From julian@julianoliver.com Fri Jul 6 02:38:41 2018 From: Julian Oliver To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [liberationtech] Travel with notebook habit Date: Fri, 06 Jul 2018 02:38:41 +0000 Message-ID: <172289280129.3881296.4476244496086817272.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9024888306056757495==" --===============9024888306056757495== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ..on Thu, Dec 27, 2012 at 07:36:16PM -0600, Matt Mackall wrote: > On Thu, 2012-12-27 at 23:56 +0100, Radek Pilar wrote: > > Full HDD encryption (including swap space and hibernate file) and > > powered down or hibernated (s2disk) machine is the only way to go. >=20 > Expect that if you're a target of state oppression that your laptop WILL > be taken away from you for hours at border crossings. This was a routine > occurrence for me between 2001 and 2006 or so. Fortunately for me, I > didn't warrant the big guns: the customs officers involved usually > reported their techs being completely thwarted/baffled by my Linux > screensaver. >=20 > However, it would be fairly straightforward to take apart a laptop, > install a hardware keylogger inside, and reassemble it in that sort of > timeframe, then recover your key and decrypt your laptop on your return > trip. So unless you have some sort of tamper-proof seals on your laptop, > you can't trust it once it leaves your physical possession. >=20 > Also note that encryption is NOT sufficient. Canadian customs officials > have demanded that I log in to my laptop so they could peruse my photo > collection (?!) as a condition of entering the country and/or being > released from customs. It's easy to imagine much more severe coercion if > the authorities are actually interested in your data. Not having a hard > disk is excellent defense against such coercive privacy invasions but > encryption is not. Since then, I've personally started keeping a dummy, > empty account on my laptop for basic deniability: nothing to see here > but my travel itinerary, can I go now? >=20 > But if the operational security or privacy of your laptop actually > matters and you must take a laptop, I have to agree with Jacob: don't > travel with your data. Same applies for cameras and phones. This is why I personally think it's wise to carry just a skeleton system over the border on a bootable USB stick, with full disk encryption. Once on the other side of the border, securely download the data required (as I said in l= ast post).=20 Sticks are easier to throw away/hide and if your laptop is stolen/seized with= in the country your data doesn't have to go with it - the stick's in your pocket= or in your sock when walking around. Before you cross the border again the stick should be physically destroyed. This is better than trusting data deletion.=20 It can be smart to have a stock standard Windows install on the physical hard-disk that wakes from sleep on lid-open with a picture of you and a dog laughing in the sunny grass. Invite them to browse around and find nothing. Never use that Windows install, of course. Boot Debian GNU/Linux or BackTrack Linux on the stick.=20 I've been extensively questioned at the border on a few occassions over the years /because/ my laptops don't have a Desktop as such, no icons either. Both my arms were grabbed at the Australian border as I reached to type 'firefox' = in a terminal, to start the browser in an attempt to show them a normal looking environment.=20 Terminals at the border are not a good idea. To avoid the machine being tampered with, invest in a solid state netbook and super-glue the shell together. It's not a crime. Cheers! --=20 Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanfor= d.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============9024888306056757495==--