- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Whit some tips for bringing devices when you travel to the US.
You must log in or register to comment.
When you log into Windows with a Microsoft account, your recovery key is often automatically uploaded to Microsoft’s servers as a backup in case you forget your password. Legally, this means Microsoft owns the key and must surrender it under the U.S. CLOUD Act.
I find that really quite shocking, but I guess I shouldn’t be surprised.
Given the legal and technical risks, the advice for business travelers is clear: do not carry data.
The US really is a hostile surveillance state.
The best tip: don’t travel to the U.S.A. “But my business…” Tip number two: stop doing business with the U.S.A.
It could also be ‘but my boss’. Convincing your boss to do otherwise or finding an other job is a solution, not always practical.
On a laptop it is relatively simple to maintain encrypted stealth “drives” within a logged in and decrypted system. If there a way to “unlock” a phone that depending on the password given will present a true versus secretly sanitized version? For example if you login with password 1234 you get a sanitized version and if you log in with password xyz789 you get the full access. All of it done without a tell that the “full access” version exists.
On Graphene OS there us a duress pin you can set which will wipe the phone immediately if it’s entered. Although I haven’t been able to get it to work in a way that i could open different profiles automatically by entering a different pin/fingerprint.
BUT.
My old Xiaomi Mi Mix 3 phone could do it. The phone had a “secure space” which was a separate environment with its own apps. I could assign different unlock fingerprints to it. So one finger would open the default environment and the other finger would open the “secure space”, and it worked seamlessly without any delays in unlocking.
I wouldn’t choose Xiaomi for privacy obviously but it’s just an example that shows it’s possible.
I don’t use Windows, except in a VM as absolutely necessary. Problem solved.
