Good to know that they're even scanning, I try to keep my phone clean of as much data as possible since I pretty much hate these devices, I have nothing to hide but I value my privacy and there's no such thing as a benevolent govt.
Keep this in mind. Although you have the ability to put up many layers of security, the border agent at the international border also has certain rights and responsibilities. If you try to block access to your device, you may find yourself refused entry to the country you’re trying to visit. Once you cross into the border area, you lose many of your rights. For example, how badly do you want to go skiing in Canada? Most practical solution might be to obtain another device does for traveling, and limit access to most of your accounts, whether work or personal.
Another masterpiece on this channel, so glad I found it. Thank you for making us aware of all those attacks on our privacy and the easy-to-understand explanations on how to prevent them.
Secondary phone is the one! Always keep a separate travel phone, which you can let them keep. Schedule 7 in the UK is brutal. Brilliant content on your channel BTW!
All great points Naomi! I would only add enabling the sim lock feature. This way even if you're phones off, they can't take your SIM card out and spoof it to one of their devices. Which is the next step when they only have a few tries left before the pin lock factory reset kicks in. 🤘 I remember you spoke about it years ago when simswapping first started happening.
I think removing your battery if you are able to is important, only some phones can be powered by usb with no battery. Or even having a dumby phone just full of pictures of cute baby animals.
Probably best to have a phone just for travel that has no security but nothing of value. If they see you’ve taken a lot of steps to secure your phone they may get more suspicious and want to keep you longer.
Essentially travel with a burner phone. If you are using android you can remove the SD card and hide it. Another trick is to have wipe software. If asked to give up phone, just wipe it. If a US Citizen in USA or entering USA you have a constitutionional right to deny access to your phone.
1. You’re beautiful. 2. I consider myself fairly savvy but you’ve opened my eyes to some issues here. Mainly copying raw or encrypted data to analyze later. What kind of a power trip witch hunt world have we come to… 3. Thank you for the great video, lots of key points and very direct. I’ll poke around your playlist now that I’ve found you. Have a nice day!
1) Use a privacy protecting and respecting browser on your phone and make sure your browser is set to delete all data when the browser is closed 2) If there is a website or a web app, then you don't need the app. Use social media like twitter in your browser instead of downloading the app
@@YoureUsingWordsIncorrectly Brave is open source and according to their privacy policy and open source code, all your browsing data stays on your phone and the data is truly deleted if you properly delete all the data in the browser the
@@YoureUsingWordsIncorrectly I’m interested. You know this for sure, or is just an assumption? How do you know? What we can do, then? Don’t be cryptic, if you want to help. Otherwise you just want to show off or discourage people.
@@danmano478 it's about not trusting everything you hear. Be sceptical because that happens all the time. Find experts in a field and take their advice if you don't want to or can't learn about it
@@coolunusual So these videos here on TH-cam are made by amateurs or deceivers? Then why the real experts like you don’t make themselves videos to teach people? They will make money on TH-cam. But even then, probably someone will come saying not to believe them. And anyway for usual, normal individuals it’s hard to find that “expert in the field”, not to say it will cost a lot of money their informations. I mean, you guys, who comment negatively, regarding this type of videos, that try to teach something, should come with contra examples to justify your scepticisme. Otherwise your input has no value for the viewers and leads to the conclusion that, either your scepticisme is not based on facts (you are just sceptic but have no better solutions), or you are on the opposite, bad side, trying to sow distrust in this type of information, so that people don’t use them.
I want my device to understand a "coercion password" which basically nukes it when you enter it on the password screen, or logs into an unencrypted enclave with just minimum stuff, all the encrypted stuff never being decrypted because you real password never entered.
Good idea! Phils is a good idea too. It would be neat to get a pin, pattern or particular fingerprint setup so it logs into a dummy account or wipes the device.
Graphene OS has been a major step for me and my privacy and security. I can just put the device in lockdown and with the hardened kernel and other hardened firmware or software it's gonna be real hard for people to take my data without wiping it.
@@Nagga99 I don't know where you heard that it's not open source. I think the ONLY thing not open source is the code for the Titan M security chip and in order to use that you have to sign something with Google probably, but the rest of it is open source.
Or another idea: 1) Make sure your device is synced with the cloud and all of your data is backed up. 2) Perform a factory reset and go through customs with the wiped device. 3) Once your through customs, factory reset again, log back in and resync with the cloud, bringing all your data and apps back down again.
@@woodsrdr Whilst this is the case, the NSA database in which your data is stored is not readily accessible to all departments/agencies of government. Each of them have their own agenda, and are looking for specific things in your data pertinent to their roles. So the fact that the NSA has everything already is a fairly moot point when it comes to keeping your data out of the hands of every other department/agency of government. Also, most of this phone data compromising happens in countries other than the US, making the NSA's database irrelevant.
Naomi, I came here after seeing one of your recent featured speakers on Around the Blockchain expecting to see a bunch of the same crypto stuff but I was absolutely floored by the amount of excellent content here. Not only does it show your passion for crypto but also highlights how many more issues are out there which directly and indirectly relate to crypto. I can't thank you enough for the info you bring in a straight-forward and fact-based approach. I've already relayed your channel to some of my friends and they're equally impressed. Keep up the AMAZING work!!!
Wait wait wait. EU here. So you guys can just have your property taken away and done with whatever they feel like? And your data? For using what is basically just public transport? This sounds like just literally living in a huge prison. Wtf. Here's one more reason to having your devices protected and not accessible apart from being a whistleblower or a journalist: breathing. If you are alive at this moment your right by default is or at least should be to not have anyone, country or corporation or a private person accessing YOUR property and YOUR data.
you can post the devices to yourself beforehand and keep the SIM cards, just choose express and pay the extra fee, then you can meet the courier and retrieve your unmolested devices.
This has been a thing since pre 9/11 and it just gets worse every year. No, it’s not “legal” but govt does what it wants, including spying, indefinite detention and execution of USA citizens without any warrant or jury trials.
Also shutting down Windows doesn’t always power it down completely. Data can still be stored in RAM. They do it for faster restarts. You have to go into settings to turn this off.
Canadian customs have been increasingly hostile toward American travelers. They did the standard open your laptops. (mine has whole disk encryption) and mine was powered off. But Customs decided to completely empty my families bags and inspect each and every item before letting us through. Taking well over an hour making us nearly miss our flight. Thankfully we didn't bring our phones into Canada.
Once you unfolded your laptop, Canada customs didn't want you to log in so they can snoop around? One thing they can do with unfolded laptops may be to swab the keyboard for traces of explosives or other chemicals. Since the hands make contact with the keys frequently.
@@beyondfossil I’ve had TSA swab my keyboard for explosives before. It was a pain in the butt. I went through precheck but got a random security check that resulted in everything I had being swabbed down. The keyboard was surprising though, I didn’t expect them to be so thorough as to open up my laptop and test the keys
I’m British and I used to travel to Vancouver all the time. The Canadian border control were more ruthless than the American ones in my experience. They would pounce on you from *anywhere* in the airport and start an interrogation.
Do not use biometrics to unlock your phone since they can just press your finger to it or show the phone your face. Convenience is not as cheap as you thought. This was done to a friend of mine by police in Texas. They had an unrelated officer walk up to him and hold his phone out like they were returning it and the face recognition was just that quick.
The number one thing to do is to have a separate phone for travel. Log into accounts via the web browser, NOT apps. Use it like a public terminal, put the apps you want on it before you leave and wipe the phone when you get home. Authorities may still be able to access the vendor partition, we don't know if they can do this or not, so you won't be able to wipe it completely, ever. Of course state actors can and will access your devices if they wish. The binary blobs in the radio are starting to be hacked, you can bet state actors have already done this or have access granted by the manufacturer, once again they will get in if they want but practicing good opsec will protect your data from the TSA and thieves. I could easily write chapters on this, what to do and what not to do and it's all relevant, just be smart about what you do. Also, unpair everything and delete all wifi accounts before going through the airport or travelling. They increase your threat surface and your wifi will look for saved networks, transmitting the SSID's, allowing someone to find where you live, work, etc. Turn off USB debugging before travelling and if your bootloader is unlocked make sure everything is encrypted or they don't even need your password, they can download everything. They can also delete the phone's lock from TWRP if your phone is not encrypted, it takes less than 30 seconds. Some devices also have settings which define when USB devices can connect, being before unlock/at anytime, once unlocked or never, obviously set that to never before going through the airport.
this just isnt about privacy anymore i literally have bank apps and authenticators for important accounts that have money tied to them or paid services. letting someone else sift though that is literally a no go at this point. thats also not to say that privacy is not important too i could have ultra personal stuff stored on there like medical history or information on other people that could be sensative or expose them to danger. for us modern day people a phone is litteraly everything about us, and letting someone else take everything from it is litteraly an extremely over zealous privacy invasion and i would stop them right there. that is to say. i havent traveled by plane in a while but do they really do this in some places?
In European countries (including the UK) banks provide small calculator-style authentication devices as an alternative to phone apps, but you may need to ask the bank. Depending on the device, they may be compatible with multiple banks and may support multiple accounts. Some have a card chip reader, some are stand-alone.
@@cdl0 i think that defeats the whole purpose of the convience of a phone. also thats just for authentication the bank app gives you more options to protect your money
@@AustinPinheiro_uniquetexthere It depends on what you want, and how you value privacy versus convenience. A code calculator is equally secure for authentication. Some people (e.g. disabled, elderly) may have problems using a phone, and banks may provide special-needs versions of code calculators for them. They also work where there is no mobile phone signal or no wireless internet.
@@AustinPinheiro_uniquetexthere they're called hardware authenticators, and they have a few advantages. First of all, if your phone dies (or gets destroyed) you can still access your accounts from any other device. That alone has saved my ass several times, for reasons totally unrelated to privacy. Second of all, they explained an attack in this video where the analyst studying your phone's data can steal the seeds used to generate the authenticator codes on your device. That seed allows them to access your accounts even if you have 2fa enabled, because they can just generate and use the real code from the real seed. That's way more difficult to do when you store the seed in a hardware authenticator, and they may not even seize the hardware authenticator in the first place. That means they're locked out of all your stuff even if they break your password and take an image of your device. That means they're locked out of your stuff even if they steal every cached password in your browser and you don't ever change them (which you should do if this happens to you!). It's definitely a better option, the level of convenience is equal for me, I just keep mine on my keys.
Thanks for always explaining in a way even my mom would understand ^^ great video I feel like from an average joes perspective the full disk encryption part could have been emphasized a bit more, though I guess if you're a journalist or whistleblower thats something that you should already know
@@systemchris is that true? I live in the UK not heard of that. They must suspect a person to ask for log in details? Or just randomly ask everyone for their log in details?
I have a great idea that will work wonders. Before you leave home fully back up your phone then send a backup to a cloud account. Then factory reset your phone. Then once you're through security restore it from the backup. If there's nothing on the phone there's nothing for them to steal.
Factory reset again before restoring in case they install malware. Even then not 100% sure if safe. Most of us have an older phone sitting in a drawer that could be used though.
Another good idea with hardware authentication is to travel separately with a trusted partner and hand them the key while you keep the device, so that even if they confiscate the device and compelled you to open it, they would have no idea you're partner has the key; though it would require minimizing contact with them till you're safe so TSA doesn't catch on.
You can save the QR code backup to an online hosting site, or even email it to yourself or print it out. when you are safely away from customs, scan the barcode and it will reinstate your codes. When coming back through customs, make sure you securely erase your free space after removing authenticator so it cannot be recovered after the phone has had its data cloned.
This is not safe. Security personell specialize in finding connected people. When they find your partner they will threaten and manipulate them until they give up access.
@@uschurch then take two different flights, if the partner is already on the flight when they get around to questioning you, I doubt they would force a plane to turn around to question one person on their connection to someone else.
Also note that as new exploits are found, older OS versions won't be protected with security updates. That leaves them more vulnerable to hacks and attacks. Some manufactures are better about update releases than others, so their update polices are definitely something to consider when buying a new device.
Be mindful that in some jurisdictions you can be jailed for not providing your password; and in others, the authorities have the right to withhold your device for as long as they want, they might not ever give it back to you. The only safe solution is to travel with a clean burner, and not log with your important accounts during the trip as the phone may still be confiscated on your way back home.
Buy a cheap phone when you get where you're going and destroy it before you leave. Use a good old fashioned little black book to keep important phone numbers and passwords. Just write everything in either simple codes for phone numbers or hints that you will get to remember which password for which site or account. I would think these sorts of measures are overkill, but TSA have been working more and more with local law to conduct civil asset forfeiture. They tip off the local cops if travellers have enough money(probably including crypto now) on hand. Civil asset forfeiture and police indemnity are some of the few things l consider worse in America than the non existent privacy laws.
All devices can be cracked! The trick is to make the data obsolete by the time it’s retrieved. As an example in the military we gave fire missions (artillery fire) in clear, the reason is because by the time enemy has reacted it’s too late (a fire mission might take 5 minutes, a troop movement might take 30 minutes).
Many years back, I came up with and implemented a trick on a PC that could perhaps be implemented on am Android device. Here is the basic idea: With the normal device driver for the storage, a chunk of the storage looks all messed up. The part you can see is full of cat videos and people singing etc. This is what someone sees if they don't know the secret. You start it up and other than being messed up the system looks harmless. The secret thing does a bit of a slight of hand. You run the magic app and it asks you for a password without saying "password". If the password you enter is correct it then does some tricky thing that swaps the driver for storage for a different one and reboots the device from that instead. You now have a machine with a different set of all messed up but also your private information. The trick is that the storage you are now using is encrypted differently from what is used without the tricky app.
I always wondered about, so long as you have a decent data speed at your destination, just factory reset your phone and set it up with a junk Gmail account. Once you get past the security and have access to fast data again, friends home wifi, then reset the phone and restore the actual Gmail account.
The pendulum swings in both directions. Having a backup of your data is even more critical if you enable pair locking. If you enable it and then your phone is damaged no data recovery companies will be able to recovery your data unless you give them both your damaged phone and your working computer that you pair locked it too. So you will have no phone and no computer for potentially weeks since data recovery can take a while.
My approach: create in advance a google account and use it in a cheap second hand phone. Make sure the google backup is turned on so that your vacation photos will be safe if that garbage phone breaks down. Give the border agents everything they ask for, even the vacation password. They'll have the immense pleasure of going through a bunch of newsletters and spam that gathered since the last vacation.
I use a hidden encrypted partition on my laptop's hard drive. It is not detectable from regular random hard drive data in an empty area. This partition contains a virtual machine which itself is also encrypted with a 64 character password which I remember by heart by now, and that is what I use for real work and sensitive work data. I will happily give my operating system password if requested by border agents, all they will find is a few recipes for pies, and a browsing history for a handful of news sites. Otherwise a clean computer. I don't have the encryption software installed in the laptop, I will download it on a flash drive in my destination and use from the there, then completely wipe the flash drive when need to travel again. Sounds like a lot of work, however really it is not. Thus, in a border check I will be the most open and helpful person, I clearly seem to have nothing to hide. If asked why the laptop has not much of anything, I can always say that I do not use my laptop often, I use a desktop at home which is where the juicy confidential data that they are looking for is located, and I just take the laptop with me when I travel, in case I need to do something. All this cannot be proved otherwise, so there is no plausible reason for them to not believe me. If the place I am travelling to has a good Internet connection, I use my desktop in my country from the laptop remotely via AnyDesk completely, so I don't always even need to have my data actually with me.
Have 2 devices, one You use at home. Second you take abroad Backup first device, wipe the second one. Once you cross the border restore the data from first account onto second one, then wipe again before going back
TY, very good tips. I never really thought about that. The data on my phone or tablet would be pretty boring, but it's a matter of principle. In case my phone would be seized, after securing my data if needed, I would not just make a factory reset but wipe the phone and completely flash the OS anew from scratch. (As far as my Samsung-phone is concerned, don't know it that works for iOS.) I would do the same, if I ever have to leave it at a repair shop, except, that I also would wipe it beforehand.
If your phone supports whole device encryption, simply wiping it will be sufficent, as the deleted data will still be encrypted to cannot be forensically recovered.
I used to travel all over the world on business. The only thing I ever saw was occasionally being asked to turn on a device, to show that the battery wasn't plastic explosive or something. After the shoe bomber, presumably due to my English accent. I did have my shoes taken away at Chicago O'Hare, but I got them back after ten minutes or so.
LOL yea the same guy that the FBI had to finally do a Press Release admitting one of their agents entered the secure part of the airport and handed him a brown paper package right before he got on the plane. The video got out of the Terminal footage...oopsie
When will the surveillance of private citizens get to much maybe it has gone past that point allready. Just as well some good sorts are looking out for all of us with this type of content. It's a quiet revolution but a very necessary one , good work 00Naomi on too your next mission. Seeya.
@@mrmotofy well Mr motofy that's exactly why we need to make lots of noise and protest against the surveillance that is railed against normal everyday people ,otherwise everyone becomes a victim without justification. If you give up because you think the odds are against you then you are trampled under foot by whatever oppressive authority happens to see you as cannon foder in achieving their goal.
There's so many (Near as damn it) secure VPN software options these days that it's safer to keep any sensitive data on a second low powered "Always on" computer at home or the office, and almost use your phone/laptop as a dumb terminal. As long as you set it up so you need to manually make the connection, and use unique authentication to make the connection AND to log onto the remote PC there shouldn't be too much risk of data loss. Back when I used to need access to sensitive data while in customers sites, but couldn't risk it getting into the wild via a stolen phone/laptop, I went a tad further with this. I had a small "Data storage" PC hidden in the roof space of my office. This computer was only accessible via MY desktop PC there. I'd have to remotely connect to my desktop using a VPN desktop viewer, then manually connect that PC to the data storage PC's file system before either using the data directly on the main PC, or copying it to a temp folder on the device I had with me (Yeah, I'm a geek who worked in IT. :D). It wasn't a quick process, but the penalty for customer data getting into anyone else's hands was ridiculously high. This did mean that I had to leave my desks PC running while I was away from the office, and the storage PC was powered up almost permanently, but as we were also not allowed to store this data on any 3rd party cloud networks, this was the most convenient way I could have access to the data and still show that I'd taken all reasonable precautions to ensure it's safety. It also meant that if my office got burgled and all the PC's stolen it would be unlikely that the hidden data storage computer would be found, and the information lost. The only time I ever got into a panic using this system was once when I suddenly couldn't remotely access ANYTHING on the network. I raced back to the office with images of the place in the middle of being ransacked by thieves, or the whole building in a ball of flames ! But when I got there it was just a power outage covering the whole area )I remember sitting at my desk in the dark for about 20 minutes, with so much unneccecery adrenaline pumping through my veins that I was almost crying. :D). I did have an interesting idea about using a Raspberry Pi and relay board inside my desktop PC to make the power to a second data hard drive controllable. The idea was that I could remotely connect to the PC, use that to tell the Pi to power up the extra SATA drive via a consul command, and then use the disc like any normal hot swappable drive. In the end my need for remote access to the data finished before I got around to trying this, and more importantly, it would have brought the data into a locally housed drive, so making it more susceptible to being lost if the whole PC was stolen. It was an interesting job, but the penalties if customer data ever got out was always nagging in the back of my mind. If it had ever happened it would have instantly bankrupt our company !
I use a SBC inside an old dual cassette case that was gutted. Could sit somewhere buried and nobody would ever look twice at it haha...just looks like old junk. Yep remote networking can be very useful.
I never use my employers devices for personal use. 1. There is no way I want my employer to be able to use my activities against me. 2. It is unsafe for my employer and me to co-mingle activities. 3. I don't pair anything while traveling and go analog as much as I can such as requesting a paper ticket & bring a good old book and mag. I also Hotspot and use VPN. Passwords should be 16 digits long at least., if allowed.
What I have been looking for is virtual compartmentalizations, like when people create hidden encrypted disks that they can turn on when the data is needed, but is fully encrypted and effectively hidden when not activated. This seems to be an impossible feature to find. I want to have apps hidden, or even a virtualized phone “front end” so I can hand my phone to someone to inspect while giving no data. It would be even nicer to be able to give the phone where no one can copy my protected data, even if the phone is powered on, as long as the fake phone is active.
Here in Canada they're trying to pass a bill that if you're at customs and they ask for your password to unlock your phone or other various devices and you refuse you face a big fine or jail time or both...
Unless the law has changed, in the US supposedly law enforcement can compel you to use your fingerprint to unlock a device, but for some legal reason, not compel you to use your password/pin. Of course, legality won't stop many police. _They have ways of making you talk_
@@no1be4me2 I don't think airport security is this savvy but if you're trying to protect data from serious forensic analysis you're going to want to do that factory reset like 3+ times to erase all traces of your sensitive data. Better yet on Android would be to write completely random data to the drive a couple times and then flash the original firmware again, assuming you have an unlocked bootloader. Remember to lock the bootloader again after flashing.
I only travel with my Princess Phone. In all these years it's data has never been compromised, it's security has never been breached. Years ago someone placed a keylogger on it but it fell off as soon as I left the terminal.
Simple solution. Carry a $50 feature phone when travelling or a cheap disposable blank Android phone with a uSD card slot. Keep all your data on an encrypted uSD card and restore the phone at your destination.
Frankly speaking that will not work in many countries. If you refuse give up your data, they will not try to hack into your device, instead they will apply to you enhanced interrogation technics. So the best way is to hide data, not to protect it. Don't just crypt your disk volume, but make it invisible. Don't protect your social media acc with the strongest password -- make sure that border guards will not find that you have one or have an alternative identity. Don't disable port via software -- just break it with screwdriver. Don't expose any fancy software or any traces of it which may induce an interest, try to look as normal as you can. long PC password -- red flag Signal/Briar/Matrix on phone -- red flag Port disabled via software -- big red flag Configured Knox on your Samsung -- red flag Refusing to enter your password -- red flag Cryptography software (key generators, tools for public key cryptography) -- big red flag Terminal emulator on the phone -- red flag Yubikey -- big red flag Old cell phone instead of smartfone -- huge red flag. Again. Don't try to show off, act as normie.
Lol... I write code for 8 to 10 hours a day and... I have... a flip phone. I also have 4 monitors. Maybe I am not that odd for a programmer? But I am a red flag huh?
@@turkeyssr Right, but this video is so far off from that level... Just the basic level of not unlocking it is 1st. Plausible deniability could actually cover forgetting how to unlock it. It should require a PIN upon boot, no finger prints!
@@cpufreak101 Also not an issue for 99% - my advise is sound. Also, that excludes plausible deniability by definition. Of course if you refuse, then they can punish - but you should not be in that situation if you run your phone correctly.
Billionaire 💭Always fly on private jet. Impecunius 💭 Always sneek across the border. Leet Naomi watcher 💭 Do multiple full backups, erase and cross the border or leave devices at home and buy new ones on the other side.
Powering off the device just forces them to collect a BFU extraction. Also powering off the device is okay but depending on what they are using, they may just get the password of the device then extract the data without your knowledge. Best advice would be don't bring your device. Buy a new phone that is blank and has the bare minimum you need and use that device. The default pin setting doesn't matter to forensic tools. The device will not wipe if they use forensic tools. Also none of this applies to China devices.
Side note: Don't bring important data with you through any means. That means no external hdd/ssd, usb sticks, sd cards etc. Besides the fact that it is possible to brute-force encrypted drives (they can just clone the drive and do it later, although it still takes a lot of time), there is no need to do it physically 99% of the time. You can just encrypt it, upload it somewhere and then download it later. If by any chance you need to move terabytes of data, you could just buy a server and store everything there. Probably cheaper and faster if you use one that is "pay as you go".
Let's be clear: once that phone or laptop is out of your sight, and in someone else's hands, you can never trust it again! Physical security is the only surety!
@Naomi Brockwell: NBTV - I had a one plus that I traveled with where I had shut off the USB port in the bottom of the phone. With the device being encrypted and a 16 character password made up of old license plates, when they checked my phone it just would not read and I would not start it for them. I played dumb and told them they broke it. Nothing ever came of it... But in the hardware underneath the operating system, you can turn off the USB so the port is just for charging.
Thanks for the ideas. I was also curious if there are some tweaks & tricks within developer options. I'm soon traveling internationally & hesitant about bringing my 1+8pro. I've never taken full advantage of the camera's potential. A standalone camera might be better perhaps.
From a analytical point the similest fool proof system is the more likely to be secure. Taking wetware out of the equation helps a lot. Simply never take the data with you, do not take a device that can access the online data, take a cheap clean phone with new accounts if there is no access to your data they cant get your data. You also do not look like you are trying to hide data by not having the phone in the inspections even first time travel on a new passport makes you a target
@@NaomiBrockwellTV Oh, thanks for letting me know! I discovered your channel today and definitely plan to continue watching your videos (security & privacy binge watching tonigh). The content is excellent, thanks for sharing such good and useful information. Greetings from Argentina.
Time it takes to entirely get the contents from a computer? Think of it as a two step process. First they will put a type of keylogger onto the device. They could also download "enough" in just five minutes to do some real damage. Next steps, also effected by what type of hard drive, and even if there might be an optical drive. IF there is an optical CD or DVD drive - you are effectively done. If a platter hard drive, great - it would take them forever. Anything else for a hard drive is volumes faster.
A Yubikey is more important than ever Encrypting the drive is also very important, as stated in this video My work computer is only used for work, including personal browsing. I never browse non work sites on a work device This video is really good in explaining how your data can be lifted against your wishes
The most simple way to enter the US without letting you Notebook/Mobile scanned: Use OneDrive, Google Drive/Fotos, iCloud... 🙂 If you need to travel to places like (I ignore the current situation) Belarus, Russia etc. Better use a second hand device with other another account and leave your real mobile/notebook at home. So only the most needed contacts etc. are stored on the mobile.
I didn't know about the national due not call list. I've done all the other things yet I still get some. They just change what I call a burner phone that can't be traced.
I always buy 99€ new android phone and not connect it to any network until plane landed to US, no passwords no nothing, if they want to look completely empty phone I smile and let them look. Absolutely nothing to see, not even 1 photo or e-mail. When I get back home, I could still sell it used maybe 70€.
Maybe you could do segment specific for the big brands in the Android world? Obviously with priority for Samsung, since that is what I use :). And another segment for Windows.
If you don't want them to get any data at all, make sure you have backups of your data then wipe it before going through customs. They can't have what doesn't exist 🤷🏻♀️🤷🏻♀️🤷🏻♀️ the catch is the inconvenience of having to do a restore
@@berryvolcano3787 Unless that specific piece of data is overwritten it can be recovered. As far as I know a reset doesn't wipe the whole storage volume it just resets the OS to default settings.
This is the way to create and edit a video for mass consumption. No clickbait. No teasing. All meat and potatoes. Great work!
Good to know that they're even scanning, I try to keep my phone clean of as much data as possible since I pretty much hate these devices, I have nothing to hide but I value my privacy and there's no such thing as a benevolent govt.
Keep this in mind. Although you have the ability to put up many layers of security, the border agent at the international border also has certain rights and responsibilities. If you try to block access to your device, you may find yourself refused entry to the country you’re trying to visit. Once you cross into the border area, you lose many of your rights. For example, how badly do you want to go skiing in Canada? Most practical solution might be to obtain another device does for traveling, and limit access to most of your accounts, whether work or personal.
That advice comes under point no 2 in the video.
Those aren't 'rights and responsibilities'. That is just modern despotism.
I would not be interested in travelling to a country like that anyway.
@@cineffect I guess you must not travel that much.
@@redrust3 Actually I do a lot, but to sane countries, they still exist.
Another masterpiece on this channel, so glad I found it. Thank you for making us aware of all those attacks on our privacy and the easy-to-understand explanations on how to prevent them.
Thanks for watching and caring about privacy!
But you already knew about wearing a tin foil hat...
5:46 HRC certainly and knowingly compromised this advice! 🤣🇺🇸
Secondary phone is the one! Always keep a separate travel phone, which you can let them keep. Schedule 7 in the UK is brutal.
Brilliant content on your channel BTW!
Thanks for watching!
All great points Naomi! I would only add enabling the sim lock feature. This way even if you're phones off, they can't take your SIM card out and spoof it to one of their devices. Which is the next step when they only have a few tries left before the pin lock factory reset kicks in. 🤘 I remember you spoke about it years ago when simswapping first started happening.
Oh good point!
I think removing your battery if you are able to is important, only some phones can be powered by usb with no battery. Or even having a dumby phone just full of pictures of cute baby animals.
@@MAT-244 yes i did concider a phone just full of links to viruses/malware, but they might hold you for it for some stupid reason.
How do you simlock a Galaxy S21?
Probably best to have a phone just for travel that has no security but nothing of value. If they see you’ve taken a lot of steps to secure your phone they may get more suspicious and want to keep you longer.
This. Border agents can deny entry or void visa if traveler refuse to unlock device voluntarily.
Essentially travel with a burner phone. If you are using android you can remove the SD card and hide it. Another trick is to have wipe software. If asked to give up phone, just wipe it. If a US Citizen in USA or entering USA you have a constitutionional right to deny access to your phone.
@@Paul-sk2pc I've been deported from Australia for refusing border agents access to a corporate device that contained confidential information.
1. You’re beautiful.
2. I consider myself fairly savvy but you’ve opened my eyes to some issues here. Mainly copying raw or encrypted data to analyze later. What kind of a power trip witch hunt world have we come to…
3. Thank you for the great video, lots of key points and very direct. I’ll poke around your playlist now that I’ve found you. Have a nice day!
Welcome!
1) Use a privacy protecting and respecting browser on your phone and make sure your browser is set to delete all data when the browser is closed
2) If there is a website or a web app, then you don't need the app. Use social media like twitter in your browser instead of downloading the app
Device fingerprinting?
@@YoureUsingWordsIncorrectly Brave is open source and according to their privacy policy and open source code, all your browsing data stays on your phone and the data is truly deleted if you properly delete all the data in the browser the
@@YoureUsingWordsIncorrectly I’m interested. You know this for sure, or is just an assumption? How do you know? What we can do, then? Don’t be cryptic, if you want to help. Otherwise you just want to show off or discourage people.
@@danmano478 it's about not trusting everything you hear. Be sceptical because that happens all the time. Find experts in a field and take their advice if you don't want to or can't learn about it
@@coolunusual So these videos here on TH-cam are made by amateurs or deceivers? Then why the real experts like you don’t make themselves videos to teach people? They will make money on TH-cam. But even then, probably someone will come saying not to believe them. And anyway for usual, normal individuals it’s hard to find that “expert in the field”, not to say it will cost a lot of money their informations. I mean, you guys, who comment negatively, regarding this type of videos, that try to teach something, should come with contra examples to justify your scepticisme. Otherwise your input has no value for the viewers and leads to the conclusion that, either your scepticisme is not based on facts (you are just sceptic but have no better solutions), or you are on the opposite, bad side, trying to sow distrust in this type of information, so that people don’t use them.
I want my device to understand a "coercion password" which basically nukes it when you enter it on the password screen, or logs into an unencrypted enclave with just minimum stuff, all the encrypted stuff never being decrypted because you real password never entered.
Sounds kinda similar to the idea the anom phone used, but if both "halves" were completly functional, that would be even better
Good idea! Phils is a good idea too. It would be neat to get a pin, pattern or particular fingerprint setup so it logs into a dummy account or wipes the device.
that sounds cool. usually when people brute force passwords they use a common list. So you can set this password to one of those high on these lists
Boy did i wish arcaneos wasn't shit
Graphene OS has been a major step for me and my privacy and security. I can just put the device in lockdown and with the hardened kernel and other hardened firmware or software it's gonna be real hard for people to take my data without wiping it.
But it's not open source so for we all know could have been developed by officials to suck us in... Shouldn't we be swaying towards open source?
@@Nagga99 I don't know where you heard that it's not open source. I think the ONLY thing not open source is the code for the Titan M security chip and in order to use that you have to sign something with Google probably, but the rest of it is open source.
In some countries they will detain you and force you to unlock your phone, google the stories
@@aussiegruber86 then I guess I'm getting hanged on principle. I ain't unlocking my phone under duress.
Or another idea:
1) Make sure your device is synced with the cloud and all of your data is backed up.
2) Perform a factory reset and go through customs with the wiped device.
3) Once your through customs, factory reset again, log back in and resync with the cloud, bringing all your data and apps back down again.
I think that's gonna be my go to.
Like the NSA doesn't have a copy of everything already...
@@woodsrdr Whilst this is the case, the NSA database in which your data is stored is not readily accessible to all departments/agencies of government. Each of them have their own agenda, and are looking for specific things in your data pertinent to their roles. So the fact that the NSA has everything already is a fairly moot point when it comes to keeping your data out of the hands of every other department/agency of government. Also, most of this phone data compromising happens in countries other than the US, making the NSA's database irrelevant.
let me just wipe 130gbs from my phone and redownload it on airport wifi.
bro
@@dtj6348 looks like you need to tolerate having your privacy violated 🤷♂️ what else do you want?
Naomi, I came here after seeing one of your recent featured speakers on Around the Blockchain expecting to see a bunch of the same crypto stuff but I was absolutely floored by the amount of excellent content here. Not only does it show your passion for crypto but also highlights how many more issues are out there which directly and indirectly relate to crypto. I can't thank you enough for the info you bring in a straight-forward and fact-based approach. I've already relayed your channel to some of my friends and they're equally impressed. Keep up the AMAZING work!!!
Thanks Dave... I really appreciate you being here and for spreading the word!
I’m definitely going to do this ASAP. To both of my phones. Thank you so much.
Wait wait wait. EU here.
So you guys can just have your property taken away and done with whatever they feel like? And your data? For using what is basically just public transport?
This sounds like just literally living in a huge prison. Wtf.
Here's one more reason to having your devices protected and not accessible apart from being a whistleblower or a journalist: breathing. If you are alive at this moment your right by default is or at least should be to not have anyone, country or corporation or a private person accessing YOUR property and YOUR data.
Pretty sure that happens in the EU as well when traveling between non-Schengen countries and when entering the Schengen area
Thanks Naomi for keeping this simple, short and to the point
you can post the devices to yourself beforehand and keep the SIM cards, just choose express and pay the extra fee, then you can meet the courier and retrieve your unmolested devices.
These tip videos could be main staples in an edc kit I swear. Ranking somewhere between med kit and ammo 😄👍🏾🇺🇸
Leave it to Naomi to hook it up with all things privacy 👏👏👏👏👏👏
When did this become a thing? I haven't travelled since COVID started, but this has never happened to me anywhere. How is this even legal?
Who can stop the biggest armed gangs in the country with UNLIMITED resources???
This has been a thing since pre 9/11 and it just gets worse every year.
No, it’s not “legal” but govt does what it wants, including spying, indefinite detention and execution of USA citizens without any warrant or jury trials.
Also shutting down Windows doesn’t always power it down completely. Data can still be stored in RAM. They do it for faster restarts. You have to go into settings to turn this off.
Fast boot caches RAM on the disk.
Canadian customs have been increasingly hostile toward American travelers.
They did the standard open your laptops. (mine has whole disk encryption) and mine was powered off.
But Customs decided to completely empty my families bags and inspect each and every item before letting us through.
Taking well over an hour making us nearly miss our flight. Thankfully we didn't bring our phones into Canada.
Once you unfolded your laptop, Canada customs didn't want you to log in so they can snoop around?
One thing they can do with unfolded laptops may be to swab the keyboard for traces of explosives or other chemicals. Since the hands make contact with the keys frequently.
@@beyondfossil I’ve had TSA swab my keyboard for explosives before. It was a pain in the butt. I went through precheck but got a random security check that resulted in everything I had being swabbed down. The keyboard was surprising though, I didn’t expect them to be so thorough as to open up my laptop and test the keys
I’m British and I used to travel to Vancouver all the time. The Canadian border control were more ruthless than the American ones in my experience. They would pounce on you from *anywhere* in the airport and start an interrogation.
Mark my words about the Canadian border: there will come a point when it will be busier than the Mexican border. Canadian refugees looking for asylum.
@@johnstiles7709 We'll all be seeking asylum in Russia! The North American continent is under siege
Do not use biometrics to unlock your phone since they can just press your finger to it or show the phone your face. Convenience is not as cheap as you thought. This was done to a friend of mine by police in Texas. They had an unrelated officer walk up to him and hold his phone out like they were returning it and the face recognition was just that quick.
God, I love this channel. Thanks to you and your guest.
🙏🙏
Wow this video is actually factually correct and contains some great privacy minded advice!
I personally don't travel to any shithole that allows such arbitrary seizure of property in the first place, but this was informative none the less
So in other words you don't travel to the US ever or even inside of the US too other states.
@@cpufreak101 true it's customs that is the pinch point in these cases
@@Trekeyus True, I'm American and I agree America is now a shithole
I was not aware of this... Thank you! Great, as always!
The number one thing to do is to have a separate phone for travel. Log into accounts via the web browser, NOT apps. Use it like a public terminal, put the apps you want on it before you leave and wipe the phone when you get home. Authorities may still be able to access the vendor partition, we don't know if they can do this or not, so you won't be able to wipe it completely, ever. Of course state actors can and will access your devices if they wish. The binary blobs in the radio are starting to be hacked, you can bet state actors have already done this or have access granted by the manufacturer, once again they will get in if they want but practicing good opsec will protect your data from the TSA and thieves.
I could easily write chapters on this, what to do and what not to do and it's all relevant, just be smart about what you do. Also, unpair everything and delete all wifi accounts before going through the airport or travelling. They increase your threat surface and your wifi will look for saved networks, transmitting the SSID's, allowing someone to find where you live, work, etc.
Turn off USB debugging before travelling and if your bootloader is unlocked make sure everything is encrypted or they don't even need your password, they can download everything. They can also delete the phone's lock from TWRP if your phone is not encrypted, it takes less than 30 seconds.
Some devices also have settings which define when USB devices can connect, being before unlock/at anytime, once unlocked or never, obviously set that to never before going through the airport.
this just isnt about privacy anymore
i literally have bank apps and authenticators for important accounts that have money tied to them or paid services.
letting someone else sift though that is literally a no go at this point.
thats also not to say that privacy is not important too i could have ultra personal stuff stored on there like medical history or information on other people that could be sensative or expose them to danger.
for us modern day people a phone is litteraly everything about us, and letting someone else take everything from it is litteraly an extremely over zealous privacy invasion and i would stop them right there.
that is to say. i havent traveled by plane in a while but do they really do this in some places?
They sure do :(
In European countries (including the UK) banks provide small calculator-style authentication devices as an alternative to phone apps, but you may need to ask the bank. Depending on the device, they may be compatible with multiple banks and may support multiple accounts. Some have a card chip reader, some are stand-alone.
@@cdl0 i think that defeats the whole purpose of the convience of a phone.
also thats just for authentication
the bank app gives you more options to protect your money
@@AustinPinheiro_uniquetexthere It depends on what you want, and how you value privacy versus convenience. A code calculator is equally secure for authentication. Some people (e.g. disabled, elderly) may have problems using a phone, and banks may provide special-needs versions of code calculators for them. They also work where there is no mobile phone signal or no wireless internet.
@@AustinPinheiro_uniquetexthere they're called hardware authenticators, and they have a few advantages. First of all, if your phone dies (or gets destroyed) you can still access your accounts from any other device. That alone has saved my ass several times, for reasons totally unrelated to privacy. Second of all, they explained an attack in this video where the analyst studying your phone's data can steal the seeds used to generate the authenticator codes on your device. That seed allows them to access your accounts even if you have 2fa enabled, because they can just generate and use the real code from the real seed. That's way more difficult to do when you store the seed in a hardware authenticator, and they may not even seize the hardware authenticator in the first place. That means they're locked out of all your stuff even if they break your password and take an image of your device. That means they're locked out of your stuff even if they steal every cached password in your browser and you don't ever change them (which you should do if this happens to you!). It's definitely a better option, the level of convenience is equal for me, I just keep mine on my keys.
Thanks for always explaining in a way even my mom would understand ^^ great video
I feel like from an average joes perspective the full disk encryption part could have been emphasized a bit more, though I guess if you're a journalist or whistleblower thats something that you should already know
In the UK you can face jail time if customs requests a password... Only method is to cloud store and take a blank device
Are you saying the customs official faces jail for asking, or the traveler faces jail for refusing the pword?
@@anatomicallymodernhuman5175 it's prison for refusing to tell police and officials your login method
@@systemchris holy smokes. I need to look that up before I go back from the US to Oxford next Spring.
@@anatomicallymodernhuman5175 systemchris is correct. Use a 'burner' phone with nothing more offensive than fluffy kittens on it.
@@systemchris is that true?
I live in the UK not heard of that.
They must suspect a person to ask for log in details?
Or just randomly ask everyone for their log in details?
I have a great idea that will work wonders. Before you leave home fully back up your phone then send a backup to a cloud account. Then factory reset your phone. Then once you're through security restore it from the backup. If there's nothing on the phone there's nothing for them to steal.
Factory reset again before restoring in case they install malware. Even then not 100% sure if safe. Most of us have an older phone sitting in a drawer that could be used though.
Only store encrypted backups into the cloud
Sent it to the Cloud, so they have all your data. Lol
Another good idea with hardware authentication is to travel separately with a trusted partner and hand them the key while you keep the device, so that even if they confiscate the device and compelled you to open it, they would have no idea you're partner has the key; though it would require minimizing contact with them till you're safe so TSA doesn't catch on.
You can save the QR code backup to an online hosting site, or even email it to yourself or print it out. when you are safely away from customs, scan the barcode and it will reinstate your codes. When coming back through customs, make sure you securely erase your free space after removing authenticator so it cannot be recovered after the phone has had its data cloned.
This is not safe. Security personell specialize in finding connected people. When they find your partner they will threaten and manipulate them until they give up access.
@@uschurch then take two different flights, if the partner is already on the flight when they get around to questioning you, I doubt they would force a plane to turn around to question one person on their connection to someone else.
your*
@@festro1000 and hope that your partner enjoys holidaying by themselves?
Only travel with a new phone that you've only just put some information into. A little flip phone with no browser is ideal.
Also note that as new exploits are found, older OS versions won't be protected with security updates. That leaves them more vulnerable to hacks and attacks. Some manufactures are better about update releases than others, so their update polices are definitely something to consider when buying a new device.
Have you read honestly "Security updates from Google" Changelogs? Most of crap has nothing to do with "security" even..
Be mindful that in some jurisdictions you can be jailed for not providing your password; and in others, the authorities have the right to withhold your device for as long as they want, they might not ever give it back to you. The only safe solution is to travel with a clean burner, and not log with your important accounts during the trip as the phone may still be confiscated on your way back home.
absolutely, research the jurisdiction you’re traveling to
sounds like a border agent can just shop for a new phone by stealing yours.
@@jamesrbrindle Just make sure it's the cheapest, least desirable phone available! ;-)
Buy a cheap phone when you get where you're going and destroy it before you leave. Use a good old fashioned little black book to keep important phone numbers and passwords. Just write everything in either simple codes for phone numbers or hints that you will get to remember which password for which site or account.
I would think these sorts of measures are overkill, but TSA have been working more and more with local law to conduct civil asset forfeiture. They tip off the local cops if travellers have enough money(probably including crypto now) on hand. Civil asset forfeiture and police indemnity are some of the few things l consider worse in America than the non existent privacy laws.
@@Jake12220 That's a good idea,too.
“…absolutely brilliant Naomi, have a blessed weekend.” 🙏🏾👍🏾😃
In the day of the mobile phone, everyone can be a journalist.
Indeed, and everyone should learn to protect their privacy because of this
Everyone is according to the 1st Amendment
All devices can be cracked! The trick is to make the data obsolete by the time it’s retrieved. As an example in the military we gave fire missions (artillery fire) in clear, the reason is because by the time enemy has reacted it’s too late (a fire mission might take 5 minutes, a troop movement might take 30 minutes).
Supposedly, AES with a long key is not brute forcible for now. Most humans on the other hand, are easily forced.
@@mrtechie6810 The rubber hose decryption method.
Many years back, I came up with and implemented a trick on a PC that could perhaps be implemented on am Android device. Here is the basic idea:
With the normal device driver for the storage, a chunk of the storage looks all messed up. The part you can see is full of cat videos and people singing etc.
This is what someone sees if they don't know the secret.
You start it up and other than being messed up the system looks harmless.
The secret thing does a bit of a slight of hand. You run the magic app and it asks you for a password without saying "password". If the password you enter is correct it then does some tricky thing that swaps the driver for storage for a different one and reboots the device from that instead. You now have a machine with a different set of all messed up but also your private information. The trick is that the storage you are now using is encrypted differently from what is used without the tricky app.
Great post Naomi. You are the BEST 🥰💛
What excuse is given for this invasion of privacy? I would expect it to be illegal without a search warrant and evidence of a crime.
“Border agents get different rules” is their excuse 🤦♀️
Guess it's possible to look at this as an extension to bag checks and x-rays. Same with the random swabs.
@@somedude144 not really. Your data files don't explode.
I always wondered about, so long as you have a decent data speed at your destination, just factory reset your phone and set it up with a junk Gmail account. Once you get past the security and have access to fast data again, friends home wifi, then reset the phone and restore the actual Gmail account.
But then Google has a backup of everything.
The pendulum swings in both directions. Having a backup of your data is even more critical if you enable pair locking. If you enable it and then your phone is damaged no data recovery companies will be able to recovery your data unless you give them both your damaged phone and your working computer that you pair locked it too. So you will have no phone and no computer for potentially weeks since data recovery can take a while.
This is gold! Thanks for the great informative video.
My approach: create in advance a google account and use it in a cheap second hand phone. Make sure the google backup is turned on so that your vacation photos will be safe if that garbage phone breaks down.
Give the border agents everything they ask for, even the vacation password. They'll have the immense pleasure of going through a bunch of newsletters and spam that gathered since the last vacation.
I use a hidden encrypted partition on my laptop's hard drive. It is not detectable from regular random hard drive data in an empty area. This partition contains a virtual machine which itself is also encrypted with a 64 character password which I remember by heart by now, and that is what I use for real work and sensitive work data.
I will happily give my operating system password if requested by border agents, all they will find is a few recipes for pies, and a browsing history for a handful of news sites. Otherwise a clean computer. I don't have the encryption software installed in the laptop, I will download it on a flash drive in my destination and use from the there, then completely wipe the flash drive when need to travel again. Sounds like a lot of work, however really it is not. Thus, in a border check I will be the most open and helpful person, I clearly seem to have nothing to hide.
If asked why the laptop has not much of anything, I can always say that I do not use my laptop often, I use a desktop at home which is where the juicy confidential data that they are looking for is located, and I just take the laptop with me when I travel, in case I need to do something.
All this cannot be proved otherwise, so there is no plausible reason for them to not believe me.
If the place I am travelling to has a good Internet connection, I use my desktop in my country from the laptop remotely via AnyDesk completely, so I don't always even need to have my data actually with me.
Brilliant! Massive amount of info, still every point is valid and important!
Have 2 devices, one You use at home. Second you take abroad
Backup first device, wipe the second one. Once you cross the border restore the data from first account onto second one, then wipe again before going back
TY, very good tips. I never really thought about that. The data on my phone or tablet would be pretty boring, but it's a matter of principle. In case my phone would be seized, after securing my data if needed, I would not just make a factory reset but wipe the phone and completely flash the OS anew from scratch. (As far as my Samsung-phone is concerned, don't know it that works for iOS.) I would do the same, if I ever have to leave it at a repair shop, except, that I also would wipe it beforehand.
If your phone supports whole device encryption, simply wiping it will be sufficent, as the deleted data will still be encrypted to cannot be forensically recovered.
I used to travel all over the world on business. The only thing I ever saw was occasionally being asked to turn on a device, to show that the battery wasn't plastic explosive or something. After the shoe bomber, presumably due to my English accent. I did have my shoes taken away at Chicago O'Hare, but I got them back after ten minutes or so.
LOL yea the same guy that the FBI had to finally do a Press Release admitting one of their agents entered the secure part of the airport and handed him a brown paper package right before he got on the plane. The video got out of the Terminal footage...oopsie
If anyone else did this they would be in jail, but since its the government, its cool
And billions of clueless idiots are perfectly ok with it and support it cuz it makes sense haha
Keep Up THE Good work Naomi 👌🔥🍾
When will the surveillance of private citizens get to much maybe it has gone past that point allready. Just as well some good sorts are looking out for all of us with this type of content.
It's a quiet revolution but a very necessary one , good work 00Naomi on too your next mission.
Seeya.
It won't...too many just say well yea we need to stop the bad guys and protect us
@@mrmotofy well Mr motofy that's exactly why we need to make lots of noise and protest against the surveillance that is railed against normal everyday people ,otherwise everyone becomes a victim without justification. If you give up because you think the odds are against you then you are trampled under foot by whatever oppressive authority happens to see you as cannon foder in achieving their goal.
There's so many (Near as damn it) secure VPN software options these days that it's safer to keep any sensitive data on a second low powered "Always on" computer at home or the office, and almost use your phone/laptop as a dumb terminal. As long as you set it up so you need to manually make the connection, and use unique authentication to make the connection AND to log onto the remote PC there shouldn't be too much risk of data loss.
Back when I used to need access to sensitive data while in customers sites, but couldn't risk it getting into the wild via a stolen phone/laptop, I went a tad further with this. I had a small "Data storage" PC hidden in the roof space of my office. This computer was only accessible via MY desktop PC there. I'd have to remotely connect to my desktop using a VPN desktop viewer, then manually connect that PC to the data storage PC's file system before either using the data directly on the main PC, or copying it to a temp folder on the device I had with me (Yeah, I'm a geek who worked in IT. :D). It wasn't a quick process, but the penalty for customer data getting into anyone else's hands was ridiculously high. This did mean that I had to leave my desks PC running while I was away from the office, and the storage PC was powered up almost permanently, but as we were also not allowed to store this data on any 3rd party cloud networks, this was the most convenient way I could have access to the data and still show that I'd taken all reasonable precautions to ensure it's safety. It also meant that if my office got burgled and all the PC's stolen it would be unlikely that the hidden data storage computer would be found, and the information lost.
The only time I ever got into a panic using this system was once when I suddenly couldn't remotely access ANYTHING on the network. I raced back to the office with images of the place in the middle of being ransacked by thieves, or the whole building in a ball of flames ! But when I got there it was just a power outage covering the whole area )I remember sitting at my desk in the dark for about 20 minutes, with so much unneccecery adrenaline pumping through my veins that I was almost crying. :D).
I did have an interesting idea about using a Raspberry Pi and relay board inside my desktop PC to make the power to a second data hard drive controllable. The idea was that I could remotely connect to the PC, use that to tell the Pi to power up the extra SATA drive via a consul command, and then use the disc like any normal hot swappable drive. In the end my need for remote access to the data finished before I got around to trying this, and more importantly, it would have brought the data into a locally housed drive, so making it more susceptible to being lost if the whole PC was stolen.
It was an interesting job, but the penalties if customer data ever got out was always nagging in the back of my mind. If it had ever happened it would have instantly bankrupt our company !
I use a SBC inside an old dual cassette case that was gutted. Could sit somewhere buried and nobody would ever look twice at it haha...just looks like old junk. Yep remote networking can be very useful.
But if someone breaks into your home, your server is on, the keys are in RAM and everything is decrypted.
Great video, can‘t wait for the next one. Thank you!!
Just came out! th-cam.com/video/Ofl5vOSufZM/w-d-xo.html
Question, with all of the sketchy electronic devices out there would you help us find a good external two factor authentication key?
I never use my employers devices for personal use. 1. There is no way I want my employer to be able to use my activities against me. 2. It is unsafe for my employer and me to co-mingle activities. 3. I don't pair anything while traveling and go analog as much as I can such as requesting a paper ticket & bring a good old book and mag. I also Hotspot and use VPN.
Passwords should be 16 digits long at least., if allowed.
Watch her VPN video
Great info Naomi, thank you.
What I have been looking for is virtual compartmentalizations, like when people create hidden encrypted disks that they can turn on when the data is needed, but is fully encrypted and effectively hidden when not activated. This seems to be an impossible feature to find. I want to have apps hidden, or even a virtualized phone “front end” so I can hand my phone to someone to inspect while giving no data. It would be even nicer to be able to give the phone where no one can copy my protected data, even if the phone is powered on, as long as the fake phone is active.
On a Samsung go to Settings, Security, Secure Folder.
Here in Canada they're trying to pass a bill that if you're at customs and they ask for your password to unlock your phone or other various devices and you refuse you face a big fine or jail time or both...
Unless the law has changed, in the US supposedly law enforcement can compel you to use your fingerprint to unlock a device, but for some legal reason, not compel you to use your password/pin.
Of course, legality won't stop many police. _They have ways of making you talk_
@@BoltRM I guess I would back everything up and just give them a phone that's been factory reset have a nice day lol...
Canada is a wet dream of commies.
The password that I give will be Fu;&Yuo
@@no1be4me2 I don't think airport security is this savvy but if you're trying to protect data from serious forensic analysis you're going to want to do that factory reset like 3+ times to erase all traces of your sensitive data. Better yet on Android would be to write completely random data to the drive a couple times and then flash the original firmware again, assuming you have an unlocked bootloader. Remember to lock the bootloader again after flashing.
Awesome tips Naomi, thank you so much.
We click fast and with pride when Naomi shows up.
Can’t wait for the tutorial vid on phone pair locking!
Wednesday!
TSA often require you to power on your device if it’s flagged going thru X-ray…
It should be enough to show them the "unlock to decrypt" screen, they ask you to turn on the device to "prove" the battery is real. Foolproof, I know.
Is there a phone pair locking feature for Android phones?
This is outrageous.
I only travel with my Princess Phone. In all these years it's data has never been compromised, it's security has never been breached. Years ago someone placed a keylogger on it but it fell off as soon as I left the terminal.
its*
Simple solution.
Carry a $50 feature phone when travelling or a cheap disposable blank Android phone with a uSD card slot. Keep all your data on an encrypted uSD card and restore the phone at your destination.
My security measure relies on 500GB of Simpsons episodes.. sometimes encrypted.
LOL
Sending this to a mate who is about to jump on a plane to a dodgey country. Thanks!
Frankly speaking that will not work in many countries. If you refuse give up your data, they will not try to hack into your device, instead they will apply to you enhanced interrogation technics. So the best way is to hide data, not to protect it. Don't just crypt your disk volume, but make it invisible. Don't protect your social media acc with the strongest password -- make sure that border guards will not find that you have one or have an alternative identity. Don't disable port via software -- just break it with screwdriver. Don't expose any fancy software or any traces of it which may induce an interest, try to look as normal as you can.
long PC password -- red flag
Signal/Briar/Matrix on phone -- red flag
Port disabled via software -- big red flag
Configured Knox on your Samsung -- red flag
Refusing to enter your password -- red flag
Cryptography software (key generators, tools for public key cryptography) -- big red flag
Terminal emulator on the phone -- red flag
Yubikey -- big red flag
Old cell phone instead of smartfone -- huge red flag.
Again. Don't try to show off, act as normie.
Lol... I write code for 8 to 10 hours a day and... I have... a flip phone.
I also have 4 monitors. Maybe I am not that odd for a programmer?
But I am a red flag huh?
Excellent tips. Thanks.
This isn't the issue. The issue for 99% is that they will cave to unlock it due to threats being made.
Which is why there should be a 2nd password that maps to a "blank" area of the phone for plausible deniability.
@@turkeyssr Right, but this video is so far off from that level... Just the basic level of not unlocking it is 1st. Plausible deniability could actually cover forgetting how to unlock it. It should require a PIN upon boot, no finger prints!
@@cpufreak101 Also not an issue for 99% - my advise is sound. Also, that excludes plausible deniability by definition. Of course if you refuse, then they can punish - but you should not be in that situation if you run your phone correctly.
Billionaire 💭Always fly on private jet.
Impecunius 💭 Always sneek across the border.
Leet Naomi watcher 💭 Do multiple full backups, erase and cross the border or leave devices at home and buy new ones on the other side.
Or have a decoy operating system that does a normal startup, while the hidden one remains encrypted.
... Rubberhose (file system).
Powering off the device just forces them to collect a BFU extraction.
Also powering off the device is okay but depending on what they are using, they may just get the password of the device then extract the data without your knowledge.
Best advice would be don't bring your device. Buy a new phone that is blank and has the bare minimum you need and use that device.
The default pin setting doesn't matter to forensic tools. The device will not wipe if they use forensic tools.
Also none of this applies to China devices.
Side note: Don't bring important data with you through any means. That means no external hdd/ssd, usb sticks, sd cards etc.
Besides the fact that it is possible to brute-force encrypted drives (they can just clone the drive and do it later, although it still takes a lot of time), there is no need to do it physically 99% of the time. You can just encrypt it, upload it somewhere and then download it later. If by any chance you need to move terabytes of data, you could just buy a server and store everything there. Probably cheaper and faster if you use one that is "pay as you go".
@@kuro19382 how would they brute force AES with a long key? Forcing the human is far far easier!
How are Chinese devices different?
@@XX-bn9sf built-in back door?
@@mrtechie6810 Yes. Sad.
OMG really good video! I love the tips! But really phone pairing in the next video? when? next week or two? :(
It's being edited as we speak! Likely wednesday next week!
I am curious, where does this happen and since when?
Great tutorial!
Let's be clear: once that phone or laptop is out of your sight, and in someone else's hands, you can never trust it again! Physical security is the only surety!
So leave your smart phone at home and take a basic one.
If your data is that sensitive, leave the thing at home. Buy a disposable when you get to where you’re going.
@Naomi Brockwell: NBTV - I had a one plus that I traveled with where I had shut off the USB port in the bottom of the phone. With the device being encrypted and a 16 character password made up of old license plates, when they checked my phone it just would not read and I would not start it for them. I played dumb and told them they broke it. Nothing ever came of it... But in the hardware underneath the operating system, you can turn off the USB so the port is just for charging.
Thanks for the ideas. I was also curious if there are some tweaks & tricks within developer options. I'm soon traveling internationally & hesitant about bringing my 1+8pro. I've never taken full advantage of the camera's potential. A standalone camera might be better perhaps.
From a analytical point the similest fool proof system is the more likely to be secure. Taking wetware out of the equation helps a lot. Simply never take the data with you, do not take a device that can access the online data, take a cheap clean phone with new accounts if there is no access to your data they cant get your data. You also do not look like you are trying to hide data by not having the phone in the inspections even first time travel on a new passport makes you a target
Good video, id go with a dumb phone or a smartphone that has just been reset and quickly set it up when over there.
Is there a "full" version of the interview with Michael Perklin? Great channel!
It's not available, but I'll definitely have Michael back at some stage, he's awesome
@@NaomiBrockwellTV Oh, thanks for letting me know!
I discovered your channel today and definitely plan to continue watching your videos (security & privacy binge watching tonigh). The content is excellent, thanks for sharing such good and useful information.
Greetings from Argentina.
These searches sound illegal and like an invasion of privacy.
Like 4th amendment illegal
Time it takes to entirely get the contents from a computer? Think of it as a two step process.
First they will put a type of keylogger onto the device. They could also download "enough" in just five minutes to do some real damage.
Next steps, also effected by what type of hard drive, and even if there might be an optical drive. IF there is an optical CD or DVD drive - you are effectively done. If a platter hard drive, great - it would take them forever. Anything else for a hard drive is volumes faster.
Could you do a vid on Samsung Knox? Pros and cons, cracks, effects on data recovery?
Thanks naomi 👍😎
Thanks for sharing!
A Yubikey is more important than ever
Encrypting the drive is also very important, as stated in this video
My work computer is only used for work, including personal browsing. I never browse non work sites on a work device
This video is really good in explaining how your data can be lifted against your wishes
How does a Yubikey help, if they threaten you?
Keep on good work
What you need is a phone that has pre-installed malware that does bad things when the data is extracted or paired to another computer.
That’s exactly what signal did when cellebrite created tools to extract messages from physical devices :)
@@NaomiBrockwellTV Go Signal!!
The most simple way to enter the US without letting you Notebook/Mobile scanned: Use OneDrive, Google Drive/Fotos, iCloud... 🙂
If you need to travel to places like (I ignore the current situation) Belarus, Russia etc. Better use a second hand device with other another account and leave your real mobile/notebook at home. So only the most needed contacts etc. are stored on the mobile.
Some password managers also have the ability to temporarily delete your passwords for travel, so that if they demand access, they won't find anything
I didn't know about the national due not call list. I've done all the other things yet I still get some. They just change what I call a burner phone that can't be traced.
I always buy 99€ new android phone and not connect it to any network until plane landed to US, no passwords no nothing, if they want to look completely empty phone I smile and let them look. Absolutely nothing to see, not even 1 photo or e-mail. When I get back home, I could still sell it used maybe 70€.
Maybe you could do segment specific for the big brands in the Android world? Obviously with priority for Samsung, since that is what I use :). And another segment for Windows.
If you don't want them to get any data at all, make sure you have backups of your data then wipe it before going through customs. They can't have what doesn't exist 🤷🏻♀️🤷🏻♀️🤷🏻♀️ the catch is the inconvenience of having to do a restore
Forensics software can collect deleted data on a phone that is not overwritten.
@@SmallLegacy all pointless surely since the encryption key is wiped with the reset
@@berryvolcano3787 Unless that specific piece of data is overwritten it can be recovered. As far as I know a reset doesn't wipe the whole storage volume it just resets the OS to default settings.