Duress Password that wipes emails
A password which can be entered in times of coercion to reveal the mailbox password. When used a security mechanism (eg. wiping the mailbox) can be employed
-
MJ commented
Make this a Suite level capability
- mail could direct to dummy interface or lockout/wipe
- pass would also be an important aspect of this
- Calendar may need to be wiped if you have private info in there that must be protected
- wallet could have a feature to wipe or lock itself
- Drive could either wipe or have a lockout featureIf you are kidnapped or held host.age, you could wipe your passwords at the login screen while being forced to bypass all your accounts security.
Duress code would require Biometric login to be disabled.
-
Jonas commented
This could also be set as a rule. Delete what is set. if you login with this password -
Delete, alle mails in this folder, mails labeled this and this and then empty trash. -
Anonymous commented
I was about to make a suggestion like this but I'm glad someone else thought of it.
This is what I was going to post:
-------------------
Device-specific alias visibilityThe ability to toggle visibility of an account's various aliases (and thus the existence of e-mails associated with those aliases) based on either what device you're logged into, or in the case of Android/IOS, what PIN you unlock the app with. The "duress PIN" approach for mobile devices might be easier to implement.
This would be useful for journalists, attorneys, political activists, etc in places where the state of being on the wrong side of the mood of a corrupt authority figure who can coerce an unlock would put their confidential contacts and other sensitive information at risk.
-
ApolloNTZX commented
when entering an alternative secret password, delete the entire mailbox permanently
-
erache commented
Must have
-
LUH3417 commented
This a great idea. To have a separate password display a previously organized secondary inbox, with trivial emails.
But, since this feature would be of most value in third world countries, who suppress freedom of expression, such as China, Russia, Turkey, etc., please offer it to free accounts also, not just paid accounts.
-
user6160 commented
A great and essential feature. While I don't know that I require this function now or in the near future the same is not true for others.
For many, many people in all parts of the world this feature could literally save a life or allow a person to avoid an indefinitely long stay in a 'labor camp' managed by the Supreme Leader. Use cases are abundant and documented.
This is an essential feature that would seem to be at least somewhat related to Protonmail's reason for existence.
-
Anonymous commented
Great idea. I think when the security password is entered perhaps there should be a dancing meme of Christmas elves. That should be interesting!
-
Anonymous commented
Great idea.
Should be option to require correct TOTP code or just a password.
And option to wipe only selected folder / tagged messages (so attacker will still see less confidential messages). -
Z commented
Good point about indications of which password was used. If used perhaps an email to the recovery address after resetting to some default inbox? Hope to see more interest in this.
-
Anonymous commented
if a very specific, duress password is entered, the mailbox should self-destruct, or delete all emails, or reset to a default view displaying only a few "public" emails, without any indication to the user that this has been done. If people know about the duress password feature (i.e. it's advertised on the proton mail website), then coercers will know if it had been used. deleting all private and uncategorized emails, and displaying only public emails would probably be the best auto feature
-
Encrypted commented
Very nice idea.
-
Anonymous commented
I think the simpler idea here is the dummy inbox.
Excellent idea, along the same line, can a sent email expire one hour after its read...or maybe 24hrs? -
We the People commented
Shut up and take my money.
-
Kate commented
Or create a third password that would open up a fake mailbox with fake emails :)
-
Z commented
Depends on implementation requirements and amount of interest. I have put some thought into Tristan's idea. This idea could make hacking more difficult. Just think if they guessed the wrong password... Other things to consider also, but I'm genuinely interested in this.
-
Enzo commented
I just saw under review and it's been a year. Probably not going to be implemented?
-
Enzo commented
Wow, this should be more popular. I don't think many people have thought about it.
Normal password works, working password doesn't. Special password wipe everything.
Genius idea
-
James commented
that is a great idea. I'd love to see something like that implemented.
-
Z commented
This is a great idea Tristan. I am very interested in this as well.