Feature Request: Peace of mind when crossing borders

Most people have no idea how important they are! (I’m not talking about any orificer, I mean in general)

Today? Towards that specific customs orificer? Not important at all!
But tomorrow you might be, towards someone else. Maybe the “thought Police”

someone rings your door
TP: “did you have contact with Miss-X back in 2027?”
you: “Miss-who?”
TP: “The anti-vax advocate who’s on our terrorist list”, “show us your laptop”
you log in using your honey-pot password
TP: “What is this?” pointing to some pictures of naked animals
you: “well, to be honest I am a trans-alien LGBTQXYZ who’s into bestiality, please don’t tell my wife”
TP: “Oh, why didn’t you say so immediately, have a good day sir”

“Those who fail to learn from history are doomed to repeat it.”
“History Doesn’t Repeat Itself, but It Often Rhymes”
Luckily now we have Qubes… something the dissidents in Mao/Stalin/Hitler’s time didn’t have.

And it doesn’t even have to go that way… what about the teenager that wants to hide his porn collection and his dirty chats?

mom: “what’s your computer password?”
son: “but mom, that’s my private space.”
mom: “son, as long as you live under my roof, you are not allowed to keep secrets from me”
son: “ok mom…” logging in with the honey-pot password

Or didn’t you have any secrets for your parents when you were young?
All that to say… it’s not about border crossings, the (for now) fictitious treat of an orificers is an opportunity to make an awesome product called, Qubes, even better.

Sure. But how about helping the OP with her original question instead of discouraging others to help her because of the “why”

stranger A: “excuse me sir, could you help me with my flat tire?”
stranger B: “why”
stranger A: “ergh”, pointing at the flat tire, “because it’s flat”
stranger B: “global warming … electrical car … blah blah”
stranger C: “Here, I’ll help you”
stranger A: “Oh thank you”
stranger B: towards stranger C “this guy should take the train”

How is that helpful?

why would “sharing information/idea’s” have to “bite into your consciousness”?
The reason why we are - globally - in the mess we are in to today is because of Morality (or the lack thereof). As the OP mentioned, many blame the full dystopian psychopathic (global-)government. But that’s merely ‘the effect’, it’s not ‘the cause’. The cause is that we, the people, have been duped into believing “we can give away personal responsibility”, and, on the other hand, we have been duped into believing that we “have to take on responsibility that is not ours to take”.
@enmus Why would you be responsible for what someone else does with the information you share?
Your body is your property. And hence you are responsible for your property (and everything your property does).
In other words, you are responsible for your actions.
If you share information and someone else acts upon that information… are you responsible for the actions that other person took? No! (s)he is! You are only responsible for the information you shared (is it truthful? how is it worded? any typo’s? etc)
Similarly: If a politician gives an order to kill an enemy. And a soldier missed the target, killing an innocent child instead. Who is responsible for death that innocent child? The soldier? Or the politician?
The politician just spoke/wrote words, just like you and I do now, he did not act upon his own words.

So to come back to …

… there is no such thing as “misinformation”! There is only “information” and the freedom of choice of the one receiving the information. Freedom to do with that information how (s)he sees fit. Their actions are not your responsibility and thus no reason for you to feel bad in any way. (Unless you choose to feel bad about it but then that’s your choice, your action and as a consequence you will feel bad for something you have no reason to feel bad about. (yes… everything in life (and I mean everything!) IS a choice. Don’t blame others if you feel bad, or if you don’t like your life, just make different choices.))

The best way to counteract so-called “misinformation” is by responding with truthful information. And then let everyone decide for themselves which of the two is correct. Of course the low IQ brainwashed sheeple won’t accept the truth, but I don’t think they would use Qubes in the first place.

Free to visit uninhabited islands, or to go diving in that submerged atoll in the middle of the Pacific… enjoying a ‘forced’ very-long-holiday… while the rest of the world is locked up inside, forced to take a picture of themselves every hour to prove that they wear a mask inside their own home, only allowed to go grocery shopping on Tuesdays (your next-door neighbor on Wednesday, and the other one on Thursdays).
Our only way out of this mess is Civil Disobedience!
Civil Disobedience: whatever you tell me I have to do… I’m not doing it! I will find something else to do instead. Of course my choices are limited as I am not able to just stroll in a park, because of evil men with badges. But I have the freedom to choose an alternative.
And yes, I enjoy my humble, simple, minimalistic life.

Do you really think that when I give a low-threat-model solution, someone in a high-threat-situation is not intelligent enough to realize my advice is not applicable to him/her?

I like it how @unman says it:

When I give advice: I never presume to think for the one asking advice. I only think for myself and I allow others to think for themselves.

To sum it up for me: I always tend to give as much advice as I can, without considering consequences.
If you want freedom, you have to give freedom. I want the freedom to make my own choices, so I give others the freedom to make their own choices. And thus it is not up to me to tell them what they can, or can not do! (by withholding information) And thus the best thing I can do is offer all the different advice I can think of so others can pick and chose one of them, or even discard all my advice and do whatever they want. Because in the end: All I do is share information, whatever someone else does with that information is none of my business!

Not the quote I was looking for but it applies here:
“In short, heroism means doing the right thing regardless of the consequences.”
And isn’t “telling the truth”, and “helping others in the full capacity that you can” the right thing to do? Regardless whether the advice applied wrongly, or in the wrong situation, might become harmful. If it’s the truth, then it is useful in the right situation, applied correctly, and thus the only right thing to do is give responsibility to the one that IS responsible: (s)he who applies your advice.
Or said differently: Freedom is about giving “the freedom of choice”, which includes “giving someone the freedom to make a mistake”. Because if you don’t, then you imply that you are “their master” and they are “your slave”. Which is fine in a parent-child relationship. But not when dealing with your fellow humans who are supposed to be your equal.

Oh, this is the quote I was looking for:
“Love Will Always Do What It Knows to Be Right. Love Does Not Consider Consequences.”
If you really love someone (unconditionally), you let that person be who they are. As soon as you “force” (or “deny”) a choice upon them, you are basically saying: “I love you, but only if you change into < insert my choice >”. Which actually means you don’t love them, as you only love the changes you imposed on them version of themselves.
Example: I love a cars… but only if you remove the wheels, make them float and call it a boat. => Do I real love cars then?

Btw, @enmus, if it seems like I’m attacking you… I am not. “Freedom of choice” is just my pet-peeve. I like your input on this forum (mostly). One way (of many) humanity is enslaved is by others constantly questioning the validity of our personal motives, while that is not their responsibility.

Anyway… what I write here also applies to this post: all I do is share information, what you do with this information is none of my business. So feel free to discard it and continue making “freedom limiting remarks”. As I truly love all of you. Unconditionally! (but I also love myself… and my pet-peeve, so I’m sure we’ll have more fun in a next conversation ;-))

Oh… and don’t forget: you ARE important! :smiley:

1 Like

This was long one, I admit, but I also admit that it is again completely offtopic. I was questioning your suggestions because you were “sharing information” that have nothing to do with the OP’s request. She clearly stated she asked devs to add feature to Qubes, and what you “shared” is already achievable.
Which only confirms what I knew long time ago. People who tend to “share the information” actually tend to speak about themselves. They do no put themselves into other person’s “shoes”, trying to figure out what are they thinking of, what they expect to hear, what they really need. And they tend to be even aggressive towards opposite opinion.
And I find banal analogies to flat tire without wider perspective even more irresponsible (“I could help you with it, but I offer you quick runaway ride from here, since tornado will be here in 3 minutes”)
And I’m not attacking you, I speak to OP actually, because I just find worthy at least OP to hear both sides so she could judge better.

And I have no doubt that the OP premise is at least questionable, if not wrong.
Peace of mind just isn’t necessary equal to safety.
And it’s not something to be given. It’s to be reached.

I’m sorry, I’ll try to keep it short this time…

Oh, I thought I was brainstorming on topic :-s
Since I’m not a developer, I can’t give development solutions.

I’m sorry, but that’s impossible.
We can even walk in someone else’s shoos for 24 hours or more, and still then we can not know what they want, simple because we are not them.
That reminds me of my first car. Someone drove into one of the doors, causing anyone to be able to open it. I didn’t care. Went on holiday, leaving car with my friends dad. When I came back I was going to look for another car as due to engine problems more costly than the car’s worth, I knew it would not pass inspection a month later.
When I came back the dad had replaced the door! And he expected me to: be greatfull and pay a couple hundred. So I could bring that door (with car) to the scrapyard.
So yeah… “thank you for putting yourself into my shoes” friend’s dad.

@enmus: just out of curiosity: isn’t your life complicated if you constantly have to wonder what people mean, instead of listening to what they actually say?
I mean… when someone asks you ‘can you pass the salt’… are you then questioning: hmmm… what does he mean? Does he want me to pass the actual salt? or the pepper right next to it? Or something totally different? Or does he want to know the history of salt-mining? What does he expect me to do?
While I just respond with: “yes I can pass the salt” (as that is what he asked), while waiting for him to ask me to pass the salt (if that is what he actually want). As I try to make as few assumptions as I can, which makes my life easy.
(did you notice that I - again - talk about my life? That’s because I can’t say anything about your life as I am not you. It is impossible for me to know what you need because I am not you. All that I can do is listen to what you actually say, without making assumptions that are almost always wrong anyway.)

Exactly, life would be a lot easier with open communication, which means without assumptions (as both our examples indicate, which proves we can not put ourselves into someone else’s shoes (we can try, but it’s never exact))

And I know this response is off topic again, as I’m merely responding to another response… so I’ll shut up now as my technical knowledge to stay on topic is absent.

there was no border control in my life which did not wanted to see my password for this PC:

There is always a delay with me and plane.

Every time when I want to travel I delete my PC and install Win XP on it (since installation is not so long).

Every time when they ask for password I gave them my password.
They log in and see nothing.

They can take image of my disks, do not care.
They were 10 time overwritten.

As soon as I get on another site, I connect myself to VPS server where I have encrypted disk image and I download and install it.
After I am done, new image will me made and uploaded to secure location.

Disk overwrite, and go back.

I am not sure why are you looking for some abstract-paranoid-10-layer-disk.

Have you never heard for cloud? Encryption ?

This whole topic is bullshit since, qubes will never implement requested features, and your paranoia will never end. after that you will say that Intel ME can spy you or SMM.
Or maybe you didn`t hear for this:

There are so many sophisticated attacks on the planet, and you are trying to avoid them all. haha
better to throw pc in garbage and go back to non-digital life.

Everybody hier has they own right but you are trying to avoid attack from advisory which build your PC and chip and firmware, and cpu and every single device which you see nowadays.

any you do not have source code to inspect it?

I wish you all good live.

out and over


Where this is headed,I hope, is for someone to create, in another web address a Wiki, No politics, where the Op-Sec of Qubes for those wanting to create check lists of how to proceed carefully.

A list of -Don’t do this. A list of possible consequences of some actions. Yes, even the simple ones, recognize the risk of using a possible insecure Flash drive. And how to prevent my next action from allowing someone to penetrate my laptop. We have some website around that are -for today- excellent this is how the more secure software works. Keeping in mind that things change quickly. Everything related to security is dated.

Pilots of airplanes use check lists to make sure they do not forget anything.

Borders. Somehow I always envisioned the bigger problem being a Border Inspector telling me they needed to inspect the laptop. With the real goal being to take it home and give it to their kid.

Keep in mind guards might seize Flash Drives, and a first layer of Border Guards might be told to look for a Nitro Key.

I had a friend who told me that while bordering a Plane in Chicago to California, the Inspector told him his Fountain Pen violated the rules. What would you do? Throw the pen in the trash? Or eat the price of the ticket? No doubt the Border Inspector pulled the pen out of the trash before the plane took off.

I once heard a statement from the Amnesty International USA Director who, when asked about did he have fear when, as he informed the leaders of some African Countries he would report that their government committed Human Rights abuses while standing in their office. To some it seemed some of these leaders had acquired power by use of military, violence. He said, usually he was confident that the US Government did not want him hurt. Although there was one country when he was very glad when his plane got off the ground. My point being, trying to obscure ones goals, and identity might work against the Human Rights worker.

There was a person who seemed -annoyed that I did not know what she was doing in regard to Journalists computer security. I do not know where she posts?

I am too old, forgetful for a project like this. Also inexperienced.

Any volunteers?

Sounds like it should be added to this list:

Ahh, its the good old “I have nothing to hide” lingo.

Why I do crypto?
Why I think about some geeky hacks?

Because I can, thats why. :wink:

1 Like

Nice hardened (physical) pc you have.

This method is the movie: the office will send your stuff when you established good cover in $enemy country, as you can find in my favorite timeless spy training movie “under cover” (just look up and you find it) .

There are not many options.

The disabled xtal oscillator in the ssd that sits in place of a wwan card is compared to smuggling a micro film in the frame of your glasses of good old spy craft :slight_smile:

Again, the methods are all invented 100 years ago. James Bonds cool “chip” that he smuggled in some old movie moonraker? is now smuggled by the micro sd of a UMTS radio stick where some came with sdcard reader while most did not contain one or some fancy internet of important thingies toy :slight_smile:

The good old tempest discussion.
There is an Israeli university bgu.ac.il that comes every year with some esoteric method to leak keys. E.g. the humm of your power supply, harddisk noise, modulated fan noise, blinken lights, and all sorts of stuff.
See here: air-gap – Cyber @ Ben-Gurion University
and here: How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone – AirHopper – Cyber @ Ben-Gurion University

Also there is a nice Israeli (where else :slight_smile: ) company called highseclabs that produces console switches that fight against leaking usb and more important Monitor-Settings (https://sr.ht/~mvforell/ddc-ci/)

So set some brightness in red airgap system and then read it from black system after console switch and your monitor leaks the encryption keys you stored into the brightness / contrast etc settings using ddc.

Yes there are some agencies who buy expensive console switches as they fear such threats.

I just buy another used screen and keyboard :slight_smile:

So you can play the “leaky game” upto the champions league and end up in a emc shielded (>70dB) room under ground depending on your level of paranoia :-))

If “normal desktop appearance” is the need and only need… Why not passing borders with a laptop powered on and having Windows booted in full screen mode under Qubes? (Some things would need fixing here from Qubes on suspend/resume. One idea would be to completely deactivate screensaver from Qubes when power setting widget toggles presentation mode. From there, Windows templates being normally setuped with Windows autologin, the laptop would resume back to Windows. And first eye contact with a password-less Windows would leave agents think the opposite direction of your actual threat modeling: a login-less laptop boot says: grandma laptop use case: nothing important there). But yet again, the important VMs should be backed up somewhere safe and removed, without any easy way to threaten you to type anything… Because there would be nothing to be protected.

My understanding of that thread seems to fit with this solution. Tabit-pro qubes windows tooling is amazing, would need some pushing to be packaged and pushed inside of qubes repositories and then reused in ellick’s Qubes’ windows installer scripts, which is also another amazing project.

To the naked eye, nobody would see differences. That Windows machine containing the bare minimal of applications with a profile matching paper identification would probably be good enough to pass screening.

From personal experience, crossing the border with a carry-on baggage with laptop was mostly never an issue until first question was answered bad.

From people reports around me, unless you are already flagged, most of the time laptop is not even booted.

The problem arises particularly there, if you look fishy or act like a spy. When i crossed the border with multiple laptops, that was a red flag. When they made me boot my laptop and saw Heads, that was a red flag. When they saw me boot into Qubes (anything other then Windows/MacOS/ChromeOS I guess) that is a red flag.

As I explain to everyone asking, maybe the best protection here is to simply not cross the borders with your confidential data anyway. Best is still to have a really standard laptop, with nothing interesting on it. Same with phone. The people having to really protect data at rest for real confidential reasons will understand this deeply and will comply to that need for obvious reasons without questioning the idea. Forensics goes a long way.

I feel that all the other justifications for XYZ are futile. If you really need to cross borders protecting data: you will not cross border with said data. That is as simple as that. If it is hidden, encrypted, if anything looks fishy, its the traditional problem and solution: how many nails will need to be removed from your fingers before you give away secrets you carried on with you. Or. How long will it take for them to crack a clone of your disk when they left with your laptop and left you alone in a filmed environment. How will you act in that video is rhe most important part.

Really. At the end of the day: just don’t cross borders with confidential stuff. A secret that is not in memory (ram/disk/your head) is the best protected secret because inexistent.

The base of this, unless you are professionally trained to lie, is to not have to hide or lie. You will feel so much better not sweating at the border, and if they ask you to boot your coreboot/heads machine and they see something different then expected, your plausible deniability will be encrypted in the cloud ready to be restored at destination without anything pointing to it in the data at rest on your computer. If your job doesn’t justify having that security, the simple fact that you are not sweating, not forcing yourself to stay calm and not having to control yourself, are actually calm, will make you be able to say, honestly in all your being: go on, I have nothing to hide.

On the other side, with Qubes now merged changes of ssd disk trimming down to the LUKS layer by default under Qubes 4.1 and heavy usage of dispvms, my really best advice here would be to get to use wyng-backups and find a unix-compliant ssh server you trust to backup all your vms, even dom0 and boot partition (I should post my backup and restore scripts somewhere and start a beta testing threads if people interested). Because with that setup in place, it is really a matter of sending deltas (even with tags of changes since last backup!!! ) with the possibility of restoring only the changes when arriving at destination. That is, restoring your whole Qubes states overnight or faster, depending of link speed). How? By restoring that qube which is your backup point to a ssh authenticated (encrypted) storage. Here again, nothing is perfect and everything needs testing and funding, but to me the solution really resides there. Known restorable states, merged directly into existing LVMs with merging when volumes are deactivated. Wyng-backups now has bases for encryption. With some raised fundings and attraction brought to this amazing project, even AWS cheap cloud could store known good restore points. Before leaving, backup last changes, delete confidential qubes. With the hints of this thread, restore your minimal Windows VM, boot it in fullscreen… If paranoid, open a qube with maximum pool size, fill it with junk until overcommitting pool size. And delete it. Turn on presentation mode. Close lid. Be confident. Be secure. Feel you have nothing to hide. Be calm if they leave with your laptop. Inspect tamper seals with blink comparison app. And act accordingly when in the plane flying to your destination because… you got in that plane since you had nothing to hide.

Why you are using Qubes? Because your field work requires it to protect confidentiality. Why you have nothing on your laptop? Same answer. You, literally, would have nothing to hide and wouldn’t lie. They could clone your disk, have you type your passphrase to unlock disk. You would still have nothing to hide. Under Heads, having you seen type your boot unlock disk would require of them understanding that that passphrase would not unlock the cloned disk they took (the actual used memory cells here really limits forensic). But even if they knew and asked you the real LUKS disk recovery passphrase to unlock the cloned disk, you would still feel confident that you had pretty much nothing to hide. Unless they keep the laptop for forensic on the actual laptop disk.

Other discussions in the past went in circles about having disk wipe passphrase to destroy LUKS header. Or simply backuping that LUKS header in the cloud and restoring it at destination. Again, second option could be justifiable if you are a journalist and can claim that its part of your organization policies to have you travel with unknown data… But that will most probably make you sweat if its a lie. And you might miss that flight. Having a kill-slot passphrase will definitely make you sweat, and most probably make you miss that flight.

Get home message: a secret that is not in memory is the best protected. So think twice about the content (forensic analysis use case included) of your volatile/persistent memory content, including real life plausible deniability from your acted choices.

Prevention is the less bitter tasting option when thinks go south. Having a fake windows UI with hacking tools in menu when crossing borders? Please don’t do that. Just install it at destination.


Can you respond these questions?

  1. Is overwritten redudant if you use a LUKS encrypted disk before you install Win XP? I understand the reason to overwrite after the laptop being checked by border.
  2. Is there any security reason to use your own VPS instead of cloud provider such as Google Drive to save encrypted backup?
  3. How do you access your VPS after removing all data on your devices? Only use brain?

I guess it can make sense in case your encryption algorithm suddenly turns out to be vulnerable to some attack.

How do you restore Qubes OS from your backup? Do you install Qubes OS first from USB and then restore qubes? Or directly restore whole disk from backup?

Time to change the title to: Peace of mind when living in the USSA.

Study history. Governments only get more tyrantical, until they finally collapse. Things will not get any better from here.

Devs, we need a hidden layer. All the pieces have already been built. It’s just plug and play, and some top level tooling to knit it all together.


In previous posts you have said that you have a working solution using
I have asked if you would post that for review.
Will you do that?

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.

When you cross borders. Are you asked if you have an external hard drives drives? USB drives? SD cards, or Micro ? If so; hand them over?

Nice post!

It’s on my burndown.

I few weakpoints I’d like to solve: The qubes are overt. They can load to overt or pd layer. In my ideal solution they would never even show unless pd layer is unlocked. I couldn’t find anyway to do this without a full dom0 binding.

Next: removing frictions. The attaching USB drives for the external PD layer is too much friction. The solution would be an auto attach script that works by recognizing some unique identifier of the drive, so that it works regardless of USB attached devices state.

If anyone has been able to script this please share your script.

As soon as I get it polished to my liking I’ll make a guide.
But the essence of it is binding/unbinding qubes to a Veracrypt vault. You can setup 2 layers, 1 on the internal drive, 1 on the USB drive. The external drives are speed constrained. I don’t know if this is an artifact of sys-usb that can be overcome. But the speeds I’m getting are 1/10 the drive potential. This is something I’d like to resolve before making a guide.

I borrowed much from: @SteveC , Split veracrypt

While I would have fun playing around with an obfuscation feature personally - I don’t think this is a good feature to implement because it may cause people to enter dangerous encounters with border security with a distorted sense of security. The incognito mode in Kali and the old camo mode on Tails are designed under the assumption that you’re trying to avoid drawing suspicion if you’re sitting in an office or a coffee shop, not a close examination by a guard.

If they notice that you’re trying to disguise a non-windows device as windows, you’re going to be under considerably more suspicion than if you had ran an alternate OS.

U can buy an apricorn ssd and run qubes on that, it has a self destruct pin that will delete all data without a trace and act as the standard pin, i havent personally used it but i heared good things about it