Help me configure my dual phone set up for travelling. Must balance convenience and privacy/security

I actually have 4 cell phones (Two iPhones and two Google Pixel). With all the talk about phone searches at the border, I really want to configure what people are now calling a burner phone. Even in my day-to-day usage, I carry two phones with me since I like playing with both iOS and Android. Maximum privacy and security may not be desirable due to a desire for a bit of convenience. The threat model is the border search where the authorities can then go on a fishing expedition once they have access to my phone. Because of this, I will access most things via the web browser such as emails, and then clear the data upon closing.

On my iPhone, I will mainly use Safari as WebKit is the only rendering engine allowed unless you guys can come up with another idea on why I need to install another browser. I will need to install the airline and hotel apps for booking and boarding passes. I thought about using Safari to access this, but from experience, the digital boarding pass can only be obtained from the app so I’ll have to download it. To minimize tracking, I will try to use each browser for certain things such as social media or banking. iOS is said to have very good privacy and security compared to Android so my thinking is to use Safari for social media like Facebook, Instagram, and X. I will also access my bank accounts from Safari.

On my Google Pixel, I plan on using Google Chrome for Google services like YouTube Premium/Music since I subscribe to it and need to sign in to access the service. So I guess it doesn’t really matter for privacy and in that case, I’ll Google Chrome make sense.

I will use Firefox and Brave with uBlock Origin for general browsing.

I will use Ironfox to access my email accounts and banking.

I will use Cromite for social media like Facebook.

Given how new both Ironfox and Cromite are, are these two browsers really trustable for privacy and security? Has the code been audited yet?

I also downloaded Tor browser, but I’m really new to this so I don’t know how to best configure this. Reading Privacy Guides, it seems like I should keep everything at default and not change anything? When loading Tor the first time, it asks me to connect to Tor, I’m assuming this is normal, and what I should do? Since Tor is based on Firefox, why is PG suggesting not to even use extensions as I see an option to use it?

I do have several email accounts and at home, I just use Thunderbird to access them. I figure for privacy and security, I’ll just access them from the browser. The only problem is that I don’t know how to use containers to separate the email accounts so I can access them simultaneously like with Firefox on the desktop and multi-containers. Thunderbird solves that problem, but I’m not comfortable having an email app installed, no emails should my phone be inspected.

So now I’m down to my two remaining devices that I’ll use at home, which are another iPhone and Google Pixel. Given iOS’ reputation and my need to use social media, I will install Facebook, X, and Instagram on the iPhone. For any app that I need to install and want maximum privacy, I should install it on iOS. Is this a good idea?

Privacy Guides recommend the installation of AdGuard — adblock&privacy, which I also have. Is this recommended for installing on my Google Pixel as well? It’s strange that it’s only mentioned for iOS even though the same app is on the Pixel.

Another one of my goals is to minimize cross-browser and cross-app tracking. Is my setup good enough to minimize risk and make it hard to be tracked? I’ll avoid signing in whenever possible. Social media and Google services, which require sign-in will be used on the browser, where I won’t do any general browsing or visiting forums.

I also see NextDNS mentioned a lot, but can this be used on a cellular/5G connection? From reading the internet, it seems like I can use that on WiFi networks. I’m usually on a cellular connection. I also have a ControlD subscription and that has access to HaGeZi’s block list. How do I configure NextDNS or ControlD for use on a cellular connection on an iPhone and Google Pixel? What are the best settings to maximize my privacy and security?

For VPN, I already have ProtonVPN. I’m going to get Mullvad as backup when I’m in China as it’s been reported to work. It doesn’t hurt that both Proton and Mullvad are recommended by PG.

Thank you so much for the help!

Help?

Don’t bring devices with information you are not ok with Governments or bad actors seeing. That’s really all you can do. If you get stopped in a place like China and they demand your password, its extremely unlikely your getting out of their without giving up the info they want.

Set yourself up with a separate travel password manager that only has the info you need for your travel setup. Leave everything else behind. Make it impossible for information you don’t want to give up to be accessed. Assume everything you do bring could be coerced from you.

Don’t customize Tor Browser. That defeats the purpose of it. Customizations make you appear unique. You can click the shield icon in the top right corner to select one of 3 security levels. Other than that, you shouldn’t adjust any settings. Don’t install extensions. If you want an ad blocker, I recommend instead using Mullvad Browser along with a privacy VPN.

No. PG recommends Adguard for iOS because that is the best way to get adblocking in Safari. On Android, users have access to the Brave and Cromite browsers, which have excellent built-in content blocking. PG doesn’t recommend the iOS version of Brave, because it is hamstrung by iOS’s WebKit browser engine restriction.

Yes, if you use the currently recommended NextDNS device setup methods, both Android and iOS will be set up to use NextDNS servers on both wifi and celllular.

I recommend the cheapest phone out of the four. Whole purpose of a burner phone is to expect it to be lost eventually. Nothing confidential or incriminating should be stored on the phone.

In addition to the other advice mentioned here, I will add that having at least some stuff on your phone will be helpful. Think photos, apps, and some signs of normalcy!

Thank you, but what about the use case with the browsers?

If you have to install WeChat for use in China, and it’s a very necessary app, is it better to install it on iOS or my Google Pixel?

That’s the problem. I’ll have to find a bunch of photos from my daily driver and then put it in the burner just to give it a semblance that it’s my phone. I don’t know how to get old text messages from the past and put it on my burner.

In China, WeChat is absolutely necessary or else it’s a nightmare to get around. Life over there revolves around WeChat.

This is in a mobile context and Mull is no longer available on mobile. Just to be clear on Tor, when opening the browser, it asks me to connect to Tor, ik assuming that is normal and then I just connect? Just the browser as is without installing any extensions and ideally not touching any of the settings?

At home, I have a router with Adguard on. If I connect to the router via WiFi and it blocks ads, and using Tor with its default settings, can I still get a unique fingerprint or I’ll blend in with the crowd?

What is wrong with using the Adguard app on Android compared to iOS? I actually find Brave to be better than Cromite when it comes to blocking ads. I’ve been testing Cromite over the last couple of days and it seems like it’s using a different ad blocker from Brave.

Is it possible to use NextDNS with a cellular connection and a VPN?

The tor network will bypass your local network’s DNS settings. Your wifi Adguard filters will have no effect when browsing with Tor Browser.

The iOS Adguard app makes use of Safari’s content filtering feature. Android Chrome offers no such feature, so on Adroid, the app is only able to offer DNS level blocking. You don’t need an app to do DNS blocking. You can just use Android’s native Private DNS setting.

I wouldn’t say that you need to migrate photos and messages to WeChat. You just need to not catch unwarranted attention from the border guards. A wiped phone running Graphene OS may cause suspicion and further questions as you exit the country.

Firstly, do you expect them to conduct a low-level search of the phone (i.e. unlocking and viewing your photo roll). Secondly, if you’re planning to access sensitive websites, will they image your phone using a forensics device like Cellebrite?

The former implies that you probably should not worry too much about configuring the burner phone. Use a freshly factory-reseted phone (graphene or not) and use it normally as you would expect in China. When someone asks for your phone, show them a normal device with completely benign photos.

In a situation where forensic analysis will happen, you might as well accept that your trip will be an extended one

If you’re not planning on doing anything dangerous, I’m sure that China will not care about your installed VPN app (or recently deleted app). The problem gets more complicated when you are using Tor within the country for sensitive communications. You should look into Tor Bridges if possible to circumvent the Great Firewall. Download Tor while you are in the country using a VPN connection, and delete it once you are about to leave. Few people have ever gotten in trouble for using a VPN despite what the laws says, it only gets applied for those opposing the CCP.

Can we have a discussion about using different browsers for different purposes? Given Android’s flexibility to have so many browsers, I figure this would be a great way to optimize privacy plans and minimize cross-app/website tracking. Just wanna make sure using Facebook on Cromite means Facebook will have a hard time tracking what I’m doing on Brave using PG’s settings.

When you use different browsers, you appear as a different browser to the website you visit. However, your IP address will be the same, as will your device model. Now if you use a high traffic IP (such as one from a popular VPN) and a commonplace device (any popular phone model), your browsers’ fingerprints will be less unique and less likely to get associated with one another.

I have both Mullvad and ProtonVPN at the moment. Are you effectively saying it may not be necessary to use different browsers? I figure it would make a huge difference when it comes to Google and Facebook tracking my activities. Let’s say I use Cromite to sign in to Facebook and Google to utilize their services. I know I’ll be tracked even with Cromite as I’m signed in, but if I browse with Brave or Firefox and have them hardened with PG/Reddit settings, it still won’t be hard to track me on the web even though I’m not signed in to Google or FB in Brave and Firefox? I’m using iPhones and Pixels. Both are fairly popular in the US. Not sure about the rest of the world.

Privacy and security-wise, would it be better if there were a way for each web browser to have the ability to utilize a different IP address by connecting to different VPNs? I guess this is theoretical as Android only allows one VPN to be signed in.

What if I use an iPhone signed into FB and Google services on Safari with Mullvad? Then do web browsing on Brave and Firefox on a Google Pixel with Proton VPN. Would this be a better strategy and make it more difficult to fingerprint me and track my activity on the internet?

It depends. If you use two different browsers on a popular phone and a popular IP address, that’s very different that two different browsers on an uncommon device or low-traffic network.

If every aspect of your clients (browser, hardware, and IP address) is different, that only leaves your behavior as a potential fingerprint.