mod parent up - great service.

Facebook may have done this once, but they had stopped doing it a while ago and instead started to use Google Contact's API via OAuth -- that's what started this all off, Google changed the terms/conditions of their API preventing Facebook from using the system.

Deciding to not take this lying down, Facebook then instead directly linked users to the Google Contacts Export page, then Google modified said export page to throw up that big scary warning described in the article.

That said, Facebook still happily logs into webmail for sites which don't use OAuth like user's ISP webmail, exactly how you described.

You're not the first to think of such an idea, it actually has a name. I learnt about it way back when I was doing Legal Studies as a subject during my VCE (Victoria, Australia's version of your typical high school certificate).

So anyway, we did a unit on Juries and the different types and how we ended up with the one we have today in our legal system. One of the jury types that were turned down was exactly how you described and I recall thinking "that actually sounds like a good idea". The reason that it's not used (at least, according to my text book) was that juries who were in the same line of work as the defendant tended to be unfairly harsher then your stock standard jury.

For example, say that in this case, all the jury members were IT networking professionals (yes, I realize in this case one of them did have a CCIE). There's the tendency that all the jury members would think "Well, this guy just brought down our entire industry and did something I would never do -- let's give him [insert harsher verdict/sentence than a standard person would give]"

I know, for example, if I were put on a jury for some guy who allegedly made a botnet and was hiring it out for the highest bidder, I would certainly be giving a very harsh verdict/sentence.

That all said, I can't for the life of me recall what this jury type was called, and my 30 seconds on Google didn't find a result, so please take this post as [citation needed].

But they must have some idea of what they're looking for. It seems unlikely someone thug is going to break into my house or police detain me for 'no reason whatsoever', find an encrypted volume and ask me for the password.

What seems much more likely is that police detail you for suspected tax evasion or securities fraud and go looking for your second set of books. When they ask for your password and open up the volume to find a set of books which are completely legitimate they're going to go "Well, obviously he gave us the wrong password" when in fact maybe you did give them the real password and you've been falsely accused.

But all this just brings you back to the random data vs. encrypted data dilemma. If you give them the duress password and they don't find what they're looking for, they will assume they've been given the wrong password and continue torturing you.

What's even worse is if you're really innocent and give them the "real" password but they incorrectly conclude you gave them the duress password 'cos they can't find incriminating files and continue torturing you to give them the "real" password.