Feature Request: Peace of mind when crossing borders

Yes. In many cases a “threat model” is those recreational hackers in a basement, crooks like ransomware pukes, and of course all those sites that love to mine data and make money selling obtrusive ads. Not a government.

Qubes works well for that, too.

I just returned from a few days in Russia. I’ve been many times but the first time since the war started. It was very hostile at customs. I had my GrapheneOS phone taken off me, forced to unlock and let them take IMEIs. We were held for 3.5 hrs whilst they checked all details. I wouldn’t of felt comfortable with my laptop and QubesOS even if it was hidden in some way.


Well, while this is totally expected for me in a war times (and you saying been there many times implicating no problems before the war), this is actually “for ages” common practice in a “free world”.

I’m sorry about your experience at the border, but how is this relevant to the topic at hand?

You do not always have a choice whether to take a laptop with Qubes with you or not. The OP is asking for plausible deniability, i.e., it should be impossible to prove that you have certain data on it, even if they take a full copy of your hard drive. To me, your story proves once again, that such feature is getting more and more relevant as time goes.

Sorry if i wasnt clear. I’m far from an expert in computers but i have travelled regularly to work in many parts of Russia and China. I often take devices with me; laptops, phones, tails on usb credit card. Ive used vpns to be able to use these properly.

My point was after what i went through in Russia i wouldn’t be comfortable relying on plausible deniability and wouldn’t even want to explain why i choose QubesOS or anything else which would have me detained longer.



  1. Make dual-boot with some usual operation system, like GNU/Linux or even Windows (less secure).
  2. Copy the first 1-10 GiB (let’s call it header) of Qubes OS LVM partition and replace if with Fat32/Exfat partition to make it look like an empty storage. Maybe, put a Movie or TV Show there. (Note: Do not use NTFS, it stores its data in the middle or partition and will corrupt LVM).
  3. The copied header should be additionally encrypted and either hidden using any other ways supporting plausible deniability or even moved online without storing on laptop to be downloaded after crossing the border.

I am skipping some technical details, about partition tables, EFI or grub partition, just follow the idea.

So this is not a problem of plausible deniability but of Qubes OS itself looking suspicious. Does it mean that plausible deniability on Qubes is irrelevant? I don’t think so. (For Russia, maybe yes.)

The border control could also randomly copy traveller’s hard drives, without caring about anything else, depending on the country.

Why not travel with a freshly installed OS of your choice with no data on it. Once you arrive to your destination download your data from online data storage sites. When you leave your destination upload your data to an online storage site then delete and re-install a fresh OS of your choice. Deleting could include encrypting the whole drive which would overwrite any previous important data. If you need a phone buy a second hand phone or a new one according to your budget. The idea is you have 2 phones or more, a travel phone and a local phone. Travel phone would contain no information and every new destination would mean a factory reset. Again use online storage facilties to transfer data as needed.

Not always possible (also can be suspicious, depending on the size of your data).

Very suspicious. Same for laptop.

1 Like

Could be suspicious but just add some data. Add some browsing on your laptop. Add some contacts to your phone.

If your destination does not require you to bring a laptop/phone then leave them at home.

This can be very tricky, depending on the mood of the border agents. With the plausible deniability, I would be able to simply take my own, original Qubes OS installation wih me anywhere, with real traces of usage, but all sensitive information would be untedetectable.

Leaving devices at home is straightforward but inconvenient.

The phone part is a completely different story and not relevant to Qubes, therefore offtopic on this forum.

As others have noted just having Qubes is suspicious too.

1 Like

How much data are we speaking of? Even downloading 100 GiB would be a huge problem when you travel and have awful hotel/airbnb wifi or mobile roaming connection.

Having Qubes OS may be already strange and suspicious, so I think this solution is better and can be used even without internet connection.

Just like idea.
Would it be possible to start a qube as a principal qube on startup?

I mean I have ubuntu and windows. Then we set it as start up qube and then it starts when computer on but of course other qubes are not posible to reach

Here I want to ask 2 questions

  1. Would it possible to run a qube on the metal without XEN ? (I am also interesting for this feature for my steam qube)
  2. Could we still run dom0 which runs all sys-(?) and connect everything to selected qube ? or it could connect to the qube internet and all devices directly?

Theoretically it is possibly now. Run Windows or Ubuntu qube fullscreen and execute a script that changes xfce shortcuts in dom0 so that Alt+Tab and other key combinations will not change the active qube.

Nice idea, not plausible deniability, but still really interesting and easy.

Keep one complicated shortcut like Ctrl+Shift+Alt+Meta+S to run script reverting your shortcuts back and allowing to change the qube. Or reset the laptop after crossing the border.