With OPSEC more and more of concern to ordinary people, a few features would make Codebook even more outstanding. These ideas are in response to passwords being demanded in more situations (crossing borders, during police activity, by employers, etc). A journalist friend was talking about the issues she faced with keeping things safe and organized, which led to some brainstorming.
“Plausible deniability” alternate passwords, ala the old TrueCrypt partitions. This would allow multiple encrypted collections within Codebook. If you enter the password for one, it only shows you the contents for that collection. That way, if, say, border guards demand access so they can see your social media history, you provide the password that unlocks the collection with only social media accounts that focus on innocuous topics. It’s not obvious to the inspecting party that there are other collections (obviously, this would not stand up to code-level analysis, but it’s to defend against most of the situations that arise).
Purge/restore collections. Records can be tagged as sensitive. Sensitive records can be exported to a external storage which also removes them from Codebook. They can be re-imported at a later time. If the purge/restore worked on arbitrary tags, it would enable you to carry only the passwords appropriate for your current job, thereby minimizing exposure.
Time-lock/“dead man switch”. If you have not accessed your passwords in a given timeframe, the data will be wiped from the device. Perhaps this would be selectable to apply to only certain records or categories.
(Disclaimer: I’m not an expert. I haven’t though these through in a seriously detailed way, and someone who knows more about OPSEC should probably vet the ideas and validate whether they make sense.)
Thank you for reaching out to share your thoughts on Codebook! I’ve commented below on your suggestions:
I’m not sure we could add that feature and have it maintain effectiveness. Once the public (or interested parties) are aware of this feature existing in Codebook, we/you no longer have plausible deniability. The ability to recreate hidden volumes across all platforms for Codebook would likely be incredibly difficult. Also, it may be difficult to refute their existence, especially on a mobile device. This doesn’t address the legality of lying to a government agent, something to consider, too.
We like this idea, and is something we will consider for a future release. Currently Codebook supports a mechanism for you to identify a subset of your entries, marking those as favorites. We also support exporting favorites to CSV, and plain text on the desktop versions of the application. Making the process of both purging and subsequently restoring those selected entries seamlessly is something we’d like to consider further.
We have avoided including a self-destruct feature, we consider the potential for unintended loss of data to be too high for little gain. Instead we’ve focused on steadily improving the encryption that protects your data from attacks. A determined and competent adversary singling you out would not attempt to access your data by logging in through the app repeatedly, but rather pull your encrypted database off the device to attack the encrypted database with more powerful hardware. There are options for performing a remote wipe of the entire device for both iOS and Android which should be considered in the event of a lost or stolen device. That said, we may revisit this direction once we’ve completed our work to support auto synchronization.
I’d like to be able to simply switch vaults so I can have a second one with only a few key entries. The main one stays in the cloud and I can switch back to it when I need to.