"May I search your laptop?" "Certainly." "But... this is practically empty." "Yes sir. I FedEx'd my SSD to the destination."<p>I have a small SSD in the primary disk in my T420s, it has just enough to get me through the flight. I keep the primary in the UltraBay with a simple adapter, takes one reboot and no tools to put it back in place. Done. Happy searching! I can't log into anything even if I wanted to because I physically do not have my password store <a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a> with me. (<a href="https://github.com/chx/ykgodot" rel="nofollow">https://github.com/chx/ykgodot</a> I wrote this trivial script to automate yubikey neo with pass)<p>Alternative: encode the entire primary disk <a href="https://github.com/cornelinux/yubikey-luks" rel="nofollow">https://github.com/cornelinux/yubikey-luks</a> and FedEx the yubikey. Yanking the disk is better, though.
If you are refusing to enter the password, access to the device, or to disable travel mode, then good luck to you. IANAL, but the border agent doesn't care if the data is technically in the cloud, rather than on the device, because it restores when you unlock it.<p>In addition to removing the data from the device, cheers, don't you also need to be able to honestly say you can not provide access to it?<p>Ways to honestly answer, "not possible", and mean it:<p>- schedule a time period where no password is accepted.
- enable whitelist/blacklist zones via geolocation.
- set a new password that you give to a trusted friend/coworker/spouse that you must contact to retrieve.<p>Some combination of the above for ease-of-use, and ploys like emailing yourself the new password after a period of time for redundancy/safety.
Counter: the border agent asks "are you hiding any information from us?". answer yes, and they get you to disable travel mode. answer no, and you just committed a felony.
I'm struggling to understand all the comments here, but it feels like I'm living in an alternate universe. All of these questions like "but do the customs agents search for hidden partitions", etc...<p>Who is it that is running into all these scenarios with border control? I've gone on international flights, including to the us, dozens of times, and have seen around me thousands upon thousands of travelers, and I've <i>never</i> seen anyone asked to open their laptop, no to mention being grilled on hidden partitions.<p>Not that I'm doubting this <i>ever</i> happens. But from these comments, someone would get the feeling that this is <i>routine</i>, rather than a 1-in-an-X occurence for a probably very high X.
The implementation looks sound, and it's easy to use. Props to Agile Bits for making this feature a priority.<p>So this is great! -- I think. My only concern is that if the authorities are already suspicious of you, and find no password vaults (or practically nothing in your password vault), they may just detain you until you reveal what you haven't disclosed to them.<p>There's clearly a technical solution to the problem of protecting data across borders but they do not work so well under duress. Is there any technical way to convince an adversary you are not hiding anything else or did not delete something?
This is a nice feature, but ultimately if you are concerned with border agents requiring a phone search then you should just backup and install a fresh OS before traveling, then restore when you get back. Log into the minimal number of apps after you've entered the destination country, and optionally delete/logout of said apps prior to return travel if the return border crossing is also a concern. Admittedly if you use a password manager you might need still want to make use of a feature such as the one in this article, or install the password manager app after entering the country, or just write down the passwords that you will need and hide them somewhere unfindable with your stuff.<p>On iOS about the only thing you would lose is your message history during the trip. It might be an annoyance if you wanted to play games that had non-cloud-based saved player state, but I can't think of too many other issues with doing this.
I'm a little sad that this would require me to use the 1Password cloud-service. I would never want my 1Password vault to be on any server outside of my control. While I completely trust agilebit's intentions, I feel that their cloud service adds a very major attack surface. Someone like the NSA would certainly be able to obtain copies of the encrypted vaults, which means that <i>everyone's</i> vaults are just one bug/backdoor in the cryptographic stack (remember Debian RNG bug?) away from being exposed.<p>Hence, I only use WiFi sync for 1Password. It would be nice if 1Password added a sync option through my own WebDAV server. I'd then be happy to pay for a 1Password cloud account just for the TravelMode feature, as long as the vault data itself wasn't stored anywhere outside of my control. Having my own server would mean the the NSA (or whoever) would have to do a targeted attack on me personally, which is a whole different ballgame from everybody's encrypted vaults sitting on agilebit's servers.<p>In the meantime, if I had to cross the US border (as a non-citizien!), I would probably delete the whole 1Password app from my phone before crossing, and then restore the entire phone from backup afterwards.
I think this is an incredibly worrisome move on 1Password's part. Coming from the right motives, but ultimately it'll end up being used against us.<p>Look at it from the perspective of the government. By bringing information from elsewhere into the US, you're importing it. It just so happens that the import security is tight in airports. So you use 1Password to delay importing this data until you can reach it through an alternative import method which is much harder to regulate - the Internet.<p>What's going to happen is that they'll spend much more effort on tightening up the "import security" from the Internet. Things like SSL/TLS MITMing and deep packet inspection will be used to enforce compliance.<p>Don't get me wrong. The ability to be able to do this is incredibly important. If they had marketed this as anything other than a travel mode specifically, and let users work it out themselves, it'd probably be better. But as it is, they've created something which is basically publicly stating that it exists to break import security, and as a result it's going to get a lot of attention from the wrong people. I worry that the existence of this mode this is going to be used by the government as an excuse to have a "Great Firewall of America".
Isn't the counter simple; they ask for your logins to the 1Password vault? I guess this just adds an extra layer of obfuscation.<p>The most secure way I can think of is to either encrypt your drive (or wipe for travel and online restore once arriving) and physically mail the new password (or hand over to a trusted friend/store location) to the destination. Then there is no way of restoring at the airport.<p>Of course, then they can just detain you indefinitely for not revealing the password you don't know...
It's a clever idea, but how long before border authorities simply order travelers to log on to 1Password and turn off travel mode, or be denied entry? I'm guessing not very.
Is travelling with confidential data really necessary? Wouldn't it make more sense for me to have a 'empty' notebook and store my data out of harm's way (but accessible via a VPN).
Wouldn't an alternative "destroy everything" password be a good idea also ?<p>Would work like this : When forced to enter / give the password to your vault, you enter/give this one, and everything the vault contains is wiped out before the vault is unlocked.
One thing that I have always thought about is why Emails doesn't have disposable passwords. For example, you make 1 new password that you can use just one time.<p>That way if you need to use unsafe PC from a hostel, you can log in with that password.
I use Linux. I'm convinced that if I put a small Windows partition up (or another Linux install) and make grub boot into it automatically (with little delay) no one would ever notice. Does any one know if they check for multiple partitions at all?<p>And Android can have multiple users, can you set up a new user and boot into that one automatically?
Mandatory "No Linux client" comment :|<p>Does anyone have any insight if this is a pure business decision or there's something holding them back technically?
Excellent effort. I do wonder though, what is to prevent authorities from forcing you to just turn off travel mode? Is there a timer that you set? Deadman's switch? Geolocating? (The last 2 are not good solutions, but you get the idea)<p>Edit: I missed this bit below:<p>> even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.<p>However, it won't take very long for authorities to wise up, know that 1password has a travel mode, and tell you to turn off Travel Mode, eh? Or am I missing something?
Although it's a great option, what's to stop them for asking for your 1Password account credentials?<p>I believe they already ask for your social media accounts, don't they? That is ridiculous in itself. Why not ask for my bank logins while you're at it?
Could we have something like time-delay passwords? Like the time-delayed vaults they (allegedly) have in banks?<p>Then you could say: "Even if I agreed to give you my password, you wouldn't be able to unlock my device with it for another 24 hours".
They can only legally view the data you bring into the country on physical media in your possession as you pass through customs.<p>Though it's not difficult to remove the app/vault and then reinstate it after customs...
I have some ideas I think will improve our security in this direction. Apple seeks to make it technically impossible to extract iPhone data and I've been wondering how we can do the same with using someone's credentials to enter the systems we build.<p>One idea is to allow users to define how many concurrent sessions they can have so they can manage those slots and require something sign out before their credentials can sign in again.<p>The other is to allow users to configure a schedule when their credentials work so you can block most of the world and probably most of most days too.
If you travel for work, wouldn't it be better to just let your employer hold the password? When border security asks for data you truly cannot provide it.<p>I think the only way to get around this shit is to have another person hold at least part of the key. Border security can't force you to lie to your employer on the phone, so they're not getting access.
I'm kind of wondering how this all works in general when getting to the US.<p>Considering my usual work contracts, complying with letting border control look into my fully encrypted work laptop would actually be a breach of my work contract.<p>How do you guys handle this?
I don't understand. Is this really a thing? I'm from the UK and never heard such a thing.
Is this common in US?
What are they looking for? Do they just pick someone randomly, login to the laptop and check emails and stuff?
I thought the trick was to back up the phone on one side of the border, factory reset / wipe, restore the phone on the other side of the border.<p>Obviously that doesn't work for laptops - but for a phone it is in the realm of possible.
Would it be equivalent if my (for example with LastPass) vault required a 2FA token to access, and I simply left the 2FA token at my house? I would in that case similarly be incapable of complying.
I don't get how this would prevent border agents from asking to unlock / turn off travel mode.<p>Why not make this feature tied to a geo-location? Like the hotel or the conference centre I will be attending.
One other way: change your password to a temporary one, give it to a trusted friend who changes it. You don't know the password, you can tell the truth to the border agent.<p>Once you're out of their hands, ask for it back and change it again.<p>Even if the friend is in the US, they cannot compell her/him to release it easily, US laws apply.<p>There must be a way to also encrypt the new temporary password with 2 keys so that the trusted friend cannot access your encryped content without your own key.
Its great that they have at least thought about this and developed something, but this just sidesteps the issue.<p>Only dissidents in despotic regimes need to resort to these kind of workarounds for lack of other options. Why should citizens of a democratic country have to workaround anything?<p>The solution to privacy, surveillance and overreach issues in democratic countries has to be political, and not technical.
I am a U.S. citizen and I flew last year from America > Qatar > India and from India > Qatar > America on a business trip. I was carrying two laptops. Neither laptop was searched, but they were put in separate trays under the x-rays to make sure they didn't contain physical explosives or hinder the x-raying of the food and clothes in my backpack.
Tangentially relevant, I made a pam authentication module for Linux a while ago, that addresses this issue. It allows for the creation of duress passwords. Here is the repository: <a href="https://github.com/rafket/pam_duress" rel="nofollow">https://github.com/rafket/pam_duress</a>
The right solution to this problem is, when traveling, always answer "no" to "may I search your laptop?"<p>It sucks, and it many mean a lot of hassle ranging from confiscated equipment to being held at the border to being refused entry, but this is just one of the new risks of travel. Border security only gets away with this because people say yes.<p>Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation. You should be able to say, honestly and credibly, "I won't unlock my laptop because I don't want to get fired."
When the features start rolling out, the market entrenches the status quo. Props to 1Password though; this is a symptom and they are not the cause.<p>I guess the reasonable next step, when all the outrage has fizzled, is pre-screening. Pay for the government to have all of your passwords all the time, and save yourself the hassle.
I've had this idea for so many years now: your gmail account has - let's call it - a master password and a throwaway password. Say you need to print something from a public PC, you just use that password that works only once, even if somebody key-logs it, you're safe.
A travel mode like this for Dropbox would be even more useful. Being able to mark certain directories as confidential so they can easily be removed and re-synced would be much better than deleting and re-installing the entire app.
because... seriously:<p>> the border agent asks "are you hiding any information from us?"<p>Answer yes, always, because: I have client data I'm most certainly hiding from you on my computer because they'd in general be worried if it i didn't, also I have passcodes to friends mail servers I manager for them I'm hiding from you, also I'm hiding from you all the emails I've sent to my parents, I'm also hiding from you all the pics of my gonads I sent to my lover. So yes, I'm hiding information from you. What country is this anyway? <asks the person arriving to the US from Germany>
I'm surprised this is even a thing. Do folks get asked for passwords at airports? What is the reason for this feature?<p>Hope this comment didn't come across as negative. I'm a big 1password fan.
The video/onboard tried too cute to make the Travel mode = off a confusing ambiguity by making just gray. If you don't want to waste people's time make things explicit.
It would be interesting if service providers like Google, Microsoft, Apple, and Facebook started taking governments to court for unauthorised access to their systems.
maybe instead of developing all these bend over backwards solutions to deny these data rapists from getting any pleasure out of it, maybe change the law to make them stop doing it in the first place... they are acting on the rules set in the system so change them.
I don't understand. Why would people not just change their passwords by someone they know, travel, plausibly deny kniwlege of the password, and call the relative to unlock once crossed the border?
I'm a very happy 1Password customer.<p>Repeating my #1 feature request here, dovetailing this thread, please forgive.<p>Problem: My logins keep breaking as websites evolve, change their forms, etc.<p>Suggestion: Online catalog of login config/scripts.<p>a) Pre-populate with "official" scripts for top 50 websites. Also serve as examples to show everyone how its done.<p>b) Permit users to submit new scripts.<p>c) Version these scripts. Use some kind of repo.<p>d) Keep track of success rate, a la bugmenot, retailmenot, etc. Anonymize feedback, of course.
Upload an encrypted image of your OS (Linux in my case) SSD on your server.
Install an older legit version of windows (which was likely provided to you when you bought your computer).<p>Add some nasty gay porn and you are all set for the border.