"Locking down" is almost always a bad approach when it comes to border crossings. You have very little rights at the border, so keeping your phone locked and refusing to divulge the 20 characters password isn't really an option. Even without the threat of detaining you, they can refuse entry (if you're not a citizen/permanent resident), or seize your $1000 phone/laptop. Far better to wipe your phone and restore from backup after you've crossed the border. The article does make a good point that you should seed your wiped phone with signs of activity so it doesn't look freshly wiped.
I used to do this but these days I’m petrified of the restore being imperfect in some way.
I use the he.net app for TOTP. Will I get those back in working order?
I have a billion photos I want to keep — were they properly backed up to iCloud?
My mail settings are a pita to recreate. Will those come back?
Are passwords stored in the Secure Enclave? Could I lose those?
When I sign back into iCloud am I going to be able to use a username and password, or is it going to require me to approve the login on my laptop — which I left at home — as a second factor?
WhatsApp, Signal — how much is tied to my physical phone and/or any key material unique to the OS — material that is irretrievably lost, by design, when it is wiped.
I think really the long term answer is to stop using an opaque, closed source iPhone. Maybe some time in the next five years one will emerge that competes with Apple’s quality? Until then, every border crossing is going to risk handing over a huge part of my life to ICE because I can’t risk losing anything in a backup/restore hysteresis loop.
Post.: Another future direction would be for iOS and apps to recognise this as a common use case and provide guarantees about what is and what isn’t restorable after a wipe.
There’s also a conflict here between wiping data so that it is irretrievable and wiping data to later retrieve it. If you wipe with the intent to retrieve I can believe that immigration will just detain you until you restore your phone so that it can be searched.
Your phone could become damaged and inoperable every day. From dropping it in the toilet, being stolen, a house fire, etc. If you're "petrified" of losing your data, it's worth the work to ensure your data backup procedures are adequate.
You’re right, but also I know I have enough backed up to survive a catastrophe. What I don’t want to do is to test my backup in a non catastrophe situation and invalidate all my TOTP, WhatsApp history, mail settings etc. just because I wanted to test disaster recovery.
It feels like buying a fire safe (phone and app backups) without any kind of understanding if it works then burning your house down to see if it works. I want a fire safe (phone and app backups) that is up-front with guarantees it works!
I should have said this by the way: for a long time I did wipe my phone when crossing borders, learning the hard way all the little details that don’t quite work properly when doing a restore from backups.
Analogies only go so far. Going to the store, buying gasoline and rags and a lighter and then committing arson and burning my house down is maybe a little bit different from sitting down for a few hours with my laptop connected to my phone.
I've spent the last month and a half building an encyrpted backup system I could sleep peacefully with, independent of tech giants that secretly compromise you. I'm almost there but it's not easy for a lot of reasons you mention and more.
Ultimately it's not enough for individuals to spend this effort for themselves. We need a self-managed option that is nearly as turnkey as iCloud. A distro with it built from the outset.
Yes. You can restore your icloud backup to another target iphone without wiping the source iphone, as long as the target iphone has enough storage capacity.
IMO if you are so concerned about it, then just buy a second phone, and leave the "first" phone at a family member, or at least someone that you trust. If something fails to restore, just call them to read you the OTP code or whatever.
This is an issue I face- I have a collection of thermal cameras that use apps to control them- after every install onto a phone, they then reach out t oa server to authenticate.
Here's the issue- though I have a few older phones- these apps are 32 bit ones, so no modern phone after Android 13 will run them. And they are all now not on the app store anymore,as they all came out about around 2016. i did use a APK extractor to pull the APKs to store them - but the native backup functionality wouldn't capture that authorization in the future, I might rob myself of my ability to use some extremely expensive, and long-term invested capable hardware, by backing up and restoring-
I suspect a full image would solve this problem, but I don't think one can do that outside of things like TWRP- but that requires unlocking the bootloader, and if you do that it wipes your device- AND is more vulnerable to Custom's usage of Cellebrite and etc, to my undertanding.
I don't have this issue with laptops ,as I can fully image them and wipe and restore ahavend have a perfect replica/ no issues. But my thermal cameras do not run off of PC and th eform factor wouldn't work if they did
> I’m petrified of the restore being imperfect in some way.
A lot of this is from anchoring important things to your phone. I practice, and strong recommend, avoiding that as much as possible. Your phone should be entirely disposable. If you drop it in the ocean, would you care (other than the monetary loss)? If yes, find way to detach those things from the phone. There should be nothing important on a phone.
So be it. I used to say that the reason I valued my privacy was not that I did not trust my government _today_, it was the fact that data would be available to every potential authoritarian government _tomorrow_.
Welp, today has become tomorrow, and yeah, I'd _absolutely_ rather just have my devices seized than have the contents of my phone dumped into a database that can be searched without a warrant, for the next 15 years.
Rights (like the 4th amendment) that are not exercised are not upheld. I'm sure the threat of having one's devices stolen (let's be clear, that's what this is), is enough to deter many people. For myself, my next course of action would be to contact the ACLU and sue the government for violating the 4th amendment.
Having your $1000 device stolen by the government as an acceptable outcome is something only a fatcat on HN with their cushy salary would be able to tolerate. I'm not a FAANG employee, and don't make that kind of salary. Loosing a $1k anything would not be something I could just shrug my shoulders and just turn around and immediately replace it.
Even if you do sue the gov't, it'll be at least a year before any kind of resolution that results in the return of that device. Them keeping my phone would be one thing, but if they also kept my laptop, I'd be screwed. My laptop is much more than $1k, and there's no free laptop with contract cell service I could use to replace it. Now I'd be without a means of working.
These kinds of situations make me really yearn for the days of replacing the internal hard drive of a laptop. I could swap out my daily use drive for a travel drive, which would be much less of a hassle than the options on offer for modern laptops.
My Lenovo from last year still has non-soldered NVMe drives. I would probably just install Windows on a separate partition and set it to boot to that, then install a few games and set my Chrome homepage. I bet CBP won't be mucking around with bootloader settings looking for Linux, and even so it would be pretty trivial to just remove GRUB from the EFI partition for the travel days.
This is something no on discusses but I've wondered heavily- GRUB can be made to not show a menu and then boot up Windows automatically, in like a second or two with no one the wiser. [There is an obnoxious welcome to grub message that pops up now but I see a public project out there that solves this very easily called GRUB shusher]
I don't know if other bootloaders outside GRUB have a silent/hidden start option, as well in a similar vein that would require you to hit a key in that first second to get the menu to appear, or else it just boots up normally
I wonder about the other approach, just going into the BIOS nad changing the order so Windows boots first, which should be doable in some setups. Lock the BIOS with a password, and you're in not bad shape. (Not sure if Secure Boot being enabled could also help here - probably couldn't hurt)
My approach would be to rename the Grub EFI image to something silly like "HP Windows Recovery", then set Windows to boot first. Someone could smash F11 then select the recovery option to make sure it was really recovery... but the average Keystone Kop at CBP would probably not figure this out. In fact, I think they would just turn the machine on, see it start to boot Windows, shrug, and turn it off again. If they image the machine, they can find that it has Linux with forensics, but I really struggle to imagine anyone caring enough to chase me down after the fact.
I am a US citizen though. The only real goal for me at CBP is to avoid secondary at all. I'm not worried at all about them coming for me after I leave the airport. If that sort of stuff starts to happen... I am screwed anyway. They can find records of everything I've said by just compelling US companies to disclose it to them.
Any examples of the silent GRUB setup? Sounds interesting.
I left a comment about Veracrypt offering the Hidden OS feature, with two passwords - one for the dummy OS and one for the real OS. However it doesn't seem to be supported anymore on Windows 11 or modern hardware, the option is greyed out on my laptop with no explanation.
>Welp, today has become tomorrow, and yeah, I'd _absolutely_ rather just have my devices seized than have the contents of my phone dumped into a database that can be searched without a warrant, for the next 15 years.
You're totally ignoring the option of wiping your phone prior to crossing, and avoiding both fates.
>Rights (like the 4th amendment) that are not exercised are not upheld. I'm sure the threat of having one's devices stolen (let's be clear, that's what this is), is enough to deter many people. For myself, my next course of action would be to contact the ACLU and sue the government for violating the 4th amendment.
This already has been litigated, and the courts have affirmed CBP can deny entry or seize your phone. By all means, try to affect change by writing to your senator or whatever, but displays of civil disobedience is mostly pointless. ACLU won't even take on your case because it's been settled, and the chance of it being overturned is slim.
My company gives burner phones and laptops for employees and salespeople traveling to countries with agressive borders. USA is on the list, together with Israel, Iran and a few others I can't remember now.
fascinating! Where are you from? I'm in the US and for employees going into China, best practice has been to issue them burner phones and laptops for the trip for decades at this point.
I've been to Shanghai multiple times. Every time the border check was quick, efficient and uneventful. Unlike JFK where it's a 2h wait almost every time wiht 'random' extra security.
And maybe remove business critical or private data from "well known" online accounts or cloud services well known to US or from US or the one they might force you to give them access to - or the account where it might be trivial for them to show you have an account and then they might demand access. I know the article says they won't ask you for cloud accounts but I mean who the hell knows (esp. in today's USA), they might as well ask you to give access to iCloud Backup/restore because as you said they have close to or exactly zero rights there.
This 100x, last time I crossed a border I shutdown my phone and because my phone was off the border guard considered that suspicious. Also apparently not using google maps is considered suspicious even if you're in an area you've lived your entire life.
I would definitely come across as suspicious to any border inspection. I have no Google apps, I have no social media apps. I have very few apps at all. I definitely qualify as someone that would be the type to wipe their phone. Also, my photos would definitely look like something someone staged to show activity, as the vast majority of my photos are of my fur babies. I don't do selfies, so that would be sus too. My browser history would also appear to them to be wiped, because I simply do not browse the web on the phone. I doubt it would be a quick conversation of me convincing them I'm really just that boring.
A dual password "Hidden OS" feature like Veracrypt offers, or at least used to offer would be best. If implemented correctly the existence of the hidden OS can't be proven, and a dummy password would log into a dummy OS. I don't think it exists for phones, but is surely a gap in the market.
if they're really out to target you and they've got you under investigation, then maybe they know what your primary email account is and that your phone isn't signed in to it. but the advice here is for the traveller who just doesn't want to be hassled at the border by the guard who wants to flex their power.
Does anyone more knowledgable know if US citizen 5th amendment rights still applies at the border, i.e. I can't legally be compelled to unlock my phone at the US border? Law is not my area of expertise at all. (The article might have addressed this but it's behind a paywall.)
The ACLU has authoritative advice [1]. The article about electronic device searches [2] explains that the government claims the right to search devices without a warrant at the border.
> U.S. citizens cannot be denied entry to the United States for refusing to provide passwords or unlocking devices. Refusal to do so might lead to delay, additional questioning, and/or officers seizing your device for further inspection. [...] If an officer searches and/or confiscates your laptop or cell phone, get a receipt for your property.
If your device leaves your sight for any length of time and later returned, consider it compromised. It is now to no longer be considered a friendly device. If you're paranoid enough that is
First, it's the fourth amendment that protects against unreasonable search. Fifth amendment is protection against self-incrimination.
My understanding is that fourth amendment protections effectively do not apply at the border [1] because the border is inherently a reasonable place to search people.
In regards to being compelled to unlock your phone, CBP maintains the position [2] that in order to uphold their duties they're inherently able to compel you. Anecdotally, if you don't unlock your device, they may (a) confiscate it (and possibly apply all sorts of cracking tech to it), or (b) refuse you entry. That said, a random law firm [3] cites that you can withhold a password-based lock, but CBP can compel you to provide biometric unlocking [3].
To me, this is a case of https://xkcd.com/538/ ; you may have a legal basis to refuse, but in the current iteration of the administration I find it unlikely that it would be a positive experience if you were to stand on it. (Not that CBP is going to beat you with a pipe wrench, but if they want in your phone, they're gonna get in your phone.)
(US citizen, attorney, detained for 90 minutes as punishment for asserting his rights and refusing to unlock his work phone, which contained privileged attorney-client communications).
Your link was specifically about the borders, not necessarily about airports. This link is specific to airports. (I came across this link from your link. Just providing the direct link)
It's my experience that once you get sent to secondary they have already decided to fuck you, they are just deciding which flimsy excuse they will use to do it. My totally non-legal conjecture (and livid experience) is if you are a citizen they will play mind games with you in secondary or a holding cell for hours to a day or so and then eventually reluctantly release you after muttering threats about revoking your passport and/or not letting you in.
