Hacker News new | past | comments | ask | show | jobs | submit login
Security experts have cloned all seven TSA master keys (techcrunch.com)
413 points by sinak on July 27, 2016 | hide | past | web | favorite | 168 comments

Luggage locks are basically only a deterrence against casual crime-of-opportunity thieves or pickpockets. I've found it's much simpler to just use a zip tie on my zipper. Very easy to put on, easy to take off again once you get to your destination (nail clippers work well), and provides roughly the same security as a TSA lock. And it has the added benefit that you can tell if the TSA opened your suitcase because the zip tie will have been removed (whereas with the lock the TSA can look through your suitcase without leaving any indication).

Colored zip ties are even better because the TSA won't have those at hand even if they bother. Or use tamper evident stickers to fasten the "tail" of the zip tie to the suitcase (search eBay for numbered, hologram tamper evident seals). This doesn't interfere with TSA but makes any intrusion painfully evident. And the trick where they use a ball pen to open the zippers, if the counterpiece is fastened to the suitcase, it's harder / impossible to close it back.

What's the point? Now you know someone opened your bag. What does that help with?

When something is missing, you have a better idea if you lost it yourself or the TSA lost it for you http://edition.cnn.com/2015/04/13/us/airport-luggage-theft/

What good does that do?

"You stole my sweater!" "No we didn't."

They aren't going to replace the sweater. And if you're packing cameras or other valuables in checked luggage, you're a fool.

I have had items stolen from my luggage and been reimbursed by the airline.

Your luggage is touched by more than the TSA when going to your destination.

How to open a suitcase with just a pen, leaving no traces: https://www.youtube.com/watch?v=G5mvvZl6pLI

"I love crypto; it tells me what part of the system not to bother attacking" - Drew Gross

What's the point in knowing the NSA is monitoring everything you say and do?

I'd rather know. Ignorance is bliss and all that, but I'd rather know.

I think the question is more—if you start by assuming they've seen in your bag, then what does gaining evidence to become more sure of that hypothesis get you? And, in contrast, what can you do with the information that at least this time, they didn't look?

Because, in the end, it's still an invasion. I always assume it will happen, but there's some small comfort in knowing this time it didn't.

Especially, as it is, that I find the security theater of the TSA both absurd and to be a gross and unnecessary invasion of privacy. But I am faced with the alternative of simply not traveling, and being forced to choose between the two... well, like I said - to me, anyway, there's some small comfort in knowing this time, at least, some dignity remains.

I realize it may be illogical, but emotions often are.

But you're only setting yourself up for disappointment by expecting them not to look. They are very explicit that they randomly screen bags so getting upset when they actually do it is pointless.

The lesson is son, never try. -Homer Simpson

He expects that they may invade his privacy, he just gets a nice surprise when they don't.

Nothing to do with being blissfully ignorant. They are explicit in that they randomly search bags. Going through all of this effort to say, "ha! Caught them doing what they said you would do!" seems like a fruitless exercise.

The frequency at which it happens to you is still interesting information, isn't it?

They also claim their security theater works, they can claim whatever they want.

They explicitly claim lots of things. That doesn't make them true.

but it does save you time in not having to look all over to confirm you didn't misplace the missing item

It would be nice to have evidence of tampering in the event of theft or, worse, contraband appearing.

deterrent/dɪˈtɛr(ə)nt/ noun

    a thing that discourages or is intended to discourage someone from doing something.

    able or intended to deter.


That's a bit of an unfair sweeping statement about the people of Hungary. I lived there for awhile and though mafia-style criminality is prevelant, the majority of people are decent.

I lived in Hungary from age 0 to age 33 (ok, age 31, mostly nomad for two years) and I stand my ground: you will not find anyone who doesn't break the law regularly. Tax fraud at the least.

Would it be too paranoid to put a Narrative Clip into your bag, so that it documents your bag being opened?


I prefer to have no checked bags. Just bring a duffel and a small backpack.

The TSA notified me when they opened my bag a few years ago, with a polite leaflet placed in the bag. I would not have noticed otherwise - the contents appeared undisturbed. I don't know if this is standard or current practice.

It's been nearly a decade since I worked for the TSA, but back then the procedure was: 1) Put the bag through the CT scanner 2) If it beeps, open the bag and find the offending object and make sure it's not an explosive or whatever. 3) Try to put the bag back together the way you found it as best you can 4) Leave that note that says you were in the bag 5) Send it on it's way

I suspect it probably hasn't changed much.

2 sounds like Buggs Bunny banging on a warhead screaming "Dud!"

I wonder what's in my bag. I get that little TSA love letter pretty much every time I fly.

The only odd thing I can think of is I have a tiny pair of pliers in one pocket due to an iffy zipper. I also typically put a laptop in there instead of carrying it. Maybe that combo sets something off.

I had 6 bottles of protein shake in my checked bag and it was searched. Kinda makes sense, probably looks a lot like an explosive in a CT scan. I suspect that was the reason because the bottles were all moved to the top of the bag, when they were originally on the bottom.

If your laptop is chunky or metal-cased, that's a pretty likely candidate. Not because it's suspicious but because it's just a big grey square of hard-to-scan. I seem to see a strong correlation between checking a laptop and getting a bag search.

Standard. I've gotten one on basically every int'l flight to/from US I've been on for the past couple of years.

Years ago when I was on a school trip to the Virgin Islands, me and this other kid wrote rather inappropriate but humorous signs on cardboard (we got snowed in at the airport), I later stored them in my checked bag. When I arrived at my destination not only had the TSA guys left a sticker that said they were in there to the outside, but they had stuck stickers to the funniest couple of the signs as well. I understand peoples ire toward them but that single gesture makes it hard for me to hate them.

I assumed they opened every single bag. Most of my flights are international and every time I've opened my bag I've had one of those pieces of paper

I used to get these all the time when traveling inside the US. Seemed like once or twice a month at least, all domestic flights. I'm guessing it was because I was traveling with some equipment (cameras, binoculars, a drone) but I don't know for sure.

Similar to your experience of traveling with specialized equipment, whenever I fly with my skis I find them to have been searched with the handy pamphlet included inside.

It's at least pretty good proof that these checks aren't random (which is truly a good thing).

OK, here's my story: Years ago, I visited Washington DC, and at the bottom of the "Exorcist Stairs" (so named, because they were in the movie...) I found a 15-pound iron barbell. I brought it home in my checked baggage. I think that was the one and only time I've gotten one of those notices that they searched the bag.

I traveled with a bass in a hard case once (domestically), they made sure to look through that.

They probably mistook your bass for a pike. Bring a salmon next time.

I am pretty sure what prompted my search: tire chains.

Zip tie? Only a ballpoint pen is needed, and you will never know someone messed with your luggage. Definitely easier than any lock... https://m.youtube.com/watch?v=wpIJVWXsBBI

Thanks for posting that.

If the case had a simple anchored fabric loop that the lock could be fed through, then this would keep the sliders in a fixed position. It obviously wouldn't stop the case from being opened, but it would stop the zipper from being re-meshed afterwards. I've seen this on a few cases and bags, but it doesn't seem common.

That's how you end up with all your belongings strewn across the carraige in an airplane

One of the reasons why we use the locks is to prevent the zipper from unzipping accidentally under vibration or rough handling. If they cut the zip tie open, and don't put a new one, the zipper won't have such protection for the second part of the trip. So a simple unsecure TSA lock and a tamper-evident sticker is probably an optimal combination.

I don't think the TSA are going around opening bags in secret. There's a note that they leave conspicuously inside your bag explaining it was opened for security reasons.

When I travel with a large snowboard bag I used to get one of these every single time. Presumably it was too big to fit in the security scanners so they were required to open it.

Someone has definitely been through my bag when I have been travelling in the US without anyone leaving a note. I can of course not tell if it was TSA or not.

Quite a few people in the internet activist space have confirmed for sure that their bags were covertly checked.

> I don't think the TSA are going around opening bags in secret.

TSA employees looking to steal the contents of the bags might.

> Luggage locks are basically only a deterrence against casual crime-of-opportunity thieves or pickpockets. I've found it's much simpler to just use a zip tie on my zipper.

You might want to see this (opening a suitcase with a ball pen):


Parent doesn't say that zip ties are better than mere "deterrence against casual crime-of-opportunity thieves or pickpockets".

In fact he points that a mere nailcutter works fine for removing those too.

His main point is just that its not any better to bother with luggage locks and a zip tie can be even simpler.

But TSA won't reziptie it for you, so it seems worse in that respect if you're dealing with shady airports

Solution: lock + ziptie/other mechanism that lets you know the suitcase was opened.

Some security works by defeating access.

Some by evidencing it.

Seals and zipties help evidence access, though not perfectly as the many references to ballpoint defeats of zippers on this article show.

That's why I always have a highly encrypted flash chip hidden in a false compartment of my checked luggage[1]. Really easy to know if they went through my luggage :-)

[1] Not actually true, but I did bring home a set of lock picks from a conference once that had been wrapped as a gift, and they had been unwrapped by "somebody" (and no, there wasn't the TSA leaflet in my bag)

This is probably just for fun!

It serves the purpose of notifying you that TSA went through your luggage, as eridius pointed out.

They leave a card for you anyways. If it were something more targeted and covert I'm sure they kind find a replacement ziptie. Even if it took extra time they could have temporarily "lost" it.

Or they could just use a ballpoint pin to open the zipper, as another commenter on here pointed out.

Then use both!

They leave a leaflet when they look through it.

I regularly travel to conventions with a checked suitcase full of merch. I, and most of my vendor friends, have an ever-growing collection of these things. We all seem to just leave them in our bags for next time.

I mean, yeah, they don't have to be leaving it, but experience shows that they do.

The only way to really be sure is to only travel with carry on luggage and never let it out of your sight. Obviously this is not always feasible, but, I think people do a poor job of packing carry-on luggage and assume they need something huge. You can definitely make due with surprisingly little, and it's easier to get around the airport, etc. If you have something big to bring home, just have it mailed to you.

Another way to be sure is to carry a gun: http://travel.stackexchange.com/questions/232/how-can-i-prot...

That doesn't prevent tampering, it just prevents official tampering.

If you don't get a pamphlet, that doesn't imply that they didn't look through your bag.

But your nail clippers will be inside the suitcase, not your hand luggage. Foiled!

Most (that I've seen) have a hole or ring on the back, so that they can be fastened to a key ring. Some even have a little rubber or plastic cover, so that you don't unintentionally cut yourself. I personally have them in my car, bed, desk, by the couch, etc., because I'm a serial nail clipper (who likes a minimal key ring).

It's trivial to open luggage with zippers without disturbing the lock, just by jamming a pen directly into the zipper and opening it from there. Your bag could likely be opened without even touching the zip tie.

Sure but the bags next to his bag have none of that. Why waste time/energy on his?

The last time my bag was searched they left a note.

They definitely leave notes at least some of the time. Can you prove that they leave a note every time?

Why do you even care? Say you know they searched your luggage. What is it exactly that you will do with that information?

An activist carrying a laptop or other electronics is going to want to know if they've been compromised.

Why would an activist let their laptop out of their sight for hours to be touched by unknown, almost certainly hostile people?

That would be a waste of time to prove, if it's even possible.

That's the point. A lack of a note doesn't mean lack of having had your bags searched, mussed, lightened.

And if they just "forgot" to leave a note?


You must be superior to the rest of us in so many other ways as well, it's a shame you won't enlighten us.

There's no point using a lock on a zipper. You can just shove a ball point pen in between the zipper teeth and open the zipper itself. Then when you're done just rezip it with the still locked zipper pulls.

Definitely, but according to one of the linked articles, the goal of the project was to demonstrate why key escrow is broken in general, not just these locks:


That trick does not work with paired zippers that are also locked in parallel with the luggage handle.



Please dont post affiliate/tracker links here. Its bad practice. Here is a non cookied Amazon link:


Did j4kp07 edit his link? There's no affiliate tag in there.

People get concerned about the stuff like "ref=sr_1_2" in Amazon urls (but it's just some internal thing they use to track searches or something).

It's also the case that making noise about occasional, topical referrers is going to be less useful than the occasional, topical link. Of course it shouldn't be okay to make work out of posting them, but who cares if someone adds one to a link that is worth posting otherwise.

Why not? The commenter is providing a service by informing us of a relevant, potentially useful product. He/she should be rewarded for such information.

It gives ulterior incentives. I don't think it aligns with the interests of this forum.

What? The exploit works on the zipping teeth itself, not the moving thing that zips them together.

That gets it opened, but not closed again; for that you need the slider to be free and not locked down to a fixed point.

You don't really need a slider to operate a zipper it just saves time and reduces the risk of damaging the teeth.

But you can't zip the bag back up after tampering with it.

They're great to make sure the zipper doesn't unzip during transport because of handling.

Here's a video of the exploit in action https://youtu.be/wpIJVWXsBBI?t=70

> These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime. --TSA

In my opinion, the TSA itself is nothing more than a "peace of mind" device.

They give me no piece of mind. In fact I hate flying in the United States because out of the 20 countries I've flow in and out of, the US is the only when where I still get molested.

Even as late as 2015, on returning to America after not having hands stuffed down my pants in any other airport in the world, America still doesn't disappoint.

Fuck the TSA. Airport security should be handed back over to the airlines and airports.

The TSA was created for legit safety/security purposes. The organization itself is assuredly a clusterfuck, but airlines and airports doing their own security again isn't the answer.

A lot of it is about training. Many, if not most, of TSA's airport employees are the same poorly trained security staff that were laid off (and subsequently rehired) after the TSA's creation.

The answer is a better security organization, perhaps modelled after a functioning organization, like Israel's (I've studied the country's security practices, and it readily comes to mind). The answer is not regressing to poorly trained and poorly organized DIY security operations.

>>The TSA was created for legit safety/security purposes.


>> The answer is not regressing to poorly trained and poorly organized DIY security operations.

The answer lies in not giving up essential liberty for promises of safety

The goal of Terrorism is to scare people so badly they give up their own way of life "voluntarily" because they are scared, in that the terrorist have won

The TSA was created for legit safety/security purposes. The organization itself is assuredly a clusterfuck, but airlines and airports doing their own security again isn't the answer.

The answer was reinforcing and locking cockpit doors. Everything after that is just for show.

> airlines and airports doing their own security again isn't the answer.

Why not? They could hardly do worse than the TSA:


> According to a report based on an internal investigation, "red teams" with the Department of Homeland Security's Office of the Inspector General were able to get banned items through the screening process in 67 out of 70 tests it conducted across the nation.

which is funny because I do not have peace of mind when I go to an airport 3 hours before my flight in hope that the TSA lines won't make me lose my flight.

The TSA has actually increased the danger by creating even larger targets of opportunity than just the airplanes. At busy times there are likely 5 to 10 airplanes worth of people standing in one spot before they get past security.

I've never locked a checked suitcase in my life. And I've traveled all over the world.

Of course it goes without saying that I only carry laundry in my checked luggage. Laptop, chargers, camera, etc goes in a carry on backpack.

Even if you did lock it, the most likely people to steal something out of it are TSA employees.

Don't forget the baggage handlers who have it before/after the TSA screeners:


(SFO is notorious and most of the airlines keep lax enough records that they'll even deny that you checked a bag in the first place, much less that the contents were anything more valuable than old t-shirts)

How can airlines get away with that? Is it a US thing?

In Europe you get the tracker code of any luggage that you have checked in.

I would second this. The only time I have had anything stolen from luggage was from my briefcase at a TSA checkpoint at JFK between foreign and domestic terminals, where a couple of checks were lifted from my bag. Fortunately I noticed shortly afterward and was able to get the checks stopped before boarding my flight. Don't check anything pocketable and expensive. Locks do nothing.

I have a similar opinion with my car. "The inside of your car is a public place". By all means lock the car, but don't keep anything valuable in it.

And if you have a valuable thing in sight, then even with the fanciest locks, you're running the risk of broken windows. Just easier to keep nice stuff out of that 'public place'.

I've seen lots of stickers on cars saying "the car is unlocked, and there's nothing valuable inside".

The unlocking in the hopes of preventing a window smash.

Yep - very common with owners of convertibles. Preventing people from slashing the top to get in, which is of course a very costly repair.

To some people the unlocked car is the valuable item and not the crap inside it. Not that door locks would stop them anyway.

Reminds me of a joke.

I leave my car with a sign hanging from the mirror that clearly states that no valuables are inside.

One day I go to my car with a broken window and a new sign that says "just checking".

You can get into the unlocked car without a key, but you can't start it. At least not without shenanigans. Yes, the door wouldn't really stop someone from taking your whole car.

What I would be worried about when leaving my car open is eg other people sleeping in it. (I wouldn't mind too much, as long as they are clean. But that's too much to ask for.)

Fortunately, I do not own a car in the first place.

That is assuming the car can't be hotwired?

If you can hotwire a car, you can also smash the window to get in.

Leaving the car open is mostly to forestall people opportunistically smashing the window and looking for valuables.

Fencing a whole car is much harder than fencing some smaller loot.

If you want to ensure no one can open your luggage, travel with a firearm. It doesn't have to be a real firearm, but if you declare the firearm you are required by the airlines to have a lock on your luggage that can't be opened by TSA.

TIL if you want to get a bomb onto a plane, declare a gun!

I'm kidding, of course. There are probably multiple reasons that wouldn't work. But this whole notion that by molesting passengers sufficiently and putting on a big enough show, we can significantly reduce casualties from terrorism is laughable.

At some point there has to be a tradeoff between safety and convenience, or no one in their right mind would drive a car.

Is there a penalty for declaring a "fake" firearm?

A lot of people who don't want to lie (which may not be illegal, but I wouldn't recommend it personally) will get a starter pistol. They're cheap, small, safe (don't fire rounds, just blanks) and legally have to be declared as a firearm to fly. So you buy a starter pistol and stick it with your nice camera when you fly. It will be locked with something only you can open and will probably be handled more carefully in transit

I doubt it, but sometimes counter agents will want to see that (your real firearm) is unloaded and stowed in the proper kind of case (hard-sided - I use a very large Pelican).

More often than not, the TSA will want to hand-inspect firearm-containing baggage (with you present), and I couldn't say what they'd do if they didn't find the firearm in the bag they were breaking their routine to check.

Just buy a flare gun or a starter pistol and declare it if you don't want to or can't use the real thing.


    These consumer products are ‘peace of mind’ devices, not part 
    of TSA’s aviation security regime.
A bump key could open the majority of locks and yet we still put such locks into new doors? These flawed locks just serve the purpose of forcing whomever wants to enter to cross a psychological boundary from legal into illegal. And that is still a good reason to use flawed locks.

    In other words, you might as well not use locks at all.
Simply not true

The only reason I bother with a lock on my (zippered) luggage is to keep the double-zipper ends together and keep it from working itself open as it bounces around the baggage handling equipment.

Like most things concerning security in general and airport security in particular, it's a sham, meant for appearances only.

Wow...will this not pretty much screw hotel room security ? An employee can go and open your lock in 30 seconds and relock your luggage after stealing. How do you prove that someone from the hotel stole it ("sir we obviously can't open locks that only the TSA can")

No point...you disclaim liability for valuables left in the room.

Seems like the plastic wrap they do at intl airports is a much more effective measure than tsa locks.

Only if you leave a unique indicator of that particular wrapping or take a photo. Otherwise they could easily slice through it, look at your shit, and wrap it back up. They probably have a machine for this.

Can anyone think of any ways where it would be possible to have the benefits the TSA was hoping for (cheap locks that can be opened by TSA and the owner but no one else)? Because I can't seem to think of any.

They prevent casual theft and tampering, and do so well.

Everyone loves to bust on the TSA, but small controls can add up. If you live in a home without barred windows and a reinforced door and locks, anyone can enter your home in seconds. Yet we still lock our doors, and they are still effective.

The only purpose of the TSA key is to facilitate searches without damaging the lock or bag. That's it.

My position on this has always been that, if somebody wants badly enough to steal my shit, they are going to. The only thing that locking doors is going to do is ensure that, not only is all of my shit stolen, but I have a kicked-in, busted, door to fix to boot.

I never really understood this position. Are you saying you don't lock anything? A vast majority of break-ins are thwarted by simply having a locked door and being home. You don't want to prevent even those?

Security systems, chained doors, automatic lights and deadbolts are also a huge deterrent that prevent plenty of break-ins. Yes all of those combined will NOT stop someone who wants to get into your home really badly but at that point I can't imagine they want to simply steal something. That's a lot of effort to go through and would seem far more personal to me.

My gun cabinet is the only thing that I lock.

To be honest, I don't own anything very valuable, and I value my convenience more highly than the remote chance that somebody is going to clean out my house. Particularly since the criminal element is almost nonexistent hereabouts, and what there is tends to center on small-scale marijuana growing and dealing - although maybe that will become a problem if the heroin epidemic continues.

Locking and unlocking a door two or three times a day adds up to a considerable amount of wasted time over the course of years. Not to mention insanity like I've seen in Germany, where people lock the outer gate, lock the outer door, deadbolt the door, lock the inner door, and then roll down huge armored shutters over the windows - in an upper-middle class gated community...

My parents don't lock their house doors or cars - but they live in a rural area, where the odds of a crime-of-opportunity are basically nil.

Cruising house-to-house checking for unlocked cars and doors would take a prohibitive amount of time; easier to do that in suburbia, where you can cover a dozen houses on foot in five minutes.

But in NYC, I've always locked my apartment door, because it's trivially simple to follow someone into an apartment building, and not much challenge to go door to door, listen for signs of habitation, and try the door handle.

> Locking and unlocking a door two or three times a day adds up to a considerable amount of wasted time over the course of years

Micro-optimizations are rarely useful in terms of software development or in real life (unless you're at considerable scale which is statistically unlikely in both cases). Granted I can't know for sure how long it takes you to lock or unlock a door.

Going from my own experience locking and unlocking a door, combined, takes about 1-4 seconds depending on if I'm entering or leaving. So let's take the most (4 seconds). Let's say I unlock and lock 3 times a day (a busy day but again taking the highest numbers here). So that's 4,380 seconds (73 minutes) used per year at the maximum time. So yes it adds up but saving the 12 seconds per day wouldn't make me more productive that day (it's not like you gain that 73 minutes in a useful chunk of time) and statistically keeps myself, my family and our stuff safer.

So yeah I get the convenience factor but I don't get the whole "wasted time" piece. Certainly depending on where you live it may be unnecessary but another thing to keep in mind is there are always times for firsts (so just because your area may be historically crime free doesn't mean it'll stay that way).

Perhaps I'm just too paranoid but something so small seems fine to me :)

I grew up in a small town and felt the same way. But punks are savvy, and in some cases, which they are well aware of, criminal charges for stealing when a door is open are much less.

So I lock my door, especially car doors, and I don't have problems anymore :)

Most people who steal stuff aren't that bothered about stealing your stuff, just someone's stuff. If you have better security that inconveniences a thief more than others, the thief will just go next door. If everyone raises the bar a little, determined thieves may continue but some number of casual thieves will find something else to do instead.

You would think that a locked suitcase would make it a more appealing target...

That depends on what you are trying to achieve with the locks? I think most cases where the lock would be actually useful could be covered with tamper-evident stickers. (You seal the zippers, TSA reseals with their own stickers)

If you are talking about more general key escrow for cryptography:

Use Shamir's secret sharing strategy (or similar) to share your private key with 500 other people, cooperation of an 400 people necessary to retrieve the secret.

This way law enforcement can look at your stuff with a warrant ('nothing to hide' after all) but not in secret: they will have to contact a few hundred people, that's hard to keep hush-hush.

No, this is the same problem as key escrow.

Just cut them off, that's what the TSA does anyway. I stopped buying those because apparently the TSA just cuts them off when they don't happen to have one of their own keys handy. They threw the cut locks right back into my bags along with the note declaring they had searched them.

I read a while ago that a good method of understanding whether something had been tampered with or opened was to use glittery nail polish on the edges and take a close up, photo on your phone. Even if someone repainted it they wouldn't achieve the same pattern

Isn't it better to use a cheap non-TSA lock on your luggage? If they open it, the lock is destroyed, and you know for sure someone has opened it - either personel or someone with criminal intentions. Or will this result in more trouble?

i just thought about this yesterday.. would there be a market for a logging device for travel baggage? like a small camera and a mcu that activates when sensors (probably magnets between the halves) indicate the baggage is opened? preferably discrete. not to deter but to identify who opened it. logs time also to know the rough position of the breach.

There'd certainly be a market for the stolen logging devices.

At first glance I thought this was referring to the TLS master key certs.

You can watch the talk where they announced it at HOPE here: http://livestream.com/internetsociety/hopeconf/videos/130717... I saw it live and it was a pretty fun talk (also helped that it was midnight and the alcohol was flowing freely). Definitely check it out!

I was in the room for this talk; it was pretty electric. Some of the other talks I liked were the Social Engineering talk, and Cory Doctorow's keynote.

The thing that crystallizes what HOPE is about, for me, was that their closing ceremonies opened with a fifteen-minute talk about the network situation -- the cabling they had to run, the 1.5Gbps DDOS they withstanded, and then chastised us for not using enough bandwith, saying the ISP that donated a 10 gig line threatened to downgrade it next time.

Put your luggage in a Pelican-case and use some relatively hard to pick, but easy to cut locks. Should they want to open it they will just cut the locks. Alternatively you can use a TSA approved lock and some zip ties as a simple tamper evident seal.

Alternatively, you can put your luggage entirely in a Pelican case, stick a firearm or equivalent (starter pistol, flare gun, AR-15 lower, etc.) in there, declare it, have the luggage inspected, and then use ASSA Abloy locks and fly with absolutely zero worries that someone will pilfer your valuables.

As an Australian I find it slightly amusing that people are suggesting packing guns in their luggage in order to prevent (what are meant to be) "the good guys" from stealing stuff from it.

"For security", we need more guns flying round everywhere.

I thought this happened a while back and hadn't realized it didn't yet. Very cool.

Not a big deal with the TSA because honestly these tiny, flimsy locks were never about security but to ensure the casual encounter with someone unknown doesn't get into your bag and possibly steal something (anyone who really wants something from your bag can cut these with the tiniest of bolt cutters). Also they can be handy with keeping annoying zippers together.

“These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime,” England wrote.

"peace of mind" devices, that pretty much sums up the "security theater" charade that is the TSA. If its not important why do they have master keys at all?

Similar to how they randomly select people sometimes to use the pre-screen lines.

The TSA were stupid but to be fair anyone with an access to a few suitcases can build the key, not to mention that suitcase manufacturers and luggage lock designers had access to the specs.

Previous discussion from last September: https://news.ycombinator.com/item?id=10196197

In this case, they didn't use the pictures of the keys, they gathered a set of locks and worked out what the master key would look like based on those samples.

Oh great, thanks for pointing that out; I missed that distinction and jumped to a conclusion after seeing the old story and new story reference the same GitHub repo.

I guess this is the relevant commit: https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys/commi...

Even a shitty bolt cutter would work on these locks right?

The purpose of most locks of this size is to make it visible if somebody broke it, and conspicuous to perform the act of breaking the lock. Sort of like a bike lock: the purpose is not to make it impossible to steal; that's impossible to do with anything lightweight. The purpose is to make it impossible with anything less noisy than an angle grinder.

In this case, the greatest threat is still the TSA agent or hotel maid entering your room, since you shouldn't be leaving your bag unattended with anyone else.

Except that with a TSA lock you can probably just replace it after you break it, most of them are very similar and brands are fairly obvious.

The victim's key wouldn't work on the new lock.

Sure they would, just give them a key pinned to open with any key :D

Yes. But that's not the _point_ of the locks. The point is to keep the 'honest' baggage handlers honest by putting a small hurdle between them and freely rifling through one's bag looking for something of value to snag.


Trust baggage handlers about as far as you can throw them.

Yup. And suitcase zippers can be pried apart and put back together without any trouble[1], so the locks are pointless for actual security. I use them, but only for some protection from pickpockets, not for securing the suitcase while it's in the airline's hands.

[1] https://www.youtube.com/watch?v=jW8SJZBVR9s

The ones that came with my luggage didn't even need a bolt cutter. The interior dull cutting edge on a pair of needlenose pliers worked on them :\

A shim might work too.

Most of these locks are attached to zipper pulls that you could just rip off with your hands.

So, the news is about the eights key being cloned, in addition to the seven keys that were cloned before. The title is a bit misleading.

seven for the Dwarves, done. 10 to go. And the master of them all.

Er, 12 or 13 to go, depending on whether you count the one ring.

You probably forgot the elves. If I had a nickle for every time I forgot the godamn elves...

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact