Hacker News new | comments | show | ask | jobs | submit login

I see many people here trying to puzzle out why electronics are under a partial ban from cabins but not from checked baggage. It's a good question, since if there is a fire or explosion hazard on a plane the last place you want it is wrapped in a wad of flammable cloth and synthetics, even if it is oxygen starved.

The only motivation I can imagine is: They want these devices in checked luggage because checked luggage can be inspected without recourse by customs, and without an on-site confrontation. With care, it can be done without even notifying the people who are being checked.

And given the pushback on social media credential disclosure and the reveal that the CIA (and presumably FBI and other agencies) have physical access exploits (probably via USB or DisplayPort) for most of these devices, this seems like a move who's only logical motivation could be easier digital inspection.

Remember, it's the position of the TSA and CBP that non-citizens don't have rights of any kind until they're allowed through customs, and by simply inspecting devices they're interested in quickly and without publicity or confrontation they will certainly be more effective at it.

I'm going to start putting a USB nuke stick in my luggage in an envelope. Just for fun. Maybe I'll label the envelope something nonsensical like "12-16" just to make sure people know it's useless. And in case I (or someone investigating my luggage) needs to plug something into a USB slot.

This. And also people not having devices on their person means they can't quickly text friends/family if they get detained/mistreated/etc.

It seems like we're getting closer and closer to being in a situation where people who can should avoid going to the US at all, and make their reasoning known. Ie, refuse to give talks, attend conferences, etc. in the US.

This is already happening. I'm in Europe and I've heard quite a few friends (mostly academics) state that they're actively avoiding traveling to the US.

I have to admit some border crossing incidents[1] are what I would imagine entering North Korea would be like, not the US.

[1][10min audio] https://www.youtube.com/watch?v=MDYMw1p8s9M

As someone from Canada, that guy was being a total dick, very aggressive, mansplaining the agent, which isn't surprising that it would trigger the customs agent. He would have had the same response from an agent at the border in Canada.

Ex: "what shops are you planning to go to". It's fine to answer "I don't know yet". They're just testing behaviour. If you start being defensive or aggressive, pretend to know their jobs better than they, etc, it's suspicious. Although yes, in general, the US agents are really bad at doing behaviour testing.

Anecdotal: Last year, I crossed the border a few times by car, visiting a friend I met on Tinder. I completely got away with it, giving honest answers at the border. Recently met someone else (a girl) who was stopped and accused of prostitution for doing the exact same thing. :/

Yes, well...

You may not understand quite how much most Americans hate CBP. I use "hate" here deliberately. It represents the worst part of our government and a codification of our racist laws and culture even at the best of times.

They find a way to weaponize ignorance and shame people who are different at every turn. They have tackled people and held them at gunpoint for LED shirts, they've publicly shamed women for having vibrators in their luggage, they've delayed flights because people speak Tolkien's elvish leaving comicon.

And their definition of sincere risk? Brown people or people who are different. They can detain Americans and non-Americans alike without due process and stories report they do just to make a point.

And the worst part? They are bad at their jobs. The FBI is a problematic institution as well, but at least they can point to data that suggests they're doing things here and there to actually foil people who genuinely want to cause domestic problems.

Even conservative Americans hate the TSA and CBP face to face. We're all scared of them, because we know they're stupid and bad at their jobs but terribly powerful.

No doubt! My general strategy for crossing borders is to expect to be hassled a little bit, and to accordingly make sure that I have a good amount of patience stored up ahead of time. It took him about 3 seconds to get irritated.

> "I completely got away with it"

No, because you didn't do anything wrong.

Border crossing is not a crime, last I checked, despite the best efforts of some to make it feel that way.

Agreed, I was being bitter/sarcastic. I meant to say that they incorrectly profiled the other person who was stopped.

It's a bit sad that such behavior is normalized to the point that such a trivial thing is escalated to someone being locked up. Maybe it's some kind of strange taste for masochism that I don't understand. I'm not trying to be offensive or anything, I really don't understand why is such a hostile, aggressive and demeaning behavior accepted as a norm.

Contrast that to this (6min): https://www.youtube.com/watch?v=tV-wgZBGfCo

None of those stories are that important in and of themselves, it's the whole normalized atmosphere of fear, guilt and almost agony that I don't understand.

When I cross borders I'm almost always very tired, very stressed, I feel dirty and nauseous. These are things that make handling other people difficult for me.

Of course there is going to be someone who reacts badly, but you would think that they have professionals at the border that know this, from what I've seen when disembarking in London there are people who know how to handle these things. I've seen the same situation being descalated in 10 seconds.

I'm guessing there is little pay and pride to be had for a border guard in the US, so little incentive for being anything else than a git.

Exactly how is the guy "mansplaining"? Seems like the term is now being used to every interaction between a men and a women if the men just doesn't accept absolutely everything the women tells him to do - no matter how idiotic - without arguing in is own favour.

On second thought, the cynic in me is saying you're just laying the groundwork for your next encounter with customs agents in case you have to hand over your online accounts :)

I rarely defend customs agents. I'm sure they could flag me just by looking at my public twitter posts, which use my real name. I have already decided to avoid the US anyway.

However, Canada can be just as bad. Bottom line: know the law, be polite/calm, travel light, be honest but keep answers at a minimum. Unfortunately, since I travel often for business, that means I've spent way too much time at social events exchanging about travel tips, rather than actual productive conversation. It's also silly that we're adding barriers instead of removing them. What a waste :(

I started doing this 10 years ago, the recent changes haven't made me want to reconsider.

Closer and closer? How about it's already happened.

I just visited some of my friends in Japan, many of whom wanted to visit me in the US once their children got a bit older, and they all said they are straight up frightened of simply trying to enter the US. These are some of the most upstanding people you can meet with jobs like being teachers, government employees, etc. They are the last people who should be afraid of being found as suspicious persons, yet the reality is that based on what they see in the news, I can't blame them.

Here's the thing about leaving Japan: it's always way more dangerous than staying in Japan. US homicide rate is like 10x higher. I'd bet your "upstanding" friends have layers of reservations about visiting.

Japanese crime rates are underreported, and in reality most likely very similar to northern European countries in term of safety (and many other things, such as birth rate, another oft repeated misconception).

Popular culture likes to portray Japan as a weird outlier country- but that's only if you compare it to the US. If you include the aforementioned European countries in the comparison, the US is the weird country.

I dno about comparable to northern Europe. Stockholm, Sweden has recently had a huge burst in deadly shootings, and a Swedish official got caught in trying to lie to the BBC saying that rape is decreasing in Sweden. Official statistics show an increase between the last two data points, the last one being from 2015 or 2016 if I recall correctly.

I have bit heard anything of the like in Japan, but as you say it could be because they don't have the same measures/report rate we have, or that I don't check Japanese statistics as much.

And the U.S. violence rates are really skewed. If you remove about half a dozen large cities, the U.S. rate for homicides, etc., is much more in line with the rest of the first world.

Certain crimes are under-reported, but on the whole even accounting for that crime rates are significantly lower for the sorts of petty crime that impact most people.

Crime rate in the US is not an issue, but when talking about travelling in to the US advice like leaving your phone at home etc is quite common. That does influence some people, not to a big degree yet, but it's not getting better atm is it?

The report said that cellphones are allowed. Agree with the avoiding US part. I'm currently reading a book on the state of physics under the third reich and the parallels on the state looking inwardly are chilling.

What's the book?

I cancelled my participation in a free software conference this year, but I doubt it will be much noticed except by the core team (I help with internationalization). I also didn't make too much noise about it, not to harm the event/community. Most of our European partners already do not bother going to the US and organise their own conference.

You may notice is less and less diversity, but it's already pretty low, and we're often not very good at noticing that.

Cell phones are excluded from the ban, according to this article. That makes it highly unlikely that prevention of ability to text is the goal. I know very few people who text on their tablet, laptop, or camera.

Cell phones are most likely excluded because they're so obnoxiously hard to compromise compared to laptops. Cell phones, you need per-hardware exploits and the vendors patch aggressively.

When was the last time your laptop's USB controllers had a firmware upgrade for security hardening?

That's a reasonable argument if the goal is being able to examine the devices. Nothing to do with texting, though. ;)

They already confiscate devices. I'm not sure that there is much to be gained by banning phones. The absence of a report coupled with the publicly available info of landing is probably enough to signal trouble.

Cell phones are excluded from the ban, according to the article.

For now. According to the article.

interestingly, you see airlines moving away from in-flight entertainment screens in the seat in front of you, in favor of BYOD. A logical move: let the clients bring their equipment (they bring it anyway) so you don't have to (install, maintain, spend fuel on, etc.).

Now with airlines actually removing in flight entertainment, flying from the Middle East to New York can be quite a long trip: no laptop to watch a movie, no screen in front of you.

I guess the US will stop banning as soon as one of these policy-makers is on the same flight as a few bored kids ;-)

Maybe people will have to read books?!

True, it some like myself can't read on a plane due to motion sickness. Watching a video is fine, but not focusing on text.

My mum noticed that if she sets her kindle to 2 or so sizes larger text, she doesn't get motion sick any more.

I've never finished reading more than a page in a moving car without feeling nauseous.

Yes. I love to read books on a 17 hour flight instead of being able to watch TV shows, work on programming problems offline or the countless other productive things that a laptop can provide.

That would be great if airlines provided standard power outlets and/or USB ports.

Canada Air does! It's great.

Trump will flip-flop on this mercurially 7x before breakfast while watching the "PDB" on TV (aka Fox and Friends).

> It seems like we're getting closer and closer to being in a situation where people who can should avoid going to the US at all.

For me already well past that point, no way would I travel to the US for any reason, work or pleasure.

I'm from the UK and I'm seriously contemplating getting out of here while the going is good as well.

Makes sense. However, how is that going to protect the US? The moment such information is public, perpetrators will not transport any digital devices with incriminating data. What you re left with are people being harrassed over a digital copy of "how to make a potato launcher" on their laptops.

Frankly, it seems the US policing practices have been looking more and more USSR like. And i dont just mean since trump arrived to power.

  how is that going to protect the US? [...] perpetrators
  will not transport any digital devices with incriminating
Options include:

1. Bad guys with imperfect opsec (I see in your unallocated space there's a deleted TAILS ISO... onto a watchlist with you!)

2. Friends and relatives of bad guys (I see your nephew e-mailed you holiday photos from cybercafes near two different suspected terrorist training camps... onto a watchlist with him!) a bit like social media companies' 'shadow profiles'

3. Non-terrorist targets, like good old corporate espionage and political blackmail (Oh, you're a journalist/oil industry exec/prostitute? Let me just take a copy of your contacts, records and reports)

Pretty sure from leaked XKEYSCORE rulesets, anyone who downloaded or googled "tails" is already on that list.

The answer is simple: It doesn't protect the US at all.

>I'm going to start putting a USB nuke stick in my luggage in an envelope. Just for fun. Maybe I'll label the envelope something nonsensical like "12-16" just to make sure people know it's useless.

I love the idea but I can't help but think that even with a completely airtight reason to be traveling with that item (e.g. you're a security researcher) you would be accused of terrorism. Somehow.

That's the problem with Authoritarian (Liberal and Conservative) interpretations of the Constitution. USBkill sticks are non-regulated items, so you don't NEED the government's permission or a "good reason" to possess them.

Unfortunately, Liberals have weakened the 2nd Amendment to mean "only if you have a good reason", and weakened the 1st Amendment to mean "as long as you don't offend someone", while Conservatives have weakened the 4th amendment to mean "we suspected it without good cause and it turns out we were right which made the whole search ok."

I think if we stop weakening the ammendments we'll stop seeing violations of our basic civil liberties. But when California passes laws that regulate firearms you can wrap a thumb around (yes, this is a real thing), and Arizona passes a law that allows police to stop you if they suspect you're an illegal immigrant, we'll be in a slow spiral with decreasing rights.

I'd like you to explore the root cause behind your symptom: erosion of citizen rights.

The desire to strengthen old laws is interesting. Why is it that they seem better than the laws we can create today, given our advancements in education and ethics? Pining for the past due to the absence of 'something better'. Why does that 'something better' not exist?

Rights are granted with the intent to increase power/wealth for those who grant rights. Based on results, those in power no longer believe that granting rights to commoners is in their best interest.

Average citizens have less impact on that now. The constitution and amendments come from a time when they applied to fewer, more powerful people. The erosion of those rights is to be expected unless you're living in an altruistic utopia.

Highly recommend you watch CGP Grey's Rules for Rulers for another perspective.

Well they cannot yet force you to divulge encryption keys, right?

And your nuke device might be worthless if they install a firmware exploit that will work later.

> Well they cannot yet force you to divulge encryption keys, right?

They might not be able to force you but it seems that they can lock you up indefinitely for contempt of court in the US and for they definitely can give you five years in the UK because it is a specific offence there under RIPA.

See https://news.ycombinator.com/item?id=13919115 and https://news.ycombinator.com/item?id=6248902.

By nuke device he may have been referring to https://www.usbkill.com


> I'm going to start putting a USB nuke stick in my luggage

I don't see how that will be fun since the only way you would find out if "it worked" would be by getting pulled from your flight and detained.

Hmm. A charge/discharge circuit with a voltage booster and very large capacitor in line?

Doesn't take a large stretch of the imagination for a CBP official to declare that a "detonation device". Now you're really screwed.

Wipe devices before packing.

Arrive in country then restore backup remotely.

This is bad advice I'm afraid. If you're an alien seeking admission to the United States it's your responsibility to prove that you don't have immigrant intent, not the CBP's responsibility that you do. By showing up at the border with a wiped device you will make it a lot easier for the CBP to build a case against you and put you on the next plane heading back.

Not sure why this is being downvoted. Entering with a wiped device would be viewed as suspicious, rightly or wrongly.

How would the border agents know it's a wiped device? Because it's missing everything and seems like a new phone?

What if I actually bought a new cheap phone because I'm afraid of getting robbed abroad, and even tell the agent?

I ask because I would think that being afraid of losing your expensive phone on a leisure trip is common enough and harmless enough (and totally real reason) that it wouldn't provoke or trigger an agent.

Or am I being delusional?

>Because it's missing everything and seems like a new phone?

Yes. Remember, they don't need proof of anything. You're not on trial. It's largely up to the judgment of the individual officer whether or not someone can enter the US as a visitor.

If they ask you why there's nothing on your phone, you'd better be able to convince them that it's for some other reason than "I don't want you to see it". Can you do that? Well, it depends on how persuasive you are and whether the officer is in a good mood that day.

Well, shit.

I mean, I've been buying burner phones when crossing to the US since several years ago, just because I do am afraid of getting mugged and losing everything while traveling, and since every trip to the US has been for vacation, I really didn't need anything on my phone other than emergency contacts (insurance, etc) and my reservation numbers for whatever I was going to visit.

So hopefully if I ever travel to the US again, and they want to check my phone, I hope they really believe me when I Tell them the truth... but like you said, it will depend on the judgment of the agent so I guess I'm screwed anyways if they want me to be so.

This is just... wow.

It's not really that wow. There's always a lot of judgment involved in admission of visitors. It's never been an entirely fair and transparent process.

If they're searching your phone, it's likely that you're already in secondary inspection. At that point if you're an alien they're already suspecting that you're inadmissible and they are trying to build a case. They will ask a lot of questions in secondary inspection. If they search your phone and find that it's wiped, they will ask about it and they will expect a convincing explanation.

CBP officers working in secondary inspection to this all day, every day, they know what they're looking for, they will lie to you if necessary and chances are that they have heard the same explanations many times already. Secondary inspection is not a pleasant experience at all and you don't want to make it worse by trying to outsmart people who do this for a living.

This is definitely very scary and I didn't mean to say that I would try to outsmart them because as you say, they do this for a living and I'm not a professional liar/spy.

However I think my case still applies in the sense that I would expect a lot of people to also buy a burner phone for a vacation trip just as a way to avoid loss in the event of a robbery, instead of as a way to try to outsmart border agents, so I would hope I would not be alone in giving them this reason as to why my phone is clean.

You raise a good argument though. If I'm already in secondary inspection I guess anything you give them or fail to give them will in any case be used against me, basically depending on the mood of the agent at that time.

I guess an interesting statistic to know (not that government would publish it willingly...) would be how many people that went through secondary inspection where denied access and how many of them were not.

They actually release these numbers: https://www.cbp.gov/sites/default/files/documents/CBP_DHS_20...

Out of the 375 million passengers processed in FY 2014, 34 million was referred to secondary inspection and about 223,000 was found inadmissible. Keep in mind that these numbers also include US citizens who cannot be found inadmissible, but could be referred to secondary inspection for other reasons.


So ~10% get secondary inspection, and of those ~0.65% where found inadmissible (non-citizen as you point out).

Not sure how to feel about it. On the one hand 10% sounds like "not so bad" in that it's actually a minority getting secondary inspections.

On the other hand... if I'm waiting for border agents to let me through and 1 in 10 will get secondary inspections, which by the looks of it would include access to your accounts and such, it sounds like a terribly high percentage.

Until it becomes a norm among travellers.

It won't, though. Way too inconvenient for most people.

That's why you don't wipe your device. You have a normal laptop with a nice FB profile and Google history to show, and when you're in, you cab download the VM image and continue work.

If the 'goal' of this policy is, as postulated elsewhere in the thread, to allow physical access to devices in order to deliver malware, etc., then how would you know your wiped device hadn't acquired a bootkit along the way?

Using a parcel-handling service, gov't or private, along with some tamper-indication of the package interior seems much safer, though not perfect by any means.

My plan is to leave my devices back home. In the US electronics is usually cheaper so I would buy a MacBook and download my personal data from the cloud. After returning home I would sell the MacBook for a nice profit.

Or simply return the Macbook back to the shop.

Having a device that looks wiped is grounds for suspicion in and of itself these days. In some cases, enough to turn someone away (remember, they can always do that to non-citizens, and you have very little recourse if they do).

Care to cite an example where this actually happened? I've brought wiped devices countless times.


(HN thread: https://news.ycombinator.com/item?id=13702981)

Specifically, this part:

A month later, André attempted to fly to New Orleans again. This time, he brought what he thought was ample proof that he was not a sex worker: letters from his employer, pay stubs, bank statements, a lease agreement and phone contracts to prove he intended to return to Canada.

When he went through secondary inspection at Vancouver airport, US Customs officers didn’t even need to ask for his passwords — they were saved in their own system. But André had wiped his phone of sex apps, browser history and messages, thinking that would dispel any suggestion he was looking for sex work. Instead, the border officers took that as suspicious.

“They went through my computer. They were looking through Word documents,” André says. “I had nude photos of myself on my phone, and they were questioning who this person was. It was really humiliating and embarrassing.”

“They said, ‘Next time you come through, don’t have a cleared phone,’ and that was it. I wasn’t let through. He said I’m a suspected escort. You can’t really argue with them because you’re trapped,” he says.

He wasn’t necessarily declined solely because he wiped the phone (they already suspected him due to the previous encounter), but they made it pretty clear they don’t like it since they considered that reason enough to not let him through a second time despite all the supporting paperwork.

How do you do that with 1.5TB of video? My Lightroom library of stills alone is 900GB.

Have you ever used hotel wifi?

Give me a break.

Obviously you only wipe sensitive data/documents, not movies or torrents

The video and stills are things that I shot, most geotagged and datestamped. The video is frequently, uhh, sensitive.

What am I to do? Networks simply aren't fast enough to deal with my data sizes.

(Minor note: I think you mean "from cabins but not from checked baggage")

Quite right. Thanks.

>> Maybe I'll label the envelope something nonsensical like "12-16"

Label it "Very Bad USB" and put a bunch of noise in there. When you get detained tell them that you forgot the second part, "corrupts data"

USB nuke

Do you actually have one? I searched for a bit but it doesn't seem like they're sold.


I am pretty sure you can buy them here (have never tried, though...) https://www.usbkill.com

My favorite is the USB-C one, because the USB-C spec supports 100W...


After huge demand, the USB Kill V3.0 comes in an anonymous version.

No branding - No logos - Generic Case. The anonymous version is perfect for penetration testers that require discretion.

There's no way this thing would be used in a pentest. It destroys computers. Generally pentesters try not to destroy the client's property.

Amusing way to frame it, though.

"penetration testing" is usually a euphemism for "blackhat". "penetration testers that require discretion", doubly so.

If this was actually about a security risk, they would be doing this on all airlines, not just airlines originating from Muslim majority countries. If you take Royal Jordanian to a European hub, then hop on a US carrier, you'll be able to take your gear on board. So this does exactly what to mitigate a security risk?

It does however force business travelers to rethink flying Emirates, Etihad, etc and fly United, etc instead. I'll be interested to see if these airlines sue.

There is also a slightly less scary reason, which also applies to liquids: it is harder to fashion a bomb together and set it off when you can't touch it.

A half gallon of petrol sitting inside your fake laptop in the hold is no biggie. A half gallon of petrol in the cabin is a whole different ballgame.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact