Is there an analysis somewhere discussing risks of data ex filtration via a stolen device?
How about best practices when crossing international borders?
Are there steps I should take to ensure data encryption? Is there some progression to prevent brute-force guessing the device PIN over and over?
Apologies if this is already discussed, I didn’t find it…
Risk of data if stolen: While I prefer keeping my info on-device vs in the cloud, this is one case where having the data in the cloud instead of on-device would be more secure. Just sign-on to those services, change password, force logout of logged-in devices, and if/when they get access they’ll only see your old login details (and any cached info, i.e. a week’s worth of emails or whatever).
Best practices when crossing a border depends on exactly what you want to accomplish (i.e. what’s more important, ease of crossing or privacy, how much hassle are you willing to put up with, etc.). Basically, the safest privacy-wise would be to bring no phone. Next on the list (from “safest” to “eh, I tried I guess”) would be:
Secondary/backup phone. Often called a “burner” phone, though I don’t care for that term. I literally have backup phones…so that’s what I’ll call it. Leave your primary at home. Never log into your actual email/social media/etc. on this backup phone.
Backup phone to cloud, factory reset, then restore after crossing. Lot of hassle, and you may not be able to restore everything that easily.
Selectively wipe data that you don’t want to be seen. Private photos of you and your partner? Really shouldn’t have them stored on a phone that could easily be stolen…backup somewhere actually safe and wipe from the phone. Log out of social media accounts. Same with email (and make sure to delete the storage for any email apps).
Do absolutely nothing, yell “YOLO!” as you turn off your phone just before going through immigration, and hope you have printouts of all the info they ask for (such as proof of where you’re staying, return flight info, bank account balance to prove you can support yourself for the length of your stay, contact info of relatives you’re visiting, etc.) because the second you have to log into your phone to look up the info they request…
Rob will discuss again the PIN in this week’s live because in the previous one about the same subject he advised us to not use crazy PINs but now he said he found some other kinds of attacks. In a past video he had discussed at what point of booting the filesystem is decrypted and is vulnerable of attacks by the authorities, not necessarily by a random pick-pocketer.
On a metanalytic side the authorities already know who you are before you arrive, it would be better to have an accessible device that has nothing inside that can get you into trouble instead of carrying a device that you refuse to give the code if you are asked for it.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.