- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
You must log in or register to comment.
I carry a second phone with nothing on it but pictures taken with my “real” phone and some GPS/Travel apps to look “legit.” Some might think it a bit of a PITA but I bulk edit the EXIF data of photos to say they were taken with the “decoy” phone before transferring them over. Granted, I only cross the border between US/Canada and US/Mexico and turn off and hide my “real” phone before entering the border queue. It has only been an issue once and they took the decoy away for all of 15 minutes while I waited in my truck and then brought it back and said “Thank you for your cooperation, have a nice day” and then I immediately factory reset then wiped it again and installed LineageOS to clear any spyware they might have put on it.
It’s about USA.
Thanks. I wasn’t planning to go there anyway…
It’s annoying how the title throws such a general open question and then they don’t clarify this at all… there isn’t even a single match for “USA” or “America” in the whole article, you have to sort of guess.
Get a burner. Browse some boring content with it: few business websites, maybe some sports scores, maybe snap some photos of landscapes and dogs on the camera roll.
Then you have a functional phone and piece of mind. Making the phone feel “lived in” probably isn’t all that important, but I think it’d be easier to explain than a factory stock pay as you go phone.
It’s kind of crazy that that’s where we at. That you have to pretend to have a “normal” phone. I don’t remember what it was, but i had a phone i think an oppo some time ago where you could set up a fake phone, depending on the fingerprint. So my right finger was my normal phone and my left finger was the burner phone. I never used it, but i found that pretty funny
I’ve had colleagues just play the “I don’t fucking care if you’re sending me back because my papers have a spelling mistake, this is just a business trip” method when US customs/immigration starts acting up. Not sure I’d have the balls to do that now that the US is sending people to KZ camp light for pretty much nothing.
but I think it’d be easier to explain than a factory stock pay as you go phone.
You do not need to and should not explain anything. Don’t answer any questions.
Use GrapheneOS and switch to PIN authentication didabling fingerprint auth, especially when travelling abroad.
If I had a phone set up like that, and, say, ICE or TSA took it, what would they be able to get from it? And I know that legally they can’t make you give up your PIN, but what’s to keep them from just beating it out of you? Cops of any stripe rarely if ever face consequences for their actions, especially in the US.
Pretty sure they can. Or at least, they can deny you entry into the country if you decline to unlock it for them.
If a government has you in the nebulous situation where you technically aren’t in the country yet and they want your phone, it doesn’t really matter what security system you have on there. You either give them access or go to a black site.
That’s why every company of “moderate” size ends up adopting a policy of “DEVICE for foreign travel”. You don’t take your actual work laptop/phone/whatever. You take a burner (except they hate the term “burner”) that can remote in but stores little to no data locally. And you realize that any good remote access software has logic to detect if you are accessing it from a security checkpoint and flag you…
So what does that mean for you, an individual?
- A super locked down device is just gonna get your ass beat… if you are lucky.
- A completely clean factory wiped device? That is going to raise a bunch of red flags (kind of rightfully) and more or less equate to the above
Like almost all things privacy/security related: Nothing is easy if you actually need it. A good friend of mine is a journalist and they semi-regularly do the kinds of stories that get a person “investigated”. And the reality is that there is nothing they can do, in software, to protect themselves. So what they instead do is have completely separate devices that are never in the same physical location. So, unless they are communicating with a sensitive contact, they always have a device that “looks real” because… it is. Texts from the partner about a dinner party next week, spam from facebook, etc.
And if they need to access something sensitive while on foreign travel or otherwise unable to get back to their “private” devices? Either buy a cheap laptop at a best buy equivalent or use one of their burner emails/accounts.
If I had a phone set up like that, and, say, ICE or TSA took it, what would they be able to get from it?
Depends on what state it’s in. If it’s in lockdown mode, nothing. GOS blocks all access to data via the USB. If it’s unlocked, everything that’s not locked by further authentication.
but what’s to keep them from just beating it out of you
Nothing. That doesn’t mean you should willingly consent to it.
That doesn’t mean you should willingly consent to it.
Rubber hose cryptanalysis.
Most of us wouldn’t stand 5 minutes of torture (I know I’ll break in 1 minute), so don’t start a fight you cant win. This is the border, most of the constitution doesn’t apply, and this was way before this admin, most administrations just wasn’t that insane as the current one, but the law was already there.
So just bring a burner phone and just give them the pin.
(Or just avoid travelling to the US)
I’ve seen this a lot recently. This isn’t about what police can do, it’s about border crossings. You can be required to unlock your device when entering the country or be denied entry (or possibly worse).
The best route is to have a phone specifically for travel.
This isn’t about what police can do
You can be required to unlock your device
Sure seems like it’s about what police can do. And no, they cannot force you to do that.
This article and thread are talking about border agents, which operate under different rules/regulations than you local police officer.
While US citizens cannot be denied entry, non-citizens can if they refuse to unlock their phone. Even US citizens can have devices confiscated if you refuse to unlock the phone for them - https://www.theverge.com/policy/634264/customs-border-protection-search-phone-airport-rights. Because at the border, it’s been decided searches don’t require a warrant.
This won’t stop the cops from hacking into your phone with celebrite, but android has a feature called lockdown mode that will disable facial recognition, fingerprints, and voice ID until your phone is unlocked via PIN. I need to unlock my phone quickly throughout the day, so I use fingerprint - but I use lockdown if I get pulled over or am going through security, etc. It isn’t perfect, but it’s better (for me) than having to enter a long PIN every time I need to unlock my phone.
Once you enable it in settings, you can take your phone to the power off/restart menu and enable lockdown.
Using Tasker, you could probably disable quick unlock when outside of your house, etc.
Do a restart (even if you have to hold the power button for 10 seconds). Because at initial boot state, the contents of your phone are encrypted. Any unlocks after the initial unlock, your phone is decrypted and the key is in RAM. Only a password/pin (no fingerprint/FaceID/etc) can be used to decrypt your data.
In lockdown mode, my understanding is that you’re simply disabling biometrics (but not encrypting anything).
Using lockdown is the same thing as restarting, it puts it into a BFU state.
Evidence/source? My understanding is you inherently cannot go back to BFU (before first unlock) state once you’re in AFU unless you reboot.
Again, I’m not talking about simply disabling biometrics unlock – BFU = your decryption key is not in memory yet (at all).
https://discuss.grapheneos.org/d/14081-what-does-the-lockdown-option-do
this seems to confirm what you’re saying.
Thank you. I say it because I was genuinely asking the person who replied to me, in case I was wrong. In the context of privacy, it’s extremely important to know for sure.
iOS has the same thing; press the lock button 5 times to disable biometrics.
You can also ask “Hey Siri, whose phone is this!”
You can also press and hold the lock and volume up buttons like you’re going to power off the phone.
Out of the three, IMHO, the five click of the lock button is the easiest.
But none of that is going to stop them from detaining you until you give them the pin.
US citizens might have it a little easier. But foreigners are certainly going to regret their choices if anyone ‘close’ to the border has an issue with them.
I don’t have time to read this currently but I will try to later. In the meantime, does anyone know how they are coercing access to these devices? I’ve done a fair amount of international travel and no one has ever asked about any of my devices, much less attempted to gain access to them. It’s my understanding that if you refuse them there’s no legal reason they could refuse you entry.
Obviously, legality is of less concern to this administration but these people should have legal recourse, at least until the facade of civility is completely cast aside.
I’ve worked in IT Security for a number of Fortune 500 companies and saw a guy get fired because he brought his work laptop from the U.S. to China (over a year ago).
This was because there have been documented cases where, at Customs in the airport, government workers can take the laptop, quickly image it, and give it back to you without you ever knowing and they now have a copy of your device.
For the US, my understanding is that citizens can refuse, but if you do they may hold you for some time.
Non-citizens may be denied entry if they refuse to hand over their device.
Iirc. your finger print isn’t protected… a pin is.
But ymmv and ianal.
No.
I have to remember to delete all my dank memes before I travel now
I was concerned about this while crossing the border from mexico this past weekend and pleased that they didn’t even ask any questions just to see passport then through.
deleted by creator
deleted by creator
Its a great article
