Skip to content

DuressDecoy: Protection Against Coercion

Overview

DuressDecoy is UnoLock's coercion-response feature for the Sovereign tier. Users mark selected Spaces as sensitive, then configure a safeword PIN. When that safeword PIN is entered, the server applies the DuressDecoy behavior so those sensitive Spaces are hidden rather than shown. The server-side handling is important because a compromised device should not reveal, through distinct local behavior, that the safeword PIN was used instead of the normal PIN.

How It Works

  • Sensitive Spaces Selection: Users choose which Spaces should be treated as sensitive.
  • Safeword PIN: Users configure a safeword PIN that is different from the normal Safe PIN.
  • Server-Side Handling: The entered PIN is received by the server, which applies the duress behavior there rather than relying on the local device to behave differently.
  • Hidden Sensitive Spaces: When the safeword PIN is used, the Spaces marked as sensitive are hidden.

Security Implications

  • Coercion Resistance: Users can open the Safe under pressure without exposing Spaces that were premarked as sensitive.
  • Plausible Deniability on a Compromised Device: Because the server applies the outcome, an adversary watching the device should not be able to distinguish the safeword path from the normal path through local signals.
  • Recoverability: In the Sovereign tier, the sensitive Spaces are hidden rather than deleted.

Use Cases

  • Journalists and Activists: Hide selected Spaces when forced to open a Safe under pressure.
  • Crypto Users: Protect seed phrases or wallet records without accepting permanent deletion.
  • Professionals Under Travel Risk: Use the safeword PIN in checkpoint or device-search scenarios so sensitive Spaces do not appear.
  • Shared Space Caution: If a marked sensitive Space is also a Shared Space, owner-versus-participant behavior matters.

Why It Matters

Not every threat model justifies permanent deletion. DuressDecoy gives users a narrower response: hide the Spaces that matter most while keeping the broader Safe intact.

FAQs

How is DuressDecoy different from Plausible Deniability?

DuressDecoy hides selected sensitive Spaces. HighRisk Plausible Deniability deletes selected sensitive Spaces instead.

Does DuressDecoy create a fake or decoy Safe?

No. DuressDecoy acts on Spaces marked as sensitive. It does not create a separate decoy Safe.

Why is DuressDecoy handled server-side?

It is handled server-side so a compromised device does not expose, through different local behavior, that the safeword PIN was entered.

What if a marked sensitive Space is also a Shared Space?

If the owner Safe deletes the Shared Space, it is deleted for every participating Safe. If a non-owner Safe loses access to it, the data remains for the owner and other participants.

Compliance & Privacy Regulations

  • Protected Disclosure Model: DuressDecoy helps users reduce exposure of sensitive Spaces during coercive events.

Integration with Other Features

  • Plausible Deniability with Safeword Wipe: Provides the deletion-based alternative for higher-risk scenarios.
  • TimeLock: Can complement coercion resistance with time-based access restrictions.