My extended family have planned a trip to Mexico for almost a year now. I told them earlier this year that I may not want to go given everything that’s happening at the border and locally.
Some context: the majority of my family is white (i.e. the right kind of white) while I am a US-born Asian American. My parents (naturalized immigrants) and my in-laws think I’m over-reacting but I am concerned that me and my parents may have trouble re-entering the US when we return.
I’ve been very vocal, especially online, about the state of affairs of the country. I’ve gone to two protests (without my phone). However, I am growing concerned that taking my phone may be dangerous, especially given how I essentially have no rights at the border.
My family is insisting that I take my phone. Besides the fact that I need to be reachable, they want me (the resident techie) to be able to find places to go, do currency conversions, etc. On my phone, I’m logged into things like lemmy and have various authentication methods (e.g. TOTP, ssh keys, etc.) that could grant the government access to other areas of my digital life. My phone also has access to my password manager, which I plan to log out if I take my phone with me.
I’m wondering if I am overreacting or if I have a legitimate concern. I know hundreds, if not thousands, cross the border without issue. But also know there is a non-zero chance that I will be questioned.
I have thought about getting a burner smart phone and then formatting the phone when I re-enter. My family doesn’t like the idea, but they are okay with it.
The other option I thought about was using my Pixel’s “second user” feature to run with a dummy account using a passphrase (verses biometrics) for unlocking the phone. Once I clear security, I would delete the second user and then proceed as normal. The problem with this approach is that if they clone the phone (I don’t know of CBP have the ability to do so, but wouldn’t put it pass them), I’m essentially shit out of luck.
Am I being paranoid? Are there other things I should consider?
I’d love for people of color to chime in, especially if you have crossed the border recently.
Buy a disposable 📱 when you get there, and sell it or gift it when you’re done with your trip.
EFF’s guide is extremely outdated.I pray you’re flying private.
I pray you’re flying private. Unfortunately not.
EFF’s guide is outdated for fascism times, certainly. There is no guarantee that even citizens will be granted entry.
Depends on how much effort that you want to expend. The danger from government surveillance isn’t that they will search your phone it’s that they don’t need to because they can read your information directly from the service providers that you use.
But, if we’re going to limit this to the phone itself:
A 2nd account won’t help. You should assume that they can read the unencrypted hard drive and also plant malware. If you want to bring your device it should be wiped, install a fresh image if you need to use it for calls/texts.
If your phone ever leaves your possession then assume that it is compromised and wipe it again at your destination. Additionally, be aware that there are exploits that a compromised phone could use against other devices over USB (so, it could infect the PC that you’re wiping it with) and there is malware that can survive the phone being wiped via the recovery mode menu.
It’s much easier to get a disposable device than to deal with all of that. If you were a high risk client, like a journalist, then you wouldn’t carry anything electronic and you would get a new device from a trusted source once you had crossed the border.
Probably the most important thing you can do is to get plenty of sleep and don’t worry about customs. Whatever you’re going to do, make sure it is done before the day of the trip and then try not to focus on your worries about security during the day of the trip. A minority looking nervous, tired and stressed is an easy way to be tagged for additional screening even if customs has no idea who you are otherwise.
Chances are you’ll end up feeling silly that you did all of this for no reason. I hope that’s the case and enjoy your trip.
I think op sec is very individual. And you have to assess the specific risks. I mean there are a bunch of options from, wing it and hope for the best, to leaving your phone at home. And they’re not entirely wrong. A phone is a useful device. Though it doesn’t have to be yours, you can borrow your sister’s discarded old Samsung, wipe it and carry that across the border, it’ll still connect you to your family and the internet… Other options: Go through your pictures and apps and move compromising stuff to your computer, leave some innocent ones around. Log out from most services, backup and remove the password manager. Though that mostly helps with agents just scrolling through your pictures. I think the common advise has been linked here and that’s a backup and then wipe the device. You can then restore the backup once you returned home. Or transfer your data from encrypted cloud storage after you’ve cleared the border. Android backups are a pain in the ass though.
What the f is “the right kind of white”?
Basically they are on the top part of the Peter skin chart.
