Traveling to China

I’m planning a trip to mainland China very soon, so I wanted to ask what is everyone’s perspective in the current situation and what would be adequate and proportionate measures to reduce potential exposure.

Would they ask for my disk encryption password on my laptop to check it? I could probably get a burner phone for the trip, but not a laptop.

I plan to pay for a VPS somewhere to access my homelab from abroad, and maybe access Mullvad through that tunnel, as I suspect that it’s blocked in China. Good plan? If so, what VPS provider would you guys recommend right now, in terms of availability and pricing?

Regarding Tor, should I refrain from using it?

For VPS you can look here. There are reviews.

Personally I would use fresh devices, and not access any data via VPS or cloud storage.

In a restrictive country like that, you’re risking being profiled as a spy by having advanced OPSEC.

Would they ask for decryption password? Not likely but possible. Although they are strict, when it comes to manual searches they’re pretty lazy. Its more the automated surveillance you have to watch out for.

I think I recall Michael Bazzell recommending fresh burner devices for trips to strict countries based on his experience. Many countries randomly ask people to decrypt devices so I’d expect China to do the same and probably more often than usual.

If you must bring a laptop and can’t afford a burner I’d consider wiping it, setting it up so it doesn’t look suspiciously clean, and bring a USB or SD card pre-configured to allow you to re-install your OS and then just download all your personal info online. This could depend on you having a robust GFC bypass plan to access the data and software you’ll need.

Mullvad VPN might work but I’d also feel more comfortable having a VPS as a backup. I’d do a lot of research on exactly what VPS service to use and what protocols you should use to connect to it. I remember self-hosting Outline VPN on a VPS being a popular option back in the day but China now manages to detect and permanently block those connections.

If you could obfuscate the fact you have Tor on your device, I’d personally rather have it as a last resort. Just be sure to store a wide variety of bridges before going. I think meek-azure is the most effective for China but also the slowest.

What is your threat model and reason for travel?

If this is a vacation or a non government related work I highly doubt it.

There is massive incentive for China to treat travelers well. Most of the time foreigners will experience far less of the authoritarian measures than its own people, especially if you end up in one of their economic zones that have even looser restrictions.

It’s uni-related, research; and I just don’t want to be put in a position where I’m forced to reveal private information such as encryption passphrases, or be harassed by the government etc… Just hoping to stay safe during my trip. I’m sure that it’s not as bad as the media often says but, you know, better safe than sorry!

Travel with empty devices and if you can trust the hardware after arrival you coukd consider to log into a VM on a server to do your work which won’t live on the the device you bring. So you can unlock the physical devices with no important data and you can login with remembered credentials in the cloud.

Understandable :smiley:, my only point would be to threat-model appropriately. You may not need to do everything that Bazzell would have his clients do just to avoid passing your encryption passphrases to the Chinese government.