Skip to content
Blog
Privacy, explained

What is plausible deniability (and why a hidden vault beats a password)?

A password protects your phone until someone forces you to unlock it. Plausible deniability lets you hand over everything and still reveal nothing. Here is what that means, in plain English.

The Deniable Guide6 min read ·
Copied!

The strongest lock in the world is useless if someone can make you open it.

Security people share a famous cartoon: a character imagines criminals defeated by unbreakable encryption. Reality shows up with a five-dollar wrench and a simpler plan: hit the person until they type the password themselves. The industry calls it the "wrench attack."

It stopped being a joke. Reports of physical coercion against cryptocurrency holders rose sharply in 2025, with much of that activity in Europe. The uncomfortable lesson is simple. The weak point is no longer your password. It is you.

That is the problem plausible deniability addresses. The question shifts from "how do I make my password impossible to crack?" to "what happens when I am forced to unlock?"

Why a password is the wrong kind of protection against people

A password works well against a stranger who finds your phone on a train. It fails the moment someone with leverage is standing in front of you: a mugger, a border officer, a controlling partner, a kidnapper. You can be threatened, pressured, or legally ordered to type it in.

The legal side surprises people. In the UK, a court order under the Regulation of Investigatory Powers Act can compel you to hand over your password, and refusal can be a criminal offence carrying up to 2 years' imprisonment. At the US border, agents routinely ask travelers to unlock their devices. "I would rather not" is often not a real option.

There is a second problem. A locked phone is itself a signal. A blank, obviously locked, suspicious device invites the one question you do not want: "What are you hiding?" Refusing to open it can make a tense situation worse, not safer.

What plausible deniability actually means

Plausible deniability means you can show a complete, ordinary device and still protect what matters, because there is no proof that a hidden part exists.

Picture a safe with a false back. You open it; the other person sees a watch and some cash. There is no sign of the compartment behind the panel. You did not refuse. You did not wipe anything. You showed them a full, believable safe, and as far as they can tell, that is all there is.

This is not marketing language. It is a serious cryptographic idea. In 1997, Ran Canetti, Cynthia Dwork, Moni Naor, and Rafail Ostrovsky formally defined the term "deniable encryption." Tools like VeraCrypt later brought hidden volumes to everyday computers: secret data sitting in what looks like random empty space, with no external proof that anything is there.

Why a hidden vault beats a password (and beats a decoy)

A password is all or nothing. Give it once, and your whole life is open: bank accounts, messages, photos, location history, and more. A hidden vault changes the question. Instead of "Will you unlock it?" where the honest answer is yes, the question becomes "Is there anything else?" where the provable answer can be no.

A PASSWORD

One key opens everything

All or nothing.

A HIDDEN VAULT

Open it all, prove nothing

What you show

No provable trace

Comply — and reveal nothing.

A password is all-or-nothing. A hidden vault lets you hand over a complete, ordinary phone while the part that matters stays unprovable.

It also beats the obvious workaround: a decoy app or a panic button that wipes your data in plain sight. That kind of wipe can look suspicious and can escalate the danger you are in. A savvy attacker may even know decoys exist and push for the "real" unlock. A hidden vault avoids that, because the public phone is complete and convincing on its own. You hand over a normal, working device, and that is the whole story; anyone can prove it.

That is the idea behind DeniableOS. One phone, three PINs, one lock screen. The Public PIN opens your ordinary, lived-in phone. The Hidden PIN opens a separate environment whose data is stored in a way that it cannot be distinguished from unused space. And there is a Duress PIN for the worst case: enter it under pressure, and the phone opens straight into the normal public side while the hidden environment is quietly erased in the background. To anyone watching, it looks like a normal unlock, not a wipe. The hidden side is gone, but the moment never reads as destruction.

DeniableOS: an everyday public home screen, the PIN entry screen, and the hidden environment with private apps.
One device, three PINs, one lock screen — the public phone, the PIN entry, and the hidden environment.

The honest part

Plausible deniability is not magic, and anyone who says otherwise should make you nervous.

Where the line really sits

It is a legal and practical defense, not a mathematical guarantee. The VeraCrypt community has documented ways in which hidden data can still leak: backup snapshots, storage wear patterns, and traces left by tools. Good security writing says that out loud.

So here is the narrow, honest claim. A hidden vault is built to defeat coercion in the moment: the border search, the robber, the opportunistic inspection when someone has your phone for minutes at a time. It is not built to beat a forensic lab that already knows you use this kind of system and keeps your device for weeks. Knowing where that line sits is the difference between real safety and false confidence.

Who this is actually for

You do not need to be a spy or a criminal to need this.

A traveller who does not want a stranger at a checkpoint scrolling through family photos. A journalist protecting a source. A founder who has access to real money. Someone leaving an abusive relationship whose partner demands to see their phone. For each of them, one unlock can expose everything, and "I would rather not" is not always safe to say.

The goal is not a phone you refuse to open. It is a phone you can open calmly, hand over, and know the part that matters stays invisible.

That is what plausible deniability buys you. DeniableOS is built for exactly that moment.

Two phones. One device. Zero evidence.

See how a hidden, deniable environment protects what matters, even when you are forced to unlock.

FAQ

Is plausible deniability the same as just hiding a folder?

No. A hidden or password-protected folder is still visible, so someone can demand that you open it. Plausible deniability means there is no provable sign that hidden data exists.

Can't I just refuse to give my password?

Sometimes, but not always. In some countries, a court order can compel disclosure, and refusal can be a crime. Even where you can refuse, a locked, suspicious phone draws attention. Deniability lets you cooperate and still protect what matters.

Does a hidden vault make my phone impossible to crack?

No. Be sceptical of anyone who claims that. It is designed to defeat coercion in the moment, not a determined forensic lab with prior knowledge of the system. That limit is the point.

Sources

Copied!
All articles