"Offensive" Security Engineer  1d ago
evacide
Some tips on giving digital privacy/security advice: if you tell people they absolutely need to do a long list of difficult and expensive things before they travel, people will nod and smile and then not do it at all. This is why my advice focuses on harm reduction and understanding trade-offs.
Mar 22 at 8:47pmWeb
Show thread🩷 Stella 1d ago
@evacide also fearmongering doesn’t work. also “99% of people don’t do this” doesn’t work. also you can’t hammer diligence into people. also it’s important to know that some stuff are simply impossible for some people and to know why exactly it’s impossible
Show thread❣️u.s. pause federal tax remittances1d ago

@evacide my suggestion is print your tickets and find/keep a dead, wiped and screen-bashed smartphone in your travel bag if/when asked to show it... "oopsies i dropped it sorry".

hide the rest of your devices in your luggage.

(no i am not a security professional)

Show threadevacide1d ago
@melioristicmarie Have you ever actually done this?
Show thread❣️u.s. pause federal tax remittances1d ago

@evacide i have stashed my devices and traveled without any accessible devices, often. usually. the idea of having a broken one to show comes up for me for future travel planning.

i have never been asked for a device, and have only flown once since the newest u.s. regime.

also i'm pretty boring looking.

Show threadjevans ⁂1d ago
@evacide @melioristicmarie I don't do this exactly, but I carry a spicy phone and normal phone. Spicy phone is more annoying to open and stays off if I expect to interact with law enforcement or TSA.
Show threadbookandswordblog1d ago
@evacide do you think the push against paper boarding passes is a push to make people bring unlocked smartphones into airports and through customs?
Show threadevacide1d ago
@bookandswordblog I couldn't say, but it is the thing that changes the most about my own travel experience when I need to be especially careful with my data and devices while crossing a border.
Show threadbookandswordblog1d ago
@evacide I will be flying internationally in April and will do my best to avoid using digital boarding passes. I don't plan to visit countries like Russia or the USA for the foreseeable.
Show threadDiane1d ago

@evacide

If anyone asks me I suggest turning off biometric login and using a pin, and that they might want to go read the rest of the EFF securing your phone at the border guide.

If asked I'll describe how USA law was decided means you can keep your pin secret, but the police can wave your phone at your face or make you touch a fingerprint reader.

Show threadd3adpaul1d ago

@evacide yup.

same goes for passwords and in general everything. don't overload the user with responsibilities

Show threadJaypee1d ago
@evacide
Low hanging fruit, works.
Show threadOrca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️1d ago
@evacide
I hope so... Everything is so bad.
Show threadada1d ago

@evacide
Not only for privacy and security but just human nature in general isn't it?

Sounds like you have a specific reference which I am not aware of.

Show threadiwein1d ago

@evacide 💯 it's often the case that suggested security does more harm to the person than the risk intended to secure against. Saddest example of this I have was an elderly family member that went hungry because they were too scared to access their money.

Focus on harm reduction is a powerful way to put it.

🙏