Feature Request: Peace of mind when crossing borders

So for border inspections it depends on the level of deepness.

“We will keep your laptop and send it to your hotel in 2 days” can only be fought against using a fake os with fake data like in the spy training movie.

As an forensics expert will investigate your laptop and maybe poison your Management Engine with special firmware signed by intel as the firnware was made by your friendly 3 letter agency.

So if this happens, use your laptop for cat porn and buy a new or used laptop in $enemy country.

1 Like

You can speak all you want about some spy methods or whatever.
You do not have to be any kind of experts to take a image of your disk and just give back your laptop to you. still on border!
Whole process on ssd take minutes.
they do not need 2 days. maybe hours.
and you get your laptop back.
and they send you away.
and then they will investigate it with modern AI learning
and they will see all at the end. all.
you think that you are smarter than some building full with educated data miners and analysts. people who do not sleep in pursuit for some pedophiles, terrorists and real monsters.

and then you are busted.

more I read this topic, more I ask myself: why th f somebody wants to bring incriminated infos across two countries ?
I will not look for solutions, since in my own opinion, this is more stupid than killing you brother abel.

Give me some real life example where someone MUST bring incriminated infos.
Not some imaginary stupid fairy tale.
Real life example.

tnx

So they do dd_rescue with my disc.
Nice, but it is encrypted.
Also if I did my job well the read the wrong disk as there are two and a home brew sata multiplexer which selects the right disk.

So they will beat me to reveal the key for the encrypted disk, but if I present the windows10 with the 6576 pics with dirty cats living on trash bins, they copy that shit and sone science papers.

So what is the point, you want to make?

This thread is becoming less and less technical or useful.

Please keep the code of conduct in mind and steer this into a more meaningful direction. Examples of unacceptable behavior by participants include:

  • The use of sexualized language or imagery …
  • Reinforcing stereotypical models for illustration of non-technical users
  • Other conduct which could reasonably be considered inappropriate in a professional setting

While this thread does not warrant any moderation yet, it is rapidly going into that direction. So please: keep it civil, keep it technical, easy on the swear words

Also ask yourself: what is the point? How does this discussion bring the community forward? If you don’t have a good answer please move to reddit/twitter or any other dumpster fire of your choice.

5 Likes

Oh wow, please marry my! lol

There may be many reasons, 2 that I can think of are:

  • because you migrate to another country (which I did some years ago)
  • because you live on a sailboat, and thus you take your whole house wherever you go. (which I plan to do as the open ocean may be the only freedom place left on this planet)

Since I am not God, I’m not omniscient and can’t know other people’s reasons. But I am sure there are more reasons.

I agree, but sometimes we don’t have any other choice.

Anyway, some things I haven’t thought of before I read these posts:
2 luks containers
create 2 luks containers with different passwords, for example, one is 20G, the other is 2Tb (or whatever size is left (keeping over-provisioning in mind))
You install ubuntu on the first luks, where the root LV is 20G (thinly provisioned), and the /home LV is 2Tb (or as big as the ssd is, thinly provisioned of course).
You install qubes on the second luks, as normal, but you mount the ubuntu /home LV in your [private] qube. So as your life goes on, private stuff that you don’t mind sharing with customs build up as it normally would, to make it believable.
Then when you are about to travel, you back up your boot and efi partition and store it inside the second luks, you reinstall ubuntu, keeping /home intact.
Before customs you boot ubuntu, show that / + /home = total disk space.
You also bring a usbstick with a live ubuntu plus that backup of that very important presentation you have to give at that conference, just in case your laptop would chrash
Later on you just pull the backups of /boot and efi out of the second luks

nested luks?
Or maybe nested luks? [efi][boot][first luks]
inside [first luks]: [ubuntu][swap][/home][hiddenLV]
[hiddenLV] is a thin-volume, inside: second luks system
inside second luks system:[root-pool][vm-pool] with our normal Qubes OS
Then again, 2 versions of efi and /boot backups, one which only boots ubuntu, and the other which only boots qubes (with 2 different luks passwords)
Or: when booting with a specific boot-USB Qubes starts. Without the USB Ubuntu boots.

hiding an ssd
Another way: ssd’s are quiet small these days. Just remove your ssd and tape it inside your laptop elsewhere (not connected). But make sure to tape it straight, as most chips on the motherboard are on a 0 or 90 degrees angle (sometimes 45degrees). So when they X-ray your laptop, the ssd taped to the casing looks like being part of the motherboard.
Than have another travel ssd connected (and hope customs doesn’t have a screwdriver handy).
Or if your laptop has enough room for ssd’s with heat-sink, you might be able to glue two without heat-sink together, so you can flip’m over
Oh, and have some nude pics of a random guy => why do you have encryption? => please don’t tell my hubby/wife about my secret lover!

mail separate
mail your ssd to your friend under a fake name so your friend can claim it’s a delivery to the wrong address.

when traveling by sailboat, there are many places to hide ssd’s (air-filter of the engine,…)
If it’s a steel boat there are plenty of hiding spots as it won’t show up on the X-ray (i hope)

For the Qubes devs: maybe you can add a “honey pot” dual boot system. Like described above, Ubuntu (or something else) + Qubes, with some data-block containers inside LV’s that are mounted in both Ubuntu and Qubes (for things you want to show as honey pot). And hide all other LV’s that are associated with Qubes (maybe delete the LV headers (if that is how LV’s work) and store a backup hidden inside some of ubuntu’s system files. And have qubes update ubuntu similar to how it update Dom0
The LV’s shared between qubes and the honey pot could be:

LV mounted to	honey pot					Qubes
work-LV			~/Documents/work/			[work] ~/Documents/								# maybe 2 work-LV's, [non-sensitive-data] to mount in honeypot and [sensitive] that's not shared
private-docs	~/Documents/private/		[private] ~/Documents/
Exemplary		~/.cache/browser-history	[Exemplary-citizen] ~/.cache/browser-history	# where all the innocent web browsing happens
clean-mail		~/.cache/Thunderbird		[clean-mail] ~/.cache/Thunderbird				# with a working thunderbird in both honey pot as qubes filled with thousands of real emails with your normies
Pictures		~/Pictures/					[private] ~/Pictures/
Music			~/Music/					[private] ~/Music/
Movies			~/Movies/					[private] ~/Movies/
YT-archive		~/Youtube-archive/			[yt-dlp] ~/Download-script/

Then when you are about to travel, you click a button, Qubes present a form with checklists, where you select which LV’s to share and which not (maybe the country you’re traveling to blocks youtube, or is strickt with movies?)
Before the headers of all the to-be-hidden LV’s get backed up and then deleted, an LV that is mapped on the free space is created, where the honey-pot has write access. That way customs can write a lot of data before actual qubes get overwritten.
That way it looks like we actually use the laptop as the honey pot (timestamp of files, used disk-space close to the real disk-space used, …) without spending any time on faking it.

Just a thought

3 Likes

Hi a thought on the hidden ssd:
Try to include an ssd into a dvd-writer made for the
multibay slot of your laptop stinkpads have / had multibay slots also some big CAD laptops have them. Also there are chinese made multibay adapters for popular laptops like lenovo, so one could build something from these adaptors.

Another way is to replace a wwan card with a 2245? size m2 ssd and to disable it somehow that the lsptop can not see it (insulate the lanes of sata/pcie) interfer with internal dcdc converters to disable power or find some other trick like shorting an xtal (metal boxes with 4 leads) so the logic circuits of the ssd have no clock.

Shorting the xtal or one of the small capacitors of the clock circuit would be the easiest option for hobbyists. Try the stunt with a used low capacity ssd and then do it with your more expensive one.

Nobody can see a small strand of copper liz wire soldered across a 0603 or 0402 capacitor.

A mod to switch the ssd on and off using some leds like numlock would be funny too.

1 Like

When I was younger I tended to give myself higher importance and significance than the reality actually was.
So, today that is my start point: how important to the custom officer I am?
If I’m not and I tend to give advises based on my thinking process, and/or personal experience and/or personal threat model to others who might be important to custom officers, that could actually endangered them, I wouldn’t do that because I am not willing to take a feeling of biting conscience.
The fact that I’d glue whatever wherever should be based exclusively on a personal threat model. And when the model is high risked I don’t think bringing anything with me would help. Snitching with glued whatever, I’d rather consider as that I am not important, because most probably most of us are already profiled and will be stopped if found interesting to the customs having or not having anything with us.
And, for example, saying to live on the boat in ocean to be free. Free to do what? Decent and humble life, or to do high risk job adversaries consider dangerous? The latter is contradictory to me with freedom.
Information security is much wider and serious area than IT security, and people even aren’t aware that there are standards about IS, getting false sense of security by ITS, and the one should prepare him/herself more thoroughly than gluing and encrypting.

To sum it up: I always tend to be careful when advising.

Most people have no idea how important they are! (I’m not talking about any orificer, I mean in general)

Today? Towards that specific customs orificer? Not important at all!
But tomorrow you might be, towards someone else. Maybe the “thought Police”

someone rings your door
TP: “did you have contact with Miss-X back in 2027?”
you: “Miss-who?”
TP: “The anti-vax advocate who’s on our terrorist list”, “show us your laptop”
you log in using your honey-pot password
TP: “What is this?” pointing to some pictures of naked animals
you: “well, to be honest I am a trans-alien LGBTQXYZ who’s into bestiality, please don’t tell my wife”
TP: “Oh, why didn’t you say so immediately, have a good day sir”

“Those who fail to learn from history are doomed to repeat it.”
and
“History Doesn’t Repeat Itself, but It Often Rhymes”
Luckily now we have Qubes… something the dissidents in Mao/Stalin/Hitler’s time didn’t have.

And it doesn’t even have to go that way… what about the teenager that wants to hide his porn collection and his dirty chats?

mom: “what’s your computer password?”
son: “but mom, that’s my private space.”
mom: “son, as long as you live under my roof, you are not allowed to keep secrets from me”
son: “ok mom…” logging in with the honey-pot password

Or didn’t you have any secrets for your parents when you were young?
All that to say… it’s not about border crossings, the (for now) fictitious treat of an orificers is an opportunity to make an awesome product called, Qubes, even better.

Sure. But how about helping the OP with her original question instead of discouraging others to help her because of the “why”

stranger A: “excuse me sir, could you help me with my flat tire?”
stranger B: “why”
stranger A: “ergh”, pointing at the flat tire, “because it’s flat”
stranger B: “global warming … electrical car … blah blah”
stranger C: “Here, I’ll help you”
stranger A: “Oh thank you”
stranger B: towards stranger C “this guy should take the train”

How is that helpful?

why would “sharing information/idea’s” have to “bite into your consciousness”?
The reason why we are - globally - in the mess we are in to today is because of Morality (or the lack thereof). As the OP mentioned, many blame the full dystopian psychopathic (global-)government. But that’s merely ‘the effect’, it’s not ‘the cause’. The cause is that we, the people, have been duped into believing “we can give away personal responsibility”, and, on the other hand, we have been duped into believing that we “have to take on responsibility that is not ours to take”.
@enmus Why would you be responsible for what someone else does with the information you share?
Your body is your property. And hence you are responsible for your property (and everything your property does).
In other words, you are responsible for your actions.
If you share information and someone else acts upon that information… are you responsible for the actions that other person took? No! (s)he is! You are only responsible for the information you shared (is it truthful? how is it worded? any typo’s? etc)
Similarly: If a politician gives an order to kill an enemy. And a soldier missed the target, killing an innocent child instead. Who is responsible for death that innocent child? The soldier? Or the politician?
The politician just spoke/wrote words, just like you and I do now, he did not act upon his own words.

So to come back to …

… there is no such thing as “misinformation”! There is only “information” and the freedom of choice of the one receiving the information. Freedom to do with that information how (s)he sees fit. Their actions are not your responsibility and thus no reason for you to feel bad in any way. (Unless you choose to feel bad about it but then that’s your choice, your action and as a consequence you will feel bad for something you have no reason to feel bad about. (yes… everything in life (and I mean everything!) IS a choice. Don’t blame others if you feel bad, or if you don’t like your life, just make different choices.))

The best way to counteract so-called “misinformation” is by responding with truthful information. And then let everyone decide for themselves which of the two is correct. Of course the low IQ brainwashed sheeple won’t accept the truth, but I don’t think they would use Qubes in the first place.

Free to visit uninhabited islands, or to go diving in that submerged atoll in the middle of the Pacific… enjoying a ‘forced’ very-long-holiday… while the rest of the world is locked up inside, forced to take a picture of themselves every hour to prove that they wear a mask inside their own home, only allowed to go grocery shopping on Tuesdays (your next-door neighbor on Wednesday, and the other one on Thursdays).
Our only way out of this mess is Civil Disobedience!
Civil Disobedience: whatever you tell me I have to do… I’m not doing it! I will find something else to do instead. Of course my choices are limited as I am not able to just stroll in a park, because of evil men with badges. But I have the freedom to choose an alternative.
And yes, I enjoy my humble, simple, minimalistic life.

Do you really think that when I give a low-threat-model solution, someone in a high-threat-situation is not intelligent enough to realize my advice is not applicable to him/her?

I like it how @unman says it:

When I give advice: I never presume to think for the one asking advice. I only think for myself and I allow others to think for themselves.

To sum it up for me: I always tend to give as much advice as I can, without considering consequences.
Why?
If you want freedom, you have to give freedom. I want the freedom to make my own choices, so I give others the freedom to make their own choices. And thus it is not up to me to tell them what they can, or can not do! (by withholding information) And thus the best thing I can do is offer all the different advice I can think of so others can pick and chose one of them, or even discard all my advice and do whatever they want. Because in the end: All I do is share information, whatever someone else does with that information is none of my business!

Not the quote I was looking for but it applies here:
“In short, heroism means doing the right thing regardless of the consequences.”
And isn’t “telling the truth”, and “helping others in the full capacity that you can” the right thing to do? Regardless whether the advice applied wrongly, or in the wrong situation, might become harmful. If it’s the truth, then it is useful in the right situation, applied correctly, and thus the only right thing to do is give responsibility to the one that IS responsible: (s)he who applies your advice.
Or said differently: Freedom is about giving “the freedom of choice”, which includes “giving someone the freedom to make a mistake”. Because if you don’t, then you imply that you are “their master” and they are “your slave”. Which is fine in a parent-child relationship. But not when dealing with your fellow humans who are supposed to be your equal.

Oh, this is the quote I was looking for:
“Love Will Always Do What It Knows to Be Right. Love Does Not Consider Consequences.”
If you really love someone (unconditionally), you let that person be who they are. As soon as you “force” (or “deny”) a choice upon them, you are basically saying: “I love you, but only if you change into < insert my choice >”. Which actually means you don’t love them, as you only love the changes you imposed on them version of themselves.
Example: I love a cars… but only if you remove the wheels, make them float and call it a boat. => Do I real love cars then?

Btw, @enmus, if it seems like I’m attacking you… I am not. “Freedom of choice” is just my pet-peeve. I like your input on this forum (mostly). One way (of many) humanity is enslaved is by others constantly questioning the validity of our personal motives, while that is not their responsibility.

Anyway… what I write here also applies to this post: all I do is share information, what you do with this information is none of my business. So feel free to discard it and continue making “freedom limiting remarks”. As I truly love all of you. Unconditionally! (but I also love myself… and my pet-peeve, so I’m sure we’ll have more fun in a next conversation ;-))

Oh… and don’t forget: you ARE important! :smiley:

1 Like

This was long one, I admit, but I also admit that it is again completely offtopic. I was questioning your suggestions because you were “sharing information” that have nothing to do with the OP’s request. She clearly stated she asked devs to add feature to Qubes, and what you “shared” is already achievable.
Which only confirms what I knew long time ago. People who tend to “share the information” actually tend to speak about themselves. They do no put themselves into other person’s “shoes”, trying to figure out what are they thinking of, what they expect to hear, what they really need. And they tend to be even aggressive towards opposite opinion.
And I find banal analogies to flat tire without wider perspective even more irresponsible (“I could help you with it, but I offer you quick runaway ride from here, since tornado will be here in 3 minutes”)
And I’m not attacking you, I speak to OP actually, because I just find worthy at least OP to hear both sides so she could judge better.

And I have no doubt that the OP premise is at least questionable, if not wrong.
Peace of mind just isn’t necessary equal to safety.
And it’s not something to be given. It’s to be reached.

I’m sorry, I’ll try to keep it short this time…

Oh, I thought I was brainstorming on topic :-s
Since I’m not a developer, I can’t give development solutions.

I’m sorry, but that’s impossible.
We can even walk in someone else’s shoos for 24 hours or more, and still then we can not know what they want, simple because we are not them.
That reminds me of my first car. Someone drove into one of the doors, causing anyone to be able to open it. I didn’t care. Went on holiday, leaving car with my friends dad. When I came back I was going to look for another car as due to engine problems more costly than the car’s worth, I knew it would not pass inspection a month later.
When I came back the dad had replaced the door! And he expected me to: be greatfull and pay a couple hundred. So I could bring that door (with car) to the scrapyard.
So yeah… “thank you for putting yourself into my shoes” friend’s dad.

@enmus: just out of curiosity: isn’t your life complicated if you constantly have to wonder what people mean, instead of listening to what they actually say?
I mean… when someone asks you ‘can you pass the salt’… are you then questioning: hmmm… what does he mean? Does he want me to pass the actual salt? or the pepper right next to it? Or something totally different? Or does he want to know the history of salt-mining? What does he expect me to do?
While I just respond with: “yes I can pass the salt” (as that is what he asked), while waiting for him to ask me to pass the salt (if that is what he actually want). As I try to make as few assumptions as I can, which makes my life easy.
(did you notice that I - again - talk about my life? That’s because I can’t say anything about your life as I am not you. It is impossible for me to know what you need because I am not you. All that I can do is listen to what you actually say, without making assumptions that are almost always wrong anyway.)

Exactly, life would be a lot easier with open communication, which means without assumptions (as both our examples indicate, which proves we can not put ourselves into someone else’s shoes (we can try, but it’s never exact))

And I know this response is off topic again, as I’m merely responding to another response… so I’ll shut up now as my technical knowledge to stay on topic is absent.

there was no border control in my life which did not wanted to see my password for this PC:

There is always a delay with me and plane.

Every time when I want to travel I delete my PC and install Win XP on it (since installation is not so long).

Every time when they ask for password I gave them my password.
They log in and see nothing.

They can take image of my disks, do not care.
They were 10 time overwritten.

As soon as I get on another site, I connect myself to VPS server where I have encrypted disk image and I download and install it.
After I am done, new image will me made and uploaded to secure location.

Disk overwrite, and go back.

I am not sure why are you looking for some abstract-paranoid-10-layer-disk.

Have you never heard for cloud? Encryption ?

This whole topic is bullshit since, qubes will never implement requested features, and your paranoia will never end. after that you will say that Intel ME can spy you or SMM.
Or maybe you didn`t hear for this:

There are so many sophisticated attacks on the planet, and you are trying to avoid them all. haha
better to throw pc in garbage and go back to non-digital life.

Everybody hier has they own right but you are trying to avoid attack from advisory which build your PC and chip and firmware, and cpu and every single device which you see nowadays.

any you do not have source code to inspect it?

I wish you all good live.

out and over

5 Likes

Where this is headed,I hope, is for someone to create, in another web address a Wiki, No politics, where the Op-Sec of Qubes for those wanting to create check lists of how to proceed carefully.

A list of -Don’t do this. A list of possible consequences of some actions. Yes, even the simple ones, recognize the risk of using a possible insecure Flash drive. And how to prevent my next action from allowing someone to penetrate my laptop. We have some website around that are -for today- excellent this is how the more secure software works. Keeping in mind that things change quickly. Everything related to security is dated.

Pilots of airplanes use check lists to make sure they do not forget anything.

Borders. Somehow I always envisioned the bigger problem being a Border Inspector telling me they needed to inspect the laptop. With the real goal being to take it home and give it to their kid.

Keep in mind guards might seize Flash Drives, and a first layer of Border Guards might be told to look for a Nitro Key.

I had a friend who told me that while bordering a Plane in Chicago to California, the Inspector told him his Fountain Pen violated the rules. What would you do? Throw the pen in the trash? Or eat the price of the ticket? No doubt the Border Inspector pulled the pen out of the trash before the plane took off.

I once heard a statement from the Amnesty International USA Director who, when asked about did he have fear when, as he informed the leaders of some African Countries he would report that their government committed Human Rights abuses while standing in their office. To some it seemed some of these leaders had acquired power by use of military, violence. He said, usually he was confident that the US Government did not want him hurt. Although there was one country when he was very glad when his plane got off the ground. My point being, trying to obscure ones goals, and identity might work against the Human Rights worker.

There was a person who seemed -annoyed that I did not know what she was doing in regard to Journalists computer security. I do not know where she posts?

I am too old, forgetful for a project like this. Also inexperienced.

Any volunteers?

Sounds like it should be added to this list:

Ahh, its the good old “I have nothing to hide” lingo.

Why I do crypto?
Why I think about some geeky hacks?

Because I can, thats why. :wink:

1 Like

Nice hardened (physical) pc you have.

This method is the movie: the office will send your stuff when you established good cover in $enemy country, as you can find in my favorite timeless spy training movie “under cover” (just look up and you find it) .

There are not many options.

The disabled xtal oscillator in the ssd that sits in place of a wwan card is compared to smuggling a micro film in the frame of your glasses of good old spy craft :slight_smile:

Again, the methods are all invented 100 years ago. James Bonds cool “chip” that he smuggled in some old movie moonraker? is now smuggled by the micro sd of a UMTS radio stick where some came with sdcard reader while most did not contain one or some fancy internet of important thingies toy :slight_smile:

The good old tempest discussion.
There is an Israeli university bgu.ac.il that comes every year with some esoteric method to leak keys. E.g. the humm of your power supply, harddisk noise, modulated fan noise, blinken lights, and all sorts of stuff.
See here: air-gap – Cyber @ Ben-Gurion University
and here: How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone – AirHopper – Cyber @ Ben-Gurion University

Also there is a nice Israeli (where else :slight_smile: ) company called highseclabs that produces console switches that fight against leaking usb and more important Monitor-Settings (https://sr.ht/~mvforell/ddc-ci/)

So set some brightness in red airgap system and then read it from black system after console switch and your monitor leaks the encryption keys you stored into the brightness / contrast etc settings using ddc.

Yes there are some agencies who buy expensive console switches as they fear such threats.

I just buy another used screen and keyboard :slight_smile:

So you can play the “leaky game” upto the champions league and end up in a emc shielded (>70dB) room under ground depending on your level of paranoia :-))

If “normal desktop appearance” is the need and only need… Why not passing borders with a laptop powered on and having Windows booted in full screen mode under Qubes? (Some things would need fixing here from Qubes on suspend/resume. One idea would be to completely deactivate screensaver from Qubes when power setting widget toggles presentation mode. From there, Windows templates being normally setuped with Windows autologin, the laptop would resume back to Windows. And first eye contact with a password-less Windows would leave agents think the opposite direction of your actual threat modeling: a login-less laptop boot says: grandma laptop use case: nothing important there). But yet again, the important VMs should be backed up somewhere safe and removed, without any easy way to threaten you to type anything… Because there would be nothing to be protected.

My understanding of that thread seems to fit with this solution. Tabit-pro qubes windows tooling is amazing, would need some pushing to be packaged and pushed inside of qubes repositories and then reused in ellick’s Qubes’ windows installer scripts, which is also another amazing project.

To the naked eye, nobody would see differences. That Windows machine containing the bare minimal of applications with a profile matching paper identification would probably be good enough to pass screening.

From personal experience, crossing the border with a carry-on baggage with laptop was mostly never an issue until first question was answered bad.

From people reports around me, unless you are already flagged, most of the time laptop is not even booted.

The problem arises particularly there, if you look fishy or act like a spy. When i crossed the border with multiple laptops, that was a red flag. When they made me boot my laptop and saw Heads, that was a red flag. When they saw me boot into Qubes (anything other then Windows/MacOS/ChromeOS I guess) that is a red flag.

As I explain to everyone asking, maybe the best protection here is to simply not cross the borders with your confidential data anyway. Best is still to have a really standard laptop, with nothing interesting on it. Same with phone. The people having to really protect data at rest for real confidential reasons will understand this deeply and will comply to that need for obvious reasons without questioning the idea. Forensics goes a long way.

I feel that all the other justifications for XYZ are futile. If you really need to cross borders protecting data: you will not cross border with said data. That is as simple as that. If it is hidden, encrypted, if anything looks fishy, its the traditional problem and solution: how many nails will need to be removed from your fingers before you give away secrets you carried on with you. Or. How long will it take for them to crack a clone of your disk when they left with your laptop and left you alone in a filmed environment. How will you act in that video is rhe most important part.

Really. At the end of the day: just don’t cross borders with confidential stuff. A secret that is not in memory (ram/disk/your head) is the best protected secret because inexistent.

The base of this, unless you are professionally trained to lie, is to not have to hide or lie. You will feel so much better not sweating at the border, and if they ask you to boot your coreboot/heads machine and they see something different then expected, your plausible deniability will be encrypted in the cloud ready to be restored at destination without anything pointing to it in the data at rest on your computer. If your job doesn’t justify having that security, the simple fact that you are not sweating, not forcing yourself to stay calm and not having to control yourself, are actually calm, will make you be able to say, honestly in all your being: go on, I have nothing to hide.

On the other side, with Qubes now merged changes of ssd disk trimming down to the LUKS layer by default under Qubes 4.1 and heavy usage of dispvms, my really best advice here would be to get to use wyng-backups and find a unix-compliant ssh server you trust to backup all your vms, even dom0 and boot partition (I should post my backup and restore scripts somewhere and start a beta testing threads if people interested). Because with that setup in place, it is really a matter of sending deltas (even with tags of changes since last backup!!! ) with the possibility of restoring only the changes when arriving at destination. That is, restoring your whole Qubes states overnight or faster, depending of link speed). How? By restoring that qube which is your backup point to a ssh authenticated (encrypted) storage. Here again, nothing is perfect and everything needs testing and funding, but to me the solution really resides there. Known restorable states, merged directly into existing LVMs with merging when volumes are deactivated. Wyng-backups now has bases for encryption. With some raised fundings and attraction brought to this amazing project, even AWS cheap cloud could store known good restore points. Before leaving, backup last changes, delete confidential qubes. With the hints of this thread, restore your minimal Windows VM, boot it in fullscreen… If paranoid, open a qube with maximum pool size, fill it with junk until overcommitting pool size. And delete it. Turn on presentation mode. Close lid. Be confident. Be secure. Feel you have nothing to hide. Be calm if they leave with your laptop. Inspect tamper seals with blink comparison app. And act accordingly when in the plane flying to your destination because… you got in that plane since you had nothing to hide.

Why you are using Qubes? Because your field work requires it to protect confidentiality. Why you have nothing on your laptop? Same answer. You, literally, would have nothing to hide and wouldn’t lie. They could clone your disk, have you type your passphrase to unlock disk. You would still have nothing to hide. Under Heads, having you seen type your boot unlock disk would require of them understanding that that passphrase would not unlock the cloned disk they took (the actual used memory cells here really limits forensic). But even if they knew and asked you the real LUKS disk recovery passphrase to unlock the cloned disk, you would still feel confident that you had pretty much nothing to hide. Unless they keep the laptop for forensic on the actual laptop disk.

Other discussions in the past went in circles about having disk wipe passphrase to destroy LUKS header. Or simply backuping that LUKS header in the cloud and restoring it at destination. Again, second option could be justifiable if you are a journalist and can claim that its part of your organization policies to have you travel with unknown data… But that will most probably make you sweat if its a lie. And you might miss that flight. Having a kill-slot passphrase will definitely make you sweat, and most probably make you miss that flight.

Get home message: a secret that is not in memory is the best protected. So think twice about the content (forensic analysis use case included) of your volatile/persistent memory content, including real life plausible deniability from your acted choices.

Prevention is the less bitter tasting option when thinks go south. Having a fake windows UI with hacking tools in menu when crossing borders? Please don’t do that. Just install it at destination.

3 Likes

Can you respond these questions?

  1. Is overwritten redudant if you use a LUKS encrypted disk before you install Win XP? I understand the reason to overwrite after the laptop being checked by border.
  2. Is there any security reason to use your own VPS instead of cloud provider such as Google Drive to save encrypted backup?
  3. How do you access your VPS after removing all data on your devices? Only use brain?

I guess it can make sense in case your encryption algorithm suddenly turns out to be vulnerable to some attack.

How do you restore Qubes OS from your backup? Do you install Qubes OS first from USB and then restore qubes? Or directly restore whole disk from backup?