Ask HN: For the privacy minded, How do you prepare for gadget Border Searches?
This is coming up a lot these days in the news- but Customs and Border Patrol have increased the amount of searches they do for travelers coming to and leaving the US. I find this fascinating- because it feels like an area that should have answers -but that there are only some.
With Laptops, one can do things like dual booting, and basic file or OS encryption -so if you are asked to unlock your laptop, you can show someone your OS- and if they decide to do a advanced search, take it and image it- files and items will still be encrypted. Now, this is the sort of thing Veracrypt's Hidden OS would solve without resorting to individual container and file encryption- however that is not a real option these days as that only works with MBR partitioning, not EFI- and nothing else in that space has appeared.
For phones - the situation is messier.
It appears there is no general encrypted profile app or feature one can do in a similar manner, say with steganography features- Sure one could obtain a Graphene phone or the very latest updated Apple or Android device so the Cellebrite or Greykey device can't break into it if you refuse to unlock your password and they take it to image it. If you cooperate and unlock something for them to do a basic search on and then they take it to image presumably- there's a lack of hidden/profile options that are encrypted or steganographically able to hide files in files which would be enough for this sort of thing.
There also is no whole-imaging solution to make a perfect backup, as current backup methods don't include everything, like if someone has apps not covered by a backup or full settings.
And one does not want to unlock the bootloader or Root a phone to attempt this,that would make them easier from a Cellebrite type attack.
For those of you a bit privacy minded who do like to see how private and secure a setup you can do- How do you handle this? This isn't something totally new, but mobile devices are not as far along as computers it appears- and that is something the general public is fully susceptible to.
Bruce Schneier recently reached out to the general community looking for solutions to this as well
https://www.schneier.com/blog/archives/2025/04/cell-phone-op...
Adding context on the image thing-
I have old 32 bit apps for some of my hardware cameras / other devices that attach to Android Phones, that will not be backed up with all their settings, and that worries me as even though I've extracted their APKs for preserve, each install requires reaching out to a server for first activation and one day there won't be a response when the companies that made those hardware cameras end support - and I won't be able to do that first activation which is all they need.
A Full image theoretically would make this a non-factor- but the built in Backup method for Android doesn't do this. This would be the same if had the Apple variant of these cameras. And while things like TWRP exist which could attempt it fully- that involves unlocking the bootloader which is what one does not want when there is a chance of a casual forensic search.
If I had to travel I would just FedEx things to myself at the destination. I like to travel light.
Call ahead to the hotel one is staying at and arrange for the box to show up with the instructions that if travel plans change they are to open the box. Inside will be another box with a FedEx label that returns the box to its origin. Attach a page on the inner box that explains this as well. Sometimes communication is poor at hotels among staff. Attach a coffee gift card to the note on the inside and annotate the card is for whomever is shipping the box back to its origin.
Customs could still search it if they want. It might be less hassel but more risky if it's out of your hands.
Like before we surrendered ourselves to "gadgets": simply by not bringing anything that could be a liability.
Random and targeted checks have always existed at borders. They would go through your stuff and move on to the next target if they didn't find anything suspicious. If you had folders, envelopes, etc. in your trunk or luggage, then they would go through them as well so, if you didn't want them to go through your most sensitive stuff, then you didn't bring that stuff with you. It's as simple as that.
But "privacy minded" people had it easy, back then, because they didn't travel with 20 years of correspondance or porn search history in their luggage.
Just leave your gadgets at home if you are worried about what could be found on them.
- If you really need to bring _your_ laptop, then image it anew before leaving.
- If it is a work laptop, then let your employer's IT department deal with the issue. You don't have personal stuff on it, do you?
- If you only need _a_ laptop, then buy the cheapest you can find upon arrival.
- Get a cheap SIM card and a disposable phone upon your arrival.
Convoluted and unreasonable workarounds for a growing police state.
Please don't try to minimize the egregiousness of having your personal documents searched for the sake of security theater.
You can have the most secure encryption and obfuscation, and it will be useless once they trick or intimidate you into giving up your passwords. The only way is to just not bring anything of importance. Get a separate phone or wipe your existing one of any sensitive things (password manager, personal/sensitive chats, chats or social media that may go against current administration's ideology[0], etc), you can restore things later
[0] https://newrepublic.com/post/192946/french-scientist-denied-...
Just don't bring anything important or sensitive. Buy a cheap phone to swap SIMs. Buy a cheap laptop on Facebook or Ebay if you really need one. What kind of sensitive personal data do you really need to travel with? I would guess most people could transmit encrypted data via web services unless you're a journalist coming out of a censored country or something.
Buy a second hand phone just for the trip. Don't log-in into anything (an Android), and install no apps. Just remember your password. Once you get to the hotel go ahead and install whatever you need for your trip (navigation etc.) You can check most things via the phone's browser, your email through Firefox/webmail, etc. You can install signal and text to your 'other account' at you PC at home any photos/zips/etc. If you are really afraid, you can reset the phone before you get to the airport to leave. Your photos will be waiting for you on the Singal at your home.
My friend does this when they go to the USA
A 256Gb microSD hiddden in luggage with a fully updated MX-Linux installed.
Create a snapshot of the updated system on a MX-Linux live CD including all the programs you would normally use, VPN etc, save it to a usb drive and write that to your microsd card.
sudo dd if=snapshot.iso of=/dev/mmcblk0 bs=1M status=progress
meanwhile, install a new HDD drive on an old laptop. wipe it and install any new linux distro. you wont be using this at all
at your destination, input your microsd card into laptop, change boot order and boot into your new microsd card,
The microsd card leaves no traces, it runs in memory.
A freshly installed Lineage on an older phone.
you wont have to unlock anything, you will have nothing on your laptop or phone
border force can access everything. there is nothing to see!
get a trusted friend to send you any important files via signal or any other encrypted messaging or email service
At your destination, login into your emails and messaging services etc
Everyone can come up with technical ways to backup and wipe. The most interesting question is how you answer questions like "it's clearly wiped/burner, do you have backup accounts, sir, and how you're gonna restore and can we have these passwords?". Because everyone is a hacker hero until faced with the option to lie to border control and get called out either way.
Your worst enemy here is a thought that they are stupid and that you can confidently lie in a tight room, surrounded by police officers. Neither is true.
I might have to look into a live MX Linux. I've been trying to make an iso of my current Kali install for VMs and it just won't work - won't even create the image successfully. And of course Kali doesnt have an accessible image for Kali everything either. Really frustrating.
I would advice caution with that approach. Not only could Linux by itself be "suspicious", a clean OS without any data surely is. Once they have a justification for a deeper search they will find out about the live OS and you will be treated like a terrorist.
A better approach would be to backup your OS and make it available online over SSH/VPN for example. Then install windows or any other default OS on all devices with some amount of believable but not too personal data. Once you are over the boarder wipe all devices and download your real OS and data over the internet to your devices.
Genuine use for an LLM right there
This is a useful and comprehensive guide:
https://www.eff.org/wp/digital-privacy-us-border-2017