I want to start off by saying I did not read the article; The topic surrounding secure devices while traveling has been on the rise in recent months so I will present some solutions which I believe all should take note off. I believe to obtain and maintain a truly private and secure mobile phone we must all be using a GrapheneOS device. However, for those of us who are still using iPhones I present solutions for you as well. Here are a few things to consider when traveling across borders:
- GrapheneOS Devices
If you are even the slightest bit of a privacy enthusiast you likely don’t need an introduction to GrapheneOS so I will attempt to provide a succinct summary on why I believe GrapheneOS devices are the best phones to carry when traveling.
I believe GrapheneOS devices are the most private and secure mobile devices to have; Ironically they only work with Google Pixel devices, however this is not without good reason. Google Pixel devices offer superior hardware security than most Android devices on the market, which is why GrapheneOS will only work on Pixel devices.
GrapheneOS utilizes the robust hardware security features that Google Pixel devices offer such as the ability to re-lock the bootloader after installation. Typically, uploading a custom OS to an Android device requires you to unlock and disable the bootloader. After the OS is installed you must keep the bootloader disabled in order to continue using your custom ROM. This is horrible for your security. If someone has physical access to this device they can upload malicious software; likely without your knowledge. Having a locked/enabled bootloader is paramount to your privacy and security especially when crossing borders into foreign countries.
GrapheneOS has the upper-hand when it comes to this issue. After installation, not only do you re-lock the bootloader, but GrapheneOS will detect modifications to any of the Operating System partitions and prevent reading of any data whatsoever. The authenticity and integrity of the OS is always re-verified upon each boot. If you wanted to unlock the bootloader of a GrapheneOS device you will not be able to do so without completely erasing every piece of encrypted data on your device.
GrapheneOS has been tried against many of the forensic machines that Law Enforcement/ TSA/ Border Control use such as Cellebrite. To my knowledge at the time of writing, there have been no known cases in which Cellebrite was able to succeed in cracking a GrapheneOS device in a BFU (Before First Unlock) state.
- BFU (Before First Unlock)
When you first boot up your phone, you are required to input your password to access your phone’s data. This is known as a BFU (Before First Unlock) state. After this initial “first boot” you enter your password which is then stored in your phone’s RAM. This is known as an AFU (After First Unlock) state. Storing your password in RAM is necessary because your device is constantly decrypting information on your disk in order for your device to “compute”. When your device is in this AFU state it is much easier for your device’s password to be confiscated because the password to decrypt your phone’s contents is stored in RAM. Simply rebooting your phone without entering your password will put your phone in a BFU state where it will remain until you put in your password. These same tips also apply to other devices such as laptop computers.
- Strong Passwords
On the topic of BFU (Before First Unlock) it is important to talk about strong passwords. Although your phone may be in a BFU state if you have a weak password it is only a matter of a short while before your device is cracked. A typical 4 to 6 digit pin is trivial to crack. Use either a very long and complicated pin or a very long and complicated alphanumeric password/passphrase; preferably the latter. Your password doesn’t need to be super complicated just make sure it’s long and memorable.
- iPhones
If traveling with an iPhone I highly recommend you look into Phone Pair Locking. For the sake of my fingers I will refer to Phone Pair Locking as “PPL” from now on. PPL was designed for businesses to deploy numerous iOS devices with the same configurations. PPL is done through a MacOS exclusive application known as “Apple Configurator”. Apple Configurator allows businesses to configure permissions as well as place restrictions on iOS devices. What does this mean for us? It means we can configure our iPhone so we never have to worry about forensics again. Note that PPL is best enabled on a new device because enabling this will result in a complete wipe of your phone and you will NOT be able to restore from a backup. PPL creates a trusted relationship between your iOS device and a MacOS computer. This means that the only computer you will ever be able to transfer data to while plugged in via cable is the computer which you have setup PPL on. PPL will not allow a forensics machine to analyze data from an iPhone. PPL will not allow a forensics machine to copy any form of data for later inspection. PPL eliminates the threat of any forensic machines from being able to access any data off your phone.
I apologize for keeping this section brief but there is more we need to consider. Do not travel with the same computer you have set up PPL on. That computer is your key into your device. Leave the key at home and forensics can never use your computer to access your phone’s data. PPL is NOT a replacement for strong passwords and BFU state, it is an additional feature which you should enable to ensure that your device remains secure. Another thing to consider is Apple Configurator is only available on MacOS devices. I assume you can use a MacOS Virtual Machine if you do not own a MacOS device, but I have not attempted this so I do not know. Unfortunately PPL is ONLY available for iOS devices. To my knowledge nothing similar to PPL exists for Android or GrapheneOS devices. Because of PPL I actually consider iPhones a decent option while traveling.
- Additional tips
Preferably use a secondary device. Purchase a new device specifically for traveling and keep a very minimal amount of information (if any) on it. In the event Law Enforcement is not able to crack your device they may just outright confiscate it and you will have to say goodbye to your phone. Be wary of what clothing you wear and what stickers you have added to your devices (if any). If your clothing expresses political affiliation or you look like a crypto shill with BTC stickers on your laptop and a Bitcoin shirt and hat you may be probed and questioned by overly zealous Border Agents because “you are carrying more than 10 thousand dollars across the border”. This may result in confiscation and or secondary inspections. Try to wear plain clothing and remove or cover stickers that you think could possibly result in issues.
- Conclusion
I would like to apologize for making this post extremely long, it turned out much longer than expected. Since I’ve opened this can of worms add a comment to this if you want me to write a full guide. I have excluded a lot of information in an effort to keep this post as short as possible. But if I write a guide I will include everything with absolutely no stops.
On pixel 9 (and maybe earlier) grapheneos devices, you can just disable the USB c port which is more secure than apple’s pairlocking. Combine that with a self destruct pin/password, your data is bulletproof.
Don’t lock it down. Just buy a cheap phone, populate it with inane stuff like pictures of food and travel.
Create a puppet Instagram/facebook account and do the same, and don’t install WhatsApp until you’re past security.
Better yet, don’t visit the US. Who knows how much more fucked up it will get as time goes on.
Factory reset the phone. First make sure your data is backed up. Next link the phone to a secondary account. Then after clearing customs and immigration, restore the phone back to the original account. It’s inconvenient but better than having the government invade your privacy.
Locking down your phone does nothing for you… If they see that you have a phone and they can’t access it they simply won’t let you in the country regardless of who you are.
The only solution to this is to simply not have an electronic device when going through customs.
Overnight your cell phone to yourself if you’re that worried about it. Any other solution is superfluous and outright stupid.
If you’re entering the US through Mexico and they demand you unlock your phone and you refuse or it’s “locked down” you don’t win that conflict. You’re just a permanent resident of Mexico now because you’re not getting into the United States regardless of your citizenship status.
*regarding paragraph 1+4: this is true for travelers visiting the US (which is what the article is aimed at but, for clarity), but not returning citizens. They can hold the device, but have to fold and let citizens re-enter.
Also, an alternative to not carrying your device is to just wipe it before boarding/reaching your port of entry. Let them pretend to be Hollywood csi detectives and image a freshly-wiped phone. Then restore from a backup later.
Pursuant to CBP’s border search authority explained above, when presenting their effects for inspection, all travelers are obligated to present their electronic devices and the information resident on the device in a condition that allows for the examination of the device and its contents. If the electronic device cannot be inspected because it is protected by a passcode or encryption or other security mechanism, that device may be subject to exclusion, detention, or other appropriate action or disposition. Additionally, the traveler may face longer processing times to allow for CBP to access the contents of the device.
Taken directly from CBP’s website; regardless of any citizenship, or nationality, they can refuse to let you reenter the country until your device is searched. Period. I don’t know where this idea that “I’m an American, they can’t refuse to let me back into my own country!” narrative came from, but it is entirely fictitious. There are dozens of reasons for you to be refused reentry.
Straight from the ACLU:
Do I have to provide my laptop passwords or unlock my mobile phone for law enforcement officers at the border?
Customs officers have sometimes asked travelers to provide their laptop passwords or unlock their mobile phones when they are entering or leaving the United States. Your legal status in the country may inform what you decide to do if you’re asked for a password to unlock your device. U.S. citizens cannot be denied entry to the United States for refusing to provide passwords or unlocking devices. Refusal to do so might lead to delay, additional questioning, and/or officers seizing your device for further inspection. The same should be true for those who have previously been admitted to the U.S. as lawful permanent residents and have maintained their status — their green cards can’t be revoked without a hearing before an immigration judge. […]
The reason why you have ‘heard this idea’ is because it’s true :P
Again, they’re not denying you entry permanently, but they absolutely can slow fuck you for weeks until your device is unlocked and checked. You people live in some little utopia that doesn’t exist.
We just deported a US citizen to Argentina without due process and its taking a federal court order for the US government to do anything about it. You really think they care about your “right” to reenter the country?
I said nothing about potentially holding your device - reread the comment you replied to - but they cannot use that as the reason to deny citizens reentry. We can have a discussion about if the administration is following the rules of law, but by law, border agents cannot deny you for this reason.
So hostile, for no reason. Channel that anger into something constructive, yeah?
Also lol if you think anyone here thinks we are in anything close to a utopia, you should switch careers to comedy :p
Australian here.
When I was a kid some 30 years ago everyone wanted to go to America. It was seen as this amazing society where you could do anything, be anything, see anything!
It’s not that way anymore.
Now it’s seen as a dangerous place, where you have to take measures like in this article to protect yourself.
Trump really has destroyed your country’s reremovedtion. It’s incredible.
The trump admins have both been a shitshow but realistically they’re just taking the problems this country has always had and is blasting them on full display, and now people are finally starting to realize this country has ALWAYS been a capitalist shithole.
We have pretty much the same policies as the USA when it comes to digital rights, including border force being able to search your devices upon entry.
Yeah we are going down the same path unfortunately.
I think we will be pretty fucking close once we have PM Potato
For your safety, please don’t travel to the US. There is a very real possibility of you being kidnapped and sent to a slave labor camp without due process.
I am ashamed and afraid of my country.
Thats just not true. Damn you Americans want to be victims so badly.
but people have been deported while in america, even ones who are legal. https://www.npr.org/2025/04/07/nx-s1-5354921/deportation-el-salvador-albrego-garcia-supreme-court-dhs-ice-trump-administration, this is one i could find
Deportation isn’t being kidnapped and sent to slave labour camps.
The prison is a labor camp you twat.
And they literally grabbed at least one student off the street and took them straight to detention with no due process. There’s no one stopping them from taking them to El Salvador from there either.
And the US prisons don’t sound any better really. Mylar blankets and 24 lights is a form of torture.
you Americans
so you aren’t American yourself, but you think you know our situation better than us? interesting logic there…
It is true.
You might want to switch news feeds if you missed that memo.
Unless you can provide evidence then it isn’t true. Why would I watch American news to begin with.
These policies pre-date Trump. But to be fair, the media refused to acknowledge a lot of these problems until Trump was president.
Laws and policies are different. The Trump administration takes much more extremist views towards laws on the books making their internal policies much worse (in most cases).
They’re taking things to the next level of escalation, but they’re using precedent that was set before them in consolidating power for the executive branch, and the destruction of accountability.
European here.
Same.
Turns out the monetary value of reremovedtion is less than our dollar lol
Data copied from devices during advanced searches at entry points into the U.S. gets saved for 15 years in a database searchable by thousands of CBP employees without a warrant.
There is very little to reason to believe that any data copied by agencies like this is deleted ever. You should assume any data copied like this is kept forever, shared between agencies and corporate contractors, compiled into various databases and lists, used to train shady security contractor AI systems.
There are no comprehensive federal data privacy laws in the United States, and even if we get one in the future, it probably won’t apply to security agencies.
Install PostmarketOS and look at confused faces.
With sxmo as the interface.
Get a burner phone and download all apps and data once you’re through customs. Then destroy the phone before leaving.
Destroy? Sell that shit. Or buy the burner device in the US and return it before leaving.
buy the burner device in the US
Can you trust it then though?
Cheapest model Pixel with grapheneOS?
Still an issue to get grapheneOS on there but far better than whatever most stock phones will come with
Paywalled.
Archived article: https://archive.is/rDbgD
Screenshot of the article https://postimg.cc/14gNLM00
A paywalled article about how to avoid persecution by the US police state is pretty on the nose.
Just put sensitive data in an encrypted usb drive and separate cloud storage.
deleted by creator
