←back to thread

Ask HN: For the privacy minded, How do you prepare for gadget Border Searches?

17 points OrbitalShotput_ | 3 comments | 03 Apr 25 03:53 UTC | HN request time: 0.594s | source

This is coming up a lot these days in the news- but Customs and Border Patrol have increased the amount of searches they do for travelers coming to and leaving the US. I find this fascinating- because it feels like an area that should have answers -but that there are only some.

With Laptops, one can do things like dual booting, and basic file or OS encryption -so if you are asked to unlock your laptop, you can show someone your OS- and if they decide to do a advanced search, take it and image it- files and items will still be encrypted. Now, this is the sort of thing Veracrypt's Hidden OS would solve without resorting to individual container and file encryption- however that is not a real option these days as that only works with MBR partitioning, not EFI- and nothing else in that space has appeared.

For phones - the situation is messier.

It appears there is no general encrypted profile app or feature one can do in a similar manner, say with steganography features- Sure one could obtain a Graphene phone or the very latest updated Apple or Android device so the Cellebrite or Greykey device can't break into it if you refuse to unlock your password and they take it to image it. If you cooperate and unlock something for them to do a basic search on and then they take it to image presumably- there's a lack of hidden/profile options that are encrypted or steganographically able to hide files in files which would be enough for this sort of thing.

There also is no whole-imaging solution to make a perfect backup, as current backup methods don't include everything, like if someone has apps not covered by a backup or full settings.

And one does not want to unlock the bootloader or Root a phone to attempt this,that would make them easier from a Cellebrite type attack.

For those of you a bit privacy minded who do like to see how private and secure a setup you can do- How do you handle this? This isn't something totally new, but mobile devices are not as far along as computers it appears- and that is something the general public is fully susceptible to.

Show context
johncoltrane ◴[03 Apr 25 06:26 UTC] No.43565515[source]
Like before we surrendered ourselves to "gadgets": simply by not bringing anything that could be a liability.

Random and targeted checks have always existed at borders. They would go through your stuff and move on to the next target if they didn't find anything suspicious. If you had folders, envelopes, etc. in your trunk or luggage, then they would go through them as well so, if you didn't want them to go through your most sensitive stuff, then you didn't bring that stuff with you. It's as simple as that.

But "privacy minded" people had it easy, back then, because they didn't travel with 20 years of correspondance or porn search history in their luggage.

Just leave your gadgets at home if you are worried about what could be found on them.

- If you really need to bring _your_ laptop, then image it anew before leaving.

- If it is a work laptop, then let your employer's IT department deal with the issue. You don't have personal stuff on it, do you?

- If you only need _a_ laptop, then buy the cheapest you can find upon arrival.

- Get a cheap SIM card and a disposable phone upon your arrival.

replies(1): >>43570774 #
1. jlongr ◴[03 Apr 25 15:01 UTC] No.43570774[source]
Convoluted and unreasonable workarounds for a growing police state.

Please don't try to minimize the egregiousness of having your personal documents searched for the sake of security theater.

replies(2): >>43579450 #>>43586019 #
2. johncoltrane ◴[04 Apr 25 08:01 UTC] No.43579450[source]
> Convoluted and unreasonable workarounds for a growing police state.

Well, those are _basic_ OPSEC for people whose life/safety/freedom would actually be threatened by a search ("good guys", "bad guys", it doesn't matter). If the only things threatened by a search are your pride/moral principles, then yeah, those might seem unreasonable.

> Please don't try to minimize the egregiousness of having your personal documents searched for the sake of security theater.

I don't know if that term has been coined before, but "privacy theater" is also a thing, and it is just as grotesque as the other theater.

3. account-5 ◴[04 Apr 25 18:21 UTC] No.43586019[source]
I don't see anything convoluted it unreasonable in the suggestions the OP made. They're based on reality, irrespective of whether you like it or not.