CrimethInc.
Smart Phone Feature Request: Guest Mode
A Proposal to Make Smart Phones a Little Smarter and a Lot Safer
Your smart phone knows more about you than anything else you own. A person can learn more about you and do more damage to your life by gaining access to your phone than they could by breaking into your home. What if you are forced to unlock your phone and hand it over to someone? We’re proposing that there should be a way to hand it over unlocked but without access to any of your private information and without access to do damage to you.
“Cop Mode” in iOS 11 is a brilliant feature — tap your side button five times and your phone disables Touch ID and requires your passcode to unlock. But as John Gruber and Jason Snell[1] pointed out on The Talk Show, even if you have Touch ID turned off and you can’t be legally coerced to enter your passcode,[2] you can be physically coerced. With enough torture, anyone will say or do literally anything to make it stop—see CIA black sites, Abu Ghraib prison, and Guantánamo Bay for proof.
There are many situations in which a person cannot be reasonably expected not to give up their passcode: a person entering a country who cannot risk getting turned away[3] and a person being physically coerced,[4] to name two.
In those situations, it would be useful if the owner of a phone could give an answer to the person demanding it of them without compromising their own privacy. Let’s call it Guest Mode.
How Would It Work?
Let’s say your normal passcode is 1234.[5] This feature would let you create a secondary passcode, say 9876. When that secondary passcode is entered on your lock screen, your phone would behave as though you had entered the correct passcode, but it would launch into Guest Mode.
Guest Mode would make your phone appear as if it were a brand new phone in the factory default settings—kind of like private browsing / incognito mode, but for your entire phone. No third party apps. No web browsing history. No text messaging history. No cloud services signed into (iCloud, Google, etc). No photos or videos in your camera or photos apps. No saved notes. No payments in the App Store or for in-app purchases.
Guest Mode could do even more to protect you and your privacy:
-
Hide incoming network activity—your phone’s captor would not receive phone calls or text messages to your phone number.
-
Receive and log incoming network activity to your hidden primary mode—your text messages would be waiting for you when you could use your primary passcode again.
Why, Though?
“I don’t have anything to hide on my phone.” Yes, you do. We all do. As Moxie said, we should all have something to hide.
Our phones are not only windows into our lives, they’re windows into the lives of our friends, family, coworkers… into the lives of any of our contacts. You may think that you have nothing to hide, but you can’t say that for everyone that your phone can access. Protecting your phone’s data is also about protecting your loved ones.
Guest Mode for …Guests
On top of all of the reasons for privacy and security, there’s also the option of actually using Guest Mode for actual guests. You want to hand your phone to your kid. You want to let a lost tourist look up a map address or call a cab. Basically, anytime you want to hand your phone to someone else, but don’t want them to able to see all of your things. Guest Mode is perfect for that too.
Our smart phones are probably the most intimate object that’s ever been invented. They hold so much of our lives in them. They can do real damage to us if they fall into the wrong hands. A feature like Guest Mode would help protect us and those we care about. If you work at a company that makes smart phones or smart phone operating systems, please make this happen. This is an opportunity to use your power and privilege to protect people.
[1] …and many others have before them.
[2] For now, in the U.S.
[3] Political asylums seekers. Refugees fleeing a war zone. Hell, anyone who can’t afford to buy another plane ticket.
[4] Tortured.
[5] Please don’t use 1234 as a lock screen passcode. For that matter, don’t use a four digit passcode. 0000–9999 is only ten thousand permutations. An attacker could manually brute force that and unlock your phone. A six digit is only trivially more to remember, but increases the total permutations to one million! That still won’t protect you from an automated brute force attack, but it will dramatically improve your odds against a simple phone thief.