SysAdmin
7d5f9cc246
Cross-platform privacy-hardening program. Two-layer product: - SilverLABS Application Stack (cross-platform spine) - Platform Hardening Profiles (per-OS, tier-honest) Platforms: Linux (Debian/Kicksecure), Android (Pixel/Samsung/Moto/generic), Windows (LTSC IoT), macOS (profile), iOS (MDM profile). Each flavour has both a preflashed hardware SKU path and a self-apply "harden your existing device" path. Includes umbrella docs (README + threat-model, design-principles, platform-matrix, roadmap, trust-model), per-platform and per-stack- component README stubs, .gitignore, LICENSE. Linux v1 ships first; Stack v1 = Browser + VPN + Sync. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SilverDuress
Status: v1.1 (planning)
Duress password / panic-wipe / anti-coercion. The "I am being forced to unlock this device" feature.
What it does
- Duress password: an alternate password that, when entered, appears to unlock normally but actually triggers a configured action
- Panic-wipe: secure erasure of encrypted volumes / keys
- Decoy unlock: opens a clean profile / sandbox containing decoy data
- Silent alert: optional outbound signal to trusted contact / SilverLABS service that duress was activated
User configures which behaviours apply.
Per-platform implementation
| Platform | Mechanism | Strength |
|---|---|---|
| Linux | PAM module — duress passphrase wipes LUKS keys / drops to decoy profile | Strong |
| Android (Pixel ROM) | Inherited from GrapheneOS duress PIN | Strong |
| Android (other) | Best-effort: app-level duress action when SilverLABS Stack apps are unlocked with duress credential | Moderate |
| Windows | Group Policy + scheduled task triggered by duress credential entry; BitLocker key destruction | Moderate (closed kernel limits us) |
| macOS | Configuration profile + login script; FileVault key destruction on duress | Moderate |
| iOS | OS-provided erase-after-failed-attempts (Apple primitive); Stack-app-level duress where feasible | Limited (we cannot run code at unlock) |
The per-platform table is shown to users in the SilverDuress setup UI so they understand what's possible on their device.
Non-goals
- Not a "tracking your stolen phone" feature — different product, different threat model
- Not a "remote wipe" service — that requires constant network and trust in the wipe operator. We may offer it later, but v1.1 is local-only.
Risks we acknowledge
- A sufficiently sophisticated adversary may forensically recover from a partial wipe — we use cryptographic erasure (destroy the key, not the data) which is robust against this
- A coerced user may be unable to remember to use the duress password — we document this clearly in the setup UI; this is a fundamental limitation, not a SilverMetal-specific one