Duress Mode (Ghost Protocol) with Nygma Cloud

Duress Mode—also known as Ghost Protocol—is a critical Nygma Cloud security feature designed to protect users in situations where they may be forced to unlock their encrypted drives. Whether facing coercion, threats, legal pressure, or device inspection at borders, Duress Mode ensures that your real encrypted drives remain completely hidden.

When activated, the system silently loads a decoy drive with harmless, non-sensitive content. The attacker sees a fully functional drive and will have no indication that Duress Mode exists or that the displayed content is decoy data.

This feature is powered by Nygma’s zero-knowledge architecture, which ensures that even under coercion, attackers cannot access or detect your real encrypted drives, encryption keys, or metadata.

 

What Is Duress Mode?

Duress Mode provides plausible deniability by allowing you to unlock Nygma using a special password that loads a controlled, safe environment.

When you enter your Duress Password:

• Your real encrypted drives stay completely hidden.
• A decoy drive is displayed instead.
• All security indicators appear normal.
• No logs, markers, or warnings reveal that duress protection is active.

This approach ensures that compliance appears complete while keeping your genuine data invisible and inaccessible.

 

How To Enable Duress Mode

A. Unlock an Encrypted Drive

1. Log in to your Nygma Cloud web console.
2. Go to the Encrypted Drives page. This page contains all the encrypted drives you created so far. Unlock one of them by clicking its Unlock Drive button.

B. Enable Duress Mode

1. Once a drive is unlocked, go to the Security Hub page.
2. Move the slider to Enable Duress Mode.

C. Create Decoy Drive

On the same page, and under the Create Decoy Drive section, provide the following information:

1. Decoy Drive Name: Give it a natural, non-suspicious name such as “Personal Photos” or “Vacation Pictures.” This drive will serve as the only visible drive when Duress Mode is triggered.
2. Duress Password: Choose a secondary password—different from all real drive passwords. It must be believable and consistent with your typical password patterns.
3. Confirm Duress Password.
4. Click the Create Decoy Drive button.

 

How to Use the Decoy Drive

With the Duress Mode enabled, and when unlocking any encrypted drive:

• Enter your real password → access your real drive.
• Enter your duress password → Nygma loads only the decoy drive, and you can add data to it to make it look real.

Both passwords produce a fully valid login session, and the system’s behavior is indistinguishable to the observer.

 

How Many Decoy Drives Can Be Created?

✨ Only One Decoy Drive Is Needed

A single decoy drive protects all your real drives.

Whenever the duress password is used, Nygma automatically displays that same decoy drive, regardless of which encrypted drive the attacker is trying to access.

This design simplifies setup while ensuring consistent, believable behavior.

 

Managing Your Decoy Content

To maintain credible protection:

1. Unlock using your Duress Password. Nygma loads the decoy drive.
2. Add harmless, non-sensitive files, such as family or vacation photos, regular documents, or daily-use folders.
3. Keep it realistic. Avoid an empty drive, avoid overly polished organization, and use organic file structures.

Realism is essential for plausible deniability.

 

Plausible Deniability Features

Nygma implements several protections to make Duress Mode undetectable.

✅ Invisible Protection

No interface element reveals that duress mode is activated. The UI, performance, and file operations behave normally.

✅ Fake Security Messages

Under duress, the Security page presents normal-looking messages such as requiring an upgrade—this prevents attackers from accessing sensitive settings.

✅ Hidden Drive Details

Real drive names, sizes, and counts are concealed. Only the decoy drive appears.

✅ Silent Activation

No alerts, logs, warnings, or notifications appear when duress mode is triggered.

 

Important Security Notes

• Your decoy password must be believable.
• Your decoy content must look natural and consistent with your usage habits.
• You must remember both your real drive(s) password(s) and your duress password.
• While in Duress Mode, security settings cannot be modified. This prevents changes being made under coercion.
• Only exit Duress Mode by unlocking with your real password.

This design ensures that even sophisticated attackers cannot detect or reverse-engineer the presence of the real encrypted environment.

 

How to Disable Duress Mode

A. Unlock an Encrypted Drive

1. Log in to your Nygma Cloud web console.
2. Go to the Encrypted Drives page. This page contains all the encrypted drives you created so far. Unlock one of them using its real password.

B. Disable Duress Mode

1. Once a drive is unlocked, go to the Security Hub page.
2. Move the slider next to Enable Duress Mode.
3. Optional! Click the Delete Decoy Drive button if you prefer to delete the decoy drive with all its content.