Yes, more info will come out about how this is mitigated but the TLDR is you want to 1) Alert authorities 2) buy time 3) have a smaller decoy amount available to negotiate 4) keep this security data private and secure, until an alarm is triggered which will then provide specific information to the authorities.

Remember, this is in the prototyping stage, so all feedback is valued and welcomed.

I am also responding as the dev, not the founder / CEO / CTO - so my understanding is my opinion, as someone closer to the company 🤝

“For detecting physical attacks outside of customer action, we have multiple triggers, such as a duress PIN being used or the integrated node going offline, and other duress heuristics, with eventual integration with cameras, door sensors, drones, etc.

Any of these triggers results in our monitoring team making a phone call to the customer and checking for a verbal password. If we can't reach them, or the incorrect verbal password is given, we contact emergency services by routing encrypted location data over an API using TLS, which terminates in a server TEE such that the location data is never exposed to Vora, which can be verified by users with remote attestation prior to providing the encrypted location data to the TEE.”