Continuing the discussion from VoIP service recommendations:
If you are really serious about privacy you should consider getting a separate phone for international travel since you can be compelled to turn over your phone at any countries including the USA borders and get your whole phone copied
Just restart GrapheneOS when getting off the plane and then don’t use the phone until you’ve left the airport and they won’t get anything. Or back it up to a thumb drive and restore once you’re through.
I disagree with “Just restart GrapheneOS”, especially after having read this post. I would feel safer in situation A where I have a cleanly slated device and I deny giving US CBP access …
as opposed to situation B where I have an extremely personal device (since that’s ultimately what phones are nowadays) and I deny giving them access.
In the post, the security researcher was pressured into giving security access, which I guess someone can argue and say that you simply should not pop under that pressure. Thing is, you will never know what you might do in that situation. In the security researcher’s position, he popped.
Some people have the balls to stick to their rights, some people don’t, and you don’t really know which camp you’re in until you’re in that situation. So when people eventually encounter it, would they rather be in situation A or B? I say A is a better choice.
Sadly, not everyone can afford privacy protections like buying an entirely new phone. 
So that’s an issue… The security researcher also mentioned that they said “you can write down your password and we can do this the easy way or we can do it the long and hard way.” And I assume that the “long and hard way” might involve lawyers of some sort (which also requires money, unless there is a pro bono lawyer given) and a lot of time on your hands, which again not everyone can afford/have access to. 
What I do I have a Iphone SE 2020 that I bought from swappa. I then set up a clean apple id, clean facebook, and signal, whatsapp and even a clean bitwarden. My primary number is a voip so i have a softphone app on it that i can aim my voip at while i am traveling if I would like. But for the most part i am just using it for maps and browse online when im traveling.
If i’m ever asked to turn over the phone sure thing officer. I am not even friends with my main fb or other social media.
I can even move my signal and whatsapp if I want over temporarily if I wanted and because I don’t back anything up its just for emergencies and if I wanna talk I call people.
that won’t work. US border and places like China can hold you indefinitely until you are compelled to unlock the phone. Plus anyone with state level resources you have to assume they have methods and ways to force any device open.
And what about the option of backing the device up to a USB drive and restoring past the border? You could even encrypt the drive and then mail it to your hotel ahead of time for pickup on arrival. If you trust mailing a thumb drive then why not mail a phone instead though, a newer iPhone or a Pixel running GrapheneOS has been shown by Cellebrite to be exceedingly hard, if not impossible with current methods, to access Before First Unlock, Cellebrite Premium July 2024 documentation
My main thoughts on using a secondary phone for travel come down more to cost to replace the device. I’ve travelled out of the US before and took my previous phone with me instead of my current one. I moved the SIM over and just used the old phone for two weeks. However if your threat model involves border searches due to regular travel to various places then yes the best option will be using a second phone, but for most people that’s an expensive option that they would most likely have trouble justifying/affording.
One thing to consider is how different apps have options built for this. 1Password for example has travel options where you can disable certain vaults and they’ll be removed from the device until you add them back.
As to being forced to unlock the device, GrapheneOS does have a Duress Password feature where it will wipe the device, and while doing that with law enforcement is questionable it is an option to be considered. Especially if the LEO’s are abusing their authority and pushing further than they are legally allowed to. It can always handled in court later and if it is a violation of right like in the US there are attorneys who will take the case to try and get a check out of the government for themselves.
there is no point in backing the device up to a usb if you are 1. still carrying the device and 2 carrying the usb. You are assuming that they can’t recover data from a wiped device, which is a bold assumption.
Also you are gonna wipe the device and restore it every time you lay over or cross a border? If you are flying from the US to SE asia you are going through multiple layovers in multiple countries. At that point you start getting lazy and not doing it.
The court have repeatedly said the border patrol can pretty much do whatever they want. If you can afford to fly international but can’t afford $30-100. $30 being you can buy a amazon fire tablet and put your basic apps on it.
The safest way is to not carry it with you period. Anytime you are checked at a border check point and refuse if you are in the US they can hold you for a unknown period of time and they claim its a violation of the law but no one has been charged. If you are overseas and a CCP official tells you too you run the risk of being locked up abroad.
As for getting a check there been people who have sued over this and lost. Abidor case he stored them on a encrypted hard drive. The judge said “It would be foolish, if not responsible for plaintiffs to store truly private or confidential information on electronic devices that are carried and used over seas.”
If you are spending all the time and money to travel overseas you going to risk missing your business meeting or wedding…all the people in your party are going to be pressuring you to just do what they say so you can keep moving.
It looks like without a warrant they have no leg to stand on and with one its still undecided in the US Smartphones and the Fourth Amendment: When is Access to Password-Protected Information Permitted? – University of Cincinnati Law Review Blog
The 2014 case for Abidor was dismissed which leaves a lot to be decided still.
Your own example of Abidor was a train, not flying overseas, and I can drive to Canada or Mexico for less than a plane ticket costs. Travel is a luxury some people save and budget every penny for. Buying a device just for travel for them would be ridiculous, should they not care about privacy because it’s not feasible to your level?
As for the people I’m with or event I’m there for, well I feel like the Louis Rossman approach makes the most sense there. The people I’m involved with know my stances and convictions, as well as how stubborn I am. They would be upset but not surprised.
Safest method would be to not have any electronics at all, but that’s a ludicrous threat model that I don’t think anybody on this site recommends. A duress password thats easy to guess like Password123! , so they try it on their own or the brute force tool they use tries it early and wipes the device, would be more reasonable and could even give you plausible deniability because they wiped it, you didn’t give them any password.
This is a sliding scale and typically less is more, just use a secure phone, keep it updated, modify your vaults with your password manager, and know and research your rights everywhere you go. If it’s anywhere in the UN you have a fundamental Human Right to privacy set out in the Universal Declaration of Human Rights. In the US you have the Fourth Amendment.
Lots of lawyers will talk to you on the phone for free for a few minutes if you call to ask a question, call around and ask about recommendations and options for recourse if something happens.
its your life but betting that the boys down at quantico or wherever they border patrol sends devices to be cracked doesn’t know about the wipe feature on a readily available piece of consumer software or they don’t have tool to simply attack the vault and by pass the 1password front end is a pretty high bar of trust you are putting in them.
The whole UN bit makes no sense, you realize that North Korea, Iran, Yemen and China are all part of the UN?
TBH the advice you are giving is so bad that its almost something a spook would say to give out bad advice. Do we get to play spot the fed because I think would have won.
Attack the vault? The vault is wiped from the device, it’s not a frontend. The account removes the vault until you add it back once you’re done traveling.
Yes, and who with an average realistic threat model can even get into North Korea for example? The argument about the UN is more to show that it is laid down in international law and again, there are OPTIONS for legal recourse.
My advice is based on a realistic threat model for most people, not for a reporter working in controversial or dangerous locations, not for Edward Snowden. What you are preaching is FUD saying that the government HAS attacks to get into GrapheneOS, or acting like your rights WILL be violated everywhere you travel.
As to spot the fed, I wish I was making fed money.
a realistic threat model…of just wiping your entire phone and restoring it once you cross borders and if the US customs does ask to see your completely blank phone hope that doesn’t arouse any kind of suspicion at which point they find your USB and ask you if you know the encryption key which you lie and commit a federal crime by lying to a federal agent.
As opposed to the completely unreasonable solution of buying a 2nd device whether its a cheap tablet for $30 or a older model iphone for less than $100…and simply turn it over let them see it, image it to their spooks hearts content while you are on your way and simply change your passwords when you get home on any account that was on joint container.
Sometimes the math don’t math…if you asked me to make a bet whether you even follow your own advice, i’d i would run down to the bank and mortgage my home and all my investments to put on that you don’t wipe your phone walking through customs and then i’d retire early.
Lets also just ignore that you suggested we image an iphones drive, which you would need special software for. You can’t just back it up and restore it you would need access to your 2fa codes. So you would need to be carrying the authentication like a yubikey which could be seized.
Airport Mobile Checks Mitigation
WARNING – Seedvault backups are app-data only, you have to backup internal storage yourself (the setting has a on-switch for this but its experimental/may break/unreliable)
This should restore your android FULLY, but you may want to test this whole procedure at-home twice/thrice. (You may want to copy all the internal storage separately on desktop/laptop)
P.S. Ideally keep backup on nextcloud, pendrive & computer as well. (3-2-1 backup strat)
Precedent for the US border was just set in New York and can be argued nationwide now. US border agents must get warrant before cell phone searches, federal court rules | TechCrunch
Also, if you read my previous messages the realistic advice came down to this:
With advice about talking to content matter experts for input so that you know what to expect and how to react legally.
I don’t have this threat model so I’m pretty naive on this topic but what happens if you have a profile that doesn’t have anything in GrapheneOS and you unlock that one for them to be satisfied mentioning that the phone is brand new?
they will take the phone back and image the drive…they would be able to tell
Fresh device just bought never used. Prepaid SIM card. Upload everything you need to ProtonDrive. Add some junk info to the phone if searched (ie fake hobbies, grocery lists, add some pics of your hometown, places you are going).
If its too obvious the phone is a burner you are risking secondary detention.
Download everything you need from proton drive once you cross the border, set up Signal after crossing the border.
If the phone is actually searched, throw it out immediately and buy a new one once you are let into the country.
Leave all real devices at home.
without any electronic devices, encrypt files and upload files to self-hosting cloud before traveling, and buy a Pixel after passing the customs
Install GOS, then download the encrypted file and decrypt