Hi all,
I am travelling soon to the US, for my vocation and as a long-time private person I will be taking some steps to maintain my privacy as I enter the country.
As this is an interesting area of the topic, I have decided to throw the question open to all of you.
What precautions (IT, physical, mental, otherwise) do you undertake when travelling internationally?
M.
Burner phone. Cheap laptop with nothing on it (like a Chromebook). Burner Gmail address and birbsite profile in case they ask you to log into your accounts. Remember the 100 mile border zone.
Imagine you’re visiting a dystopian country with ubiquitous surveillance and a non-zero chance to be thrown in jail without due process, because you are.
When dealing with the police, be very, very careful what you say to them directly. Be polite, be patient, but be pithy.
And don’t be black, make sure to generously apply white face
Are you an ambassador or dignitary? No? Don’t worry about crap, take the same precautions you’d take when visiting any other place you’re not commonly in. The United States isn’t a hell hole, despite what libertarians like to fantasize.
Yes, maintain whatever your normal security posture is while traveling.
Use burner devices with no access to personal stuff
Do not even bring your own electronics (phone, laptop) as it can be destroyed, stolen or lost by customs, TSA, and the airlines respectively.
Pay in cash, wear sunglasses and a covid mask, VPN and limit personal data on devices.
Either bring a burner phone, or make sure you disable biometrics before you land. You could also consider wiping the phone and then restoring from a backup later on.
Also, learn about your constitutional rights and any relevant state laws (e.g. the CCPA in California). You probably won’t have to mention them, but they’re good to know.
Soooo the data on your phone isn’t gone because you delete or reset the phone. You literally need to write a blob of zeros or random numbers to fill the space again.
And even that is questionable as there are areas of the storage you are not allowed to write too – and those areas could contain identifiable data like contacts, SMS, etc…
Just a FYI
Not quite true for phones or anything with SSDs with trim enabled - in most scenarios the data is unrecoverable except for tiny fragments or if you go through some huge effort of pulling the flash chips out and also are lucky, true enough for memory cards or spinning disks though.
On Android for example, trim only runs every 24h, if the battery is above a certain charge level, and maybe some.other conditions. So it’s not entirely bulletproof either. Recent things can be recovered.
Definitely not bulletproof - but unless they’re after you specifically, and this is the only avenue remaining, the cost of attempting recovery and the risk of alerting you that they are in fact after you, when in the vast majority of circumstances it would yield very little, one would think there’d be cheaper ways to get your data directly from cloud providers or through other, more traditional methods.
Then again I could be naive about this.
Don’t
You know those movies were the main character blinks and their stuff gets stolen? That’s pretty much true in some of the cities.
Also if someone is asking you for gas money, help at the atm, trying to sell you something random - leave.
Bring your own router. Don’t plug things directly into the ethernet jacks in hotel rooms. Plug your router into there and connect to it instead. If you can then VPN into your home network, even better.
DD-WRT is fairly easy to set up and has VPN support. I recommend using Wireguard as opposed to OpenVPN due to efficiency, ESPECIALLY WITH CHEAP WEAK ROUTERS.
I mean, it’s a huge difference from my tests. With OpenVPN I hit 100% CPU usage on my Cisco Linksys WRT160NL at just 5Mbps. With Wireguard I was doing 25Mbps with just around 20% CPU usage (reported bytop
, not webUI).
A lot of the comments here are straight up nuts. Do what you do at home. If that’s a VPN, go for it. If you rawdog it, whatevs.
Https is on almost everything at this point, so just be smart like normal.
I doubt anyone cares enough to bug you that much.
What you can do is setup a VPN to your home at least. From their it is the same as you always would.
You weren’t kidding, holy shit. Like, I understand wanting to make sure that your privacy is protected at all costs, but at the same time some of these suggestions sound straight up tinfoil hat.
The US is not some fucked up dystopian police state where everyone is “out to get” the next person they see on the street (but I’ll wholeheartedly agree that some parts are absolute shit). No, there aren’t cities where if you blink all your shit’s gonna be stolen (parts of some, sure). In fact, most people will actually actively try to lend a hand, the worst that might happen is a total stranger ignores you when it’s obvious you may need help with something.
Idk, as an American who’s travelled the US quite a bit, I guess it kinda pisses me off when I see generalizing statements like those. Just like it would literally anyone else.
Edit: if you’re truly worried, why not just stay home or something?
Here are some helpful links from the EFF (Electronic Frontier Foundation) on the topic:
https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices
https://www.eff.org/files/2017/03/10/digital-privacy-border-2017-guide3.10.17.pdf
https://www.eff.org/files/2018/01/11/border-pocket-guide-2.pdf
https://www.eff.org/issues/border-searches
I’m sure there’s more that I haven’t put here, feel free to sift through the search page
Having lived in the U.S. my whole life, (and this doesn’t speak for everyone), it’s not the dystopia people make it out to be all the time. In fact, people will likely judge you for wearing a face mask. If you care about hiding your face, sunglasses and a cap is enough. Remember to be reasonable with your threat model!
Anything email or text related on your phone should be printed off. If you hand the border agent your phone they will take that opportunity to read your recent texts and emails.
They don’t have time to give a shit about each individual that goes through customs
I’ve never seen this, but I still get physical boarding passes every time. At most airports, you just scan your phone and the agent waves you on. However, if you hand a police officer of any variety your phone, they can attempt to access whatever they want w/o a warrant, which sucks, so it’s not really a risk worth taking when you can usually print a boarding pass at a kiosk.
It happens frequently if you’re bussing into the US. Using a poor person’s method of travel makes them very suspicious
Ah, makes sense. My coworker is from Mexico, and he says it’s best to either walk or drive into the US, don’t take transit.
Encrypted personal devices, and VPNs, mostly. It’s really difficult to maintain real privacy when travelling through customs, the best I can do is make sure my persisted data is safe, and my internet traffic is obfuscated.
How do you have that pen drive setup? What are you using to encrypt that drive? If it’s a third party encryptor, do you have the encrypt or install file downloaded on that drive also? Basically, what’s the process to get back up and running again?
I use VeraCrypt to encrypt the whole partition, with a password. I then have on the encrypted partition a backup of my phone contacts, as well as a restricted access wireguard config file pointed at my server. That server hosts VaultWarden, where I can log in with an additional password, and download a wireguard config file with higher access. I then connect using said higher access VPN profile and can download phone backups, access a VaultWarden account with my actual logins, etc.
Guessing you’ll take a burner phone? On arrival and Dep in Aus they can demand you open it and they can search anything. If you refuse they quarantine your phone for 14 days and prob use some Israeli software to access the contents
Last time I completely re-flashed my phone and only loaded it up with some “travel” accounts that were very basic. It was quite a lot of hassle, though.
This time I think I will just sign out of and delete any cloud services/accounts of concern (including my password safe) from the phone. I will sanitise it of anything I don’t want getting into anothers hands.
Once I am safely across the border I can re-download/install what I need.
and prob use some Israeli software to access the contents
wut?
https://en.m.wikipedia.org/wiki/Pegasus_(spyware)
Not quite how that one works, but I believe that was the intended reference.