Its just as risky for a non-American buying from a US company. And despite what others have said, customs can be a point of interception. But it’s not customs you need to worry about, they hand-off to the spy agencies to do their thing when they get a valid order to do so. Example program:
Like others have said though, your threat model is what’s important. And if you are a person of interest to security agencies eg a whistleblower or journalist then you’d be wise to have someone you know make the purchase instead of you.
I’d be more concerned about Chinese products in general, as they have been caught again and again with pre-embedded untargeted malware. Meaning, everyone who ordered that model got a helping of malware, not just those under active surveillance by three letter agencies.
A few examples in this blog entry: https://georgetownsecuritystudiesreview.org/2018/05/23/flawed-by-design-electronics-with-pre-installed-malware/
If you’re not a person of interest though then you are 99.99% safe. You could always reinstall the OS when you get it and ensure the bootloader is locked. Again that would keep everyone except state security agencies out.
Who do you think customs are? All they care about is import duty and illegal substances.
No, but if somebody like the NSA comes along with a request to intercept a specific package, or even a bunch of packages then customs will gladly turn them over. As was posted elsewhere in this thread, NSA has been known to do this in targeted cases and installed software into routers etc. before returning them to customs for delivery.
So it truly depends on whether an organization like the NSA has you on their radar.
You need to touch some grass if you think the CIA is bugging your devices.
CIA isn’t targeting me, but ICE certainly is.
trump gonna thump you
If the CIA wanted to put a keylogger on your phone, it would be customs, the CIA would intercept it at some point, possibly in customs, then put it in the boot loader or on the SSD firmware or something so you’d never know it was there and wouldn’t reasonably be able to overwrite it no matter what.
That probably doesn’t help you though. If you want to be sure you’d have to reflash every bit of the phone, not just the OS.
Customs isn’t the organization that does that. If you’re a target for espionage, someone at the NSA or CIA or somesuch organization will find ways to tap your devices, but they don’t do this to every phone imported to the country. Just consider the sheer volume of data that would produce, and the number of analysts who would need to review it. I wouldn’t assume privacy, though. Act like they are watching everything.
The NSA is already known to have tapped into the fiber optic lines at an AT&T datacenter back in the early 2000’s. That sort of tap would generate absolutely massive amounts of data.
If they did something like that 20+ years ago then the volume & analysis isn’t the issue. It’s whether or not they decide they need to perform mass surveillance of mobile devices.
Pretty sure all your electronics are imported from another country. That what the carrot is complaining about though, isn’t he?
If you’re very paranoid, try flashing a custom ROM to it.
If you’re importing a FP5, just wipe it and put Murena /e/os on it. Then it won’t matter
The fuck kind of question even is this? Customs installing a keylogger on your device? You are not only dumb as hell, but clearly far too stupid for a nation to ever care about you for even one single moment. Congrats on the immunity.
Busy modlog you got there, buddy. 👀
I agree the question is a bit far fetched, at best - but that’s no reason to be mean
Who cares if you can flash the firmware (which will remove any thing that they might be able to do)
“remove any thing that they might be able to do” is a hilariously broad brush to apply to three letter agencies in this day and age that were doing things like this 50 years ago.
I’m not saying it’s realistic that OP is being targeted for such surveillance. But if they are, good fucking luck! Flashing your firmware ain’t going to do shit when they’ve just gone ahead and replaced the chips on your board with their own that act exactly like a normal chip but have extra code that doesn’t get flashed when they don’t want it to.
Well it is true hardware implants and hardware replacements can’t be fixed by flashing but they are detectable and they can only deploy so many of those before everything is a major news story and if you feel that the odds are that high, making one’s own hardware is an option but generally not a good one.
Is this not true? Why the downvoters?
Phones’ modems have their own firmware that gets flashed by the cell provider, so I think spies would target that.
Your threat assessment is way off.
So, you import a phone. What sim do you use? Where do you use it? When do you use it? Who do you contact with it?
All of that is more valuable and easier to get for the police than some sort of modification of firmware or platform as it passes through customs.
If in doubt, flash your own firmware.If this is actually a threat assessment to you, asking on Lemmy is the wrong place. You need people with the same experience that an entire country has at their disposal.
If it’s a concern as opposed to an actual threat, buy some 2nd hand phones from random places and buy some prepaid sims (ideally via smurfs or black market means). And be aware of how you use them
You’ll be fine for now so long as you’re not already a Person of Interest of a three letter agency.
MRW I’m on a list with the CIA and the NRA but it’s the Culinary Institute of America and the National Restaurant Association.
Now that you mention it I may be on the same CIA list (eaten there several times).
There is a difference between customs and immigration. Customs cares about things (and import duties on those things), Immigration cares about people.
As a US citizen, you should be able to just enter as long as your paperwork is in order. (And if Immigration is interested in you beyond the formalities, it means you are probably on some sort of list, and good luck to you!)
Customs will care mainly that you are only bringing in personal goods, and not commercial goods you intend to sell. They will also care if you buy any goods abroad to take back, because you may owe import duties. So they will not care about your Fairphone unless you bought it while in your trip abroad. In normal times you will have an exemption that allows you to bring in some amount of goods duty-free but the world is all topsy turvy now so I would check what the duty-free allowance is before coming back.
They are used to people bringing phones, laptops, camera equipment, and other expensive personal effects with them on trips. They won’t care unless you have a lot of things, and they think you are not being truthful when you say none of it was purchased abroad in that trip. Having five phones for one person would be a red flag, for instance.
I bought my Xperia from German Amazon since it’s not sold in the US. Had 0 problems.
