Hacker News new | past | comments | ask | show | jobs | submit login
Pair Locking Your iPhone (arkadiyt.com)
583 points by arkadiyt 12 days ago | hide | past | web | favorite | 302 comments

If you want to keep your phone secure, enable a long passcode, turn on full device encryption, and turn it off. If you are a US citizen, you can't be turned away at the border or forced to unlock the device. If you're not a US citizen or don't want to be harrassed by customs, bring a burner phone.

Tools like Cellebrite can and do take advantage of security vulnerabilities. Turning off pair locking lulls users into a false sense of security and is therefore harmful. Further, only restricting CBP searches to "manual" searches isn't enough and does plenty of damage to your privacy.

> If you are a US citizen, you can't be turned away at the border or forced to unlock the device.

A warrant is not required. Federal agents can search your phone at the US border, even if you're a US citizen [1]. If they can't unlock it, they can seize it [2].

[1] https://www.businessinsider.com/can-us-border-agents-search-...

[2] https://www.usatoday.com/story/tech/2019/05/01/u-s-customs-c...

You are both correct.

Incidentally, the "border" for legal purposes extends 100 miles into the interior.

Since the topic came up, it's worth noting that the Border Zone Reasonableness Restoration Act of 2019 proposes reducing this distance to 25 miles along with some other changes.


Which is still nonsense. Almost all of the largest cities in the US are mostly or entirely within 25 miles of a land or water border.

Baby steps. Or 75 mile steps, as the case may be.

Exactly this. And remember that international airports are also borders!

So does it extend 100 miles from airports?

Yes, but only the international ones. About 65% of the US population lives in such a zone according to this article: https://www.citylab.com/equity/2018/05/who-lives-in-border-p...

Wow, thats a generous definition of borders.

The linked article does not show it extending 100 miles from international airports. Nor does the text say that.

I don't know the scale of the US so I thought it was 100 miles. I got the 100 mile number from here: https://www.aclu.org/other/constitution-100-mile-border-zone

IIRC no. They wanted to but the FBI gang didn't want the CBP gang dealing on its turf so it got nixed. That doesn't mean it didn't fly under the radar later though.

No it doesn’t. The border zone is for land borders.

Frankly that's more reasonable than considering all coasts to be a border.

It's absurd

land of the so-called free.

It's still, at least on paper, freer than many/most other Western countries in most ways AFAIK. I agree that this is a very absurd counterexample, however.

That would really depend on how you define freedom, if you look at it theoratically like "free to do whatever you want". Then maybe, if you look at it from the perspective of "an individual can garner freedoms through work" they are far more likely to do that in most other western countries.

You are far more likely to not have to worry about things like healthcare in european countries than you are in the US for example. You are far less likely to have to work multiple jobs to sustain your life. 'Class'mobility is far is better in most other western countries as well.

So if your definition is "free to do whatever", this also means other people and corporations are free to screw you over. And you would be right that in that regard the USA is freer than other western countries, but it infringes upon personal freedom, and in my opinion, that is the kind of freedom the USA gneerally says they're all about.

> That would really depend on how you define freedom, if you look at it theoratically like "free to do whatever you want". Then maybe

That really is all I meant by my comment, and I hoped to make it clear that I don't think this is a worthwhile positive metric. I guess I didn't communicate that well enough because a few other people seemed to follow this line of reasoning as well...

Class mobility better in other countries? Please provide a source for this claim.

Vertical social mobility is pretty bad in the US.

This is for 2012: https://www.epi.org/publication/usa-lags-peer-countries-mobi...

This OECD chart shows how your financial outcome is practically inherited in the US and Germany: https://www.weforum.org/agenda/2018/08/moving-up-the-income-...

This isn't very surprising. For decades, the strongest predictor for a country having high social mobility is a strong welfare program including child care and health care, financed by progressive taxation of income and wealth.

In the US, the rags to riches story has been a myth for at least 50 years.

> For decades, the strongest predictor for a country having high social mobility is a strong welfare program including child care and health care, financed by progressive taxation of income and wealth.

I guess that does not apply at all to developing countries like China.

EDIT: looking at your link:

> An elasticity of zero would mean there is no relationship, and thus complete intergenerational mobility,

No, an elasticity of zero would rather mean that people are overly taxed and therefore there is no transfer of wealth between generations, which is probably not what you want (what is already taxed belongs to you and whoever you decide to give it to).

Of course, elasticity of zero would mean that there is no whatsoever transfer of skills or intelligence between generations, which is genetically patently false.

> I guess that does not apply at all to developing countries like China.

Have you looked at the second link?

> No, an elasticity of zero would rather mean that people are overly taxed and therefore there is no transfer of wealth between generations, which is probably not what you want (what is already taxed belongs to you and whoever you decide to give it to).

Low elasticity means high social mobility. It's the desciption of the same thing, only from the other direction. https://en.wikipedia.org/wiki/Social_mobility

If your design goal is high social mobility (e.g. because you want a meritocratic society or simply argued from an ethical position) and high economic growth, you want to limit inheritance as much as possible. This is pretty much what Piketty et. al. have shown a few years ago.

> Of course, elasticity of zero would mean that there is no whatsoever transfer of skills or intelligence between generations, which is genetically patently false.

And yet elasticity is close to zero (0.15) in Denmark while being over three times higher in the US.

The reason is obvious: Genetics predict potential, societal context predicts outcome.

> The strongest predictor for a county having high social mobility is a strong welfare program..

Citation needed.

> financed by progressive taxation of income and wealth.

Only 4 OECD countries still have a wealth tax. “Taxing wealth” hasn’t worked out very well.

> Citation needed.

I already posted a bunch? Nevertheless, here, straight from the horse's mouth: https://www.oecd.org/social/soc/Social-mobility-2018-Overvie...

Scientifically this is pretty much consensus for decades now BTW.

> Only 4 OECD countries still have a wealth tax.

True, but I meant not only the tax literally called wealth tax, but all taxes targeting wealth. Almost all OECD countries have inheritance taxes, capital gains taxes, real estate transfer taxes and so on.

It's well established, just google it. For example:

> Compared with many European countries, for example, few Americans end up with an income or educational level that is substantially different than their parents.

> Now, new research suggests that social mobility in America may be even more limited than researchers have realized.


> US social mobility gap continues to widen

https://www.ft.com/content/7de9165e-c3d2-11e6-9bca-2b93a6856... (Paywall!)

EDIT to add:

> You're twice as likely to live the American Dream in Canada



The U.S. is dealing with the after effects of major social ills. Children in intact families are still very likely to have economic mobility.

Sure, if you change the definition of freedom, then the US isn’t that free.

The US doesn’t have a monopoly on defining what is and isn’t free, though, at least in this specific context

I find that people with lower incomes are free-er in other Western countries. They can go about their lives without worrying about healthcare, parents can bond and breastfeed for a year without stressing about work, families can go on vacations for multiple weeks, people aren’t as afraid of being abused or killed by police, etc.

Why do you call that freedom? You can be in a good prison and live without doing anything, having good healthcare and food. But it's not freedom. Freedom is being able to do whatever you want. Some freedom might not be OK, for example freedom to kick other people or freedom to own slaves. Some freedom is good to have like freedom to shot thieves in your house.

No society is going to be able to offer freedom defined as "being able to do whatever you want".

I call it freedom because I see people exercising it. What is the point of a "freedom" if you can't afford to exercise it?

Are you free to send your children to play in sports if you're afraid that your child getting injured will financially ruin you? Are you free to participate in activities yourself if you're teetering on the edge and one unexpected expense will result in having to move out of a good school district, and result in significantly altering your child's chances of future success?

Are you free to participate in your community after you spend 90 min per day commuting after working an 8 to 10 hour day, resulting in nothing else than eating, saying hello-good night to the family, and going to bed?

Are you free to take care of your loved ones in case something should happen to them if you can't afford to go without a paycheck because there is no safety net?

But yes, I guess it is nice to take advantage of the minuscule chance that I'd be in a situation to have to shoot a thief.

You are free to make good decisions and bad ones.

Yes, most importantly, deciding to be born to good parents with a good family in good country in a good time period.

Not the freedom I mean. I would say that people with lower incomes have better lives in other Western countries, but that's not the freedom from the government (at least on paper but probably in practice as well) that I meant.

It's funny how when discussing freedom with an American they'll always insist the only measure that's really important is the one they excel in.

Please don't be so presumptuous. First of all, I live in Europe. Second, I literally said that I think (at least) people with lower incomes have better lives in other Western countries. I really do mean freedom in the literal legal sense, and I don't think this is an important metric.

In the literal legal sense, the US courts ruled people don’t have rights against illegal search and seizure within 100 miles of a border or international airport.


There’s so many of these exceptions to “freedoms” in the US, namely that if you can’t afford to fight for your freedom, can you really be considered to have it?

I do appreciate for the most part, however, the US’s stance on free speech.

I agree with all of this, and I really don't want to make it seem otherwise. The comment I originally replied to is about the 100 miles ruling, and I stated that it's "absurd."

That is not 100 miles from an airport, but 100 miles from the actual land border. Review the relevant law and court decisions. An airport isn’t a “land border.” It’s a border, but not a “land border.”

No law or case has successfully argued 100 miles from an international airport. That is just false information.

In that case take a look into Switzerland - most probably the most free country in the world (most direct participation in government by regular citizens by frequent polls, tons of true personal freedom, huge gun ownership yet little criminality etc.).

I get where americans come from, and its still great place for many reasons, but for any western-european these statements are pretty weird. I guess if you are told since childhood you live in greatest country in the world, hollywood and politicians keeps playing the same tune over and over, it might feel like its true.

What we see is repressive police state outside anybody's control, sometimes properly evil government which is openly xenophobic (if you are not US citizen you mean nothing), being one serious illness away from utter bankrupcy, huge class divides that are getting bigger, biggest (private) prison state in the world, being caught with some weed in many places can still effectively ruin your professional life forever etc.

I can understand how you'd see that: let's go point by point.

> repressive police state outside anybody's control

Nah, mostly individual cops

> properly evil government which is openly xenophobic

No, we expect people to immigrate legally, and have less obligation to non-citizens. However, this can be countermanded with the sheer amount of military aid we provide for everyone.

>one serious illness away from utter bankrupcy

Yeah, that's the story, but it never seems to work out that way. In reality, people have safety nets, considerate bosses, savings, families, or any combination.

> huge class divides that are getting bigger

I guess? Nobody really pays attention to what the 1% are doing. Many of us are just enjoying the good job market and low taxes right now.

> biggest (private) prison state in the world

This is a serious problem, I agree

> being caught with some weed in many places can still effectively ruin your professional life forever etc

Yes, and? Being caught with a gun in Europe could also give you a criminal record. This is why we have different states. Someone wants to smoke before everyone makes it legal? Move!

> In reality, people have safety nets, considerate bosses, savings, families, or any combination.

Yeah its great have one's saving wiped out by something that we in Europe just have our shared pool of resources covers for. So you only have to deal with (sometimes lifelong) consequences of some hard illness / accident, and you can continue your life unaffected financially and not compound misery and life getting significantly tougher.

THAT, my friend, is also freedom. We can call it freedom to be ill/have an accident. But don't expect any US politician / hollywood star to ever frame it that way.

Plenty of politicians talk about it here. Currently, we have some of the best quality healthcare in the world, and it's also the most expensive. Trying to make it all single-payer would be...interesting, to say the least. It's a complex issue

It could also be that America succeeds in providing the kind of freedom Americans insist is important.

It's funny how when discussing freedom with a non-American they'll always insist the only measure that's really important is the one America does not excel in.

See how much nothing this adds to the discussion? You may as well say "your definition of freedom is wrong and mine is right".

The police does not kill you in most western countries because they are so useless at doing anything and don't even do their job of protecting people or going after criminals. the only metric they care about is fining people as much as possible for minor offenses.

The strength of a police force has only minimal predictive power regarding violent crime in a country.

The best known measure to lower violent crime is lowering inequality (e.g. progressive taxation paying for free education etc.): https://www.economist.com/graphic-detail/2018/06/07/the-star...

The USA has higher crime rates (particularly homicide), despite much higher incarceration rates, than most of Europe.

Can you give a few examples of ways in which a US citizen is more free than I, a UK citizen, am?

Freedom of expression has a much stronger protection status in the US than in the UK. That is one example.

Protections for freedom of expression as an employee are much higher in the UK. Freedom only applies in the USA if you can afford to exercise it and not get let go via at will employment

If that is just one example, what is another one?

Americans can vote directly for their legislators while in the UK the House of Lords is largely appointed. Again, just another example.

* In the USA, you are free to deny the holocaust. In Germany and the UK, you are not.

* In the USA, if you're a health insurer, you are free to reject customers you don't like. In Europe, you're not. (Those rejected customers, in turn, are free to cover their own health expenses or die - their free choice).

* In the USA, you're free to buy guns. In Europe, you're not.


* In the US, you're free to drink a beer at the age of 20. In Europe, you're not. Ah, no, just kidding, it's the other way around.

* In California, you can have a beer after 2 am. Ah, who am I kidding, of course you can't.

In the UK, you are free to cross the road wherever you want (except the motorway). In the USA, in many states, you can't. Which still boggles my mind.

nice find. i simply love this small, but very deep, quality of life feature of living in the UK.

Very good :-)

In US you are free of people drinking a cold beer in sunny days in parks or in the beaches

I can buy a kitchen knife without ending up on a government registry.

I can own a radio or television capable of receiving broadcasts without having to pay a license and register it with the government.

Wait, what country puts you on a government registry for buying a kitchen knife?

That’s an easy one.

I can say pretty much anything and not have the gov’t come after me for it.

Say something distasteful about a minority group in the UK and you’ll be punished for it.

I don’t think they said “more free than UK citizens”. Although, to be fair, US doesn’t have quite as intrusive CCTV. And I thought gun laws were pretty restrictive in UK? But “most ways” is probably a reach, and there are certainly things UK does do much better.

Edit: would appreciate feedback if my comment is not constructive or could be improved in some way.

For me as a European "gun laws were pretty restrictive in UK" for me means freedom more than access to guns does. I quite value the freedom of not having to worry about guns.

That's a very convoluted definition of freedom. I think there are many other things to call that ("sensible" or "sane" come to mind...) but it's objectively less free, legally/on paper as I stated.

By that definition any law stands in the way of freedom. You're not allowed to kill people in the US, so would it be a more free country if that law was not in place?

From my cultural upbringing having regulation in place to steer society does not stand at odds with freedom. And that's also by my cultural background not "convoluted".

when the fear of guns stifles your movement, then yes, a lack of guns means more freedom. i'm writing this after having lived in the murder capital of the US and now moved to the UK. personal safety (and thus freedom) in Europe is at another level compared to the US. which makes sense. the US is at Zambia and Sudan levels of murders per capita. truly shameful.

If you look at all violent crimes in the US versus UK, they aren’t all that different.

This is where it gets a little “grey area.” If my freedom to have a gun impacts many, many other freedoms of the people around me, is society more free or less?

If my freedom to text and drive impacts the right to life and freedom of those around me, it’s imperative to restrict that one freedom so the freedom of the society remains.

“As a person from China, the fact the gov’t is putting Muslims in camps means more freedom for me from terrorism.”

That’s not freedom.

I want freedom from straw men.

You can’t leave Europe, despite your voters voting twice for it, making the Brexit party the #1, and yet your establishment understood “Leave” as “Stay” and refuses to hold a general election because they know they are illegitimate and hold on to their power?

First of all is the EU not Europe, secondly the UK can leave it. They just are not capable of politically surviving the consequences of leaving it. Countries in the EU can leave the EU a right that states in the US currently do not have about leaving the USA if they so desired.

Well, the leave process is currently underway since a little over three years, and is probably reaching its conclusion in a few days.

On the US side, remember what happened when some states left the Union ?

To make that comparison, you first have to define "freedom" in concrete terms.

I've long had the impression that people tend to define it in a way that values things they get in their home country, and devalues the things they don't. For example, an American is going to define "freedom of speech" in a way that ensures the government itself has almost no ability to limit things like political lobbying, because political lobbying, being a way to advance an opinion, is sacrosanct. A Canadian is more likely to want to define it in a way that allows for limiting the ability of people with lots and lots of money to drown out the voices of people of more modest financial means.

The problem isn't the now, the status quo. It's the trajectory where things are headed.

[citation needed]

2% of the US adult population is locked up. That's at most a land of the 98% free.

> It's still, at least on paper...

depends on the paper.

This comment is a great example of the black and white view so common on HN.

If it’s not 100% white, then it must be black. No other alternatives.

Those two points aren't exclusive. They've now seized a secure phone and are still required to let you enter the country.

I wonder what would happen if you tried to claim insurance on a phone seized at the border?

They'd likely point to the clause that excludes seizure by authorities, which most policies have.

I believe, in theory at least, they are obligated to return the device when their investigations are complete.

Thats the point. Search my strongly-encryoted device to your heart's content! That does not require I decrypt it first.

Easy to say when you haven't been detained for 12+ hours. They don't care if you're a U.S. citizen when they can just decide the law is optional. Safest solution is to just backup, wipe, enter the country, then restore.

> If you are a US citizen, you can't be turned away at the border or forced to unlock the device.

There's an important divide between what customs is supposed to do, and what they might actually do in practice. Going through customs means putting yourself at the whims of people that you do not control.

If you're a white male, there's perhaps less of a chance that a bad employee will feel they can take advantage of you, but there's still the chance.

Eventually they have to let you through though. They can't send you to a detention center for not unlocking your phone, you're a US citizen and you're not being compelled by a court to do anything. They might keep you in a room for many hours but at the end of the day they will let you go and you'll have a good story to tell the news channels.

"Eventually" can be a really long time if they want it to be.

In my experience, refusing to unlock/answer questions results in a 3-30 hour delay, depending on the mood of the border pigs.

You have actual experience? Like first hand? Lots of horror stories out there though, including people claiming they were sexually assaulted. Seems like a major blow to civil rights, even recently a mayor was detained but haven't been following the entire story.

I also have first hand experience as a US citizen refusing to answer any questions each of the ~couple dozen times in the past half decade or so I have crossed the US border. In my experience, not only should you decline to answer any questions, you should demand to have an attorney present for any questioning. This should end the interrogation fishing expedition, though in my experience you need to repeat yourself 3-4 times, sometimes to the supervisor, before CBP officers get the message.

My experience is nearly always (but not always) being sent to secondary screening for anywhere from 20 minutes to 3 hours. When due to the detention I have missed an onward domestic connection, my airlines have always re-booked me without charge. My luggage is manually searched probably 2/3 of the time. Treatment from CBP officers varies from respectful just-doing-my-job (maybe 1 in 10 officers) to outright hostile (maybe 5 in 10 officers).

So long as you provide evidence for your claim to US citizenship--especially a valid passport--a 30 hour detention is certainly unreasonable, and @sneak should seriously consider filing a lawsuit against the director of the DHS for the constitutional tort and for violating his civil rights under color of law. Ideally he/she would seek injunctive relief preventing DHS/CBP from detaining people presenting themselves at the US border and claiming US citizenship for any longer than is necessary to verify the validity of the claim to citizenship.

Airport CBP checkpoints are extensively surveilled, and documentary proof of these violations can be subpoenaed. If actually filing a lawsuit is too much, you can submit a FOIA and Privacy Act request for all data CBP holds on you, including your TECS records. I doubt you can get audiovisual surveillance data without litigating a FOIA case, but it's also worth a shot. Prepare to wait 1+ year in any case.

Yeah, good point on suing, I know I've heard suing the feds is a whole other ordeal than suing states or political subdivisions such as cities under the state. For the states/cities, it's a section 1983 lawsuit, while the feds they refer to it as a Bivens action. Sadly though people can't afford that, but I know some lawyers will take a cut if you win.... but some lawyers don't even want to help because they want to be friends with the judge and prosecutors. If you go after them hard on a civil rights case, they might be less likely to give your clients deals on traffic tickets. Just seems our entire system is rigged.

Also, read stories of them saying you have no rights to an attorney or even to film them since they don't technically consider you in the US. You are in some limbo between countries. An entirely different ballgame than a traffic stop. But some of that stuff might just be some misconception, some they can lie to you but you can't lie to them.

Also stories of citizens, especially minorities who were even born in the US who say sometimes they get more trouble entering their home country than other places. Pretty sad stuff, I don't know if it's worse with the current administration or if this is a thing. Not something I've thought much about really much before but seeing it in the news more and more, pretty concerning stuff that seems to go against the founding principles of this very nation.

Then watching Orange is the new black, even though it's scripted it does touch on some very real issues. I don't think most people really think about these issues unless it affects them directly, but some pretty horrible stuff going on. The private prisons are contractually guaranteed a minimum number of inmates for example, and you can even buy stocks in them. So then if you are a shareholder, I guess more crime is than in your financial interest so the prisons you own a small piece keeps making money. Doubt any of those shareholders would even want to live anywhere near the prisons they invest in though either.

> Also, read stories of them saying you have no rights to an attorney or even to film them since they don't technically consider you in the US. You are in some limbo between countries. An entirely different ballgame than a traffic stop. But some of that stuff might just be some misconception, some they can lie to you but you can't lie to them.

I have had CBP officers tell me that I have no right remain silent. I have had CBP officers tell me that I have no right to an attorney. I have had CBP officers tell to me that they will not let me into the country until I answer their questions. They are indeed liars. Stick to your guns and they will fold.

A US citizen is admissible once their claim to citizenship is verified and they have completed a written customs declaration. At some airports, CBP eschews written customs declarations and has a policy to interrogate passengers instead. In that case, simply demand to complete (or, better, bring along an already-completed) Form 6059B and maintain your refusal to answer questions.

> I have had CBP officers tell me that I have no right remain silent. I have had CBP officers tell me that I have no right to an attorney. I have had CBP officers tell to me that they will not let me into the country until I answer their questions. They are indeed liars. Stick to your guns and they will fold.

Same, to all of it. They also told me they were going to arrest me and charge me with interfering with a border control point. Somehow after another 4 hours of declining to answer questions I was released without charge (into a northern Vermont snowstorm where I had no cell service and had to hitchhike to not freeze, due to them having sent the Montreal-Boston bus on without me, but that’s another story).

Interesting, I know I seen on cruise sites apparently they stopped using the paper version at some ports. I think it's odd they want to know all the countries you visited in the past, like if you took a long trip that'd be a lot to remember and repeat off. I think they just want to know to profile and stereotype things more though based on where you went.

I know I seen there's world cruises for about 6 months, would be a dream for sure to be able to go on! Probably a lot of retired people or business owners.

> The private prisons are contractually guaranteed a minimum number of inmates for example, and you can even buy stocks in them. So then if you are a shareholder, I guess more crime is than in your financial interest so the prisons you own a small piece keeps making money.

I don't think so. Private prisons hold less than 10% of total inmates, so there's no way they'll be short even if suddenly the US started to jail half the people it does now.

> some they can lie to you but you can't lie to them

Isn't lying to a federal agent a criminal offense in the US?

Same with lying to police. Talking about them lying to you, but you can't lie to them. It's a tactic used to lie to people to try to get them to speak more, etc.

Yes, for several years I declined to answer any of their rude and invasive questions, on about a dozen border crossings.

Interesting. Wonder if they target you for some reason? but I think some questions are just following a script, so it might seem invasive but they do this all day.

My dream is if ever got rich from tech or won the lottery, is to travel full time. By plane, train, cruise ship and then buy an RV to explore more of the US. I think RVs are super cool but feel they are a bit outdated compared to modern cars. So hoping by then they'd improve.

But I feel like living an alternative lifestyle would subject me to harassment at some point. I also dream of a mansion in central FL and supercars, but I'm also into minimalism and feel like there's more to life than just buying a bunch of fancy things, that need to be taken care of.

But even starting out as a nomad, I know many states give people trouble at the DMV for full time RVing since mail forwarders aren't considered a valid address, so a lot of people have to change their domicile to a friendlier state such as South Dakota which recognizes people who travel full time. You have a affidavit to fill out, bring proof you rented a mailbox and stayed a night in the state. it's estimated about a million full-time RVers. Then some people live out of boats or a suitcase traveling around.

There's a guy who goes by Super Mario who lives on cruise ships full time. https://youtu.be/bcBzOesw7sc - I think he's a investment advisor who works remotely now. However instead of going from ship to ship, he books on a ship that circles around the same area back to back for 6 months in advance so he can get the same room. The New York Times did a little min doc on him, but traveling over and over again like that wouldn't surprise me if they think he's a drug runner based on travel patterns unless they are aware of him by now for doing this so much times. There's some other interviews with him, pretty interesting lifestyle. I can see the pros and cons.

Dreaming about things is a bit of motivation, but also a bit of distraction too.

> My dream is if ever got rich from tech or won the lottery, is to travel full time.....But I feel like living an alternative lifestyle would subject me to harassment at some point

I quit my job and spent 2 years driving from AK to Argentina, then again to spend 3 years driving around Africa. I'm now a full-time nomad, and doing everything I can to never sit at a desk again (freelance writing, photography, published books, etc.)

I certainly get some good interactions at "first world" borders, but nothing really bad. When I drove into the US on my way to Argentina it was obvious the officer simply didn't believe I was going to drive into Mexico. Even with the map on my hood [1].

Recently I drove into the US with my passport full of visas from 35 different African countries (even Sudan, Congo, Nigeria, etc.). The border guard flipped through it and said "Wait, WHAT do you do?".. utterly confused. I told the whole story, showed him the new map on my hood and again he was just confused. Friendly, but confused.

I was detained once at the border coming in by bus from Canada... the border guard was not convinced I was not going to stay. After 5 hours they let me speak and I mentioned I had a ticket out of the country (flying out of LAX like a week later).. when I showed the ticket the officer said "Where's Sydney?"

It's all good.

[1] https://www.instagram.com/p/ByyD2J_lfmE/ [2] https://www.instagram.com/p/Bw4h0X_Fq_G/

> When I drove into the US on my way to Argentina it was obvious the officer simply didn't believe I was going to drive into Mexico. Even with the map on my hood

I'm going to go with the fact that you're a white guy with dreads that made the border guards want to give you additional scrutiny. It had nothing to do with your story or vehicle.

"I quit my job and spent 2 years driving from AK to Argentina ..."

How did you cross the Colombian jungle ?

I drove a much less ambitious route from Colorado to El Salvador and, of course, thought about continuing to go south ... but all accounts led me to believe that it was essentially impossible to drive continuously through Colombia ...

oh wow, living the dream! Not sure if I'd feel safe traveling in some places, one thing that kinda draws me to wanting to cruise. Like egypt want to see the pyramids, but not sure if a place I'd want to go alone.

Looks like I've seen some of your videos on YouTube before, when looking at videos about people who live out of their Jeeps. However if money wasn't a limit I probably would want a class A RV, but the Jeep Wrangler makes a prefect tow car, people in the RV community call them toads. But you leave your RV at a camp spot and then can go explore in the Jeep, grocery shopping, etc without needing to break camp.

But yeah I think the nomad lifestyle has its challenges, but also some great things too. I love going to new places, reminds me of family road trips back when we used to go somewhere every year.

Calling them "border pigs" will result the delay being closer to the 30 hour mark =)

Yep, called contempt of cop. Not a actual crime of course but they can sure use their powers. I think cops in general view themselves as a brotherhood and questioning any of them is attacking or criticizing them all in their eyes. More about emotions and power than logic and law with some people.

I know I got some family in law enforcement and was mentioning some of the stuff on the news once at like Christmas or Thanksgiving several years back, and they surely didn't like that. But then again they didn't like me talking about how I think circumcision is wrong either, apparently it hurts their religion too.

I know there's stories of cops being fired for speaking out about wrong doings, and even one was sent to a mental hospital for it but got a very large settlement with the city.

One of the sad things are people will see a clip on the news and judge all cops however. I always love it when I see heartwarming stories of cops doing good. For example recently someone was pulled over for lights being out and was having trouble with his wiring harness. So the cop actually helped him fix the car! Now that's real protecting and serving, in other areas probably write a ticket for revenue and of to the next, very impersonal.

I know I seen a video once of some cop in New Jersey who pulled over someone, the guy rolls down the window and the cop comes up yelling for license and registration. Can't even say hello or be cordial. Sure the guy might of broke a traffic law, but don't need to be a jerk about it. Not like he murdered someone, but even then stories of mass murderers being treated better. Dylann Roof apparently was taken through the drive thru.

Are there stats on the "ethnic composition" of CBP? I must have developed some strange cognitive bias from crossing the border but purely from subjective guessing I would think that a very significant number of CBP agents are non-white.

So a question arises in me: why are they allegedly preferring whites over others in terms of extended screening measures etc.?

Certainly at the southern border nearly all CBP agents are Hispanic. I've seen stats but don't remember where. Obviously language skills would weigh heavily towards native speakers, which would tend to influence hiring.

Might be the influx of domestic terrorism.

Last time I looked it up, law enforcement would treat white women the most lenient, followed by black women. White men are treated a bit worse than black women and of course, black men were treated harsher than the other groups.

Was that controlled? That is, did they measure only illegitimate detainments? Because I'm sure crime rates vary by demographic.

Found it:


It seems controlled for the same crimes.

>If you're a white male, there's perhaps less of a chance that a bad employee will feel they can take advantage of you, but there's still the chance.

You have no basis for this claim at all. You should have stopped at your first point.

I really wish Apple would put something in place where you effectively have two user accounts. If you type your actually passcode, it's just your normal account. If you type another specific passcode, it's a burner account with minimal apps and information. It has enough info to make it look like it's being used, but nothing important.

Obviously border control would quickly know about this, but there's no way to verify.

Attempting to deceive CBP through hidden volumes and the like is not recommended.


It's worse than that in some cases. I used to work for a big 4 consulting firm and they had some horror stories about border device searches.

The company policy for travel outside the EU was simple... Your own laptop would go into a server room and become a remote desktop host, you'd be given a blank laptop. When you got to your destination safely you'd call up IT who'd tell you where to download the VPN software and provide you login details. If asked why you laptop was blank by border agents you were instructed to give them a copy of the company IT policy.

Which is all well and good border agents demand you go through the above process and log in to the VPN and then remote in to your own laptop. It happened on multiple occasions in several countries and in most cases the employee was deported after refusing to comply.

It might've been better to respond with the fact that you had only just received that laptop from the company, which was the truth.

A new clean laptop is in itself suspicious, especially if you are on a business trip.

I think the expensive legal brains the company employs decided it is better to simply admit that they do it this way to stop border inspections. Better a deportation of a single employee rather than risk compromising their IT systems and data.

> border agents demand you go through the above process and log in to the VPN and then remote in to your own laptop

empty laptop or no, that brings up a general issue - border agent asks you to VPN into your corp network and to give them access into it (which beside a slew of corporate policies may also violate a bunch of laws like GDPR, HIPAA, SOX, EPA Clean Water and PCI compliance, etc - IANAL, so who knows what laws can be violated, all those corporate compliance and business conducts emails are so scary). Me being a little guy doing as i told/ordered to by the ones with authority, I'd just call corp IT security, some bozo high up the chain, and let them do their job - sort it out and make the decision. Sucks though for small companies without that fat and important corp IT security and all those C[compliance|information|customer privacy|security|sustainability|etc.]Os around.

The solution could be for the company to give the VPN password to the employee by phone some time after they arrive at the destination. Then the employee literally has no way to access the VPN when detained.

Then the employee may be subject to indefinite detention? That would be an absolutely unthinkably bad policy.

Why did the big 4 consulting firm think that it was so important to hide the laptop data from the government during the border search?

Many companies have policies, especially when visiting China, to send in users with blank devices and wipe the devices on return.

The big 4 consulting firms aren't single entities. Each country has its own independent branch that shares a global brand, set if principles and objectives.

The Irish branch has to comply with EU and Irish law. Think GDPR and various other laws relating to keeping financial data secure. Plus they would also have very strict contracts with their bigger clients guaranteeing the security and privacy of their super sensitive commercial data.

You would be unwise to assume that the data retrieved through a customs search of your laptop or phone wouldn't end up in your rivals possession.

Because otherwise any information on the laptop would have to be considered compromised.

What about if I put an encrypted backup of my phone into some online storage and factory reset it? Probably not a workable solution for frequent travelers.

This probably would raise suspicion and CBP will detain you, as will bringing no phone at all.

This is the EFF's statement regarding wiped devides:

We don’t recommend disk wiping as a border crossing security measure for most travelers. It’s a less common data protection technique than the other ones highlighted in our guide, which include encryption and minimizing data that you carry. Wiping your computer will make it unusable to you. Also, it may draw the attention of border agents, since it is unusual for travelers to carry blank devices with them. This may be of particular concern to travelers who are not U.S. citizens, who may receive more scrutiny from border agents. Again, you should consider your risks and security needs carefully before deciding how best to secure your data for border crossings as everyone’s individual risk factors and data security needs are different.


That's basically using your own phone as a burner phone.

You could probably stick a few innocuous photos and messages on it and claim you'd just upgraded or something.

Can I claim that I don't like my laptops searched so I reinstalled it from the scratch? It's truth. Can they force me to reveal my gmail password or something like that?

You can't beat the government or law with clever technological tricks. So you pull that stunt, then the border agent reminds you that lying to a federal border agent is a crime. You give a hesitant, non-confidant, shift your eyes wrong and you're detained. Heck they might even just detain you for shits and giggles because there is no repercussions to them.

Have fun.

So your best bet is to just let the government invade your privacy? Or travel without your actual phone, and take some random cheap Android device?

or you could go out and Vote!

How do I vote against US policies if I’m not US based?

Vote with your $/£/€/etc.

How does that work? You're saying I shouldn't travel to that specific country, correct?

> there's no way to verify

Obscuring in this manner likely counts as lying to a federal officer, particularly if they catch on and ask if this is your main profile.

Doesn’t matter. If there’s truly no way to verify, there’s nothing they can do in a scalable way to determine people are lying about their main accounts.

The only thing they can do is use fear to get you to comply, or make you doubt your deniable encryption scheme is truly secure.

If they really wanted to could they find out? Perhaps. Maybe if they use CCTV footage and extract your phones screen and do comparisons or something. If you are an individual though who has done something to warrant that level of scrutiny, perhaps the additional crime of lying to a Fed isn’t a big deal compared to whatever crime you have done.

> Doesn’t matter. If there’s truly no way to verify, there’s nothing they can do in a scalable way to determine people are lying about their main accounts.

It doesn't have to be scalable; border control already isn't scalable and relies on uniformed officers making decisions on the spot. It's not hard to add additional point in training that says, "if a person has suspiciously empty phone and the phone is a model X, ask them to unlock the second account; if they refuse or pretend they don't have one, apply 3-30 hours of pressure". This would probably cover 99% of cases.

You’re literally describing a way to make it scalable.

INAL but I don't think that legally it would be lying. I believe lying requires more than not complying. Plus, we always have the right to remain silent.

Even if true, border officials will start asking everyone "is this your main profile". I guess you could refuse to answer, but that will make the answer obvious.

Any time you say to the officer something you know is not true is lying. It may not necessarily be immediately grounds to detaining or turning you from the border but it may cause further escalation. Never tell a lie to the police and never offer any information unless directly asked for it.

The right to remain silent isn’t the right to intentionally lie.

> Plus, we always have the right to remain silent.

No you don't. Not at the border.

Untrue. People who crack jokes about "constitution free zones" at the border are just uninformed. There are some obvious broad waivers on searches to enable the enforcement of import/export and immigration laws, but other rights that don't relate to the particulars of border enforcement are not impacted.

> There are some obvious broad waivers on searches to enable the enforcement of import/export and immigration laws

Except those searches can be done at the behest of other law enforcement agencies and any information found can be shared with them.

Incorrect. CBP has a policy to destroy any digital data collected during a search unless it is relevant to an investigation of customs/immigration crimes or is related to terrorism, which can be broadly construed as related to immigration law insomuch as one of the primary purposes of a border is to keep out unwanted persons.

I recommend reading through this document assembled by the EFF about various kinds of border searches and the constitutionality thereof.


I fail to see anything in your link to back up your claim.

Here's what the EFF does say about the CPB doing exactly what I described.

> The evidence includes ICE and CBP policies and practices that authorize border officers to conduct warrantless and suspicionless device searches for purposes beyond the enforcement of immigration and customs laws. Officials can search devices for general law enforcement purposes, such as enforcing bankruptcy, environmental, and consumer protection laws, and for intelligence gathering or to advance pre-existing investigations. Officers also consider requests from other government agencies to search devices. In addition, the agencies assert the authority to search electronic devices when the subject of interest is someone other than the traveler—such as when the traveler is a journalist or scholar with foreign sources who are of interest to the U.S. government, or even when the traveler is the business partner of someone under investigation. Both agencies further allow officers to retain information from travelers’ electronic devices and share it with other government entities, including state, local, and foreign law enforcement agencies.


You absolutely do have the right to remain silent at the border.

Your statement is untrue. You have the right to remain silent at the border as well.

Wouldn’t it be safer to:

1) Backup phone then reset to factory before flying 2) Restore once through customs.

Have you tried to restore your phone? Especially while on LTE/3G or hotel WiFi? It's an absolute pain in the ass, takes a couple of hours, not to mention you have to set up Apple Pay again. Deal with 2FA changes because you can't back up Google Authenticator.

If this was an independent review I would take it more serious, but it comes from authy directly.

Serious question tho, can Authy be used on any website that supports Google Authenticator?

There is also microsoft authenticator which supports the same things as Google Authenticator. They just added a backup to onedrive feature too.

Do they support any other backup options? I have no interest in signing up for yet another account, just for one specific app.

Google Authenticator is essentially just RFC6238 - TOTP: Time-Based One Time Password Algorithm.



Cool, didn't know that. I definitely like that Authy has backups.

I did it each time I got new iPhone before "transfer data to the new device" was available. No issues.

That would imply having your other phone available. The original suggestion was to clean your phone, and then restore it from a backup. So the whole "transfer data to the new device" wouldn't work.

That's historically been referred to as as duress code.

It would be exceptionally hard to make it look like the phone is being used with the 2nd account. For one thing, having current email would be pretty mandatory to pass a sniff test.

Not recommended to rely on in court but if your friend wants to borrow your phone, there are androids that can unlock to different accounts depending on what finger you use to unlock with the fingerprint sensor.

Well 1Password does have a "travel mode"


It's worth noting that if you go this route, they cannot turn you away but they can hold you for quite some time, and they can keep your phone while they investigate further when they release you.

I'm curious, would putting your real device in checked in bag and bringing a separate device / burner with you generally enough for bypassing it, or do they check all devices in your bags?

Generally you have all your check bags with you when going through customs.

Right, but do they usually only check the device on you, or do they also go through every device in your bags?

I always get my checked bag after going through customs

Really? I typically go through immigration control, then get my bags, then go through customs.

I can’t imagine how you could go through customs without your bags and have them have specific evidence of your customs violation. I always assumed that’s why some airports make you manually handle luggage and “carry it over a line” to give back for rechecking.

You are right. I was thinking immigration control.

If customs detains you with the intent of searching your electronics, they will almost certainly open your checked-in luggage and search that as well.

As I just learned: Android limits password lengths to 16 characters, so you can't use passphrases.

You can also press the lock button five times to make it refuse to unlock without a valid passcode.

Just tried that (iPhone 8) and it did reject my fingerprint but only after issuing a loud WHOOP WHOOP “Emergency SOS” and 3 second countdown to make an emergency call (presumably 911).

Hardly a stealth move to pull at the border!

Press and hold volume up and lock button. No sound.

Oh, I keep that feature off so I didn’t realize it also will dial the emergency number. Thanks for the heads up!

Note that this disables the use of Activation Lock, so in case of theft the bad guy can erase the device and resell it.

Also this won’t actually protect you against bootrom exploits.

I don't get the benefit of Activation Lock, a thief will find it out only AFTER your phone was stolen, I doubt they will give it back to you.

It's the same as with GPS / Position Car Alarms- it's great for your insurance company, but in most cases I don't want to get my car back damaged or in pieces

It's like herd immunity: if most phones have an activation lock, then thieves are less incentivized to steal them. Obviously they can still sell them for parts, but they're worth less.

> The temptation of a smartphone for a thief is dropping, thanks to Apple’s decision to implement a remote kill switch via Find My Phone that can erase and disable a phone once it’s been stolen or gone missing. A new report from Reuters found that iPhone theft dropped by 50 percent in London, 40 percent in San Francisco and 25 percent in New York.


In theory it's not needed since you could report your phone's IMEI as stolen and the phone would be block, for some reason it's not common among operators


An iPhone can still be used without cellular data as a "premium" iPod touch, plus blacklists aren't worldwide and phones can be sold in foreign countries (a worldwide blacklist can be problematic due to standards of proof for theft and corruption being different - do you really want a third-world country to be able to dictate which phones can and can't be used worldwide?).

In my neighborhood recently, a woman was held at gunpoint and made to disable the activation lock. Thieves are getting smarter.

For straight theft, usually not, but in my experience losing a phone is a more common scenario, and quite often when tracking one (as I often end up doing for friends, since findmyiphone somehow counts as "hacking" to them) you'll see it taken all across town, the finder trying to figure out how to get it operational, then eventually giving up and settling on your offer of a finder's fee.

So the not-exactly-honest but also not actively a thief regular member of the public likely to find your phone is almost always swayed, I find.

An alternative: make a full backup of your phone, then restore your phone with a different backup with less personal information, and then once you cross the border you restore your phone using the first backup.

There is no official way to manage Apple iPhone and iPad backups - iCloud only seems to keep 1 backup at a time, and iTunes on a PC also doesn’t give you any controls - you need to manually manage the files yourself and may end up with a corrupted or unrestorable backup.

Now, I disregard Apple’s backups (if there’s no point-in-time recovery or named backups, then it isn’t a backup system!) and use my own self-hosted (Synology) or third-party (Office OneDrive for Business) means for storing files on my phone. As for app-specific data, and PIM, thats all either inconsequential if lost (e.g. save games) or synced anyway (Office 365 Exchange).

This was super easy when I had TWRP recovery.

Is there an official Android way to pull a full system backup?

Since the release of Android 6 apps have the ability to back up data to a Google account. I don't know if all apps make use of this feature, but many of the important ones I use do. Just signing in to the right Google account will pose the question of if you want to restore data from a different device or not.

There's also a backup mechanism built into ADB. This is a manual process that puts a copy of all apps and information (but probably not security keys) on your computer, optionally encrypted with a PASSWORD. Google deprecated this functionality though. See here for a short guide: https://9to5google.com/2017/11/04/how-to-backup-restore-andr...

There's always TWRP/Titanium Backup if you have root access, or in the worst case scenario, starting a root shell over ADB in recovery mode and just DD-ing the entire data partition to a file in your computer.

> Since the release of Android 6 apps have the ability to back up data to a Google account.

That does have the unfortunate side-effect of giving Google your application data.

Android full system backups have become less and less 'full' with each version.

Stopping piracy, enforcing secure storage for apps (eg. Fingerprint storage), and protecting DRM keys are all fairly incompatible with being able to backup and restore the entire device.

I used to do this but I have two iPads and three phones and the larger ones take several hours to backup/restore. :/

> Pair locking is a useful feature to protect yourself against invasive device searches.

Probably also a good way to get onto no-fly lists, and spend hours in detention, etc.

I find this whole discussion (including the above comment) surreal, given that we are talking about the country that used to be called "the land of the free" and that claims superiority over countries that restrict freedoms.

The more I hear about the U.S. the less I want to go there, for any reason, ever.

I'm sure the people are lovely but the government is scary.

Aussie/British here so YMMV if you’re from somewhere less white.

Go to the States. It’s amazing. Almost none of what you read here actually happens. I’ve been a bunch of times in the last few years and the border people have been nothing but lovely.

The countryside is amazing. The food is ridiculous. The people are extraordinary — and I’m a leftie who happily says that of the good folk of Alabama.

We can’t wait to go back. Next road-trip will probably take us from Washington state to Chicago.

while i agree (i absolutely love visiting the US, i travel there once a year at least), the problem is not the country itself.

it's getting there. it's getting a visa, being harassed by CBP officers and TSA.

American Exceptionalism taught us that it's so much different than other places.

In reality, it's not really any different than any other place, and the way the government treats citizens and non-citizens isn't much different than the way any other generally functioning country would. The only difference is that we have especially well-known patriotic freedom-based songs and sayings. You shouldn't be scared to come.

As a non-citizen, I could be detained/searched if I travelled to France or Germany or any other Western European country for next to no reason and it would be legal there as well, wouldn't it?

To be honest, the most rigorous part of the entry process in the USA compared to other countries is the customs agents that are out to prevent you from bringing in foreign agricultural products.

I can only speak about Germany. While some form of searching at the border is legal, the power of border police and customs agents are much more restricted than those of the US counterparts, especially when it comes to cases without adequate suspicion.

Apart from legal questions, what matters more is how it's handled in practice.

Americans have freedom on paper but they don't have any freedoms that matter. They have "freedom of speech" in the technical sense, but that freedom goes away once they get an audience that matters.

I wonder if the folks who downvote this have traveled much ?

BTW you have to exercise that free speech in the specified zone. Cant be out there talking all willy nilly

The same Americans who talk about how Europeans don't have "real freedom of speech" get mad when their favorite political commentator gets censored on Youtube or Facebook or get mad when a riot keeps them from seeing someone give a speech. The end result is that Americans don't have real freedom of speech.

The hypocrisy you're referring to applies to practically every liberal nation you can name. You're merely selectively, conveniently focusing on the US and narrowly focusing on this issue while ignoring other types of very common border restrictions in "free" countries that like to lecture on human rights.

Shall we discuss border security and immigration (which is a type of border security restriction) policies of Canada, Australia, Japan or the Scandinavian nations - to name a few?

Nearly every liberal democracy is blatantly, intentionally regressive at the border, typically in several different ways.

I've been crossing the EU border (as a non-EU national) regularly (like once in 1-2 months) since around 15 years.

And I've never ever seen anything even remotely resembling the pure insanity that appear to be going on on the US border according to the comments here.

I really hope I will never have to go the US to experience that on myself

Hear hear. No EU border agent ever asked if I had a phone, let alone search it.

Given the same approach is used by organisations to manage their devices, I doubt this is likely to play out that way. However, if you're already a person of interest, this is unlikely to make you that much safer as any reasonable grounds for search would be used to exercise warrants against any computers you own. So, I suspect it's a reasonable protection for "slightly-more-tech-savvy-than-average" Joe's wishing to protect against opportunistic or capricious fishing for stuff, with sufficient plausible deniability ("yeah, it's a company phone") that would dissuade casual/random searches.

That's probably a good reason to choose an organisation name that looks enough like your employer, for added believability...

I sure hope not.

I work for a financial institution and our phones are locked down hard, including pair locking. This is done as a requirement from the FSA as a result of having access to confidential data on the phone. None of the data is stored on the phone, or even cached there, but it's still pair locked.

I regularly bring my phone through US customs, and i've yet to have any problems. Granted, i travel from a visa waiver country, and am a white male, so my experience is probably not typical.

My personal phone gets backed up and wiped before travelling, and is usually just running a selection of "basic apps" - phone, messages, and a few utilities.

Once i arrive at the hotel i restore it from the real backup, and repeat before leaving again. 10-15 years ago this was the procedure i would follow when traveling to China or Russia, but modern times has expanded this to include the U.S.A. and GB.

If it's just a short trip (1-2 days) i just bring my company phone though.

Why your experience as a white male not typical? Are white males a minority in US? I think it's rather the opposite: your experience probably is most typical.

Pair locking is also probably enabled on a lot of people’s work phones so you at least get plausible deniability there.

If it's enabled on enough people's work phones, you can be sure an exploit will be used to bypass it...

Yes, just set the organization to 'Apple, Inc.'

...but it's no different in that respect than declining to unlock, which I imagine pretty much everyone on this site will do in such a situation.

> get onto no-fly lists

Source? I can't find evidence that anyone has ever been added to a no-fly list for declining to unlock.

Because these lists are freely searchable, right?

Apparently, yes : https://www.no-fly-list.com/

Maybe there are other unofficial lists, but this one is searchable

The no-fly-list.com website looks like it has been created as a joke. A similar site, nsatt.org links to no-fly-list.com and is clearly a joke based on its FAQ page[1].

[1] https://www.nsatt.org/faq.php

Is this satire?

That's exactly what I was thinking too about that site being satire. They even got a disclaimer but it's lightly colored text on a lightly colored background so hard to read.

   The data ("the Data") displayed herein is provided "as is" with no warranty 
   whatsoever, neither express nor implied, and no claims are made regarding its 
   accuracy, veracity, or suitability. Inclusion of persons in the Data does not imply 
   or allege their participation in terrorist activities. The Data is intended to be 
   used for reference purposes only, and should not be relied upon as the sole 
   determining factor of an individual's participation or non-participation in terrorist 
   activities. All persons are presumed innocent until proven otherwise.

   By using this web site you agree to release from liability and hold harmless the 
   Terrorist Security Administration (TSA), its employees and affiliates for any errors, 
   inaccuracies or omissions in the Data. The TSA is an independent, non-government 
   organization and is in no way affiliated with any branch of any government, 
  corporation, individual or other entity, whether real or imaginary."

You can also do a hardware mod by swapping some data pins on the connector and soldering a special cable just for you.

That's not as easy as you'd think. The connector contains a chip on a tiny teeny PCB. And you'd need to re-route signals _after_ that chip in order for this to do anything.

Ha, the up side of my failed usb port I guess... I can only wirelessly charge is the downside...

Any reason one couldn’t remove the lightning port entirely? And charge only wirelessly (Qi), using Bluetooth for audio?

The only reason might be something only available through the lightning port. The only thing I can imagine is trying to restore from backup if the OS got messed up for some reason or the screen is broken and touch UI is not an easy option.

Depending on your threat model, it might be suitable to have it removed and roll the dice if something goes wrong. Would be swank if Apple had an option to wipe the device and flush the secure enclave if it can detect physical tampering (momentary contact closure) with the traces for the port that was removed.

Just cram a bunch of lint in the port :)

Always scares me when that happens

One could remove the lightning port, or fill it with epoxy. But the lightning port is a replaceable module, so sufficiently motivated party would just perform an easy repair job of replacing a new lightning port.

Sneaky, I like it. But you'll definitely will need an above-average soldering station, and skill.

Way above average. Those USB ports are nigh-impossible to solder, I'm not even sure how you'd "swap the data pins".

How does one go about integrating an USB Killer inside an iPhone?

> If you lose access to your laptop or pairing record then you will also be locked out of connecting to your phone.

I never understood why people do this. What if you pour coffee over the laptop and it'll never boot up anymore? Buy a new phone too?

I would assume this supervision identity is part of your keychain as usual on macOS and could even be exported. It is not bound to any physical property of that particular laptop. A backup should be enough to avoid the scenario you are describing. You should be able to acces the iPhone after importing the supervision identity on any another Mac.

It's not in the keychain. You can back up /var/db/lockdown, though.

That's why you make backups, so even if you lose your laptop, your pairing record is safely backed up somewhere else.

If you want to look at it that way, the pairing record is just a digital token that lets you unlock (for reading, the data in) your phone. So it's effectively a kind of password then. It's like having an unlock password in a password manager on your laptop.

I don't think it would fly to say at the border that "sorry, can't unlock for you because I don't know my password, it's in a password manager on my laptop".

What you say is "Sorry, I can't unsupervise that".

If you wanted to lie, you could say "Sorry it is supervised by my company, I can't unsupervise it"

Alternatively you could encrypt the key or whatever, give that to a friend on a USB stick. Then, at the border, you say "I can't unsupervise that, the keys are managed by a third party." Which is technically the truth... the best kind of truth.

They'll just find you are causing trouble and put you in the little room where you'll sit for a number of hours and learn to stop thinking you could pull stunts at the border. They don't really care why you can't show a normal phone with a history of a normal life. They just want to see a normal device with normal data. There is no scenario where a technicality means you don't hand over a device they can read and they go "oh, well if you can't you can't!".

Any of: no device, wiped device, locked device, is just seen as suspcicious and you'll be harrassed. Their whole idea is to make anything non-normal uncomfortable for you, so you'll comply (because most people do almost anything including giving up any data, to not have to fly back home or spend hours in a little room).

But a supervised device is neither wiped, locked, nor extremely uncommon, nor does the device owner usually have the means to break the pairing, so I reckon you're off base here. It is a normal device with normal data, it just can't be imaged. They can still go through it.

Exactly. The worst part of the situation at the border is the images they capture. If a person looks through your phone right then and there, the worst part is them looking at your personal stuff, which is already bad. If they take an image there is no knowing where all of your personal data will end up.

I thought the process was more or less automatic. Plug phone in, image it. If the computer says no, that’s bad. They don’t want to skim read your phone contents they need to keep it to make it searchable if it is to have any real value beyond psychology.

Securing a single phone is a half measure at best, and your phone might get seized. Also, CBP, TSA and colleagues will do what they can to fuck you extra hard when sensing resistance to their ramming their noses up your cavities. The only true remedy is to get the US back on track with being a democracy and respecting the Constitution again.

Is simply crossing a border a "reasonable" search and seizure under the Fourth Amendment? Is there a legal precedent for that?


Since the first border search statute was enacted in 1789, customs officials have essentially been authorised to search anything crossing the border, without warrant. It was approved by the first US congress, which counted James Madison, Alexander Hamilton, George Washington and John Adams among its members. The original target was ships that might be carrying taxable goods.

Warrantless border searches are literally older than the fourth amendment, which was only ratified in 1791.

Thanks for the pointer.

It seems like it's not so clear-cut, with lots of fine legal points around search on person vs. property, digital vs. analog/physical "goods", the individual suspicion requirement etc etc.:

>>At a minimum, the Eleventh Circuit’s decision makes clear that this issue isn’t likely to resolve itself. The case for clarity from a higher court—or from Congress—is only getting stronger.


I find it lamentable that the people who sued the US Government for the legality of these searches were both involved with child pornography.

It's the unfortunate fact that any privacy protecting program will also protect people generally deemed morally reprehensible. There's no way to make software tell the distinction between the two groups so it's something both programmers and privacy advocates are going to have to deal with because there will always be people both in and out of government who will use those cases to push for their abolition. (see the never ending boomerang of anti-encryption legislation around the world)

> Warrantless border searches are literally older than the fourth amendment

That's not an argument for warrantless searches, though. A thing that's regulated is obviously older than the regulation. Killings are older than “thou shalt not kill.”

Perhaps I wasn't clear, what I meant to say was:

In many cases of constitutional law there's room for debate about what the founding fathers meant - what's with all those commas in the second amendment? What defines an "unusual" punishment? Is the commerce clause supposed to be as broad as Wickard v. Filburn makes it?

However, when looking at the specific question of whether the founding fathers meant for searches at the border to require a warrant or probable cause, we have clear evidence: The same people who wrote the Fourth Amendment also passed a law allowing customs officials to search boats at the border.

Of course, this doesn't preclude arguments on narrower grounds than border searches overall - I don't imagine the founding fathers imagined carrying naked pictures of their partners across the border, and border guards demanding a copy!

No need for a warrant. So pretty much anyone or anything that is in line to cross a border is automatically fair game. I'm sure there's case law on this. For example suspicionless DUI checkpoints have been ruled legal because the supreme court views it as a minimum intrusion and for the greater good. So wouldn't surprise me if similar grounds are used in the border case.

However some state courts have said DUI checkpoints are illegal under state constitutions. For example in Texas, however Texas has border patrol checkpoints. Never knew of that from being from the midwest, but I follow some full time RV vloggers on YouTube and learned about them. It surprised me, since not leaving or entering the country so never expected that traveling within your own country. Within 100 miles of the Mexican border, both permanent and temporary. Then recently in the last several years they do them now for the northern Canadian border too. Maine, New Hampshire, Vermont but temporary for a few days a year. Some people live and work near them so they have to go through a checkpoint every single day, and traffic backups too. So annoying for the local residents, and also might discourage some tourism too, hurting their local small businesses like restaurants.

They are supposed to be checking for immigration status, but even looking for other things such as drugs. Even though drug checkpoints in themselves were ruled to not be legal. Since weed is legal in California, federally it's still illegal. So if you drove across California with weed, you could still get in trouble. There's some videos of people challenging them and refuse to answer if they are a citizen. Even border agents claim their dogs can smell if someone is an illegal or not too. So I guess illegals and citizens suddenly have a different scent.

They also board buses and trains such as Greyhound and Amtrak going seat to seat asking people of their status. The ACLU has been asking Greyhound to stop allowing them to do this since the buses are considered private property, but there's also arguments since they are commercial they are subject to different laws. https://youtu.be/0SxHkFZV4fw here's an example of one before getting on a bus or train at the station. here's one in Florida https://youtu.be/U62XSk8uQtU

Phoenix on a metro bus. https://youtu.be/XgQVrBGlqx8

Spokane, WA City Council had a issue with it too. https://youtu.be/xHKk8oZLA1s and https://youtu.be/GjbLJqvZVDo - They get on the bus and go seat to seat asking asking what country they are a citizen of and where they are going... You don't have to answer but cases where they have taken people off the bus and can make you miss it. Pretty sad traveling within the same country or even city. I think they should keep border security at the border and secure the border itself.

> The only true remedy is to get the US back on track with being a democracy and respecting the Constitution again.

Sadly, a lot of people will read this and think, “I’ll just vote for my favorite party”. But the laws that need to change have already survived the two most popular parties being in control.

We citizens need to do better than just vote the party.

I do wonder if supervising devices lowers security overall.

Apple has been moving a number of the 'heavy hand' management permissions to only apply to supervised devices - for example "global http proxy" [1], which can be loaded onto a device through safari on a link to an plist on an unlocked device or through a management server (MDM), forces all http/https traffic though a proxy only applies on supervised devices.

Also Apple announced at WWDC [3] that blocking host pairing in Configurator is going away in favor of the restriction setting blocking it [2]

[1] https://developer.apple.com/documentation/devicemanagement/g...

[2] allowHostPairing restriction at https://developer.apple.com/documentation/devicemanagement/r...

[3] https://developer.apple.com/videos/play/wwdc2019/303/

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact