The campaign is coming to an end now with only a week left. Thanks to everyone who has supported the campaign so far. Our campaign pricing has been set as low as we thought we could make it for our backers and still get the project off the ground. We will continue to offer Signet HC at Crowd Supply after the campaign, but we will be increasing the price of a single Signet HC to $90/pc and orders made might be fulfilled 1-2 months later as another production batch will be underway shortly.

In-depth Look: Multi-Profile Support

Multi-profile support allows you to unlock your device with multiple profiles, each associated with a different unlock password. Your device will display different database entries depending on which profile you login with. What data is visible is determined by a set of filters added to the profile when it was created.

Use Cases

Each database entry has associated metadata that allows the client to search and sort database entries. In some circumstances, the metadata can be sensitive by itself. For instance, as a password manager Signet HC will list all of the accounts stored on the device. If you are in an environment with other people working nearby it would be easy for them to intentionally or otherwise see what websites you have accounts with, and the appearance of some less commonly used sites on the list could be personally revealing. You could setup a profile that only showed more commonplace accounts for this environment to protect your general privacy.

Another reason to conceal information in profiles is if you find yourself in a situation where someone is coercing you to unlock your device. In this situation you could unlock a profile that provides only more generic information. The multi-profile feature offers a form of plausible deniability in this situation since the device and client offers no way to tell if that any profiles exist other than the one you unlocked.

A less security-related use for this feature is to enable two people, such as spouses, to share portions of their Signet HC data between their devices. To accomplish this they would both create profiles with the same name containing the content they wish to share. Whenever one user adds data to this sharing profile they could export it for the other person it import it.

Implementation

Profiles have the following characteristics:

• It is not possible to determine the existence of data filtered out of the profile
• It is not possible to get a list of all profiles
• All data is subject to filtering by profiles

To meet this criteria each database entry also stores the following metadata:

• The profile that was active when the data was created
• A list of tags

Data created within a profile is visible in that profile automatically. To allow different profiles to share data the database organizes profiles into a tree structure where the profile at the top of the tree has unfiltered access to all data and nested profiles have less access.

When you create a new profile it is set as a child of the current profile and is associated with a list of tags that you provide. This tag list acts as a database entry filter. Only entries in the parent profile that match at least one tag in the list will be visible in the new profile. A profile’s tag filter is only visible from its parent profile so the user can plausibly claim if necessary that the current profile is the top profile.

The image below shows an example of a profile tree. Each profile, shown in blue, corresponds to a social context which is associated with a series of tags in orange acceptable to be viewed in that context. No tags are associated with the "top" profile since by default it can access all data.