1234 is my regular PIN.
1235 is my help I'm being robbed PIN -- it dispenses the cash, calls the cops, and tags the video.
In the scenario that you're proposing, the only advantage is that police are called about 30 seconds sooner. But my guess is that in the vast majority of cities in the US, that 30 seconds won't be enough to catch the criminals.
Not to mention that if this became widespread (and therefore known) you've now given the victim a crude weapon that the robber may feel warrants more violence to convince the victim that they better not type in their duress code.
Unless the thief takes off with the victims phone as well. Additionally there are sadly instances where the theft at the ATM is just the start of other crimes towards the victim.
I was thinking of the best case scenario. So the robber takes the phone as well, and the person calls it in 15 minutes later when they get to a phone. When the average police response time is about ten minutes, the difference between a call being placed 30 seconds after the robbery and 15 minutes after is pretty much nil.
Additionally there are sadly instances where the theft at the ATM is just the start of other crimes towards the victim.
True. So maybe the advantage here is that the police are alerted to the fact that a crime is taking place. But let's say the victim is kidnapped or something at this point. Are the police going to be able to do anything? They'll show up 5-15 mins after the emergency call and find an empty parking lot. What then?
I guess this might be helpful for situations in which the robber takes the money but then hangs around the ATM to beat or rape the victim. But I doubt this is terribly common. And as soon as it becomes commonplace for people to have duress codes, they'll start taking the victim elsewhere instead of staying near the ATM. Or they'll just kick the shit out of the victim to impress upon them the foolishness of using such a code.
Actually, that's an interesting thought experiment. You're held up at gunpoint (or knifepoint) at an ATM. You have a duress code (that you remember). The criminal knows these are common and threatens you not to use it. Do you?
Not to mention that cops will potentially have a live video feed of the crime scene as the crime is being committed!
Also a criminal might see somebody fumbling with the keypad slower than usual and assume they are entering a duress code.
I generally enter my PIN very quickly , because the movements of my fingers on the keypad is stored in muscle memory.
How deep do you want to make your conspiracy theory go?
They'll know that I was in distress RIGHT NOW, instead of two hours later when I fail to show up for that party I told my fiance I'd meet her at - and even then, she would have to wait 22 hours before filing an official police report.
The possibility of kidnapping elevates this to a whole new level.
Sure, they might get more violent and say 'use the real pin', but honestly, how are they going to know that there isn't only 67.87 in the bank?
All sorts of stuff is going through your head like "should I use the duress PIN?" , "can I remember the duress PIN?" , "will they know if I use it?" , "how could they know?" , "What if they somehow DO know, is it worth the risk?"
[JS code] http://pastebin.com/3A46BP1C
For online banking, there are usually added security schemes and the PIN isn't used at all.
Why not just have e.g. "swipe left to unlock to guest mode" or something similar? Then you can still have it be locked, but with the same old PIN; it will be far more attractive to users.
Will people pay a premium for it (compared to say, offering more air miles)?
I'd be willing to bet that for most people it simply isn't worth the investment for them.
I would tend to guess it would cause more problems than it solves.
Edit: Somewhat replying to a sibling comment. In countries with less effective police, they originally put withdrawal limits on the cards, but this just caused muggers to hold their victims until the victim's account was drained.
Further Edit: I couldn't find any online sources for this information, so I could be remembering incorrectly.
Diebold ATMs could be configured to send a "distress signal" when their safe was opened and the last number of the combination lock was off by 1. The option was off by default, because it required additional hardware hook-up (for the signaling), but it was there.
According to him, this is a feature that pops up once in awhile, but they have a long list of stuff to do and this is just one of those things that always gets bumped out.
From my perspective as a platform dev, I'd like to get into some of the technical problems with changing this, but I could end up breaking some NDAs or something. I'll just say, when you start mucking around with adding login code, file system changes, and the current dmcrypt encryption, you hit lots of fun design problems.
Single user login is a design problem! When I hand my tablet off to someone they have access to my gmail, gtalk, facebook, twitter, imap email, browser sessions and dropbox.
And that's just what I can recall on the fly.
That's the first thing I wondered about when Apple released the ipad: from the start, this looked like a family/eminently shareable device (and within a month you had reports of it being used as a shared family device, picked and left on the living room table for quick sessions of browsing or game), it felt weird that all the tablets were single-user, and the more time passes the weirder it is.
It only lists a subset of apps (automatically adding child-friendly ones it finds, but then editable) and prevents access to the phone functionality, redirects ad links etc.
It's not full user accounts, but a multi-user web browser. You can protect your bookmarks, logins & web history and it also has a guest mode.
Once you start adding stuff like login systems, seperate file permissions you start becoming a PC with a touchscreen.
Their approach is targeted at kids though, I'd love to see someone tackle the general purpose approach.
Sounds like a great project for someone with a lot of free time. I rememeber hearing that the guy who came up with what is currently the ios notification style was hired by Apple after his jailbroken hack.
The void is wide open for someone to solve this well and be rewarded for it
Because dealing with multiple profiles and/or different profile types is a fucking huge giant pain the ass and a monumental amount of work! Xbox has local, guest, live silver, and live gold accounts. Dealing with all the different profiles and switching between is a nightmare. Urgh, no thanks.
Operating systems have had user switching for years. But I'll bet only a small minority of Mac users even know this is possible, and even fewer have ever used it.
Oh, I'm sorry, you wanted instantaneous user switching? That's a smidgen harder than the 40-year-old solutions :)
These OS have been able to run multiple concurrent user sessions for 40 years, and fast user switching has been a feature of all desktop OS since Windows 9x went the way of the dodo.
There are specific issues (core services of these systems are probably — sadly — coded with the idea that a single user is running), but nothing which should be hard to fix.
What about the memory overhead of concurrent sessions?
Who gets to run background processes, and when are they terminated? Because neither CPU nor battery life exist in abundance.
What happens to incoming calls/e-mails/texts/notifications? (Especially for the guest account, where you don't have a second phone number for that account)
What happens to e.g. alarms set by user1 if user2 is logged in?
Which settings are shared, which aren't? And if your phone storage is encrypted, how do you handle shared settings? What about privacy? Can user1 e.g. record GPS signals even if user2 is logged in? If not, what about "Find my phone" features?
Sure, conceptually it's a solved issue. Practically, there are innumerable details to be figured out.
App1 has uid 100
User1 has uid 101
User2 has uid 102
If all userdata for App1 is owned by uid 100, User1 or User2 could potentially used App1 to gain access to the other user's app-specific user data.
(I'll admit that I'm not an iOS or Android programmer, so I may be a bit out of my depth here.)
On Android, uids are used for apps, not for users. Supporting multiple users on Android is thus not as simple as one might think.
Not to mention that your XP machine had a HDD as a backing store for virtual memory. You could safely page out an entire session. Not so for phone OS's, AFAIK. (I know iOS doesn't have a backing store. Haven't checked Android, but I seriously doubt it)
Not to mention we've only very recently reached specs that make this doable. The iPhone 3GS (not that old) did have a 600MHz processor and 256MB of RAM. That's pretty close to an XP recommended spec, IIRC.
Given that your XP machine wasn't running on a battery, and wasn't busy in the background doing phone-y things, you can see where resources are getting tight.
Phones are just getting there, spec-wise. I'm sure sooner or later we will see a guest mode. The 'when', IMHO, hinges more on solving the UX issues, since specs always march on.
X (the service commonly providing the *nix GUI) was pretty much built with this in mind; Linux has had an implementation of X that has provided this since at least the mid-90s.
Windows has had this on the server since at least Windows Server 2003, and has also introduced it to the "consumer" market in Windows 7.
(I'd be happy to find out whether OS X supports this or not.)
I have Windows XP, and have had 2000, NT, 98, 95, etc., and none of them could do it.
I'm glad to see that finally this "40 year old technology" is getting onto desktops in the last year or so.
The first way is by remotely running a program on your own Xserver. The programs' processes occur on the remote connection and are sent down the SSH tunnel and show up on your display. This is the common way in Linux.
The second way is by an older program from the Windows world: VNC. VNC takes a local, running display (example: my gui) and allows someone else to view/control it at the same time I do. In this method, you both fight over the mouse and keyboard inputs.
My older Mac Mini would not do it. I didn't know that this was added in 10.7.
It's for different people, not for you that an account should be created. I also would like that in all the *pads. I'd like to split the history and logins of each person using my touchpad. It's a mess when 2+ people start using it.
I am amused by the idea of rubber-hose cryptography though - beating on the data until it encrypts itself!
(Obviously this only worked for illiterates.)
In other words, it's his job to prove things, not yours.
A much more likely explanation for the policy involves abuse by the user, either intentionally or unintentionally. Cameras and USB sticks are similarly restricted.
Lots of folks hand their smartphone to their kids to play games and even if there's nothing sensitive on there, they might have things they don't want deleted like treasured photos and videos.
presumably the same technology could be used to provide "normal" and guest environments.
I'd like to be truly responsible and just turn my phone off, but I don't to allow for those few times when there actually is something important.
Hooking it up to the stereo system makes it feel like it is part of the vehicle. Some day, when I am feeling adventurous, I will wire the otherwise useless OnStar button to trigger it to complete the "factory look."
 mozilla had multiple profile support since forever, but it required you to restart the browser with a command line argument, or requires you to pick a profile every time, and even then it's not "guest" profile -- it's another profile with history and all. When I needed multiple profiles, it was always easier to set up another user on Linux. [On windows, at least in the 2000 days, the new browser would defer to the old one that was already on screen even if they were RunAs different users -- a different "desktop session" was required for separation. bleh]
1. You are using an app
2. You activate 'Guest mode' using a button press, swipe, tap, etc. (configurable)
3. If the user hits the home button, it redirects to the lockscreen instead of the homescreen (much like the Camera application does in lock-mode)
4. Instead of the camera icon on the lockscreen when you double tap, it is the icon of the locked-in application. (You can tap it to resume use of the locked-in application)
5. To disable this guest mode, you simply unlock the device with your passcode.
So, when a friend asks "Hey can I check my email?", you can open Safari, enable this guest mode, and hand the phone to him, no worries.
What do you think?
can you provide a sandboxed environment? he can't have access to any of my persistent Safari data (autofill/bookmarks/history/cookies/dbs/etc.), and any he creates should be wiped, probably on return to the lockscreen. all other forms of app switching (e.g. open a pdf url, then "open in" iBooks/goodReader/whatever) will need to be blocked as well. will also have to block the app tray, the notification center, pop-up/banner notifications, Siri, and possibly the phone. (could experiment with blocking badges and alerts but not sounds, since that only reveals the fact that an email/text/etc. was received, not any specific information about it.) might conceivably need to block all background app network traffic, tho i'm not sure if that's snoopable from inside safari.
basically os x guest mode
Maybe just for browsing the internet it would be allright, but I won't hand over my passwords. Isn't there any keylogger yet for android/ios? You don't even need to go by the store/marketplace, just local, developper stuff and there you go. Do you want to log on my machine?
Take Windows for example, sure you can setup multiple user accounts with different levels of privilege , access to website and apps etc but how many people outside of a corporate or academic setting actually use this?
Whenever I borrow someones laptop they just use their own login, sometimes I find porn in their Internet history but at the end of the day who cares?
Perhaps this is more of a problem for people with kids who might want to use the internet themselves but when their child uses it they don't want them to have access to certain sites or see that their parent has accessed certain sites.
One issue I have with android is that when I clear the history in the browser and delete all cookie etc etc.
If I hit the back button it still goes back to whatever I visited last , also if I goto google and tap the search bar all my previous searches come up. It's not really very privacy friendly.
Hopefully this problem will pass once everyone has a smartphone so they don't need to borrow someone elses.
Most people don't seem to really understand the benefit of doing this though, I've seen couples argue because they both keep changing preferences on a shared computer when multiple logins would solve their problems.
Android should be able to support this feature down the line too.
Guest mode: enable the “Guest Mode” toggle in the panel, and your calls and text messages logs will be hidden, and all installed applications cannot be removed. You may have a try when you need to show your phone to guests or children.
Also, I'm a bit afraid implementing full-featured multiple user sessions (similar to a desktop OS) would lead to a lot more bloat.
I would imagine at that time, they might support Guest logins.
EDIT: the implementation detail of Face recognition talked above is my own take on how it should be done. Not suggested by the referenced article.
The use-case for it usually suggested is one VM for work, one for personal use, but it could be used for this scenario too.
Which has revealed a feature that the Tab needs: a button in Gmail called “in strange hands”. The device is profoundly shareable, but mine has my Google email, full of threads that are distinctly not for public eyes. So I need to switch to disable that while letting people look at interesting web sites or play games or check stock prices or whatever.
Are people really handing their phones out that often?
I only hand my phone to someone else when:
* I've asked them to take a photo of me.
* They're riding shotgun in my car and need to call a contact or navigate with info readily available on my phone.
Neither situation is risk for people snooping around.
Also, some people just don't consider their phones private and don't understand why anyone else would. My parents or siblings sometimes want to flip through Gallery to see the newest pictures of my children, friends, or co-workers.
A couple misplaced photos can be quite the liability in a situation like that...
Please make Android grow multi-user capabilities or give me ChromeOS in a tablet format.
simplification enhances usability. the vast majority of smartphone and tablet users are happy that all that complicated IT/nerd stuff went away on their devices.
the complications you would introduce by user switching are big. you need to add UI elements to tell the user at all times in which mode they are, you need new dialogs to switch, etc etc. the android status bar already looks like a badly maintained win xp install with all that crap in it.
built by developers for developers. brrr.
It would be nice if iOS would support multiple user accounts/profiles, especially for games - so when a user is "logged in" a game's saved progress would be tailored for that specific user.
Maybe I'm missing something important here, but it seems many apps on the Android market are just a few tweaks away from doing this already?
Since I've already been perfectly demanding|whining about a feature I'd like to have, what I _really_ want is to just click a program that boots up a vm with the same OS, but only the browser ready to go with a fresh lack of cookies, history, etc.
IS THAT REALLY SO MUCH TO ASK? </overdramatic>
In Windows you'd hit Windows-L, which would take you to the login screen, and then they'd click "Guest" (or whatever alternate login you've set up). You'd still be logged in, and when they were done (or were giving it back to you for five minutes) you press Windows-L again and choose your own login to switch back to your still-running programs.
I'd be astounding if Linux didn't have an equivalent.
Also FastUserSwitching doesnt require logout IIRC.
This is primarily a problem on my laptop which lumps to much diverse media together.
case 1: no apps. guest has to install apps. will guest have a itunes/android market account? does he enter his Credit card to buy paid ones he want to use?
case 2: apps with no data from real user. He opens up foursquare/yelp to look for a restaurant... has to create profile
And that somehow makes it totally useless?
He can: talk on the phone, check his email on the web browser, surf to anything he likes, use any other app that doesn't require a profile, play a game, ..., ..., ...
Even calling case 1 "totally useless" is retarded. He can still do tons of stuff (call, browse, use as calculator, ...) except run apps.
My girlfriend texting me about medical issues isn't "weird", but I still don't want my mom to read it if I happen to hand him my phone for a few minutes.
My mom emailing me photos of my childhood self taking a bath isn't weird, but I wouldn't want my friends to see them.
My friend asking me if I'll be showing up to the Atheist Association meetup isn't weird, but I wouldn't necessarily want my boss to see the message.
Wow. I'm glad I don't live in a country where that would even be an issue. It would never occur to me as something anyone would need to be private in any country(until now).
(Or do you work for a fundamentalist religious organisation?)
There are, however, places where it would definitely lead to a change in the work environment.
> It would never occur to me as something anyone would need to be private in any country
Even in countries ostensibly ruled by sharia law?
Religious apathy is sort of the default and religion doesn't really dictate public policy very much so having an atheist society would be a bit like having a society for heterosexual people.
Are atheists really marginalized enough in the US that it becomes necessary to band together?
Where? Keep my naked girlfriend pics in a recipe box? Wtf are you even saying?
I'd rather not turn into a dull prude just because apple is too lazy to implement a guest account on their unix OS.
I'm trying to imagine how dull and colorless your life must be. I took the pictures with my phone. The obvious place to keep them is on my phone.
is: "I keep naked girlfriend pics on my iPhone. I don't think that's weird, but I don't want someone to see them."
I see your point. I apologize for using the word "weird." I assume that's what the downvotes were for.
I'm honored, and confused, that you would consider me a corporate leader.
Like I said, I see your point. And if you look at my comment, it was in the form of a question, not an imperative.