Ask HN: Protecting private data during a robbery.

[nullandvoid]

I've often wondered what would I do during the case of an armed robbery, whereby you're forced to unlock your phone (likely on the street, but it could also happen at home).

One such option would be to have multiple users (which is transparent to the robber, and instead only accessed via a different pin) - one which doesn't include banking, messaging etc, but AFAIK I don't believe this exists (I'm on android (Samsung).

How do the security / privacy conscious folk on here handle this threat?

[keiferski]

The first step is to not live somewhere that muggings on the street are common. Prevention is the first solution, and all that.

When I have been in more dangerous places, I’ve tried to do two things: 1) never mindlessly pull out electronics while on the street and 2) have a spare junk phone in my pocket in case anything does happen.

[nullandvoid]

I'm currently travelling around Asia, simply not going places where there's a non zero risk of being robbed unfortunately isn't an option.

The spare phone is a good idea, unless you get patted down I guess

[version_five]

Carry a "burner" phone and give that to the criminal. Ideally just carry it, or at least keep the real one somewhere more secure and less obvious and produce the burner. Requires the discipline of using the real one when you're out because someone could see you have it.

[KomoD]

I do this, I carry 2 phones and 2 wallets (one with an expired card in it)

[giantg2]

I believe Android has a duress pin starting in version 5 or 6, under advance settings. This is probably ideal for what you're talking about.

Start with prevention though - don't have the newest most expensive phone, don't make yourself look like an easy victim (distracted, alone, scared, weak), don't go to bad neighborhoods if it can be avoided, learn some self defense. If armed robbery is really a pressing concern there are options in many places to meet that threat with similar force. There are some criminals that will kill you even after getting what they want. That was happening in my city a while back, and I'm sure it occasionally still does.

[nullandvoid]

I'm struggling to find information on it, I can find a reddit post which mentions it's been stripped from Samsung at-least

I can find an Fdroid app https://f-droid.org/en/packages/me.lucky.duress/ which looks to implement this idea of wiping / broadcasting on a certain pin press, however the problem is the attacker still wants in to your phone, which is now suspiciously empty

It feels like a second profile with some good enough looking apps may be the perfect solution here.

[KomoD]

> I believe Android has a duress pin starting in version 5 or 6, under advance settings.

That is not something I've heard of or seen, I also can't find it in the settings.

[LinuxBender]

I've seen apps that do this but can find no such feature on my Android v12 uleFone

[giantg2]

Ah, yeah, I think it's only if you install other apps. Sorry.

[LinuxBender]

Ah, yeah, I think it's only if you install other apps. Sorry.

No need to apologize.

I've not gone the app route because it would need system access I think to intercept the PIN functions. I barely semi-trust the OS provider enough to use the phone at all. It would be nice if they would make that a default feature. There were some discussions here about it in the past. [1]

[1] - https://news.ycombinator.com/item?id=28956477

[aborsy]

If you are forced to unlock the phone, then whatever is in the phone is accessible!

If you have laptop, you can encrypt it with veracrypt that gives you plausible deniability. Unfortunately it’s not available in LUKS or bit locker. It’s similar to login into a dummy account. Phones could also implement such system, but they haven’t yet. I don’t know if you can hide apps.

Face or fingerprint ID protects some data. The rest, remote wipe, but the thief may not give you enough time.

But they could just ask you for your bank account information!

[thelastparadise]

> veracrypt

This can't be trusted.

[aborsy]

Interesting. Can you clarify?

It’s a fork of TrueCrypt, which was reviewed by an academic cryptographer (Matthew D. Green) a decade ago.

[fbrncci]

One of the things you can also focus on, is not looking like an easy target. Which would lower your chance of getting mugged in the first place. Exercise goes a long way there. And if you do end up getting mugged, set up something like a duress pin, which opens a different profile, with different apps, etc.

[Wool2662]

The answer is duress and wasted. https://github.com/x13a/Duress The real issue is that you have to remember your duress pin. But there is no way around wiping your device in a situation like this.