country (something that no one seems to care about other nations doing?) is totally the same thing.
> Of all the issues with the US justice system, being compelled to disclose passwords isn't one of them<p>Under the present administration I wouldn't be surprised if for example ICE tried the $5 wrench method.
Depends, you can get NSL'd to disclose passwords. Good luck running that one up to the supreme court. And biometrics aren't as well-protected. Though, yes, in the UK it's a much more routine affair.
You have never crossed the border into the Great US of A then
The above probably meant a point that current democracies are increasingly sliding into the same hole as authoritarian governments. Amount on encroachment of governments and big corporations on personal freedoms and democracy in "democratic" countries is quickly becoming intolerable under a guise of safety and "save the children" mantras
I take it you haven't crossed the border recently?
in china was never a problem for police to detain you for any reason (or no reason) but HK has a different legal system
No one likes when I say this but it's really past time to stop doing anything interesting on your phone. Delete all your apps, set it as minimally as possible. Leave it home when you go for walks, and power it off when you go driving or to the store, or whatever.
For many people, their phone is their primary, if not only, computing and communications device.
I'm starting to believe this is [a] way forward. Or maybe an approach which is on a spectrum between <everything I have is on a phone behind a fingerprint and a four digit pin> and <I don't own a smartphone>.<p>Unfortunately, it's pretty common to only have a smartphone as your sole compute device, and increasingly onerous not to own one at all.
>Or maybe an approach which is on a spectrum between
>increasingly onerous not to own one at all.<p>Yes, and I think this unfortunately demands a grey area. I'm starting to treat my smartphone more like a work device, and there are a few things I do on it:<p>- My work's authenticator app is there.<p>- Unfortunately Signal is tied to smartphone usage.<p>- Practically speaking, people will expect to be able to send you text messages.<p>- It's still useful for taking pictures.<p>- My banking app is on there.<p>Outside of rare occasions, that's really all I use my phone for. I don't carry it around the house. If I go somewhere with my wife, I don't even bring my phone most of the time. I'm "required" to have it, but in principle it's not even mine. It shouldn't be trusted or enjoyed.
"Featured" on HN just a week ago, seems GrapheneOS' "Duress pin" would be very helpful in these cases: <a href="https://grapheneos.org/features#duress" rel="nofollow">https://grapheneos.org/features#duress</a> (<a href="https://news.ycombinator.com/item?id=47445931">https://news.ycombinator.com/item?id=47445931</a>).<p>Now we just have to wait N years for Android and iOS to get approval from the government to build something similar, that they can market yet somehow screw up enough to not actually help.
Ohh no, so they caught up with US border patrol?
These kinds of laws worry me since I have forgotten several old passwords. Being disorganized shouldn't be a criminal offense.
>The US is evil<p>>China makes you give phone passwords, China makes Apple give user data<p>>The US wiretaps 1 person<p>"OMG THIS IS AN OUTRAGE!"<p>We forget because a Republikan is in charge how good we have it in the west. We forget how bad it is elsewhere.
The cops from the John Woo HK action flicks I've seen would love this
This shit is why I don't visit China.
This shit is why I build platforms like Safecloud: <a href="https://community.safebots.ai/t/safecloud-governance-due-process-in-a-distributed-network/35" rel="nofollow">https://community.safebots.ai/t/safecloud-governance-due-pro...</a>
Wait till you hear about most of europe...
How about the US? What I'm going to write smells of "whataboutism", but it's tragic how more and more of the world is becoming police states. Going to the USA, they want your social media accounts. Regardless of that, the border thugs can probably demand you unlock your devices or they'll detain you for weeks on end, without any repercussions, because that sort of lawlessness is government policy now.
In the US, not disclosing a password is explicitly protected (5th amndmnt), SCOTUS has been clear. not so for biometrics, but so for PIN/passwd
> In the US, not disclosing a password is explicitly protected (5th amndmnt),<p>That's great but of exactly zero help if you're trying to travel to the US and CBP (or ICE) are staring you down. Even if they don't gulag you, they can always just reject entry for any non-citizen (and these days even some citizens it seems.)
They have? What was the relevant case? It was my understanding that some lower courts have ruled one way, others the opposite. There are also many nuances in particular cases (e.g., the police wanting a broad search of a device for something that may or may not be there versus them knowing for a fact a device has certain information they want).
The 5th amendment only protects citizens, and we are only talking about visiting (as far as I can tell).
Ah yes, the US government still respects the 5th amendment... like they respect the other amendments as well as the constitution.<p>The constitution doesn't say shooting citizens is illegal, right?
Haha, here's some random AI generated content:<p><pre><code> At least 225 judges have ruled in more than 700 cases that the administration's mandatory immigration detention policy likely violates the right to due process[1] The Fifth Amendment's Due Process Clause generally requires those having federal funds cut off to receive notice and an opportunity for a hearing, which was not provided in many of DOGE's spending freezes[2]
</code></pre>
(there's more but what's the point)<p>1. <a href="https://www.justsecurity.org/107087/tracker-litigation-legal-challenges-trump-administration/" rel="nofollow">https://www.justsecurity.org/107087/tracker-litigation-legal...</a><p>2. <a href="https://www.cbpp.org/research/federal-budget/many-trump-administration-fiscal-and-regulatory-actions-are-unlawful" rel="nofollow">https://www.cbpp.org/research/federal-budget/many-trump-admi...</a>
[flagged]