An OnlyKey User’s Guide to Traveling Internationally with Your Digital Privacy Intact
For background information on plausible deniability with OnlyKey read the previous post here first.
So your ready to travel internationally, you want to be able to access your accounts but you can’t risk a foreign party gaining access to your accounts. Or maybe there is even a ban on encryption in the country you are visiting.
It sounds like you need an encryption ban buster
OnlyKey to the rescue, its the only device on the market that allows you to both encrypt data and deny that you have any encrypted data in your possession.
This is how it works, pick Option A to use the OnlyKey Standard Edition in Plausible Deniability mode or pick Option B to use the OnlyKey International Travel Edition.
TL;DR – OnlyKey is designed so that it cannot be determined whether Option A (with encryption) or Option B (without encryption) is used. The Standard Edition OnlyKey in plausible deniability mode looks and acts just like an International Travel Edition OnlyKey.
Travel with Encryption and Plausible Deniability Mode
Travel without Encryption
|Step 1. Purchase an OnlyKey||Step 1. Purchase an OnlyKey|
|Step 2. Follow instructions in the User’s Start Guide to set it up||Step 2. Follow instructions in the User’s Start Guide to set it up|
|Step 3. Load the Standard Edition Firmware on your OnlyKey||Step 3. Load the Standard Edition Firmware on your OnlyKey|
|Step 4. Create a plausible deniability profile||Step 4. Set up your real accounts and then create an encrypted backup of your OnlyKey (And your backup key)|
|Step 5. Set up some real looking accounts, or just save some accounts you don’t really care about on your OnlyKey’s plausible deniability profile.||Step 5. Load the International Travel Edition Firmware on your OnlyKey|
|Step 6. Its always good to create an encrypted backup of your OnlyKey (And your backup key) before you travel||Step 6. Set up some real looking accounts, or just save some accounts you don’t really care about on your OnlyKey.|
|Step 7. Enable “Full Wipe” in the preferences of the OnlyKey App. Make sure to read the warning, this makes it so that your entire device is wiped if self destruct is triggered and the purpose being that if this happens there is no way to know what firmware version had been loaded after the wipe.||Step 7. Enable “Full Wipe” in the preferences of the OnlyKey App. Make sure to read the warning, this makes it so that your entire device is wiped if self destruct is triggered and the purpose being that if this happens there is no way to know what firmware version had been loaded after the wipe.|
|Step 8. Time to travel, if forced to give up your passwords just give them your plausible deniability profile PIN and access to all of the accounts that you don’t care about. There is not a way to prove that the encrypted profile exists on your OnlyKey.||Step 8. Time to travel, your OnlyKey does no encryption and if they want to force you to give up your passwords just give them the PIN and access to all of the accounts that you don’t care about.
|Step 9. Once you get to a safe location in destination country you can unlock your encrypted profile that stores your real accounts by entering the correct PIN code.||Step 9. Once you get back home (or to a safe location in destination country) just load the Standard Edition on your OnlyKey and restore your actual accounts from your encrypted backup.|
Which option should I choose?
The answer here is it depends.
Option B is the safest option while Option A is the most convenient option. Depending on the country, there are cases where Option A may not be a good idea.
- Is encryption illegal there or do they just have the right to ask for your passwords at the border?
- If encryption is illegal, what happens if a traveler is caught with something that uses encryption? Is it confiscated or is there worse things that might happen? Keep in mind Rubber-hose cryptanalysis. If the adversary would go to extraordinary means to get what they want then technical solutions may not be much use.
Additionally, there are some creative ways to be able to both deny having access to your accounts without being deceptive and once you are at a safe place in country access those accounts. Here are some examples.
- RECOMMENDED METHOD – Use Option B and use a service like http://www.lettermelater.com/ to schedule an email to be sent to yourself on a future date with your encrypted backup file. This way you receive your backup file once you are safely in country and you have no other way of accessing it (make sure you conveniently don’t remember your lettermelater password, and use something like https://temp-mail.org as the from email address so there is no way to recover the account). Make sure your backup key is stored somewhere you can access it in country. Once you are ready to leave the country you can schedule another email to send you your backup file when you get home, delete the local copy of backup file, and wipe your OnlyKey.
- Use Option A, but have a trusted friend set the PIN on your encrypted profile so you don’t even know it. Then once in country contact the friend to get the PIN code (keep in mind you now know the PIN though so before you leave country you would need to do this again).
- Use Option B, but save an encrypted backup and encrypted backup key online somewhere that you would have access to in country. Then once in country load the Standard Edition firmware and download and restore from backup.
- Use Option B, but save an encrypted backup and encrypted backup key to digital photo, audio, or video file using a steganography tool. Then load the media along with other pictures, audio, video etc. onto a USB drive that you carry with you. Then once in country load the Standard Edition firmware and extract the backup files to restore from backup.
- Use Option B, but send the encrypted backup and encrypted backup key to a trusted friend. Then once in country have the trusted friend send the backup files.
There are plenty of other options, feel free to post ideas in the comments section.