Has anybody gotten increased scrutiny at an international checkpoint because of having qubes installed?
150 views
Skip to first unread message
bill...@gmail.com
Dec 8, 2019, 11:12:19 AM12/8/19
to qubes-users
I will be doing some international travel in the upcoming months. In the past, I have had to turn on my laptop, and once I had to bring the system fully up and allow people to see my desktop -- though nobody has actually seized and gone through my computer as yet. Has anybody gotten increased scrutiny because they were running an enhanced security OS such as qubes when entering a country? If qubes is a "red flag," then I'll carry a different laptop.
haaber
Dec 8, 2019, 12:47:10 PM12/8/19
to qubes...@googlegroups.com
I I will be doing some international travel in the upcoming months. In
Carry another then, that's the safest.
The easy solution (if you accept some "risks") that works as well is a
micro-usb & some std linux on it, that is already booted. Give it a
family picture background with sweet kids & some green :) And two or
three non-sense documents that you can open.
The easy solution (if you accept some "risks") that works as well is a
micro-usb & some std linux on it, that is already booted. Give it a
family picture background with sweet kids & some green :) And two or
three non-sense documents that you can open.
scurge1tl
Dec 9, 2019, 1:33:06 PM12/9/19
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
haaber:
Unfortunately with linux we still don't have the hidden OS option
available in Vercrypt for Windows systems, where you can one decoy and
another real system on the same HDD.
Till this increasingly needed feature is available, we will need to be
extremely creative. Border searches are more and more common and can
beat your secure position easily.
Is there actually anyone working on the hidden OS option for the
linux? Would be very much appreciated.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3ukz9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uz4tQ//VE6qRHedi7YmYoArvTcwZMuRckF1hXZ4yYrToEM6aoXUhMYw+XFH1zkE
WEGq70C54SENeYW2nfrtJdO3ab/AGjU0GfdiIrkmzKYdejJJ3TnnuhofuW+8R9NA
4ap4Qn6XJ3JqM2RsTpC4WvMwcBm4eZ5DkDEJ/+tIJzTYWtugNn3F9Yji/bkKa6rk
8Wv58Lw//0flvtXKw95hjsbMW9W6ZE4f73BIVKAFhUGW9kXAXgvWX1gCcf1B2RC+
U/GoL7nf0XMpw/kmhk/GEo2f225H85qn81HUzAVW37FDY2PhOXrU8abGXCgUkqfG
rvD6xNAKQGaavJ66uOGPDEtBxoeZoulZyoUk83gDM8wy+YDG6AFaS1K6jgh2hX6v
kTSj0GqUuljhPmosoMJSMtEB+l5dJdkEPCtdRgiO/0i531euEWbMZ4G5RK/0AMC7
Nr2FBdf9/FLQp7mWqWEJaga0/fJN1QuFvpV3LRW5YfZ/H6Zb4TUY04Xj6qdY4P92
+F3CbV/8Yu531kh/abjPtt8t19zbLDiNo6BQE+G1Ib9sK6kivlyyk7CNkx+3hQiA
LVXIoMYv2GUQ4IpvvSo/pwF9xv7T85GaXOcNF1mVjqg7GFR+Az4Xh10whEZz4mx2
E9n33mjvJ0YYK8R9/jbFwYHzMN1i8Kmcc09FaS3HUiwl0gagmAQ=
=7Hjh
-----END PGP SIGNATURE-----
Hash: SHA512
haaber:
available in Vercrypt for Windows systems, where you can one decoy and
another real system on the same HDD.
Till this increasingly needed feature is available, we will need to be
extremely creative. Border searches are more and more common and can
beat your secure position easily.
Is there actually anyone working on the hidden OS option for the
linux? Would be very much appreciated.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3ukz9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uz4tQ//VE6qRHedi7YmYoArvTcwZMuRckF1hXZ4yYrToEM6aoXUhMYw+XFH1zkE
WEGq70C54SENeYW2nfrtJdO3ab/AGjU0GfdiIrkmzKYdejJJ3TnnuhofuW+8R9NA
4ap4Qn6XJ3JqM2RsTpC4WvMwcBm4eZ5DkDEJ/+tIJzTYWtugNn3F9Yji/bkKa6rk
8Wv58Lw//0flvtXKw95hjsbMW9W6ZE4f73BIVKAFhUGW9kXAXgvWX1gCcf1B2RC+
U/GoL7nf0XMpw/kmhk/GEo2f225H85qn81HUzAVW37FDY2PhOXrU8abGXCgUkqfG
rvD6xNAKQGaavJ66uOGPDEtBxoeZoulZyoUk83gDM8wy+YDG6AFaS1K6jgh2hX6v
kTSj0GqUuljhPmosoMJSMtEB+l5dJdkEPCtdRgiO/0i531euEWbMZ4G5RK/0AMC7
Nr2FBdf9/FLQp7mWqWEJaga0/fJN1QuFvpV3LRW5YfZ/H6Zb4TUY04Xj6qdY4P92
+F3CbV/8Yu531kh/abjPtt8t19zbLDiNo6BQE+G1Ib9sK6kivlyyk7CNkx+3hQiA
LVXIoMYv2GUQ4IpvvSo/pwF9xv7T85GaXOcNF1mVjqg7GFR+Az4Xh10whEZz4mx2
E9n33mjvJ0YYK8R9/jbFwYHzMN1i8Kmcc09FaS3HUiwl0gagmAQ=
=7Hjh
-----END PGP SIGNATURE-----
Defiant
Dec 9, 2019, 2:09:04 PM12/9/19
to qubes...@googlegroups.com
Also, the lack of understanding by border agents how digital devices
work amazes me. What the heck are they even expecting to achieve by
trying to search someone's device? Hunt for serious criminals? LOL.
If some person wanted to smuggle data (i.e. child porno) into the
country, he would simply have to upload an encrypted ZIP container to a
remote server, enter the country with a blank device and redownload it
once inside. It's not even that difficult to do even for an average user.
So I really don't see a legitimate reason to search electronic devices
at borders. Data smuggling is just too easy. The worst thing they can do
someone who knows what he's doing is be an annoyance.
haaber
Dec 9, 2019, 3:36:17 PM12/9/19
to qubes...@googlegroups.com
>>
>> Carry another then, that's the safest.
>>
>> The easy solution (if you accept some "risks") that works as well is a
>> micro-usb & some std linux on it, that is already booted. Give it a
>> family picture background with sweet kids & some green :) And two or
>> three non-sense documents that you can open.
>>
> I agree with this.
>
> Also, the lack of understanding by border agents how digital devices
> work amazes me. What the heck are they even expecting to achieve by
> trying to search someone's device? Hunt for serious criminals? LOL.
I always encountered idiots. But if you go the the excited states be
>> Carry another then, that's the safest.
>>
>> The easy solution (if you accept some "risks") that works as well is a
>> micro-usb & some std linux on it, that is already booted. Give it a
>> family picture background with sweet kids & some green :) And two or
>> three non-sense documents that you can open.
>>
> I agree with this.
>
> Also, the lack of understanding by border agents how digital devices
> work amazes me. What the heck are they even expecting to achieve by
> trying to search someone's device? Hunt for serious criminals? LOL.
careful. They are as idiotic s others but use powerful tools they do not
understand. A single "I take this with me for a routine check" and you
better are able to run some serious anti-AEM measures afterwards.
> If some person wanted to smuggle data (i.e. child porno) into the
> country, he would simply have to upload an encrypted ZIP container to a
> remote server, enter the country with a blank device and redownload it
> once inside. It's not even that difficult to do even for an average user.
never use zip when security matters.
> So I really don't see a legitimate reason to search electronic devices
> at borders. Data smuggling is just too easy. The worst thing they can do
> someone who knows what he's doing is be an annoyance.
know that they actually do it. That's their job.
haaber
Dec 9, 2019, 3:41:35 PM12/9/19
to qubes...@googlegroups.com
> Is there actually anyone working on the hidden OS option for the
> linux? Would be very much appreciated.
What's about this: take a harddrive, make a dd copy of your first 128 GB
> linux? Would be very much appreciated.
data on it. Encrypt it additionally (symmetric cipher), if you wish to
avoid any luks or other headers. Hide it, if you wish. Now make a 100GB
partition, (thereby overwriting qubes), install std linux on it, give it
some plausibility data and pass the frontier. Once passed, you pull out
your harddrive, and dd qubes back.
Or: host your HD-content encrypted attached to your favourite raspberry
@home, re-install a vanilla-debian, and pass border. Once there, install
a fresh qubes form iso, fetch your data over internet and import it.
bill...@gmail.com
Dec 9, 2019, 3:43:18 PM12/9/19
to qubes-users
Is there actually anyone working on the hidden OS option for the
linux? Would be very much appreciated.
Hah. I actually did something like this by accident the first time I installed Qubes. I had KDE neon installed, and I couldn't get it to dual boot correctly. It turned out that the order in which I installed the OSes made a difference.
In any case, my laptop has two drives -- a 256G SSD and a 1 TB conventional hard drive. I got frustrated trying to get it to work, so simply installed one OS on the SSD and one on the hard drive, each with it's own MBR, UEFI setup and grub. So, if you turned the machine on, it defaulted to booting into KDE neon, and booted from the hard drive. If I wanted to boot from Qubes, I had to frantically hit the escape key and choose to boot from the MBR on the SSD in the BIOS/startup menu.
I thought it was kind of cool, but decided I was wasting disk space so deleted everything when rc2 came out and just use Qubes now -- though I wish KDE worked better...
billo
duc...@disroot.org
Dec 10, 2019, 3:19:00 AM12/10/19
to qubes...@googlegroups.com
bill...@gmail.com:
If you're travelling to the US, then there's /some/ good news:
https://www.eff.org/deeplinks/2019/11/federal-judge-issues-historic-opinion-digital-privacy-border
https://www.eff.org/deeplinks/2019/11/federal-judge-issues-historic-opinion-digital-privacy-border
trueriver
Dec 12, 2019, 9:05:11 AM12/12/19
to qubes-users
On Sunday, 8 December 2019 16:12:19 UTC, bill...@gmail.com wrote:
I will be doing some international travel in the upcoming months. In the past, I have had to turn on my laptop, and once I had to bring the system fully up and allow people to see my desktop -- though nobody has actually seized and gone through my computer as yet. Has anybody gotten increased scrutiny because they were running an enhanced security OS such as qubes when entering a country? If qubes is a "red flag," then I'll carry a different laptop.
My solution would be to install Qubes, leaving a partition unused (tip: wipe every other partition, put some data on that one, and the Qubes installer would ignore it)
Then install a "normal" linux on the vacant partition, and populate it with desktop wallpaper etc, and some Libre Office docs. (similar to hasber's suggestion)
Do not include the Xen option in the boot.
Cross border.
Re-run update-grub, this time allowing the multi OS boot.
Use Qubes.
Before next border crossing, delete the Xen boot options from the grub menu.
Etc...
bill...@gmail.com
Dec 13, 2019, 2:37:30 PM12/13/19
to qubes-users
Yeah, there are ways to fake an OS, but that really wasn't my question. I was wondering whether or not folk have noticed that having an OS like Qubes would result in greater scrutiny than Windows or MacOS. I'm not trying to sneak anything across the border; I just don't want to spend an extra two hours at the airport.
244clar...@gmail.com
Dec 22, 2019, 11:49:56 AM12/22/19
to qubes-users
On Friday, 13 December 2019 19:37:30 UTC, bill...@gmail.com wrote:
Yeah, there are ways to fake an OS, but that really wasn't my question. I was wondering whether or not folk have noticed that having an OS like Qubes would result in greater scrutiny than Windows or MacOS. I'm not trying to sneak anything across the border; I just don't want to spend an extra two hours at the airport.
No, but do think carefully about any suggestions to hide Qubes (in a USB stick or on the hard disk). They are likely to work well ALMOST all the time, but in the unlikely even that that the covert qubes is spotted, the delay could be A LOT longer...
Reply all
Reply to author
Forward
0 new messages