Reply
Thread Tools
smarsh's Avatar
Posts: 155 | Thanked: 118 times | Joined on Jan 2008 @ Ontario, Canada
#1
I've travelled with my N810 a fair bit, crossing borders often, but much of the time, I've used it only for very time-sensitive things (carrying slides for a conference presentation, for instance).

The usage model of the N900 will extend my behaviour somewhat: there's much more space, more speed, and the capability to in fact carry around quite a bit of potentially sensitive information and use it sensibly whilst traveling, let alone at my desk.

There are 2 issues here:
1. The number one computer crime is laptop (device) theft, which can open up your information to all kinds of nice or nasty people
2. Crossing borders is becoming a sensitive issue, and the authorities can and may look at/copy your data. You may not mind, but do you trust them to destroy it, or send it to a competitor, or worse, use it against you or a client (if you're a lawyer, for instance)

When I carried a laptop, I was sensitive to this problem, often going to some lengths to ensure it was relatively 'clean'. A reasonable rule of thumb was never to carry anything you would regret either losing or having someone else see (or both).

Caveats: Passwords and encrypted data are not enough. Passwords can be coerced or bypassed, encryption is vulnerable. Also, this isn't just like losing a phone, there's a whole hell of a lot more possible here.

The problem now rears its head with the N900, I think. So:

Here are the questions:

- What kind of data do you carry in your device?
- Do you protect the data in your mobile device? How?
- Do you use any apps that might transfer to the N900? e.g. mobile or laptop-based data hiding?
- would you use an app that explicitly protected your data based on, for example, location, context, as well as id?

Reason: I'm working on a design of an app to work in this direction for my personal use, and wanted to see what people's thoughts were on their own usage.
__________________
broken pencil
 

The Following 2 Users Say Thank You to smarsh For This Useful Post:
rm42's Avatar
Posts: 963 | Thanked: 626 times | Joined on Sep 2009 @ Connecticut, USA
#2
I think that the best option for travelers is to encrypt your data. I haven't checked to see what encryption software is available in Maemo, but see this for example:

http://www.enterprisenetworkingplane...-TrueCrypt.htm
__________________
-- Worse than not knowing is not wanting to know! --

http://temporaryland.wordpress.com/
 

The Following User Says Thank You to rm42 For This Useful Post:
Posts: 543 | Thanked: 181 times | Joined on Aug 2009 @ Universe,LocalCluster.MilkyWay.Sol.Earth.Europe.Slovenia.Ljubljana
#3
The best solution is to use a VPN to get to your data. If need be buy a local throw-away sim and just use it's data link to get the stuff over. You can even encrypt and compress it so that it takes less. Then just pull it down once you need it and again delete it. I know for sure that all the things that will be on my device will most likely be either a) encrypted b) not there at all but accessible through a VPN/SSH.
 

The Following 3 Users Say Thank You to ruskie For This Useful Post:
bergie's Avatar
Posts: 381 | Thanked: 847 times | Joined on Jan 2007 @ Helsinki
#4
Originally Posted by smarsh View Post
Crossing borders is becoming a sensitive issue, and the authorities can and may look at/copy your data. You may not mind, but do you trust them to destroy it, or send it to a competitor, or worse, use it against you or a client (if you're a lawyer, for instance)
I cross dozens of borders every year, not only in the West but also in places like Balkans and the Caucasus, and not a single time have the authorities done anything with my laptop, internet tablet or a smartphone. I haven't ever even needed to demonstrate that they boot up in the airport security checks.

Apart from that, I agree that carrying sensitive information on a mobile device has its risks. Generally you should ensure two things:
  • You have backups of everything, and an easy way to access those also from abroad
  • All sensitive information on your device is encrypted (preferably the whole homedir)

...when these are covered properly you can feel quite secure traveling with your devices. If a device gets stolen or lost you only lose the device, not the data it contains. And since everything is encrypted there is low risk of the stolen data getting abused.

Having easy ways to achieve these two points with Maemo devices would be great.
 

The Following 4 Users Say Thank You to bergie For This Useful Post:
Posts: 336 | Thanked: 610 times | Joined on Apr 2008 @ France
#5
Encryption is not vulnerable, as long as the person who applies it takes the time to make sure it isn't.

At the time of writing, I don't believe there are any decent encryption suites for Maemo. I'm currently in the process of analysing all the use-cases and will write up a proposal in the not-too-distant future. I do attach a lot of importance to VPN access, but would also like to see some opportunities for the use of soft tokens and such.

Considering the N900 doesn't support USB host mode, my initial thought of using a hardware token is going to be difficult. In response to that, I've been working on getting information with regards to Bluetooth-enabled tokens. That being said, I believe a soft token would make more sense, as it would serve a greater purpose (the soft token could also be used to display the OTP and use that on your laptop, for example).

If you guys have the time, would you be able to write-up your use-cases? VPN access, encryption, etc. How would you see the encryption/decryption process? What about resident keys? Key caching? I'd love to have your input on these points.
 
Posts: 116 | Thanked: 156 times | Joined on Sep 2009 @ North Yorkshire
#6
The only time I've had an issue is when the people at Graz, Austria refused to believe that my MacBook Air was an actual working laptop. I haven't travelled to the US since 2006, but I would be wary having heard several (first hand) horror stories.

I think the solution to data privacy (I work in this industry) is a combination of encryption (Truecrypt is great) and VPNs.

Unless you travel WITHOUT a laptop also, here's a potential solution:
  • Store the data you need on your portable device on your laptop. This would typically be in a hard to find Truecrypt volume.
  • When you get to your destination, get everything off your laptop and put it onto your portable device.
  • When returning home, place everything back into your Truecrypt volume.

Emails, contact lookups etc, can be done over a VPN.

This may sound like a small amount of effort, but what price do you put on your data?
__________________
mSideShow
 
Posts: 1,096 | Thanked: 760 times | Joined on Dec 2008
#7
I will use a VPN sometimes, but encryption is just too much of a hassle and I am not that paranoid.
 
allnameswereout's Avatar
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#8
Originally Posted by rm42 View Post
I think that the best option for travelers is to encrypt your data. I haven't checked to see what encryption software is available in Maemo, but see this for example:

http://www.enterprisenetworkingplane...-TrueCrypt.htm
LUKS + dm-crypt also works fine. No need for TrueCrypt

If you're going to use such solution be sure to either enable encrypted swap or disable swap.

There is also the cold boot vector to keep in mind.

Consider to use PKI + password instead of either one, and consider OTP because every time you type a password there may be a camera recording your keystrokes.
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
 

The Following User Says Thank You to allnameswereout For This Useful Post:
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#9
I've had to boot my laptop at security checks a couple of times or three, but these days the security checks seems to be way too busy to go to that effort. I've never had to even show a laptop at immigration control anywhere.

As for data security, you can be forced to reveal encryption keys, and it can be illegal not to do so. To get around that can be a complex process.

To me the by far simplest option seems to be what was suggested by an earlier poster: Don't keep your important data on your laptop, or N900, keep it at the office. Use VPN to access it. For me OpenVPN works very well for this (on my laptop).
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
 
Posts: 116 | Thanked: 156 times | Joined on Sep 2009 @ North Yorkshire
#10
Originally Posted by TA-t3 View Post
As for data security, you can be forced to reveal encryption keys, and it can be illegal not to do so. To get around that can be a complex process.
"The Authorities" need to know there's encrypted data there in the first place. That's why Truecrypt is good. Not perfect, but good.
__________________
mSideShow
 
Reply

Tags
data hiding, privacy, security, travel, vpn, whole disk encryption

Thread Tools

 
Forum Jump


All times are GMT. The time now is 14:15.