ONYX v1.5-beta: Emergency PIN with a full decoy environment
Released v1.5-beta of ONYX, and one of the things we added is Emergency PIN support.
A secondary PIN opens a completely separate decoy environment instead of your real account. You configure what’s in it — chats, avatars, display names — so it looks like a normal, lived-in account. There’s no visual indicator that it’s a decoy.
The use case is straightforward: situations where you’re pressured into unlocking your messenger. The Emergency PIN is kept entirely separate from your main PIN and can be changed at any time.
- GitHub: https://github.com/wardcore-dev/onyx/releases/tag/v1.5-beta
- Website: https://onyx.wardcore.com/
Happy to answer questions.
Where does the first decryption key come from? Does the user supply a decryption key first, and then supplies a pin? Verifying the pin at the application level means that once its decrypted, the attacker doesn’t need the pin at all, they can just read the decrypted data directly.
I’m fairly sure you are just sending these comments directly to your LLM.
On mobile the key comes from the platform keychain — tied to device unlock, not the app. On desktop it’s machine-derived. The decoy PIN threat model is coercion — someone watching you unlock. If an attacker already has filesystem access, you’ve got bigger problems than the PIN.
Machine derived decryption key is basically the same as unencrypted.
Android story is better, but you effectively hold a backdoor. You can push an update that defeats the decryption without any user interaction.
Ideally, decryption should involve the user inputting a pin or password.
Yeah, you’re right. I’ll fix this in the next update.