this post was submitted on 30 Jul 2024
478 points (99.4% liked)
Privacy
32159 readers
591 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Always turn your phone off before crossing international borders. And use a >20 char boot passphrase.
You don’t have rights when crossing a border. If you’re not willing to have customs rooting through your data, delete it and restore from backup after you arrive.
The problem is that this also applies within a radius around a “port of entry”. So everybody that lives within about 100 miles of the coast, an airport, or a rail line that crosses a border — which is probably about 80+% of any country.
It is definitely not 80% of the US
Might be 80% of the population of the US.
The US has a decently large area. The larger the area the bigger the ratio of are to circumference
The costs count though, and most of the population lives there.
https://discuss.tchncs.de/pictrs/image/86ce0e08-cac6-4f54-b684-09fb756108d8.jpeg
The circumference is where everyone lives. The area is comparatively empty.
If we're talking about US citizens entering the US, AFAIK they have no right to deny you entry.
Sure, but they can still fuck up your life
Oh, you definitely have rights when crossing many borders. But, of course, it depends on the border.
They can still ask you to trun on and have it unlocked. Refuse and you being an international traveller? They probably will deny your entry.
In the very unlikely instance that happens, fly to the nearest country, make a backup of your phone, factory reset it, then fly back to a different poet of entry
Or just bring a burner phone with fresh international Sim card
This is the real answer.
Flying to China for work/play?
Leave your real phone at home. Take a cheap burner.
No, don't use SIM cards.
The port of entry that originally denied you entrance immediately notes that in the system and you are "Flagged" at all other ports of entry.
Sure, but that doesn't mean the person is going to be an asshole at the other point of entry.
I flew into NYC one time with a joint. They always target me because of how I look, so I got all my shit searched. Dude found half a joint (yeah I fucked up). He looked at me and then put it back and continued the search, pretending be didn't find it.
People in NYC are nice people. Their city doesn't care about weed. His employer (CBP) did, but he made a decision not to fuck up my life over a stupid small thing.
I've also crossed borders in Israel when doing human rights work. Its easier to go by land than by air. The environment at different ports of entry is just different than others.
Don't refuse... Just casually forget
The issue is that customs agents have the authority to refuse you entry into the country for no reason if they so choose. Refuse to consent to a search and you could be refused entry. This includes simply transiting through the airport, as the US requires foreigners to go through customs even for connecting flights (I'm not sure if that's always the case, but it has always been the case for me.) So they can't force you to let them search your phone, but the end result is the essentially the same.
Well, you know when you get around my age, technology gets confusing
They will detain you. I know the US procedure because i was instructed as i worked there as a representative for an overseas company in Europe.
If you're a national of the US they will detain you and hold you in detention to ask you questions. During this time your phone will either be cloned or confiscated to be decrypted at a later date. You will be released after a few hours. They will likely not bruteforce it, but rather attempt to use security flaws present in your device/firmware. They will do the same to your laptop.
If you're not a national of the US, you will be denied entry and flown back to where you came from. This is common practice in a lot of western countries.
What you should do is not carry sensitive information across borders, by using a cloud service to sync at your destination or use hidden encrypted containers in your device. Unless you're involved in terrorism, white collar crime, CSAM or drugs, they will never have people smart enough to find out hidden containers on you.
Even if my phone is empty, I'm not going to give them a password out of principle. And I'm not saying anything in detention. No questions will be answered.
Again if I really need to get into the country, then I'll try again at a different port of entry. Usually land crossings are easier.
if you've flown for 12 hours with all that entails to go to the US (for a reason) and are presented with the choice of unlocking your phone or be denied entry, you will cooperate. Especially if you moved all your sensitive info beforehand.
Nope. Definitely won't violate my standards, even if they throw me in prison.
We are proud ofyour, but your sacrifice will be in vain and not make it to the news. Pick your battles.
You're free to do that, but seems like a good way to be put on a list to be harassed more in the future. You make a cop/border agent feel stupid and he/she will make sure to make your life harder.
The records will show you're trying different ports of entry and if a border guard doesn't like you, you will be selected for investigation and getting off that list may take years. Worse, you can be banned from entry for no reason and good luck appealing that.
Personally i like to treat the customs agents real nice. I call them sir or ma'am, i follow their instructions and i show them a squeaky clean phone and they let me off with a smile at the first port of entry. Being combative with an agent will not change the laws. Moreover if you have obligations to a company, they will not look kindly to this sort of attrition causing delays and will pass you over next time they need someone. This of course means you won't get paid as much (or, depending on circumstances, at all).
I agree with the other poster, picking battles is the way to go.
Dude, if you willingly gave your company phone to a border agent, we'd fucking fire you. We train employees not to do that.
I always say "no thank you" when they ask me to do something I don't want to.
And, yes, protest does work to give us rights. History shows this. Ffs resd the article
I guess your company trains to different standards than my company then. A multi national globe operating company can never afford to fire employees for refusing to cooperate with authorities during border checks. At most it can train them to secure data during border crossing.
If the company i work for did what you suggest, they would fire all their employees in the space of a week or have them all detained or refused entry to countries. They'd lose billions in business. Only a domestic or low volume company can afford having their employees routinely detained at borders in such a manner.
It just doesn't make any sense what you're saying, but you do you bud. All the best.
which borders are they crossing where that's mandatory? Very few countries require this. In most you can just say "no thank you"
Well most recently this year i crossed US borders at the Texas point of entry. I was told expressly to always provide them with my devices, as if i said no thank you i would be denied entry to the US and it would go on the record for future visa applications, which could be denied on grounds of that, thus affecting future assignments. When you get a work visa, you have a time limit to enter the US and if you miss it, you need another. I was told i was completely responsible for any data that third parties could obtain and i would be fired and legally prosecuted if sensitive data was seen by people who did not have security clearance and NDA clearance for the data i was carrying, which border security does not have, even though some US government personnel do have those clearances.
Fortunately my company provided cloud space for any personal or company data i would be carrying and i wasn't asked for anything because i came from Europe and i guess they weren't too suspicious about me, so in the end it wasn't an issue. Nevertheless, i had to take mandatory corporate training to prepare for any immigration interviews and had to sign specific liability agreements for the data i carry since it is highly sensitive.
I don't just work as a liason in the US, but this was the most recent. For the industry i work in, this is pretty standard.
You can say no, but that doesn't mean there won't be consequences, in my case I'd lose my job or lose assignments, which would probably mean I'd be put only on European assignments or demoted to a domestic only position, which would be paid substantially less. So in essence, i can't really say no nor slack on opsec. Being able to feed my family is more important than protesting on grounds of principle for me. Also i could have issues getting to the US in the future, for any reason that may be, since getting a work visa requires grueling consulate interviews and they check literally everything. It's one of the most annoying places to get work visas to, even coming from Europe. It took me one year of scheduling and attending interviews to be cleared for it. I was even asked to provide all my personal social media account handles.
They're trying to pressure you. Cops do this. You have rights though.
I always say no thank you, even if they don't ask my permission. At worst they spend 5 minutes typing on their computer and then they let me through.
It does catch them off guard, but they know your rights. Exercise them with a smile and a thank you. You're making assumptions that cause harm to you and your peers.
aren't they going to ask you to unlock it, or do as they do in China and run a quick scan using their special software?
Australia also
Ohh.. wow.. 🤯
Can I get a source for this?
First time I heard about it was from this youtube channe...called "all things secured" but I don't remember the video , he said police officers stopped him and plugged a USB C on his phone, after a few moments they let him go..
this article discuses the same situation but I'm sure you can find other sources
They can ask. And you can say no. Some countries might torture you, but that's honestly low risk. And for that we have duress passwords.
Special scanning software can't defeat strong encryption with a strong passphrase
https://xkcd.com/538/
Again, rubber hose cryptanalysis is, in fact, defeated by a duress password. We do have counter forensics tools that work against torture.