Featue Request: Quick way to wipe message database #175
Comments
|
++ |
|
You can with 4 button presses now. This is not what you meant? |
|
4 presses of what button? Was this information contained in the wiki somewhere? |
|
@HadManySons I had to find this yesterday. Press and hold a conversation. In this select miss you can press the select all button in the bottom right hand corner. Then press the trash can button (bottom left) |
|
Oh, well yeah. I'm saying without inputting your password. Some sort of button combo you can set to wipe everything. Like how you can set a pattern unlock on the android lock screen, some sort of button combo to wipe the database without putting a password. |
|
Well better would be a custom wipe password so random strangers who have
|
|
Or that, make it look like you're putting in your password and without behaving any differently, the app wipes the database |
|
Added the four steps shared by @DaveQB to the Wiki: https://github.com/WhisperSystems/TextSecure/wiki/Using-TextSecure Overall, I think this is a very interesting idea. What do you think of my rendition below? If the database wipe was actioned on the same passphrase entry screen as is used to unlock the database, the user would probably need two passphrases: |
|
Sounds like a brilliant idea. |
|
@joeykrim I'd say that your idea is the best way so far to execute the idea. Gives the user a plausible deniability "see, I told you it was empty/blank" |
|
Totally empty message lists can raise suspicion, specially when crossing borders, when operators normally bomb you with messages (emergency numbers, their price list...). Why not just hide (or even wipe) encrypted messages and show un-encrypted ones. |
|
I'd support the solution @joeykrim proposed, but in the scenario @stefanb described, either leaving the unencrypted messages would be nice - maybe with the possibility to have a modifiable list of fake messages that will be imported to the database after the wipe - that'd be the TSA/Syria/Ukraine version. |
|
Following with great interest. |
|
Yeah, some sort pre-defined fake messages left behind after the "wipe" password was entered |
|
I'd also really like to see this feature. I think the most practical way of implementing if for plausible deniability would be to erase any secured communication while leaving the remaining messages. This way there would be no "fake messages" to maintain or import. Besides, if some law enforcement is trying to persuade you into giving a password, odds are they've already got your unsecured messages from your service provider. So I think the best way to implement this would be to either remove the secured messages from the database upon entry of the secondary password and continue login as normal (as well as ending any existing secure conversations) and leaving the unsecured messages in the database. Another possibility would be to give an additional option to wipe all the messages instead of just the secured ones. The thing that worries me about having a set of fake messages is the maintenance. You'd have to maintain it regularly by updating the timestamps and possibly contacts and unless you're purely using the data channel a law enforcement figure would have the meta data about the communications already and probably the unsecure messages making it difficult to say those are the only messages that were kept in your phone when they don't match up with what they got from your service provider. |
|
GitHub Issue Cleanup: |
Say for some reason you're being coerced with force to disclose your password, could you make a quick way (say a button combo + confirm dialogue) to wipe the text message database?
The text was updated successfully, but these errors were encountered: