How to lock down your phone if you're traveling to the U.S.

Original Article ↗ Hacker News Discussion ↗

Border search powers and constitutional limits

  • Multiple comments note that at the U.S. border Fourth Amendment protections are heavily weakened; CBP claims broad authority to search devices without a warrant.
  • ACLU guidance is cited: citizens can’t be denied entry for refusing to unlock, but can face delays and device seizure; non‑citizens can simply be refused entry.
  • There’s confusion and debate about whether Fifth Amendment (self‑incrimination) protects passcodes; consensus in the thread is that asserting rights can still lead to a very bad experience in practice.
  • Data from “advanced searches” may be stored in CBP databases for 15 years and searchable without a warrant, which many find especially troubling.

Locking, wiping, and burner strategies

  • Several argue “locking down” (refusing passwords on a normal phone) is the worst option: you have little leverage, and it invites detention, interrogation, or seizure.
  • Popular advice: travel with a wiped phone and restore from backup after crossing, ideally seeded with some benign activity so it doesn’t look freshly erased.
  • Others warn agents could demand you restore from known cloud backups, or may infer their existence from major providers.
  • Many recommend burner devices (cheap phone / laptop, or older “n‑1” phone) with minimal, non‑sensitive data. Some companies already issue dedicated hardware for travel to the U.S. and a few other countries.
  • A minority say they’d rather have devices seized than unlock them, on principle.

Technical obstacles: backups and device design

  • Several travelers are afraid of imperfect restores: TOTP, banking apps, secure‑enclave keys, WhatsApp/Signal states, national e‑ID apps, and obscure/proprietary apps may not survive a wipe.
  • People lament that iOS and Android don’t support reliable, user‑controlled full‑image backups; rooting/custom ROMs can help but increase other risks (e.g., forensic tools).
  • Suggestions include: test backups on a second device; keep critical secrets off phones; treat the phone as disposable.

Duress, “honeypot” setups, and device features

  • Interest in duress or “honeypot” passcodes that unlock a limited, innocuous profile. GrapheneOS’s duress feature and Android multi‑user/work profiles are mentioned; TrueCrypt/Veracrypt hidden OS is discussed for laptops.
  • Others point out: if agents know these features exist, they may suspect hidden data anyway. Any device that leaves your sight is considered compromised by more paranoid commenters.

Travel choices and broader reactions

  • Many non‑Americans say they now avoid U.S. travel altogether, comparing current practice to authoritarian states or 1980s Soviet travel guides. Some countries reportedly issue U.S. travel warnings.
  • Others counter that many countries (including Canada, UK, parts of EU, Gulf states) have similar or harsher border powers; the U.S. is not uniquely bad, though still objectionable.
  • There’s extensive unease about political‑speech–based visa revocations and device searches, and concern that “just don’t bring incriminating data” effectively chills normal political expression.