问HN:对于注重隐私的人来说,你们如何准备应对电子设备的边境检查?
最近,这个话题在新闻中频繁出现——海关和边境保护局增加了对进出美国旅客的搜查次数。我觉得这很有趣,因为这似乎是一个应该有答案的领域,但实际上只有一些答案。
对于笔记本电脑,人们可以进行双重启动和基本的文件或操作系统加密——因此,如果你被要求解锁笔记本电脑,你可以向他们展示你的操作系统。如果他们决定进行高级搜索,拿走你的设备并进行镜像,文件和项目仍然会被加密。现在,这种情况是Veracrypt的隐藏操作系统可以解决的,而不需要依赖单独的容器和文件加密。然而,这在如今并不是一个真正的选择,因为它只适用于MBR分区,而不适用于EFI,并且在这个领域没有其他解决方案出现。
至于手机,情况就更加复杂了。
似乎没有一个通用的加密配置文件应用程序或功能可以以类似的方式实现,比如使用隐写术功能——当然,你可以获得一部Graphene手机或最新更新的苹果或安卓设备,这样Cellebrite或Greykey设备就无法破解你的密码,如果你拒绝解锁,他们就无法对其进行镜像。如果你配合并解锁某些内容以便他们进行基本搜索,然后他们再拿去进行镜像,显然缺乏隐藏的/加密的配置文件选项,或者隐写术能够将文件隐藏在文件中的功能,这些都不足以应对这种情况。
此外,目前并没有完整镜像解决方案可以制作完美的备份,因为现有的备份方法并不包括所有内容,比如如果有人有一些不在备份范围内的应用程序或完整设置。
而且,人们不想解锁引导加载程序或Root手机来尝试这个,这样会使其更容易受到Cellebrite类型的攻击。
对于那些关注隐私的人,想要了解如何确保设置的私密性和安全性——你们是如何处理这个问题的?这并不是完全新的问题,但看起来移动设备的发展并没有计算机那么成熟,而这正是公众完全容易受到影响的地方。
查看原文
This is coming up a lot these days in the news- but Customs and Border Patrol have increased the amount of searches they do for travelers coming to and leaving the US. I find this fascinating- because it feels like an area that should have answers -but that there are only some.<p>With Laptops, one can do things like dual booting, and basic file or OS encryption -so if you are asked to unlock your laptop, you can show someone your OS- and if they decide to do a advanced search, take it and image it- files and items will still be encrypted. Now, this is the sort of thing Veracrypt's Hidden OS would solve without resorting to individual container and file encryption- however that is not a real option these days as that only works with MBR partitioning, not EFI- and nothing else in that space has appeared.<p>For phones - the situation is messier.<p>It appears there is no general encrypted profile app or feature one can do in a similar manner, say with steganography features- Sure one could obtain a Graphene phone or the very latest updated Apple or Android device so the Cellebrite or Greykey device can't break into it if you refuse to unlock your password and they take it to image it. If you cooperate and unlock something for them to do a basic search on and then they take it to image presumably- there's a lack of hidden/profile options that are encrypted or steganographically able to hide files in files which would be enough for this sort of thing.<p>There also is no whole-imaging solution to make a perfect backup, as current backup methods don't include everything, like if someone has apps not covered by a backup or full settings.<p>And one does not want to unlock the bootloader or Root a phone to attempt this,that would make them easier from a Cellebrite type attack.<p>For those of you a bit privacy minded who do like to see how private and secure a setup you can do- How do you handle this? This isn't something totally new, but mobile devices are not as far along as computers it appears- and that is something the general public is fully susceptible to.