Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Back in 2009, Bruce Schnier described a process to cross borders: https://www.schneier.com/blog/archives/2009/07/laptop_securi...


This is a bad idea for so many plain reasons that I'm not even sure how the author could propose this as an approach. What they're doing is functionally no different form saying "I don't know my password", it just includes a lot of extra steps and some fantasy that the border control guard will be interested in reading a blog post about encryption. Needless to say, don't do this, if you don't want to share your data, it's easier to not take it, back it up and/or transfer it later.


The smart move is to use an unsupervised burner iPhone for your travel with a different Apple ID, sign out of iCloud while transiting, don’t have email and text resident on it, and carry a Chromebook if need be.

Use a Yubikey with pin for access to the online accounts.

I advise all of our executives to do this, because you don’t know what’s hiding in your phone that some prick border dude will take issue with. That group text where your buddy talks about how Luigi was right could be interpreted as a threat.


Yeah, I'm just gonna syncthing it later.


Some comments on that 2009 article.

  [1] Step 6 will probably never happen if you show a border guard or customs official an article about encryption. You will not get safely through customs, you’ll end up on a secret list and get hassled every single time you travel for the rest of your life. As the database you’re in ages (and people begin to forget how it was created), you might be simply barred entry into places you want to go.

  [2] This kind of elaborate setup will make you loose your computer at the customs. They will ask you to boot it up… when you’ll not be able to do that, they’ll will not listen to your story and will just keep the computer.

  [3] The solution you propose will just make you look like a dangerous bad guy to the border guards. They want to inspect your laptop, and you propose to tell them that you’re resorting to extreme measures to foil them. Very bad move.

  [4] Putting yourself in a situation where local police are holding you while they try to extort something from your family is what most people try to avoid when travelling!


My approach is to have a hidden OS. Either via a hidden bootmenu, or better yet transparently boot into a virtualized guest by default. With secure boot and encryption, things can be made hard for anyone to actually examine the drive out of the limited context provided. Requests for more access can be met with confusion and feigning technical ignorance.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: