Feature Request: Peace of mind when crossing borders

How do you restore Qubes OS from your backup? Do you install Qubes OS first from USB and then restore qubes? Or directly restore whole disk from backup?

Time to change the title to: Peace of mind when living in the USSA.

Study history. Governments only get more tyrantical, until they finally collapse. Things will not get any better from here.

Devs, we need a hidden layer. All the pieces have already been built. It’s just plug and play, and some top level tooling to knit it all together.


In previous posts you have said that you have a working solution using
I have asked if you would post that for review.
Will you do that?

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.

When you cross borders. Are you asked if you have an external hard drives drives? USB drives? SD cards, or Micro ? If so; hand them over?

Nice post!

It’s on my burndown.

I few weakpoints I’d like to solve: The qubes are overt. They can load to overt or pd layer. In my ideal solution they would never even show unless pd layer is unlocked. I couldn’t find anyway to do this without a full dom0 binding.

Next: removing frictions. The attaching USB drives for the external PD layer is too much friction. The solution would be an auto attach script that works by recognizing some unique identifier of the drive, so that it works regardless of USB attached devices state.

If anyone has been able to script this please share your script.

As soon as I get it polished to my liking I’ll make a guide.
But the essence of it is binding/unbinding qubes to a Veracrypt vault. You can setup 2 layers, 1 on the internal drive, 1 on the USB drive. The external drives are speed constrained. I don’t know if this is an artifact of sys-usb that can be overcome. But the speeds I’m getting are 1/10 the drive potential. This is something I’d like to resolve before making a guide.

I borrowed much from: @SteveC , Split veracrypt

While I would have fun playing around with an obfuscation feature personally - I don’t think this is a good feature to implement because it may cause people to enter dangerous encounters with border security with a distorted sense of security. The incognito mode in Kali and the old camo mode on Tails are designed under the assumption that you’re trying to avoid drawing suspicion if you’re sitting in an office or a coffee shop, not a close examination by a guard.

If they notice that you’re trying to disguise a non-windows device as windows, you’re going to be under considerably more suspicion than if you had ran an alternate OS.

U can buy an apricorn ssd and run qubes on that, it has a self destruct pin that will delete all data without a trace and act as the standard pin, i havent personally used it but i heared good things about it

Jesus… I was googling something else and found this post. I totally agree with @Emily, this would be an amazing thing.

Plausible deniability sounds truly amazing, but even simple obfuscation will play a huge role in this. Airport security can’t afford to check each and everyone, having a fair simple above-all layer that runs by default to imitate a fully functional OS is way more that enough for a quick-check.

@Emily https://shufflecake.net/ or something like it is a key component of the solution you’re looking for.

Some of your views that are not specifically related to Qubes, some may share those views, perhaps post a Nostr id and relevant relays so that side of the discussion may continue while the Qubes side of the discussion continues here.

1 Like

How to choose a browser for everyday use? highlights some valid concerns about Firefox’ upstream.

1 Like

The upshot of that entire page is that they (browsers) all suck.

So I give them nothing. Every browser on my system runs in a disposable. As far as Firefux can tell I am dozens of new users who’ve never been anywhere before.

Agreed. Although some suck less than others, whatever sucks the least is preforable. Would like to see more happen with https://servo.org/

Amazing link! Thanks for sharing.

Be careful, I read couple of days ago somewhere regarding tracking by addons you use, some kind of fingerprinting, I don’t remember. I saved it somewhere, but can’t find it atm.

Please note that the threat model is different than the one described by Emily in the OP. When crossing the border you aren’t dealing with a computer forensics team; you’re dealing with an officer that doesn’t know that much about computers. That’s when plausible deniability works. It’s plausible or not depending on the threat model.

I believe you can accomplish your goal by installing Qubes OS with detached headers in a USB drive. You can then cross the border without the USB drive.

(Unfortunately, I tried the steps in the post and they didn’t work for me; maybe they’re outdated. If you get it to work, please write a post.)

My understanding is that, without the LUKS headers, the data in the laptop looks like random garbage. If asked you can say the laptop can’t be booted (true).

After crossing the border you can get a copy of the LUKS headers from a friend, Nextcloud, OnionShare, snail mail, etc.

They’re likely to wonder why you brought a brick laptop with you though. True it may be but they’ll think something is “off” and they’ll start digging until they figure it out.

I had my car searched at a non-dictatorial border crossing once because the customs officer thought something was “off” about me. After he found nothing and I asked he explained what was “off” about me and I had a (true) explanation for it. Completely innocent but it tripped his BS meter and I got held up for an hour.

I’m sure a brick computer that you clearly knew in advance couldn’t be booted would raise an eyebrow you don’t want raised.

HEADS OTP for locking BIOS, AEM, and Locking LUKS with FIDO are a few of the best methods I have found for protecting a computer if you cannot safe guard against physical access.


However, there is not much you can do about duress if you are in a totalitarian state or dystopian nightmare. US covert ops have emf mind wipe if captured but that is basically life-giving. You will not be the same person. Your personality will have died so maybe if only personal secrets were involved, you might as well duress. But the duress might as well kill you so a good rule of thumb is never talk no matter what they do to you.

Neural network OTP you are not in control of so if captured not sent? Network security possibilities of the future. . .

It should be somehow priority.
The QubeOS is like red flag. Something complicated and weird. Of course the line officers will not look in it, they just see something weird and send you to other officer so you wait some hours somebody trying to figure out it

It would be simplify many things to have other than qubeOS default os.

1 Like