问HN:对于注重隐私的人来说,你们如何准备应对设备的边境检查?
最近新闻中频繁提到的一个话题是,海关和边境保护局增加了对进出美国旅行者的检查次数。我觉得这很有趣,因为这似乎是一个应该有答案的领域,但实际上只有一些答案。
对于笔记本电脑,用户可以进行双重启动和基本的文件或操作系统加密。因此,如果被要求解锁笔记本电脑,你可以向检查人员展示你的操作系统。如果他们决定进行更深入的检查,提取并成像你的设备,文件和项目仍然会被加密。Veracrypt的隐藏操作系统可以解决这个问题,而无需单独对容器和文件进行加密。然而,如今这并不是一个真正的选择,因为它仅适用于MBR分区,而不支持EFI,并且在这一领域没有其他解决方案出现。
至于手机,情况就更加复杂了。
目前似乎没有一种通用的加密配置文件应用或功能,可以以类似的方式进行,比如使用隐写术功能。确实,可以获得Graphene手机或最新更新的苹果或安卓设备,这样Cellebrite或Greykey设备就无法破解,如果你拒绝解锁密码,他们也无法对其进行成像。如果你配合并解锁某些内容以便他们进行基本检查,然后他们再对其进行成像,显然缺乏能够加密或隐写隐藏文件的隐藏/配置选项,这对于这种情况来说是不够的。
此外,目前没有完美的整体成像解决方案来进行完整备份,因为现有的备份方法并不包括所有内容,比如某些应用程序未被备份或完整设置未被涵盖。
而且,不想解锁引导加载程序或对手机进行Root操作来尝试这个,这会使其更容易受到Cellebrite类型攻击的威胁。
对于那些关注隐私的人来说,如何处理这个问题?这并不是全新的问题,但移动设备似乎在安全性方面还没有达到计算机的水平,而这正是普通公众完全容易受到影响的地方。
查看原文
This is coming up a lot these days in the news- but Customs and Border Patrol have increased the amount of searches they do for travelers coming to and leaving the US. I find this fascinating- because it feels like an area that should have answers -but that there are only some.<p>With Laptops, one can do things like dual booting, and basic file or OS encryption -so if you are asked to unlock your laptop, you can show someone your OS- and if they decide to do a advanced search, take it and image it- files and items will still be encrypted. Now, this is the sort of thing Veracrypt's Hidden OS would solve without resorting to individual container and file encryption- however that is not a real option these days as that only works with MBR partitioning, not EFI- and nothing else in that space has appeared.<p>For phones - the situation is messier.<p>It appears there is no general encrypted profile app or feature one can do in a similar manner, say with steganography features- Sure one could obtain a Graphene phone or the very latest updated Apple or Android device so the Cellebrite or Greykey device can't break into it if you refuse to unlock your password and they take it to image it. If you cooperate and unlock something for them to do a basic search on and then they take it to image presumably- there's a lack of hidden/profile options that are encrypted or steganographically able to hide files in files which would be enough for this sort of thing.<p>There also is no whole-imaging solution to make a perfect backup, as current backup methods don't include everything, like if someone has apps not covered by a backup or full settings.<p>And one does not want to unlock the bootloader or Root a phone to attempt this,that would make them easier from a Cellebrite type attack.<p>For those of you a bit privacy minded who do like to see how private and secure a setup you can do- How do you handle this? This isn't something totally new, but mobile devices are not as far along as computers it appears- and that is something the general public is fully susceptible to.