the last time this idiocy was going around, companies were switching employees to netbooks, chromebooks, thin clients, burners, etc. when traveling – default install, don’t log in until in the other country, log out or wipe before leaving the other country – this time, the corporations seem perfectly happy to capitulate and throw their corporate secrets (and the employees) under the bus …
Probably because most backup solutions, especially mobile, are inadequate. Telling employees to wipe their phone and having 5% lose their 2FA, important docs, or whatever is worse than the 0.01% probability of their phone being searched.
I’ve been wiping all devices when crossing borders for a decade, but I don’t use big tech (non E2EE) cloud, and the whole process is the most stressful part of international travel for me.
Easiest solution is to do everything on a remote host and just use the laptop or rdp or ssh or whatever works best for you system.
Yeah, Tailscale makes this a breeze too. Just RDP into your home desktop, and the only thing a third-party will see is your (encrypted) connection to your home network.
When you travel, bring as few devices as possible with you. Obviously, you’ll bring your phone with you, but leave your laptop at home if you can.
Last time I travelled overseas I took a burner phone without a calling plan, and just used it as a wifi device at the hotel. I used google maps and “offline maps”, GPS still worked. Used the phone as a camera, and I would have uploaded anything private and wiped locally but that wasn’t necessary.
If anyone at the border had asked, I’d have said it was so I didn’t risk losing my phone, and so work couldn’t call me up and bug me during vacation.
Removed by mod
Taking photos and using a GPS to get around in a foreign country can improve entertainment :)
What about checking it into your luggage (assuming airport)? It’s unlikely that they’ll fish it out and bring it to the security checkpoint just to get you to unlock it. For land travel, maybe mail it to your hotel or something.
That’s better than not having a phone at all.
I guess since most devices don’t have removable batteries anymore, you’d be violating checked baggage regulations as they don’t allow batteries. Not sure what the consequences would be, though.
Don’t they have universal unlocks for suitcases? They can just take a phone / laptop out, disassemble it quickly to clone the hard drive (or sometimes not even that, just power it on and use any of the various Israeli exploits they’ve bought) and presto, you can go on your merry way.
Yes, they can access your phone if they want to, but accessing the data is another story. You’d have to be a very high profile target for them to try attacking your phone, and if it’s off, they’d have to break the encryption. AFAIK, the “Israeli exploits” aren’t magic, and it’s not something they’d even try in a typical airport check.
If you’re really worried about it, mall your phone to your destination, those have a lot less security.
deleted by creator
Here’s what travelers should know: “This site isn’t available in your region | usatoday.com”
Yeah very cool. Also I presume that translates to “We can’t be fucked to care about user privacy enough to comply with GDPR”. And also “We can’t be fucked to know what the EU is”. Because they are blocking access to me here in Switzerland, outside the EU, where GDPR doesn’t apply.
Buy a burner phone. Use a newly created email. Don’t install any of your socials (not even lemmy).
Use only Signal (with messages auto deleted after being read) to be in touch with the really close friends and family.
Don’t bring your personal laptop.
If it’s a longish stay you may install socials a few days after completing immigration. But don’t use fingerprint or Face ID in that case.
The neat part of this is then getting detained for even longer for “suspicious activity”
Hopefully the respective country’s embassy and place of work (outside of work, study I don’t see why anyone would want to go to that hellscape) can step in. Like check in with your significant other post landing when you’re waiting at immigration checkpoint. And if you’re not heard from after that, alarm bells should go off and embassies should be informed.
Sounds like not coming here at all would be much simpler.
Wow. Here is a free guide from the EFF, though it’s from 2017 so I don’t know how useful it still is.
Lemmy doesn’t comply with GDPR either. It’s not really a mark of a bad website, they just don’t get traffic from Europe most likely.
The article doesn’t mention what happens if non-citizens decline, but The Guardian says:
For visa holders and travelers from visa waiver countries, they are at risk of being denied entry if they refuse to unlock devices
Which is really dumb IMO, because if a cop tries that just after being allowed in, then it’s a violation of the 4th amendment. I really hate that.
The law here actually extends to areas near international borders(up to 100 miles) and in principle includes any airport that receives international flights. So, basically everywhere. This occasionally comes up in real cases.
Sort of. The federal government has extra control in those 100 miles, but they can’t just violate your rights.
In their eyes, foreigners don’t have rights.
They don’t in any country, until they enter the country.
If anything they have human rights. There’s also the minimum set of implicit rights that are prerequisite for the concept of eg.: allowing foreigners to request asylum. Now if your country didn’t sign in those conventions, that’s a whole ¿nother horde of issues.
Are you implying other countries don’t have these rules? I would be very surprised if EU countries didn’t have similar allowances for border control, for example.
The US border control isn’t forcing anyone to do anything, people can choose to not enter the country if they don’t like the rules. And honestly, I wouldn’t blame them.
I personally wish US constitutional protections extended to everyone interacting w/ US law enforcement, regardless of where that happens, but that’s not the case.
deleted by creator
deleted by creator
No, use a burner phone. Don’t install any apps, and only have the most important numbers in there, if at all. Use a new mail account with it.
Then you’ll be detained because obviously you got something to hide, let’s find out what!
That’s the reason not to enter the US.
Can you buy a used iPhone 8 to use as a burner phone? It should not raise suspicion.
The photos app can also be an issue imo
I need an android phone that logs me into one fake version of the operating system when I unlock it with one pattern, and another OS when I use my real pattern.
Like a virtual machine kind of deal where the attacker cannot know that there are other logins, or how many. Preferably with some kind of automated system that simulates normal usage so it looks real but boring.
The novel Little Brother by Cory Doctorow comes to mind.
One PIN would log you into your real account, another PIN into a decoy account, and no indication of the other one existing.
That does not exist in the real world.
This is called plausibly deniable encryption, though you cannot hide the presence of the system itself.
GrapheneOS has a Duress PIN feature, which wipes your phone if entered.
It is real on pc, veracrypt hidden partition.
I think it only is truly deniable with a HDD
Opsec level 3:Deniability
http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/index.html
(Note:. onion links should be viewed with tor browser)
My LG G2 from 2014 had that, I’m sure there are current ROMs that support this
deleted by creator
I know Androids can have user profiles which is what you’re talking about. I wish iOS would do the same thing.
OnePlus phones have the system cloner. You can use a different finger print and/or pin to enter a different system with it’s own apps and users.
You can do this on pc with veracrypt hidden partition.
On desktop/laptop I think it only is truly deniable with a HDD. Not sure about phone storage forensics but a Linux phone possibly could work for this. Might try for fun at some point
Opsec level 3:Deniability
http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/index.html
(Note: .onion links should be viewed with tor browser)
That’s where I got the idea! I already use veracrypt like this on my laptop when I travel to other countries.
But it would be dope if there was an android that could do this too.
Brilliant and feasible!
Can’t this be avoided, at least on Android, by simply shutting down your phone? Thought I read somewhere that they lock down everything, even system processes, after turning on again until you unlock it again. Or are you also forced to type the password and let them in?
You have no rights and the ‘government’ in america has to follow/abide by no laws anymore. Whatever you think/know about the us is 100% irrelevant now. It’s a lawless dictatorship
You avoid it by never going to america, or by leaving and never returning.
That’s not true. Most laws just don’t apply until you’re on US soil, which has been defined as after the security checkpoint, unless you’re already a US citizen (I think).
It’s incredibly dumb, but what’s illegal just after the security checkpoint is fair game just before it.
Ha, never thought about that
Is that really the case?
That would mean, they have some “international waters territory” right at every airport, that gets arrivals from other countriesThat would be like…wtf?!
Yeah, that’s pretty much how it works in every country. When you’re in an airport, you’re in legal limbo, where you’re legally not in any country until you’ve passed through security after landing. That’s why movie The Terminal exists (inspired by the story of Mehran Karimi Nasseri, who was stuck in the Paris airport in similar circumstances).
If you arrive in any country and fail to get in, you have to return where you came from or anywhere else that’ll take you.
Border entry is different than self incrimination.
If you are charged with a crime you cannot be compelled to give a password as it resides in your head. However if you use finger prints or face recognition to unlock it you’re SOL.
Best thing to do is get an android and setup a dummy account. use that account when you get off the plane so when you unlock it there is nothing to go through.
Removed by mod
The android comment is because pin/gesture after restart.
Seeing a lot of responses that are wrong because they are talking about what police in the US can do. This article is about border crossing where border patrol can ask you to unlock the phone without any warrant/etc. If you refuse then you can be denied entry to the country (although I believe that is just non-citizens). Not sure if things can escalate from there.
Edit: which means if your phone was off, they’d just ask you to turn it on and unlock it.
The law requires you to unlock it, but as far as I’m aware its legality has never faced a major challenge and there are some civil rights groups who are confident it won’t survive one.
Truth be told though most phones don’t have robust enough security to withstand even a short duration attack from the tools available to law enforcement.
They can force biometric unlocks. That cannot force you to give them your password.
That is in a criminal investigation. They can just deny you entry if you dont unlock.
You also don’t have most constitutional protections until you’re past the security checkpoint.
Depends where you are, some jurisdictions within the US will order you to produce a password in some circumstances and hold you in contempt until you do and that decision has been upheld by higher courts, notably the third circuit.
There are exceptions to most things, yes.
None of it is relevant at the border though, they dont have to do anything other than deny entry.
Except that you can’t unlock an android phone with your fingerprint/face if you just turned it on. The first time you unlock it you have to use your pattern/pin.
Time to setup a guest account on the phone then
GrapheneOS with factory reset. Using boot verification.
This is the $5 wrench, right?
You must unlock your phone for them
You may refuse, and they’ll put you on the first flight back.
And your phone will likely be confiscated and you will be barred entry in the future - definitely worth considering before planning your actions.
If you really need to, go without a phone and buy a cheap one there. Memorize a few numbers and use a single application to handle your communications.
I would probably be detained. I have no mainstream social media, keep no images on my phone and don’t use gmail.
So if you accidentally tripped the device reset by being panicked and entering your pin incorrectly a few times, what would happen?
Could be seen as obstruction, they will likely detain you and send you back where you came from ater a few days or weeks…all comes down to the mood the officer is currently in.
That goes for Americans too I think?
They’ll tell you to unlock it. If you refuse, they’ll deny your entry (if you’re a traveler) or detain you and bully you (if you’re a US citizen)
I have found that guys can use their penis as a fingerprint. Reliability may vary given whatever state of arousal you’re at, but good luck trying to get me to whip it out to unlock my phone.
Ladies, I’m not sure how practical this idea may be for you, but the same concept just might work for nipples as well.
Your device should be private to you, so if it takes locking it using your physical privates, well do whatever you gotta do.
Disclaimer: I’ve only done very limited testing on this, but it actually did work for me.
It actually does work. I still have mine set up from when I tested it. You can also use the fatty bulge on your pinky when you curl your finger.
I do need to be hard though. It would probably work had I set it up with a softy though.
Wtf is this conversation 🤣 Have at it though if it works.
Username doesn’t check out.
Interesting, glad I’m not the only oddball to test such things.
Extrapolating on the results here, one could most likely use any area of their skin as if it were a fingerprint, even perhaps the tip of your nose or your earlobes or something.
Hey, what they don’t know, they don’t need to know. Your device and privacy should be yours and yours alone. Fuck’em
Nose works on my laptop fingerprint scanner, I don’t see why it wouldn’t work on a phone
Somehow I think whipping my cock out to unlock my phone will be frowned upon in most situations…
But not all situations.
Quite true, but of course I wouldn’t expect anyone to do that in public.
That’s like the entire idea, I’m pretty sure they can’t legally force you to undress to unlock and inspect your phone.
My point is; the purpose of biometric unlock is convenience, especially since it doesn’t disable pin/pass. If you can’t use it in most situations, you may as well just use a pin/password. You gain absolutely nothing by setting up your penis to unlock your device…
With relation to border inspections: you get ordered to unlock devices for border security to inspect. If you refuse, you’ll either be refused entry and turned away or you’ll be detained until access is gained (willfully or through cracking tools). The US has demonstrated much more willingness to detain people at the border and hold them for months without charge, so I wouldn’t push it. To be clear; your ‘rights’ against unlawful search and seizure do not apply at the border, even for US citizens.
Don’t store anything you don’t want border security to see on a device you’re bringing through a border checkpoint. Store it on a remote server and retrieve it as necessary.
I hear you loud and clear, the right to privacy has gone to shit.
Meanwhile, you know how small MicroSD cards are right? You could store one of those in a hollowed out coin (which would dual function as something of a Faraday Cage) to carry your data, without carrying any active device.
They can force you to undress for a cavity search. What makes unlocking your phone such a special case that they’d think that was “too much”?
Simple, you just don’t tell them.
They can try all 10 fingers and all 10 toes, but if they don’t know what piece of skin unlocks the phone, what the hell are they gonna do?
what the hell are they gonna do?
Deny entry. They dont have to try anything.
You’re right.
You can also store all your critical data on a MicroSD card and just not even carry an active device.
MicroSD is so tiny that it could be hidden inside a modded hollowed out coin…
Honestly, a USB drive in another bag would be fine. Encrypt it and leave an unencrypted partition with harmless data and you’re good.
Thats a better strategy.
Or backup your device, factory reset, put the backup somewhere you can get it after traveling, keep only enough on it to keep family updated during the trip itself, restore after youre in.
Seize the device and crack it with tools like Cellebrite. Possibly with you in custody in the meantime.
deleted by creator
It only works if you use the same exact spot on the pecker head, so it’s basically as unique as a fingerprint.
Does that 100 already factor in the different states of arousal?
For an additional gender neutral option, your butthole is almost as unique as your fingerprints, to the point that unless you have an identical twin it’s reasonable to assume that no one else shares your specific butthole print.
Sorry, my butthole doesn’t poke out far enough.
Could I use it for facial recognition though? 🤔
What does this mean:
If you’re a green card holder, do your research. “You have to have a good understanding of what the visa category that you’re coming in allows you to do and does not allow you to do,” Heubel said.
Once you have a green card what visa categories could you fall into? I thought once you were a permanent resident and could do whatever you want except vote.
Yup, they seem to be conflating permanent residency with visas.
TL;DR: Don’t enter the US, it’s a fascist oligarchy with zero respect for human rights or privacy.
Would it help to have electronics, phone included, in your checked baggage?
If not, then people might have to consider smuggling their phone through in a brick of coke. Or put it in a condom and swallow it.
When you enter the US, you have to claim your checked baggage as part of the process of going through customs, then re-check your bags if you’re continuing on a domestic flight.
If you have a device in your checked bag:
-
you’re violating the safety rule about not having lithium batteries in checked luggage.
-
if you’re asked if you are travelling with a phone and you lie and say you don’t have one, then if they search your bags and find it, then they’ll have strong evidence that you lied to a federal officer, which is a crime.
You’re allowed to have devices with lithium batteries in checked bags.
When portable electronic devices powered by lithium batteries are in checked baggage, they must be completely powered off and protected to prevent unintentional activation or damage. Electronic devices capable of generating extreme heat, heating elements must be isolated which could cause a fire if activated, by removal of the heating element, battery or other components.
American Airlines will ask you to remove devices from your checked bags is you tell them that you have batteries in your checked bags. Airlines are allowed to have more strict rules than what the FAA allows.
https://www.aa.com/i18n/travel-info/baggage/restricted-items.jsp
Please remove batteries from devices in your checked bags and put them in your carry-on in separate plastic bags.
Sure, airlines can have whatever policies, but while not adhering to them might get you into trouble with the airline, it’s not a legal issue. The TSA doesn’t get powers from that to do anything that they weren’t allowed to do otherwise.
Now, they might lie to you to get you to give them more than they’re entitled to, but that’s a different issue.
-