Skip to content

Plausible Deniability with Safeword Wipe

Overview

Plausible Deniability with Safeword Wipe is UnoLock's HighRisk coercion-response feature. Users mark selected Spaces as sensitive, then configure a safeword PIN. When that safeword PIN is entered, the server applies the feature so the sensitive Spaces are deleted rather than shown. This is designed for users whose threat model values removing those sensitive Spaces over preserving them.

How It Works

  • Separate Safeword PIN: Users configure a PIN that is distinct from the normal Safe PIN.
  • Sensitive Spaces Selection: Users choose which Spaces should be treated as sensitive.
  • Server-Side Handling: The entered PIN is received by the server, which applies the safeword outcome there rather than relying on the local device to branch visibly.
  • Sensitive Space Deletion: When the safeword PIN is used, the Spaces marked as sensitive are deleted.

Security Implications

  • Maximum Protection for Marked Spaces: The selected sensitive Spaces are removed rather than merely hidden.
  • Plausible Deniability on a Compromised Device: Because the server applies the outcome, the local device should not visibly reveal that the safeword PIN was used.
  • Permanent Loss Tradeoff: Security is gained by accepting irreversible deletion of the Spaces marked as sensitive.

Use Cases

  • Journalists and Whistleblowers: For situations where specific sensitive Spaces could endanger sources or lives.
  • Activists in Hostile Environments: For scenarios where continued existence of certain Spaces creates unacceptable risk.
  • Executives Handling Critical Secrets: For threat models where deletion of selected Spaces is preferable to exposure.
  • Shared Space Caution: If a marked sensitive Space is also a Shared Space, ownership determines whether deletion propagates to every participant.

Why It Matters

Some users need more than hiding. They need the option to delete the most sensitive Spaces if the alternative is catastrophic exposure. Safeword Wipe exists for that narrower but serious category of risk.

FAQs

How is this different from DuressDecoy?

DuressDecoy hides selected sensitive Spaces. HighRisk Plausible Deniability deletes selected sensitive Spaces.

Can UnoLock restore a Safe after Safeword Wipe?

Deleted sensitive Spaces are not meant to be recoverable through UnoLock.

Should everyone use this feature?

No. It is appropriate only for users whose threat model justifies permanent loss of data.

What if a sensitive Space is also a Shared Space?

If the owner Safe deletes the Shared Space, it is deleted for every participating Safe. If a non-owner Safe loses access to it, the data remains for the owner and other participants.

Compliance & Privacy Regulations

  • High-Risk Disclosure Control: The feature is designed for users who need a decisive response to coercion or seizure.

Integration with Other Features

  • Spaces: Plausible Deniability acts on Spaces that have been marked as sensitive.
  • DuressDecoy: Provides the hiding-based alternative for users who do not want deletion.