Is it safe to travel with your phone right now?
Is it safe to travel with your phone right now?
Know your rights, but also minimize your risk.
Get a burner. Browse some boring content with it: few business websites, maybe some sports scores, maybe snap some photos of landscapes and dogs on the camera roll.
Then you have a functional phone and piece of mind. Making the phone feel "lived in" probably isn't all that important, but I think it'd be easier to explain than a factory stock pay as you go phone.
It's kind of crazy that that's where we at. That you have to pretend to have a "normal" phone. I don't remember what it was, but i had a phone i think an oppo some time ago where you could set up a fake phone, depending on the fingerprint. So my right finger was my normal phone and my left finger was the burner phone. I never used it, but i found that pretty funny
I've had colleagues just play the "I don't fucking care if you're sending me back because my papers have a spelling mistake, this is just a business trip" method when US customs/immigration starts acting up. Not sure I'd have the balls to do that now that the US is sending people to KZ camp light for pretty much nothing.
but I think it'd be easier to explain than a factory stock pay as you go phone.
You do not need to and should not explain anything. Don't answer any questions.
This won't stop the cops from hacking into your phone with celebrite, but android has a feature called lockdown mode that will disable facial recognition, fingerprints, and voice ID until your phone is unlocked via PIN. I need to unlock my phone quickly throughout the day, so I use fingerprint - but I use lockdown if I get pulled over or am going through security, etc. It isn't perfect, but it's better (for me) than having to enter a long PIN every time I need to unlock my phone.
Once you enable it in settings, you can take your phone to the power off/restart menu and enable lockdown.
Using Tasker, you could probably disable quick unlock when outside of your house, etc.
I use the grapheneos pin fingerprint combo with a longer password if that fails or bfu.
Do a restart (even if you have to hold the power button for 10 seconds). Because at initial boot state, the contents of your phone are encrypted. Any unlocks after the initial unlock, your phone is decrypted and the key is in RAM. Only a password/pin (no fingerprint/FaceID/etc) can be used to decrypt your data.
In lockdown mode, my understanding is that you're simply disabling biometrics (but not encrypting anything).
iOS has the same thing; press the lock button 5 times to disable biometrics.
You can also ask “Hey Siri, whose phone is this!”
You can also press and hold the lock and volume up buttons like you’re going to power off the phone.
Out of the three, IMHO, the five click of the lock button is the easiest.
But none of that is going to stop them from detaining you until you give them the pin.
US citizens might have it a little easier. But foreigners are certainly going to regret their choices if anyone ‘close’ to the border has an issue with them.
I carry a second phone with nothing on it but pictures taken with my "real" phone and some GPS/Travel apps to look "legit." Some might think it a bit of a PITA but I bulk edit the EXIF data of photos to say they were taken with the "decoy" phone before transferring them over. Granted, I only cross the border between US/Canada and US/Mexico and turn off and hide my "real" phone before entering the border queue. It has only been an issue once and they took the decoy away for all of 15 minutes while I waited in my truck and then brought it back and said "Thank you for your cooperation, have a nice day" and then I immediately factory reset then wiped it again and installed LineageOS to clear any spyware they might have put on it.
No.
It's about USA.
Thanks. I wasn't planning to go there anyway...
It's annoying how the title throws such a general open question and then they don't clarify this at all.. there isn't even a single match for "USA" or "America" in the whole article, you have to sort of guess.
I have to remember to delete all my dank memes before I travel now
Use GrapheneOS and switch to PIN authentication didabling fingerprint auth, especially when travelling abroad.
If I had a phone set up like that, and, say, ICE or TSA took it, what would they be able to get from it? And I know that legally they can't make you give up your PIN, but what's to keep them from just beating it out of you? Cops of any stripe rarely if ever face consequences for their actions, especially in the US.
Pretty sure they can. Or at least, they can deny you entry into the country if you decline to unlock it for them.
If a government has you in the nebulous situation where you technically aren't in the country yet and they want your phone, it doesn't really matter what security system you have on there. You either give them access or go to a black site.
That's why every company of "moderate" size ends up adopting a policy of "DEVICE for foreign travel". You don't take your actual work laptop/phone/whatever. You take a burner (except they hate the term "burner") that can remote in but stores little to no data locally. And you realize that any good remote access software has logic to detect if you are accessing it from a security checkpoint and flag you...
So what does that mean for you, an individual?
- A super locked down device is just gonna get your ass beat... if you are lucky.
- A completely clean factory wiped device? That is going to raise a bunch of red flags (kind of rightfully) and more or less equate to the above
Like almost all things privacy/security related: Nothing is easy if you actually need it. A good friend of mine is a journalist and they semi-regularly do the kinds of stories that get a person "investigated". And the reality is that there is nothing they can do, in software, to protect themselves. So what they instead do is have completely separate devices that are never in the same physical location. So, unless they are communicating with a sensitive contact, they always have a device that "looks real" because... it is. Texts from the partner about a dinner party next week, spam from facebook, etc.
And if they need to access something sensitive while on foreign travel or otherwise unable to get back to their "private" devices? Either buy a cheap laptop at a best buy equivalent or use one of their burner emails/accounts.
If I had a phone set up like that, and, say, ICE or TSA took it, what would they be able to get from it?
Depends on what state it's in. If it's in lockdown mode, nothing. GOS blocks all access to data via the USB. If it's unlocked, everything that's not locked by further authentication.
but what's to keep them from just beating it out of you
Nothing. That doesn't mean you should willingly consent to it.
I've seen this a lot recently. This isn't about what police can do, it's about border crossings. You can be required to unlock your device when entering the country or be denied entry (or possibly worse).
The best route is to have a phone specifically for travel.
I was concerned about this while crossing the border from mexico this past weekend and pleased that they didn’t even ask any questions just to see passport then through.
Its a great article