Plausible Deniability with OnlyKey

In *, Encryption, OnlyKey, Plausible Deniability, Tutorial by [email protected]

Recently, there has been a lot of talk in the media about international travel, digital privacy, and encryption policies, but there is not much talk about real solutions. As a security consultant, inventor, and product developer this is one of the problems that we set out to solve with OnlyKey. It all came to life with a successful Kickstarter that was funded in early 2016. We built the world’s first password manager and multi-factor token with a plausible deniability feature. If you are not familiar with plausible deniability it is basically a concept where a person can have some information and plausibly deny that they have it.

But why does a plausible cover story matter, can’t I just say I forgot it?

Because refusing to give up information (like a password) can be considered withholding evidence, at least in the US, which can result in being held in contempt. The case of United States v. Fricosu illustrates that there is a legal precedence for this kind of constitutional 5th amendment loophole.

Not only this but if you are crossing a border you may have even less rights. A recent article that provides a “Guide to Getting Past Customs With Your Digital Privacy Intact” tells of how US Customs and Border Protection has long considered US borders and airports a kind of loophole in the constitution’s 4th Amendment protections, one that “allows them wide latitude to detain travelers and search their devices”

So what are the real solutions?

There are technical solutions that can solve this problem. Products like Veracrypt / TrueCrypt have a plausible deniability feature that allows you to have encryption inside of encryption where there is no proof that the inner layer exists so if you give up the password to the outer encryption it is plausible that you have given up everything.

OnlyKey has a similar, first of it’s kind feature that allows you to encrypt something and at the same time leave no proof that it’s encrypted. You can actually plausibly deny that there is anything encrypted at all. We call this our plausible deniability feature and this is how it works.

Whenever you set up OnlyKey you have to set a PIN. This PIN unlocks your device and allows you to use it. However, whenever you set up OnlyKey you can also set a plausible deniability PIN. This PIN unlocks your device and allows you to use a second profile. The idea being that you create some real looking fake accounts in the plausible deniability profile and then if you are compelled to unlock your OnlyKey you can provide the plausible deniability PIN.

But wait won’t they know that the first profile exists?

Let’s back up a bit.

There are two editions of the OnlyKey firmware.

  • One edition has the plausible deniability mode, military grade encryption and is called the standard edition, the other edition does not have the plausible deniability mode, or do any encryption whatsoever for that matter, and is called the international travel edition.
  • The hardware is locked and protected once a device is set up so you can’t determine which edition is running on an OnlyKey.
  • The standard edition OnlyKey in plausible deniability mode looks and acts just like the international travel edition OnlyKey.

Finally, the user can change the OnlyKey firmware themselves at any time by following some simple instructions.

So this way even if you travel to a country with mandatory key disclosure laws you can load the International Travel Edition onto your OnlyKey and be 100% telling the truth when you say “I have nothing with encryption.”

To find out more and how to do this read “An OnlyKey User’s Guide to Traveling Internationally With Your Digital Privacy Intact”

OnlyKey is available for purchase here.