Data Privacy whilst Traveling with Mobile Computer
 

I've travelled with my N810 a fair bit, crossing borders often, but much of the time, I've used it only for very time-sensitive things (carrying slides for a conference presentation, for instance).

The usage model of the N900 will extend my behaviour somewhat: there's much more space, more speed, and the capability to in fact carry around quite a bit of potentially sensitive information and use it sensibly whilst traveling, let alone at my desk.

There are 2 issues here:
1. The number one computer crime is laptop (device) theft, which can open up your information to all kinds of nice or nasty people
2. Crossing borders is becoming a sensitive issue, and the authorities can and may look at/copy your data. You may not mind, but do you trust them to destroy it, or send it to a competitor, or worse, use it against you or a client (if you're a lawyer, for instance)

When I carried a laptop, I was sensitive to this problem, often going to some lengths to ensure it was relatively 'clean'. A reasonable rule of thumb was never to carry anything you would regret either losing or having someone else see (or both).

Caveats: Passwords and encrypted data are not enough. Passwords can be coerced or bypassed, encryption is vulnerable. Also, this isn't just like losing a phone, there's a whole hell of a lot more possible here.

The problem now rears its head with the N900, I think. So:

Here are the questions:

- What kind of data do you carry in your device?
- Do you protect the data in your mobile device? How?
- Do you use any apps that might transfer to the N900? e.g. mobile or laptop-based data hiding?
- would you use an app that explicitly protected your data based on, for example, location, context, as well as id?

Reason: I'm working on a design of an app to work in this direction for my personal use, and wanted to see what people's thoughts were on their own usage.

Re: Data Privacy whilst Traveling with Mobile Computer
 

I think that the best option for travelers is to encrypt your data. I haven't checked to see what encryption software is available in Maemo, but see this for example:

http://www.enterprisenetworkingplane...-TrueCrypt.htm

Re: Data Privacy whilst Traveling with Mobile Computer
 

The best solution is to use a VPN to get to your data. If need be buy a local throw-away sim and just use it's data link to get the stuff over. You can even encrypt and compress it so that it takes less. Then just pull it down once you need it and again delete it. I know for sure that all the things that will be on my device will most likely be either a) encrypted b) not there at all but accessible through a VPN/SSH.

Re: Data Privacy whilst Traveling with Mobile Computer
 

I cross dozens of borders every year, not only in the West but also in places like Balkans and the Caucasus, and not a single time have the authorities done anything with my laptop, internet tablet or a smartphone. I haven't ever even needed to demonstrate that they boot up in the airport security checks.

Apart from that, I agree that carrying sensitive information on a mobile device has its risks. Generally you should ensure two things:

• You have backups of everything, and an easy way to access those also from abroad
• All sensitive information on your device is encrypted (preferably the whole homedir)

...when these are covered properly you can feel quite secure traveling with your devices. If a device gets stolen or lost you only lose the device, not the data it contains. And since everything is encrypted there is low risk of the stolen data getting abused.

Having easy ways to achieve these two points with Maemo devices would be great.

Re: Data Privacy whilst Traveling with Mobile Computer
 

Encryption is not vulnerable, as long as the person who applies it takes the time to make sure it isn't.

At the time of writing, I don't believe there are any decent encryption suites for Maemo. I'm currently in the process of analysing all the use-cases and will write up a proposal in the not-too-distant future. I do attach a lot of importance to VPN access, but would also like to see some opportunities for the use of soft tokens and such.

Considering the N900 doesn't support USB host mode, my initial thought of using a hardware token is going to be difficult. In response to that, I've been working on getting information with regards to Bluetooth-enabled tokens. That being said, I believe a soft token would make more sense, as it would serve a greater purpose (the soft token could also be used to display the OTP and use that on your laptop, for example).

If you guys have the time, would you be able to write-up your use-cases? VPN access, encryption, etc. How would you see the encryption/decryption process? What about resident keys? Key caching? I'd love to have your input on these points.

Re: Data Privacy whilst Traveling with Mobile Computer
 

The only time I've had an issue is when the people at Graz, Austria refused to believe that my MacBook Air was an actual working laptop. I haven't travelled to the US since 2006, but I would be wary having heard several (first hand) horror stories.

I think the solution to data privacy (I work in this industry) is a combination of encryption (Truecrypt is great) and VPNs.

Unless you travel WITHOUT a laptop also, here's a potential solution:

• Store the data you need on your portable device on your laptop. This would typically be in a hard to find Truecrypt volume.
• When you get to your destination, get everything off your laptop and put it onto your portable device.
• When returning home, place everything back into your Truecrypt volume.

Emails, contact lookups etc, can be done over a VPN.

This may sound like a small amount of effort, but what price do you put on your data?

Re: Data Privacy whilst Traveling with Mobile Computer
 

I will use a VPN sometimes, but encryption is just too much of a hassle and I am not that paranoid.

Re: Data Privacy whilst Traveling with Mobile Computer
 

LUKS + dm-crypt also works fine. No need for TrueCrypt :)

If you're going to use such solution be sure to either enable encrypted swap or disable swap.

There is also the cold boot vector to keep in mind.

Consider to use PKI + password instead of either one, and consider OTP because every time you type a password there may be a camera recording your keystrokes.

Re: Data Privacy whilst Traveling with Mobile Computer
 

I've had to boot my laptop at security checks a couple of times or three, but these days the security checks seems to be way too busy to go to that effort. I've never had to even show a laptop at immigration control anywhere.

As for data security, you can be forced to reveal encryption keys, and it can be illegal not to do so. To get around that can be a complex process.

To me the by far simplest option seems to be what was suggested by an earlier poster: Don't keep your important data on your laptop, or N900, keep it at the office. Use VPN to access it. For me OpenVPN works very well for this (on my laptop).

Re: Data Privacy whilst Traveling with Mobile Computer
 

"The Authorities" need to know there's encrypted data there in the first place. That's why Truecrypt is good. Not perfect, but good.

Re: Data Privacy whilst Traveling with Mobile Computer
 

...which is a shame. I had been looking forward to using Yubikey for authenticating to various services from the device.

Re: Data Privacy whilst Traveling with Mobile Computer
 

Only while traveling to and from Japan have I ever had a problem with any devices. Apparently an older law that's on the books explains that a certain level of encryption coming out of Japan - 128-bit or higher IIRC - could not be exported out of Japan without prior approval.

It was the MagicGate memory cards for my then PS2 that they were referring to. My very last trip, it was my N810. It was confused with a phone, and they thought I had purchased it while on my trip there. I pulled out my cheap phone - a Motorola F3 I travel with that nobody in their right mind would want to steal - and explained that I used the N810 for internet access when I didn't use my laptop.

They relented, but that was about the only time I've had to worry about anything encrypted on my gadgets. Came to the US, customs was going nuts about having the "internet in your pocket"... one customs official even knew enough to ask "Even Flash?" "Yes, even Flash content is rendered..."

Re: Data Privacy whilst Traveling with Mobile Computer
 

Is your focus on a hardware token due to being able to avoid physically typing in something / something that can be separated from the main device? In which case, bantering with other people I've considered something related to automatically happening related to a particular SD card.

I would use a VPN on my phone right now but with traditional pptp it stores your password plain text, which bothers me. Also on the n800 it is quite tedious to enter passwords.

Re: Data Privacy whilst Traveling with Mobile Computer
 

Hmm let's see what I'd like as my use-case.

a) deniable encryption based on dm-crypt and luks - this would be enough to simply split the luks headers from the volume itself and keep them on a different volume(I've started looking for this option recently but am unable to find any info - can do it for keys only apparently - for now). Basically one would have an SD card that would store the headers and you would need both to actually mount. But once in memory one shouldn't need to keep the card in(store them in RAM?)

b) I'm not much for full device encryption or full home encryption. I tend to simply encrypt the things that are important to me. In this case this would be contacts, smses and such like. Of course having something like plain old GPG on this would work as well.

c) I should never be asked to decrypt when trying to access this data(it should fallback to an alternate store). Accessing the encrypted data should be a concious effort. Have an app that you open select the store you want to unlock - enter passphrase and any other tokens - and you have access.

Re: Data Privacy whilst Traveling with Mobile Computer
 

Does LUKS+dm-crypt work out of the box on Diablo kernels or do we need to compile the module?

I haven't looked at truecrypt for a long while, but I never used it on my desk/laptop systems, because the Linux port seemed to be a kludgey bolt-on afterthought. Besides, with LUKS+dm-crypt, I found it was easy to set up LVM in an encrypted container, and have grow/shrink capability with full disk encryption.

Re: Data Privacy whilst Traveling with Mobile Computer
 

Hmm, I was assuming Fremantle.

You need following:

• dm-mod (required for dm-*)
• dm-crypt
• Devicemapper (userspace binaries for dm-mod)
• dmsetup or cryptsetup-luks (frontends for dm-* API)

Should work on 2.6.21 kernels but you will not get XTS mode since requires Linux 2.6.24+

There are some folks who compiled dm-loop for Diablo. Excellent starting point.

For Maemo < 5.0 see also these legacy threads:

• Locking down the n810 ? Encryption ?
• EasyCrypt Frontend for TrueCrypt

Re: Data Privacy whilst Traveling with Mobile Computer
 

PPTP bothers me ;)

Storing password encrypted only works with a salt (like /etc/shadow) else it makes no sense. This way the input (password) is compared and then authentication takes place.

Another disadvantage of password-based authentication is that input of the password may be recorded by third parties.

OpenVPN allows you to not save username/password. Same with OpenSSH via SSH keys, and OpenSSH supports VPN setup nowadays. Don't know about Maemo versions though.

OTP (one time password) solves the problem although it has its disadvantages. OpenSSH has supported this for a long time, which means you only need to implement server-side support. For that you need e.g. libpam-opie (on OSes using PAM such as Linux) s/key (on *BSD).

You can have your OpenVPN SSL certificates or SSH keys on your SD card, making the SD card the hardware token.

The advantage of a product such as SecurID is that it combines all the above in one simple hardware interface.

In UK, yes. Plausible deniability such as TrueCrypt provides is useful in such case.