All posts by Joe

Travel computing
There is an issue right now making the news rounds about devices being searched at border crossings and evidence being used to deny entry or deport people who have differing opinions.
There is a couple of ways that they are doing this:
1. by demanding that you open your device
a.  they can force it if you have biometrics setup but cannot force an unlock with password although they can deny entry or deport
b.  They can seize a device and forensically remove and analyze the data which means it could be a loong time before you get your device back
This means that you have some choices, the obvious: have a backup of everything that you are not willing to lose
The less obvious: Dont travel with anything that you dont want others to have access to

So lets start with the things that you can do for a phone and then move on to laptops and other devices.
With a phone your device should always be encrypted.  This prevents data removal and analysis.  It is a good practice anyway in case your phone gets stolen or lost that will prevent anyone from accessing your phone not just border agents.  Many of your higher end or newer phones have this built in and there is nothing that you need to do to start using the feature but it is good to check and make sure.
With the biometrics you should disable them before travel and turn them back on when you get home if you use them.  Another thing that you can do is restart or power down you phone since on boot it requires your pin or password to access anything.  Some phones also have a key combo to enable lockdown mode without a restart.  This will also require the pin or password to log in.
But me being a little paranoid i prefer a bit more solid method or two for that kind of thing.  I have seen multiple redit threads asking if there was a way to have two different pins go to two different UI’s.  There are a couple of methods that fake this, sort of but it doesnt really put in any kind of isolation that would prevent someone from accessing data and still would be potentially vulnerable to data retrieval.
Another one that i have seen an XDA write up on was dual booting for many devices.   As long as it is encrypted this should be a good solution:
https://xdaforums.com/t/mod-dualboot-for-any-samsung.4680492/
I have not used this method but something that worked back when was having one OS on the mmc and another on a micro-sd and then just having the one that you use on the mircro-sd and pulling it before going through a crossing.  But it looks like not many devices do that anymore, i looked and did not see where anyone was doing it recently even with rooted roms.
but those are some difficult methods and most people arent going to put in that kind of work for their phones, so there are some simpler ways.
The easiest thing to do is to wipe your device and create a new account for when you are going through customs.  Then on location you can switch back to your regular account and restore from a backup.  Then do the same when you are leaving.
Another simple way is to get a dumb phone.  Get a dumb phone that is a simple enough solution but if you cannot get by with just a dumb phone you can get a used phone on the secondary market when you get where you are going and log into it while you are there and then switch back to the dumb phone when you leave.  This is easier to do with phones that have physical sim cards than it is to do with a esims.
I am sure this is not an all inclusive list of things that work its just a couple of good ideas.
Now on to computing devices and data.  Some times you have to be able to access some data but i still think that the best ways are the easiest on this one.  First thing once again encryption is your friend.
Dual booting could be useful but i think it will present alot of the same problems with device confiscations as the phones.
You could set your device to boot from a usb and just have your entire system on a usb stick.  This would be a little bit better but still can be confiscated.
I think one of the simplest solutions is to have your device be a thin client.  Basically nothing on it but a way to access a machine in another location.  Granted your performance will then be dependent on the quality of your internet connection.  Another way to do it would be a network boot from your home server.  not one that i have tried.
Tails could be a good easy way to do it as long as you didnt need persistence.  While having that on a usb when you go through customs could be a red flag you could have a blank usb and then just download it on site and wipe it again before you leave.  A similar solution is to have an image with all of you accounts and everything all set up and available from your home server, download it when you get where you are going and put that on a usb to boot from.  Minimizes bandwidth issues by only needing to be downloaded once and provides all the benefits of bringing your own drive.  Just remember to wipe it again before you leave.
For the thin client there are multiple solutions.  Sunshine and Moonlight work well for wayland systems and x11 systems alike although i am still partial to x2go for x11 systems.  This just requires you to have everything set up on your home computer or a paid service like a digital ocean droplet.  Another would be proxmox with a vm setup and using novnc.  This does require a bit more setup although you could just install it on your home computer and use any browser to access.  I have only used proxmox for that but it should work the other way too. Although it is a bit of a setup for that too.
Another potential solution that has a few more risks but is a little simpler is mail yourself to whatever location you are going.  Pull your hard drive or external drive and put it into a package and mail it overnight to where you are going to be

Plus there is still all the things that you should do when you traveling and when you get where you are going.

1. have a VPN, do not trust others to manage your security.
   a. have one that is a paid service from a company that is proven to not log info.  I think there are a couple of free ones that are decent but i dont know about the logging on them.  Really this one should be a backup for the next
   b. have one that is set up by you for you on your home network so that you can access all of your stuff at home without having to open a bunch of ports and will also provide you a means to encrypt all of your traffic in order to pass it back to a provider that you trust

2.  minimize your interactions with anything that requires you to log in
a.  while traveling i think that is a good idea to occasionally log into your bank accounts and verify you are the only person making transactions.  Before you do that you need to make sure that you are on a secure connection and using a vpn of some kind.
b.  use tap to pay wherever you can as it is more secure and less prone to skimming hardware than chip or magnetic swiping. Your phone tap to pay is arguably more secure since it creates a temporary card number for transactions.

3.  Carry the minimum amount of digital gear with you when the cross the border.  If you dont have it on you it cant be searched and used against you. A couple of things can be done here and some of them have been mentioned before
a. plan to purchase low cost devices when you get where you are going.  Phones and tablets or low cost laptops are pretty easy to get on the secondary market or even some pawn shops or consignment shops but i think facebook market place and craigslist are the best bets in the US as most of the other stores that i mention have started selling electronics online and everything else in store.
b. ship things to the location or venue that you are going to.  There is still a chance that it will get lost or seized but the chances are lower and you are not likely to get detained or held with it.  Plus if it is encrypted as mentioned before then it should be safe enough.  Shipping will probably cost a small amount less than buying but that depends a lot on the locations.  But if all goes well you can avoid all the hassle involved with restoring and or re-downloading all your data
c.  If you need a phone when you are crossing a border, which is understandable, have a dumb phone or wipe your phone before crossing and be logged into an account that is not associated with anything else of yours.  Brand new never used

Let me reiterate the most important part: have a backup of everything you dont want to lose and dont carry anything you dont want someone else to have access to. No this is not about how to get away with crimes this about protecting your privacy and human rights

I tend to write a version of this article every couple of years as things change and my interests change and it can be a very broad subject. Or it can be pretty narrow. It depends on what your goals are. But since i have not found a good way to parse it, you will get everything.
When i say travel routing i mean any time you leave the house especially on an extended trip. So i guess the best place to start would be your vehicle. I know some vehicles come with a esim if you want to pay for it built in but i prefer to roll my own.
There are actually three ways that you can go from here in regards to a router. I like the USB C powered routers such as the travel routers from tp-link which come with openwrt built in. Or you can get a home router that runs on 12v dc and wire that into the car directly using one of the fused lines that is only powered when the ignition is on. I would also suggest putting open-wrt on that as well. The 3rd is actually the easiest and thats simply using the wifi sharing on your phone.
1. First lets start with the phone wifi hotspot. Like i said this is the easiest but it also provides you with the least amount of control and usually the slowest speeds unless you want to pay extra to your cell phone provider.
a. This can still be relatively secure especially if you use a vpn on your phone
b. Doesnt allow you to control the IP address provided which can make local file serving and troubleshooting more difficult
c. Many cell providers will limit your speed for tethering in this fashion and while there are ways to get around it you will probably need to do it on a per device basis unless you want to pay more for tethering

2. The 12v router.
a. This setup is probably the least convenient and most difficult to setup in that it requires you to wire into the electrical system of your car unless it has an inverter built in or you can fund an accessory power supply with the correct size barrel jack and have a port handy. Running from the fuse panel is also an option so long as you find one that is off when the ignition is off.
b. Next you will need to setup something like easytether to get around the tethering issue mentioned previously and run a usb cable to where you can easily access it from your phone. This will keep your phone charged if slowly and provide internet to everyone using the device.
c. You can either run a vpn directly on the device back to your house or you can run it from your phone. I almost always have the vpn turned on on my phone so i dont worry about it.

3. The 5v router
a. These run off of USB and a lot of them come with openwrt built in. You can do all of the same things with this that you can with the 12v but you can also easily disconnect it and take it with you when you get where you are going or into whatever hotel you are staying at.
b. We will get more into the the hotel portion later on
c. Some of the smaller ones or lower cost ones may have memory limitations

Running openwrt allows you to add applications like easytether and different VPN applications if you need them and allows you to control all of the IP addresses. This let you set static ips and you can setup different servers if you want to. with traveling there are always places in the middle of nowhere that you are not going to have internet access or the speeds will be too slow to stream properly. So it can be good to have a server setup with something like plex or even a game server if you want. it all kind of depends on what other devices you are willing to bring with you or have set up in your vehicle. The routers may also have a usb port that could be used for file serving but if it only has the one i think it will be better used connected to your phone for tethering. Easytether is an older application that still works even though you sometimes have to jump through a couple of hoops to get it installed.
But in order to run a plex server OTG you need a device. The easiest that i have found for doing this on the move is a tablet that runs linux. Dell Venue, Dell Latitude, many others. You just need to setup plex the way that you normally would and then maybe an eternal hard drive if you need more space. You will need to make sure that sleep is disabled and the device stays plugged in. Also because it is a tablet you probably wont get a lot of simultaneous streams and you should optimize the files so that transcoding is limited. Also May be a good idea to keep the device somewhere that gets some airflow.
Now that all being said there is the overkill solution. You can do the whole thing on an SBC with a wifi adapter and a hard drive. Something like the zima board or a raspberry pi with a couple of hats. That is probably not something that i would leave in a car in Texas but i can see the benefits. Also it doesnt just need to be videos that you keep on there. You can set it up as a local backup for the photos that you take on vacation as well as have a local instance of something like audiobookshelf.
All of these setups are also a good thing to have while you are in a hotel or at a relatives house. Especially if you have a wife and kids. You can keep the same name and password as your home router and a couple of clicks and everyone will just be on it and if you have the vpn setup on the device then it will be just like you are on your home network when you have internet, Just one connection to either the router at the families house or to the ethernet connection at the hotel. If you cant find the ethernet connection at the hotel then use the one that connected to the TV. Also if you have the diy server you can have it work as a settop box if you bring an hdmi cable with you.
I even left one of my routers at my dads house one year because they were having issues with the wifi signal reaching everywhere so i took the time to reconfigure it to repeater and had one of the bands match their router and another of the bands setup with vpn back to the house and matching the wifi name there. After we left my mom had an issue with the wifi on her laptop going out so i had her move the repeater and hook up to it using ethernet.
When traveling an important thing to remember is security. Always use protection when interfacing with someone elses internet connection. That is why i always have a VPN handy. i have two separate wireguard connections active at home and one openvpn. As well i have a VPN service that i pay for that is external to my home just in case it becomes unavailable. From a VPN company that is verified to not log information. Using a VPN allows all your data to be encrypted on whatever network you are using. I have another article that i have written on travel electronics that goes a lot further into the things that you can do to protect your devices, specifically geared towards international travel.