Not using 10% of the SSD leaving it for provisioning is a-must, but, “not using” 90% of the SSD would raise question marks above anyone’s head, especially those with the 3-letter badges on the uniforms.
So I’d rather hide whatever it’s possible in those 10%, meaning would bring with me only what is really necessary most likely on a second disk labeled “for travels”, while leaving the main one at home…
Dear Emily
I reed about this not just on this forum but on many other.
What I do not understand is why do you want to travel with you PC across the border? why?
For example:
Let’s say that you are AAA+ Hacker and you have everything on you PC.
Informations which could bring you in prison if somebody sees it. For sure.
Which logic tells you to take this information across border?
I could not comprehend this decision.
I tell you what would I do:
I would take this disk and clone it, few times.
Then I will send it with a post.
Now you are thinking that they can inspect this disk on custom/border.
Yes they can.
But you do not write your origin and destination address. you send it with fake name to some mailbox which you can see/control, but not directly yours.
Now you think this is the stupidest idea on the world, but I will tell you something:
Darkweb, drugs, how do they do it? With a local post 
Maybe this is not enough.
Print ones and zeros to a paper, randomize it with encryption and then post it on some forum.
Did you see this: Voynich manuscript - Wikipedia . 500 years old and nobody cracked it.
I think this is my favorite:
https://www.reddit.com/r/codes/comments/km0793/mysterious_message_hidden_in_images/
You buy yourself some camera and microSD card, put your text in pictures, and save it on SD card.
If somebody asks questions, you are a photographer.
They can clone your SD card but there will be only a picture.
Pixel position and color of pixel is your word. So you need a coordinate system, and some brain wallet.
I think I can write without stopping, so I will stop now.
…
In last 20 Years I visited 20 countries, some in EU some oversees, but I never ever took my main PC with. never ever.
my PC is safe at home, and if I need some information (and I almost never need it), I would connect to my PC remotely and read the information.
I know you want to safely travel, I want it too, but you can forget about it.
I know I sound like a pessimist, maybe I am, but I never bring compromising infos with.
And you should never do it.
If you could give a example why you want to bring you PC across border, maybe I can help you.
It does not have to be publicly on this forum, you can contact me private.
p.s. for admins and mods: this is my opinion, and I do not want to troll or something like that.
Like I said, this is only my opinion.
@slcoleman And how does the outer partition table prevent the outer OS from overwriting the inner OS? I believe that’s a fundamental issue that is hard to solve.
Anyway there’s ongoing scientific research on this issue. I e.g. recall some research on a probabilistic approach that doesn’t have that partition issue at all. Also, most current approaches appear to use some in-RAM boot disk to unlock the hidden data. This is supposed to help against forensics that attempt to find traces of you accessing the hidden data.
Btw these kind of approaches essentially rule out Qubes OS entirely as it doesn’t run in-memory or from external media. Tails or something like that would be more suitable.
In total I don’t believe that this issue should be solved by Qubes OS, but more likely by some standard Linux software such as dm-crypt. If such a tool becomes standard, there’s also no issue in plausibly having it.
An example of academic research: Artifice: A Deniable Steganographic File System | USENIX
Unfortunately however such academic research usually doesn’t produce usable and well-maintained software.
Also, it was already discussed on this forum multiple times that not having anything with you at border control is the best way to hide stuff (on the Internet or so). If the Internet is censored in the country you are trying to get into, you may consider steganography or hide the relevant data on some small SD card or so.
Exactly.
Another option is to just use another disk with a detached luks header and replace it with an unsuspicious disk on border crossing. Print out the header in some strange code and take it with you as paper or send it as postal mail. On border control claim that you bought the random data disk on ebay because it has more storage, but you didn’t get to putting it into the laptop yet.
And so on…
+1 for this, that’s why i dual boot my laptop, even tought it’s not recommended, i’ve applying encrypted boot and detach header, so that would be safe. secure qubes in home to store sensitive data is enough for me.
but i’m still curious about the opal technology, what the drive tree looks like after applying that? if someone could provide before and after luks decryption, i would be grateful
But trying to “smuggle” encrypted whatever greatly increases the risk, as even written there - so don’t do it - that was my point, because YOU HAVE TO LIE, which makes “attack surface” bigger. Remember the concept - keep it minimal? Find another way to have it on your destination,
When you go online - say goodbye to your privacy, that’s why you have to use Qubes and dispVM (meaning not to bring online anything with you). Same is for real life. When you go out of your home, don’t bring your privacy with you (on a laptop or on a cell phone, among other things) otherwise say goodbye to it.
Once arrived, I 'd ask my sister at home to send me key file over secure channel.
Thanks @slcoleman and @enmus to point me as a rude guy ! Just kidding, no offense ^^
For the border crossing, enmus just quoted how it’s done by a security professional (one of the creator of Qubes), and many examples have been given : you don’t need to hide or deny what you don’t have at first.
I’m still interested about the OPAL drives cause they have plenty of applications, but I’m wondering if that would also work as a non-boot drive (ie secondary) ?
I’ve (quickly) read a bunch of pages from the 2nd PDF and it is not clear about that : it’s talking about boot sequences, but also that it can be manipulated with ATA commands, so dunno.
One interesting thing though, if I understood well, is that : in order to boot the shadow MBR, “PC firmware and configuration → MUST not have changed” (p 12-6).
Am I thinking right that using a drive like that would prevent BIOS/UEFI tampering (provided it’s clean prior to the disk setup) ?
| tripleh
March 16 |
- | - |
@slcoleman And how does the outer partition table prevent the outer OS from overwriting the inner OS? I believe that’s a fundamental issue that is hard to solve.
Each OS does not necessarily even see the other partition because the MBR contains the partition table. With the shadow MBR you get a shadow partition table for free. If it’s not a formatted partition you won’t be writing to it will you? Well yes, “sudo dd of=/dev/sdb” would do it if you tried, but why would you do that?
The inspector would first have to add a partition then format that empty space thus wiping what you are trying to hide from him, which is likely a lot better than him discovering what is actually in it. You might still be able to unformat it depending on how much they write to it. But why would they do that? Just to watch for the expression on your face? And try to guess if you are guilty by how much you squirm as they hit the enter key? I doubt it. They may try to dump that missing partition to some media to examine it later, but it’s SED encrypted and possibly software encrypted on top of that. Believe me, they are not reading that data.
In any case I think it’s fine for the Qubes system to see the fake OS system for doing maintenance by mounting it on an AppVM, but the reverse is not to be trusted. And you especially would not want dom0 to be mounting anything that someone could have tampered with. So with that thought…
If you made that fake OS partition also read-only and loaded the OS directly into ram like a live DVD and then set up a COW file system over it you could even hide the fact that it is a read-only partition. The inspector could easilly install all their sooper-secrit specialized spyware successfully to disk which would just disappear upon the next reboot! You might even find a way to squirrel off a copy of the COW fs containing their spyware for forensic analysis later. Effectively Spying on the Spys. Genius!
In total I don’t believe that this issue should be solved by Qubes OS, but more likely by some standard Linux software such as dm-crypt. If such a tool becomes standard, there’s also no issue in plausibly having it.
Yes, but if they notice dm-crypt on your system they will make you unlock it, so no, it’s not really encrypted from their eyes. They will lock you in the back room until you provide the key to unlock it, and when that fails they get out the monkey wrench. That is kind of the whole point of my exercise here, making the OS itself an Invisible Thing™. 
Opal SED drives are amazingly flexible for many different use cases. They don’t just do encryption. You may already be using one.
| zithro
March 16 |
- | - |
Thanks @slcoleman and @enmus to point me as a rude guy ! Just kidding, no offense ^^
For the border crossing, enmus just quoted how it’s done by a security professional (one of the creator of Qubes), and many examples have been given : you don’t need to hide or deny what you don’t have at first.
I’m still interested about the OPAL drives cause they have plenty of applications, but I’m wondering if that would also work as a non-boot drive (ie secondary) ?
Out of the box any Samsung SSD will work as an Opal compliant non-boot drive. You just add an OS if you want one, but you first need to learn how to manage keys and create ranges on the device. Basically you create a range, encrypt it, and then format your partition into that space. Growing partitions may not be possible, I have not played with that.
I’ve (quickly) read a bunch of pages from the 2nd PDF and it is not clear about that : it’s talking about boot sequences, but also that it can be manipulated with ATA commands, so dunno.
The tool to use is sedutil or msed. I don’t remember which tool came first/second. One of them will likely come with your os distribution and just needs to be installed.
One interesting thing though, if I understood well, is that : in order to boot the shadow MBR, “PC firmware and configuration → MUST not have changed” (p 12-6).
If you create a small partition at the beginning of the drive you may have to count cylinders so that you start the next partition on the MBR partition table in the right spot. What we did was create a partition on the regular MBR, unlock the shadow MBR and then repeat the same partitioning on the Shadow MBR. After that you format that space and install the first OS (if wanted), or data, and then with the shadow MBR still unlocked create and format the second partition. Once you cycle power that second partition will no longer be visible until you unlock the shadow again. Someone quickly examining the drive will see the data in the first partition but won’t even see the second partition. They will see it only if they get their hands on the machine with the MBR unlocked and still powered up in the machine.
Am I thinking right that using a drive like that would prevent BIOS/UEFI tampering (provided it’s clean prior to the disk setup) ?
If the drive range is set to cover the boot partition then set to read only then you won’t be able to write any boot files. You need to remove the ro attribute from that range to update it. You should be able to boot from it as read only unless something needs to write there for some reason. Some kind of early phase logging? I have not played with UEFI yet so I can’t say.
Perhaps you’ve been offgrid the last 2 years.
If you really think it will continue that way, well, those days are long-gone.
As for why travel with a computer… Are you really asking this?
Practically we all need to compute. The reality is a banal social media post from 10 years ago can now get you thrown in jail.
That is the world we live in.
Hedging that every way you can. Plausible deniability is just 1 tool in a basket of many.
The best way to do this is to have a computer you use to cross borders just for that purpose. I know a lot of journalists and such that’ll put a fresh install of an OS to cross borders and just have enough on there to do what they need to. If they need a full copy of their computer I know some of them will backup to a “secure” cloud and restore once across the border. No solution is perfect, but I do believe that taking a computer with all your information (sensitive or not) traveling frequently isn’t the best idea. I practice this pretty regularly in day to day life. My laptop has enough on it for me to do what I need to most of the time away from home. Everything else stays at home.
Just my opinion. I see what you are wanting and technically that’s very difficult and there are other measures (arguably better measures) to take where you don’t have the data you don’t want seen in the first place. You can always log into social media once you cross borders.
Are you really reading the information provided ? ^^
You should also read this topic for more information.
Each problem has its own specific set of solutions. And the solution to one problem may be a problem for a different use case.
To me, you’re mixing things up.
@slcoleman, your post is a good ref, thanks for the thorough explanations ! A mod could even split your instructions to a separate OPAL topic ?
Will have to play with that, but just wanted to share my initial findings :
From Arch wiki " msed and OpalTool , the two known Open Source code bases available for self-encrypting drives support on Linux, have both been retired, and their development efforts officially merged to form sedutil ". So it is available from packages on Arch.
“Yes, but if they notice dm-crypt on your system they will make you unlock it, so no, it’s not really encrypted from their eyes. They will lock you in the back room until you provide the key to unlock it, and when that fails they get out the monkey wrench. That is kind of the whole point of my exercise here, making the OS itself an Invisible Thing™. ;-)”
Yes, that’s true, but nevertheless irrelevant. You unlock it and obviously you have dm-crypt in there. If that same dm-crypt supports hidden volumes, you can hide the next one inside without any hardware support. They won’t ask for that as you obviously need dm-crypt to open the outer fake one.
Anyway OPAL seems to be an interesting addition to the toolbox and rather well spread so that it’s not too uncommon to have a disk that supports it and probably not raising suspicion for that very reason.
Hide in the masses - that’s what I wanted to state and that doesn’t work with uncommon technologies.
small reality check here, checking for reality.
Well, if having some form of disk encryption (which is present in 90% of OSes nowadays) makes border controls instantly get out their monkey wrenches - even if you unlock -, an Opal disk won’t help you neither (“why do you have that disk which supports Opal?”). Obviously you shouldn’t have anything at all with you then.
You give the useful idiots in monkey suits at border crossings far too much credit. There is a reason they are gov workers… cause they are too stupid or too lazy to make it in the free market.
The very reason for plausible deniability… so you can give up that password.
The more I see gov agents shill against pd, the more I see that they are fearful of it, and the more motivated I am to have a pd layer on every device possible.
From what I have heard veracrypt allows for several hidden volumes and you can choose which one to open depending on the password provided though I have yet to play with it myself
Veracrypt allows for only one hidden volume per standard volume.