Hi all,
American traveling to China for IETF, and making my tech prep plans (bringing a laptop, phone, tablet, kindle, and steam deck). I won’t bias with my current plans too much, but I do already run Linux+LUKS and GrapheneOS.
For those with experience, what tech prep would you do?
Thanks!
i would just carry a mostly empty (wiped) laptop and a recent-ish iphone. i do hate iphones but they’re reasonably secure, and many chinese apps are notorious for crazy background usage and shits. those apps’ ios versions tend to be much better/less intrusive. you’ll probably have to use a few to find places or make payments…
I’ve been a few times and crossed that border once, only with a phone and maybe kindle but never had a device searched or even looked at. Also on my latest trip last September I got an esim through airalo which didn’t block access to any websites.
Yea esim is something I need to figure out. I’ll look at airalo, thanks!
Your FBI office can probably give you better advice. And if you don’t work there, what are you afraid of exactly?
Get a VPN (one that markets itself as working in China, since the cheap ones are often blocked) , and don’t install wechat on your personal phone if you have a work one.
When traveling for work to new locations I always made sure to have multiple connectivity and VPN options (including commercial VPNs with in-country PoPs). It’s amazing what will work and won’t because of a hotel or conference venue setting.
Also, always good to get a local SIM with a roaming data plan and hotspot support. You can get the SIM in U.S. (pricey) or when you land. Hotels can help with that. Forgot to do it once and got reamed by the home carrier and their ‘international travel’ plan, especially with SMS/MMS messaging.
Push notifications go over internet so that needs a data plan. I would also go through all unnecessary apps and disable pointless notifications before travel (I don’t need realtime baseball scores while traveling). For local activity, nice to download larger files like maps, music, ebooks, audiobooks, and hiking guides.
As others have said, be careful not to violate local data sovereignty rules. Also, some folks have had issues with electronics seizure when returning at U.S. ports-of-entry. May want to slim down what you take with you.
Some non-tech thing. Make sure you talk to your healthcare plan about international travel. Best to make sure you have coverage while traveling. Also, may want to install and set up WeChat and AliPay mobile apps and configure payment before heading over. Many places won’t take cash or ATM cards. Before bringing back souvenirs, make sure they’re OK. Liquor, agricultural products, and unlicensed electronics usually have restrictions.
Lastly, sure hope you all update rfc2549 to support Meshtastic 😬
Hah yes, must have the mesh.
Yea, VPN to homelab is a pretty important one to me. I run all my services as *.lan behind Wireguard with ntfy for push notifications. I’ve got Alipay already but will be adding Wechat to that list, too. Great recco on healthcare, almost forgot that one!
Linux+LUKS and GrapheneOS
Reminder that you’d be going to another legal jurisdiction, don’t be an arrogant Westerner and assume your “Constitutional Rights” apply there. If they ask to search your devices, and you refuse to unlock it, they can do anything from deportation to potentially jailing you. Just keep this in mind. You may not have a “right to silence” there.¹
(¹I am not a lawyer)
You can’t fix legal issues with technological solutions.
Very good point. I think I’m going to go with my old laptop, my debate on the phone continues. Full wipe, or just set up a new profile? Hmm…
Multi level encryption ftw
A VPN is essential to access most of the Western/English-speaking internet (in Mainland China, less so in Hong Kong). The VPN might also be blocked though, so research ahead of time to find one that currently works in China.
I currently have a PIA account, Wireguard server running in the homelab, and can spin up OpenVPN in Linode, so I should be good here (I hope!). IETF hotel and venue also have “unfiltered internet”, as that is a requirement of them agreeing to host there.
You should be good. China doesn’t block ALL VPNs. Just typical consumer VPNs commonly used for climbing the great firewall of China.
Their blocks are aimed towards low hanging fruits. Blocking it all would be detrimental to industry.
Source: I run multiple VPNs between China and other countries as part of my job
Thank you
For cases like this, having a server somewhere else and know-how of OpenVPN or wireguard comes in really handy.
Source: I may have been in Saudi Arabia, browsing sites containing media with women with exposed hair.
Yeah It won’t work, you are going to get your VPN IP banned in 15min-a day depending on where you are in China.
Wireguard may have worked a few years ago, but nowadays you have to use a VPN that specifically tries to hide itself
Source: me
What is your reference point? Are you in China now and/or Shenzhen specifically? I’ve received conflicting info on this, so I may set up SSH tunnels and/or VPN over https as backups.
Wasn’t in Shenzhen which I would believe should be less restrictive. It also didn’t help that I was living in a normal appartement and not an hotel. I self hosted wire guard at home (EU) and not on a VPS.
So definitely not the best case, but I was genuinely surprised that it didn’t work while it worked before.
Haven’t had that problem myself. Sure, being in the IPv4 space of CNPC helps, but I’ve had no issues connecting to my home server VPN from a some residential IPs either.
Completely depends on what your threat model is, but personally:
I’d make an encrypted image of my drives, upload that to remote storage, zero out the drives for border crossing, then restore over the wire on the other side.
Don’t zero, install windows. Use company laptop or loaner, might catch hardware backdoor on the border. Don’t use for critical stuff or to access critical stuff. Discard or return afteru the fact.
might catch hardware backdoor on the border
Say whatever you will about the CCP: there’s nobody on earth burning the level of resources needed to do that undetectably and reliably on some tourist pleb’s arbitrary hardware.
More power to you if that’s what you wanna spend energy on, though.
Half a dollar for the hardware and they already have the manpower there. Certainly not bugging any random device, but there is always the chance and its certainly not unheard of. I’m a security researcher, that might be a red flag. But somebody posting on Lemmy might also be considered an activist and certainly somebody trying to enter the country with a heap of encrypted devices.
Genuine curiosity: What kind of hardware bug would you go for if you wanted to spy on a relatively easy target like a Thinkpad from ten years ago, and had 1-2 hours to install it?
My naive guess would be intercepting the monitor cable to pull occasional screencaps, but then you’d need a wireless modem to transmit out and you’d have pretty serious limitations on power draw (assuming you’re running off a cell battery and not splicing in somewhere).
Hardware bugs are put on the storage. Allows injecting data into ram or backdooring the OS.
Never been, sounds like an adventure! (Also a grapheneOS user, that’s awesome) How long is your trip?
I’d be thinking about a dual sim burner phone and a laptop I don’t care about for the trip myself. Possibly unnecessary but I always err on the side of caution, often to a fault. I’ve never been and can’t speak from experience.
Yea since my phone will be on me, I’m less concerned on the need of a burner, especially as I can use a second profile.
But for laptop, I am considering a fresh build/take down on my old one, thanks for reaffirming that. The big catch is tablet, SD, and kindle, which would likely be left in a room and don’t have the same security features.
