An OnlyKey User’s Guide to Traveling Internationally with Your Digital Privacy Intact
For background information on plausible deniability with OnlyKey read the previous post here first.
So your ready to travel internationally, you want to be able to access your accounts but you can’t risk a foreign party gaining access to your accounts. Or maybe there is even a ban on encryption in the country you are visiting.
It sounds like you need an encryption ban buster
OnlyKey to the rescue, its the only device on the market that allows you to both encrypt data and deny that you have any encrypted data in your possession.
This is how it works
Travel with Encryption and Plausible Deniability Mode
Travel without Encryption
|Step 1. Purchase an OnlyKey||Step 1. Purchase an OnlyKey|
|Step 2. Follow instructions in the Quick Start Guide to set it up||Step 2. Follow instructions in the Quick Start Guide to set it up|
|Step 3. Load the Standard Edition Firmware on your OnlyKey||Step 3. Create an encrypted backup of your OnlyKey (And your backup key)|
|Step 4. Create a plausible deniability profile||Step 4. Load the International Travel Edition Firmware on your OnlyKey|
|Step 5. Set up some real looking accounts, or just save some accounts you don’t really care about on your OnlyKey’s plausible deniability profile.||Step 5. Set up some real looking accounts, or just save some accounts you don’t really care about on your OnlyKey.|
|Step 6. Head to the border, if forced to give up your passwords just give them your plausible deniability profile PIN and access to all of the accounts that you don’t care about. There is not a way to prove that the encrypted profile exists on your OnlyKey.||Step 6. Head to the border, your OnlyKey does no encryption and if they want to force you to give up your passwords just give them the PIN and access to all of the accounts that you don’t care about.|
|Step 7. Once you get to a safe location in destination country you can unlock your encrypted profile that stores your real accounts by entering the correct PIN code.||Step 7. Once you get back home (or to a safe location in destination country) just load the Standard Edition on your OnlyKey and restore your actual accounts from your encrypted backup.|
TL;DR – The bottom line is that OnlyKey is designed so that it cannot be determined whether Option A (with encryption) or Option B (without encryption) is used. OnlyKey in plausible deniability mode looks, sounds, and acts just like an International Travel Edition OnlyKey.
Which option should I choose?
The answer here is it depends.
Option B is the safest option while Option A is the most convenient option. Depending on the country, there are cases where option A may not be a good idea.
- Is encryption illegal there?
- What happens if a traveler is caught with something that uses encryption? Is it confiscated or is there worse things that might happen?
- And finally, Rubber-hose cryptanalysis. If the adversary would go to extraordinary means to get what they want then technical solutions are not much use. In this case actually not having access to the data is the best way.
Additionally, there are some creative ways to be able to both deny having access to your accounts without being deceptive and once you are at a safe place in country access those accounts. Here are some examples.
- Use Option A, but have a trusted friend set the PIN on your encrypted profile so you don’t even know it. Then once in country contact the friend to get the PIN code (keep in mind you now know the PIN though so before you leave country you would need to do this again).
- Use Option B, but save an encrypted backup and encrypted backup key online somewhere that you would have access to in country. Then once in country load the Standard Edition firmware and download and restore from backup.
- Use Option B, but save an encrypted backup and encrypted backup key to digital photo, audio, or video file using a steganography tool. Then load the media along with other pictures, audio, video etc. onto a USB drive that you carry with you. Then once in country load the Standard Edition firmware and extract the backup files to restore from backup.
- Use Option B, but send the encrypted backup and encrypted backup key to a trusted friend. Then once in country have the trusted friend send the backup files.
There are plenty of other options, feel free to post ideas in the comments section.