{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreic7mjot2brp4it2ffpxrr5537f7tp55tqacw2tlkizlc5syksh2yq",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mncmb6acql72"
  },
  "path": "/t/is-a-chinese-phones-stock-os-better-than-grapheneos-for-my-threat-model/38270#post_15",
  "publishedAt": "2026-06-02T12:06:11.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "GrapheneOS forums",
    "Duress PIN feature"
  ],
  "textContent": "Plausible deniability such as this is actually one of the most requested features on the GrapheneOS forums. There’s new threads about it all the time. To summarize, so far the devs have shut down the idea for various reasons. The central one of them is that they can’t currently implement it in a way that could stand up to an actually competent adversary, such as the NSA or the various other intelligence agencies, due to a lack of proper hardware support.\n\nTheir answer so far has been the Duress PIN feature instead, which is pretty much the opposite of plausible deniability.\n\nThen there’s the other reason of their general development philosophy of wanting to avoid “badness enumeration” in favor of simple & straightforward solutions. If the adversaries have been told what to look for (signs of a profile, perhaps) then it’d be just a race of whack-a-mole, a race they (currently as far as I can tell) have no interest in taking part in. Only one mistake in such a race could lead to catastrophic consequences for the users of such faulty plausible deniability.\n\nAnd finally, there’s the reason of possibly putting users in danger. Let’s say you are a user of an OS that has implemented plausible deniability. Let’s also say you do NOT use that plausible deniability. Let’s also say that the adversaries know you use that specific OS. Now when you’re stopped, even when you give up your password to your one & only profile, the adversaries can still think that you are using plausible deniability, even when you are not. And now, you might be in deep trouble for not revealing your “second password” to that hidden profile of yours (which does not exist but the adversaries think so because your using an OS that implementes such functionality) and every denial is only taken as proof that you’re simply in need of more “convincing.”\n\nI believe that if the GrapheneOS devs want to implement such a feature, which I’m sure they’ve at the very least looked into given its prominence on the GOS forum, they won’t do it unless they it can do it in a way that can meet their standards for reliability & security.",
  "title": "Is a Chinese phone's stock OS better than GrapheneOS for my threat model?"
}