TrueCrypt: Should I Use It?

Discussion in 'privacy technology' started by mlauzon, Feb 17, 2013.

Thread Status:
Not open for further replies.
  1. mlauzon

    mlauzon Registered Member

    Joined:
    Aug 9, 2011
    Posts:
    107
    Location:
    Canada
    I assume this is the right part of the forum to post this in, if it isn't, can a mod please move it to the proper forum topic.


    I finally got a passport for the first time in my life -- I'm almost 40 -- and I plan on taking my first trip across the border in 23 years, back then you didn't need a passport.

    So, my questions are:

    Should I encrypt my laptop hard drives (there are 2 seperate ones), before I go?

    And, is there any other security/privacy software that you'd recommend, besides the usual ones?
     
  2. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I don't suggest encrypting your laptop's harddrives when you move across boarders. The boarder control will inspect your laptop of illegal content which will take days (you must decrypt it for them). Meanwhile, you will be stuck at the airport.

    Also crossing a boarder with an encrypted computer is a red flag which is very undesirable.
     
  3. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Encrypt it and leave it hibernated/sleep mode when crossing the border.
    In this way, you can show your content to officers if asked but right after it you can shutdown and have all data secured.
     
  4. mlauzon

    mlauzon Registered Member

    Joined:
    Aug 9, 2011
    Posts:
    107
    Location:
    Canada
    Who said anything about flying, all I need to do to cross the border is go south..?!
     
  5. mlauzon

    mlauzon Registered Member

    Joined:
    Aug 9, 2011
    Posts:
    107
    Location:
    Canada
    Well, when I go, I'll be going to Buffalo by Megabus, because they've got onboard WiFi my laptop will be out & on anyway.
     
  6. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    The problem is that, just as you are entitled not to reveal your password at the border, if you are not a US citizen you can be refused entry too.
     
  7. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    When I travel, I store my sensitive data on a SANSA MP3 player. I have heard reports that customs will place spyware on hardware passing through airports (namely computers). So what I do is carry a backup of my firmware/drivers and a live disk. I have also been told that it's best to remove your laptops battery an hour or so before the flights so that nothing persists in memory. Not sure how reliable these steps are in regards to anti-forensics, but I have chosen to follow them. Of course, it helps to have a device that doesn't have anything on memory to begin with, so I designed a net-book for travel use only.

    On a side note, I have heard people suggest just putting data in the cloud for travel to keep it safe. (1) I do not feel comfortable accessing private data over foreign networks; (2) why put yourself in a position where you might not be able to access your data? Cloud storage sites do go down from time to time.
     
  8. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    id recommend to do as such , get a properly sized cardboard box , put in your laptop , encrypted hdds , everything you want and need , then send to the destination address of your place you will be staying , do this a couple days in advance and let the people at your staying place know so they can keep it for you until your arrival , and no pesky boarder control , annoyances etc ,then do the same routine a couple days before return, be smart and stay safe


    p.s: no dont use cloud storage , EVER as techwiz has already mentioned
     
  9. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    How frequent is a PC scan/examination by officers at the border?
    I am quite a frequent traveller (even mainly within EU) and I never saw such a scan...
     
  10. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    happens when you least expect it , hence why the above recommendation ,saves you the unneeded hassle ;)
     
  11. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I'm not sure if such scans are allowed in the EU... Maybe if somebody has some solid information regarding the EU laws, he/she could enlighten us :)
     
  12. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    I do not know either...the only thing that happened to me few times at the airport security was that I was asked to switch the pc on and when they saw the Boot prompt they let me pass.
     
  13. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    depends on the current state of security level ,airport security or for that matter border security is set at , and since you dont work there or know anyone that does , i wouldnt risk running into them while the level of security set is high doesnt matter really what country i asume europe isnt any different , always depends on who searches you , if its a by the book guy then your most likely out of luck and hell take his sweet time to search

    your laptop thouroughly , these things depend on security personnels moods sometimes as well mind you ,wich ties into theyre level of suspicion or interest thereof , hence why i wouldnt risk it running around with an encrypted laptop or a device that contains useful/harmful information on me while at the border or airport and dont forget to check your countrys laws on encryption , dont wanna end up like in china or russia where you get jailed for simply owning an item with encryption, lols
     
    Last edited: Feb 18, 2013
  14. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Most likely they wanted to make sure that it is really a working laptop, and not something concealed inside a laptop case. Out of curiosity, in which country did that happen?
     
  15. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,416
    Travelling in the EU you won't have a problem I imagine. But any where else you will get full searches, body scanners etc... Do you need to take your laptop with you? I find it's easy just to leave it at home, less hassle and worry plus you got the experience of using internet cafe's around the world, which can be fun and dodgy.
     
  16. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    It happened a couple of times in Italy and one in Spain or Germany (it's a while ago, I do not recall exactly). Always outbound.

    The point is that I work with my laptop and I need it when going abroad for business. I cannot leave it at home.
    Since a while I have system encryption with EEPC by McAfee, however being a company owned laptop I am not sure whether I may be considered responsible for this, as it is a company policy to have travellers pc encrypted.
     
  17. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I don't want to sound naive but how does that remove the spyware from your hardware?


    Or you can run all sensitive data inside a Tails Live USB or CD from your system's preboot.

    Could someone explain how does removing the battery from a laptop affect the rate/speed of RAM's dissipation after shut down?

    Good idea. I hope my questions don't annoy you.
     
  18. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    You just need to think about what would occur, and devise a methodology to get around it. There are many.

    If you have good, high speed connectivity where you're going, You can travel with a throw-away install. Then wipe the drive, download an image over an encrypted connection..maybe via TeamViewer or Hamachi...or a VPN connection to your router (in a TC Container) of your real OS, and install it. (I'm no expert on various malware, and how it could survive a format and install of Windows with a new std bootloader...maybe the malware experts can chime in). Maybe hit it with BCTotalWipeOut once at destination, getting the HPA and DCO as well?

    You can do a Hidden OS setup and leave the decoy mounted, sleeping when going through security...ready for inspection. Even if they take it "to the back" nothing can be installed on the Hidden OS. Have the bootloader on an external device somewhere (MicroSD cards are really tiny) and never boot the decoy - wipe when possible, before using again. Most likely, they'll image it, not take the whole device...but it happens, see #1. I know the Germans were caught installing stuff.

    Just some ideas, I don't travel and I'm sure there are counters to the counters...I think the "install an image" is the safest bet, as you are traveling with a "usable" computer you can work with that has nothing on it to raise suspicion. You just need to make sure no malware can survive when you "re-do" it.

    PD
     
  19. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Also, I've read that modern RAM mitigates the Cold Boot Attack based on the march of improving technology...any one else hear that? Forgot where I saw it...maybe some comments on Schneier's blog, but I forget.

    PD
     
  20. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    yeah most ram produced after 2008 or 10 ive heard is highly volatile aka wipes in a few secs , i still give it a few minutes thou before switching between os, anyhow as ive said why risk having hardware keyloggers installed onto your system , just mail it to your destination , simply not worth the risk, no live cd will save your ass when every thing you do is being tracked on your keyboard or over your integrated webcam, rule nr.1 never ever use a comprimised system , and going through airport or border security , i wouldnt touch my laptop with a ten foot pole afterwards except for nuking it into orbit, only way to be sure , lols
     
    Last edited: Feb 20, 2013
  21. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    True, but for the insanely paranoid :D - it's still out of your control. How do you know Customs doesn't do anything? At least if you hand carry it, you'll know if someone "takes it to the back".

    PD
     
  22. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    I prefer bitlock in laptops... idk, better i/o performance overall.
     
  23. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    I am pretty sure UK border agency personnel have the right to scan your laptop when you enter the country and they have been doing that for a number of years already.

    BUSINESSMEN carrying laptops into the country are having their computers routinely scanned, and even snapshots taken of their disks. Those who fail to cooperate are liable to arrest.

    A spokesman for Customs and Excise said officials would routinely scan laptops for illegal material such as pornography. Encrypted files will be treated in the same way as a ordinary luggage. "So far as we are concerned, there is no difference between an encrypted file and a locked suitcase," said the spokesman. "All travellers entering the country should be prepared to have their equipment scanned."

    Laptop carriers will have little choice but to submit to the demands of Customs officials. People refusing to open files or divulge keys will be subject to a court order. Refusal to obey the order would constitute contempt of court - an offence that can result in imprisonment.

    Source: http://www.melonfarmers.co.uk/arlaptop.htm
     
    Last edited: Feb 21, 2013
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I have taken laptops and electronic devices with me when going overseas and they have never done anything to my devices. :)
     
  25. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Lets not overlook:

    I bet many of them were carrying personal data on devices as well. I would say no one can claim it is being done for legitimate reasons if they aren't required to first establish a truly reasonably suspicion and there are solid policies/procedures in place. It's really more of a criminal activity without those; simple outright theft of information. However, I notice that the other links on that UK page appear to be to older now dated content. Perhaps the article itself is dated and the people of the UK have made some progress?
     
Loading...
Thread Status:
Not open for further replies.