552 comments

[ 0.25 ms ] story [ 320 ms ] thread
The implementation looks sound, and it's easy to use. Props to Agile Bits for making this feature a priority.

So this is great! -- I think. My only concern is that if the authorities are already suspicious of you, and find no password vaults (or practically nothing in your password vault), they may just detain you until you reveal what you haven't disclosed to them.

There's clearly a technical solution to the problem of protecting data across borders but they do not work so well under duress. Is there any technical way to convince an adversary you are not hiding anything else or did not delete something?

Social engineering. Confidence. At some point technology needs to be abandoned and you need to be a human being during those scenarios.

Or simply don't have anything to hide. If you have a guilty conscience that is going to manifest itself in your body language and mannerisms.

> Or simply don't have anything to hide. If you have a guilty conscience that is going to manifest itself in your body language and mannerisms.

What if I am an anxious guy?

What if I carry some business secrets?

What if I don't want some TSA agent look at my SO pics I have on my devices/social media?

Being anxious is something you can work on. Business secrets are perfectly legal to carry across a border. Not wanting the TSA to look at your shit is something I can understand.

I'd basically tell them to fuck off (in a more diplomatic sense) until it reached the point of being either blocked entirely from traveling or detainment. At that point you gotta ask yourself if the juice is worth the squeeze and turn back or play their game.

Also this is more than just an issue with the Trump administration and the TSA... I don't travel to Canada any longer due to the treatment I have received at the border there.

Just out of curiosity, how's the treatment at the border in Canada?
10 years ago I was working in Canada; couple of friends and I (Australian, British and Québécois) decided to go and ski in Montana for a few days. We had a few beers on the way down and stopped just before customs to drop off open cans before we crossed the border. Being 11pm, we were the only people at the crossing. As we circled round they decided something wasn't right (probably justified although not in their jurisdiction) - 4 hours later we were allowed into the US having been fingerprinted and our car searched on a ramp for what I assume was explosives or drugs. 3 days later we returned to the border travelling the other direction - the CBSA officer looked at the cover of all three different nations' passports before saying "I'm sure there's a visa in there somewhere, have a nice day."
As the above comment states, confidence. Confidence is everything. It's hard to detect a confident liar without serious equipment and verification.

If it's hard, make up an appropriate story beforehand and rehearse it until it is second nature and you believe it yourself.

Best to avoid the USA, basically.
> If you have a guilty conscience that is going to manifest itself in your body language and mannerisms.

More than once, the customs officer has asked me "you don't look people in the eye, do you?" I just say, "no, I don't." (They're apparently happy with that answer.)

So you can be questioned without having a guilty conscience; I just look down a lot.

Could they try to go with the truecrypt method?

Instead of removing the password data off the device, replace it with "junk" data.

"Low security" accounts that you wouldn't mind the "adversaries" having, sacrificial accounts, or even just a randomly generated selection of fake passwords for a selection of accounts, etc...

It still won't fully protect you (obviously a "targeted" adversary would know that you have an account at "X" with "Y" username and the password in your vault doesn't work for that so tie him up!), but being able to hand over something when being questioned might be better than nothing for some.

Definitely not great. It would create much more suspicion to have 1Password installed and not to have any data on it. Just uninstall 1Password before travel and re install it back after customs. Travel mode is a way worse solution.
The article says you can choose which vaults to have available in Travel Mode. So you could just leave some vaults you don't care about in there.
Empty/useless vaults aren't any better. Even if you went to the lengths of creating fake social profiles and adding their passwords to your fake vault, that's not any better either.
Excellent effort. I do wonder though, what is to prevent authorities from forcing you to just turn off travel mode? Is there a timer that you set? Deadman's switch? Geolocating? (The last 2 are not good solutions, but you get the idea)

Edit: I missed this bit below:

> even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.

However, it won't take very long for authorities to wise up, know that 1password has a travel mode, and tell you to turn off Travel Mode, eh? Or am I missing something?

My instinct is that if you have anything stored on your device, you're at risk crossing borders. So in my case, I would likely remove both the Dropbox app and KeePass, and then reinstall them on arrival. I suppose that would leave detectable traces, which could argue for using a burner phone, and then installing those two on arrival on it.
Isn't the counter simple; they ask for your logins to the 1Password vault? I guess this just adds an extra layer of obfuscation.

The most secure way I can think of is to either encrypt your drive (or wipe for travel and online restore once arriving) and physically mail the new password (or hand over to a trusted friend/store location) to the destination. Then there is no way of restoring at the airport.

Of course, then they can just detain you indefinitely for not revealing the password you don't know...

> physically mail the new password

Nobody will ever do this.

,,even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.''

It looks similar to hidden partition in TrueCrypt

Any subscription-based 1Password can be accessed from the web. Couldn't they just demand those credentials?
Only if you know them. I don't know about you, but I don't have my long random account key memorized (only my master password). You can't log into the website without that account key.

Of course, you do need to be able to log in to turn travel mode back on, so if I were to use this I'd probably do something like set up a service to securely send me my account key after I'm expected to have finished crossing the border, or maybe just store it on a remote server that I have access to under the expectation that the TSA can't demand that I SSH into a remote server (especially one they don't even know about). Though if I'm traveling alone (instead of with my wife) I'd probably just call her and ask her to turn travel mode off for me.

That's a great solution if you're a US citizen and want to enjoy showing off to a border guard before being guaranteed entry, but for migrants (who are most affected by this), this kind of 'gotcha' logic would likely be considered insubordinate grandstanding, and get them denied entry.
> this kind of 'gotcha' logic would likely be considered insubordinate grandstanding

I'm not sure what you mean. I don't think it's unreasonable for anyone, migrants included, to tell CBP "I don't feel safe traveling with sensitive data, so I don't have any of that data on my computer". What's the 'gotcha' here? CBP isn't the only reason to want to have Travel Mode, there's also the increased risk of having your laptop stolen or misplaced.

In your original post, I took

> Only if you know them. ... You can't log into the website without that account key.

To mean that you'd openly have access to information in front of the guard, and then let them know that you can't access it at this time because of your elaborate scheme (e.g. tell them that it exists, but that they can't have it).

That's quite different to just not travelling with the data (or evidence of it existing) at all.

> CBP isn't the only reason to want to have Travel Mode

No, but it's the only 'reason' that's likely to use serious, life-altering coercion to make you to disable it, if they detect that it exists. It may be better to have no data that suggests capabilities, than openly posses partially disabled capabilities.

There's no way for a border agent to tell if you're refusing to disable travel mode because you won't or you can't (and little reason for them to care).

Of course it's not unreasonable, but 'reasonable' is not the relevant criterion here.
Yes, it does. And you provide them to the password for the local vault. Since you activated travel mode, they'll be able to see your "travel safe" passwords, but no indication that there are other passwords that were recently removed from the vault, and no indication that you entered travel mode.
There are competing reports, but the maximum detention time for US citizens crossing the US border is about four hours.

If you are a foreign citizen, you are looking at about twenty four hours, and then refusal of admittance.

This information is the case for keeping a cheap back up device(s).

I thought that, according to the NDAA Obama signed, that the military can detain Americans indefinitely without reason.
They can ask for logins for the vaults they see on your device. But those vaults are the ones you've marked "travel-safe", so you're accepting the risk of these being breached by invasive governmental searches.

However, non-travel-safe vaults a) won't show up on your devices, so they can't ask for what they don't know the existence of, and more importantly b) there is no evidence on the device of "hidden" vaults, or that you're in travel mode, so they doubly don't know the existence of those vaults.

How is the web interface handled? Essentially, where do you turn this on and off? Wouldn't it become standard ptotocol to just demand web credentials for 1Password? This feature is only for subscription based 1Password accounts, so it would seem to me it would just be easiest to delete the app and re-download after crossing?
Demanding web logins rather than local logins for anything is a step beyond the fuzzy legal authority currently given to the TSA.
They already ask for social media account logins.
If you're a resident, they eventually have to let you in. But if you aren't, they can reject you for any reason. This isn't something you can solve with tech. Those of us who are citizens of the US need to vote for politicians who make privacy a priority, and be more politically active in general. I feel like you could even make the play that it's bad for business, because it's impeding business travel. You could even point to this very post as evidence that many companies consider it a Big Deal - the idea that they have to explicitly hide their company secrets in this way because border agents are out of control.
Not CBP though, which is the relevant institution for international border crossings.
web login is likely the same as app login credentials. I don't use 1password, but that's the generate case with LastPass (at least last time i used its mobile app).

So, if they take the actual password, as opposed to having you log in for them, then they can easily go to 1password's web interface.

I'm not sure if there is a legal barrier to taking that step, but there is no real barrier there if the credentials are the same.

Perhaps if there were also travel credentials, that would be useful. With the travel creds there would be no indication that you were in travel mode and no access to additional data.

There is an additional key/identifier that you don’t have to carry with you that would prevent them from logging in even if you had to give them your vault password.
"Then there is no way of restoring at the airport."

IIRC, the border agent has the power to turn you back, visa or no visa. So there might be a price to pay for getting too cute. They want what they want and trying to avoid that might make them angrier.

If you are a US citizen they can make you wait in a room for a few hours and maybe add your name to the "make his life miserable every time he flies" list.

Just travel with a dedicated traveling phone and have your main phone mailed to your destination.
One option is to lock out the passwords for some amount of time, or to do geolocation.

Both can be defeated (they can detain you at the airport for a whole day, or they can spoof GPS) but neither of these mechanisms holds up to mass surveillance: you can't detain everyone who goes through the airport, or even all people with 1Password, for a day, nor can you spoof GPS at the security checkpoint because it'll probably leak to airplanes. You have to pick individual travellers and put them in a Faraday cage with a Stingray and an internet connection.

I'm not sure what the threat model really is, but it's possible that this will require enough time and resources to disincentivize asking for even more passwords when there's not a very specific suspicion, which might be good enough.

A more accurate reality: https://xkcd.com/538/
At, say, the US/Canadian border? No, not accurate nor realistic at all.
Then again, you don't even need a $5 attitude readjustment tool when you can just shrug and say "Whatever. You are detained until you cough up what we want." - and are able to do just that...
They can't detain you indefinitely without articulating a good reason, even as a non-citizen. What they can do is deny you entry. For citizens, not even that.
* What they can do is deny you entry. For citizens, not even that.*

Job lost. Father died without you seeing him. Thousands of dollars gone in lost ticket, reservations. That's more than enough for 99% of people. The other 1% don't even try to enter USA

This happened at a US port of entry https://www.cnet.com/news/researcher-detained-at-u-s-border-...

He didn't get hit with a wrench, but rather got all his stuff seized by the FBI.

He didn't get hit with a wrench, but rather got all his stuff seized by the FBI.

I don't know if you've ever been hit with a wrench, but those two things are nothing alike. Starting with the fact that the FBI might not have gained access to the data in your story.

Without context, they are very different things. In this context, however, they amount to the same thing. Your technical solution doesn't work when someone can use force against you.
It is very sad that it had to come that far
Wouldn't an alternative "destroy everything" password be a good idea also ?

Would work like this : When forced to enter / give the password to your vault, you enter/give this one, and everything the vault contains is wiped out before the vault is unlocked.

That's basically the definition of spoliation of evidence, if things were to ever escalate to civil or criminal proceedings.
This qualifies already.

18 U.S. Code § 1519 defines it as "Whoever knowingly...conceals...with the intent to impede...the proper administration of any matter within the jurisdiction of any department or agency of the United States"

So technically, entering travel mode for the purpose of hiding your stuff from border agents could be interpreted as a violation of that statute, regardless of whether there was an active investigation or legal proceeding.

Of course, it would trigger a massive backlash if a federal prosecutor went after people for this. But it's there...

I think there is a line to be drawn somewhere, and I don't know where — but taking this further, if I erase my laptop before going to the US and then restore it from a backup online, isn't this the same thing as „knowingly concealing with the intent to impede”?

And what if I don't take the laptop at all? Am I „concealing” anything? Theoretically — yes.

There has to be a limit to how far one can take the application of that law.

If you aren't aware of a matter concerning your data you can't intend to impede that matter by choosing not to transport your data on your person.
Entering travel mode is literally deleting the data off your computer. It's not concealing anything. I think a federal prosecutor would have a hell of a time arguing that people aren't allowed to erase data from their computer before traveling.
In the law, intent matters. You're deleting the data with the intent to hide it from border agents. A federal prosecutor absolutely could argue that, if they wished.
I'd be entering travel mode with the intent of removing the ability to access the data from the device. I would be surprised if travel mode deleted my data.
You're deleting the data because you don't want to travel with that data. You're not hiding it. You literally just don't want to have access to it while you're traveling. In that sense it's no different than, say, leaving a hard drive with all your data behind (plugged into an internet-enabled computer that you can SSH in to and transfer your files back to yourself after you've crossed the border).
Read rosser's comment above. If push came to shove, your clever wordplay would amount to getting into a rules-lawyering contest with Federal prosecutors, and I promise you that is a contest you would lose.
I don't think it's rules lawyering to say that literally not having the data is different than hiding it. There's nothing illegal about choosing to not bring stuff with you when you travel. And as long as the CBP's authority is limited to searching your devices and not forcing you to log into websites, then simply not carrying the data on your device seems perfectly reasonable.

Furthermore, I don't think there's anything productive at all about making the argument that federal prosecutors will get you no matter what you do. That's just shutting down the discussion entirely.

> Furthermore, I don't think there's anything productive at all about making the argument that federal prosecutors will get you no matter what you do. That's just shutting down the discussion entirely.

Well, it is true that if the government wants to come after you- as in, you specifically- then it is basically true that they will get you no matter what you do. But that's not the point I was making in my previous posts, so let's drop it.

The point I was trying to make was that this 1Password feature will not help you, legally, if CBP realizes you're using it and they want to make a fuss. Maybe if you rolled your own PW manager and decided not to sync the incriminating data, you'd have a case. But this feature is literally advertised as "protect your data from unwarranted searches [clearly implying, searches by the government] when you travel". The technical implementation (your "deleting" vs. "not having" distinction) does not matter: the intent is clear.

> The point I was trying to make was that this 1Password feature will not help you, legally, if CBP realizes you're using it and they want to make a fuss. Maybe if you rolled your own PW manager and decided not to sync the incriminating data, you'd have a case. But this feature is literally advertised as "protect your data from unwarranted searches [clearly implying, searches by the government] when you travel". The technical implementation (your "deleting" vs. "not having" distinction) does not matter: the intent is clear.

We are hinging on the subtle difference between deletion and non action. If I choose not to bring my phone with me to the border, and an agent remarks on the suspiciousness of that fact, if I were to reply, "I didn't bring it because I didn't want to travel with it," did you commit a crime?

Even if you were arrested for that statement, dor a prosecutor to convince a jury that you didn't bring data with you because you didn't want it to be inspected at the border vs you didn't bring it because you didn't want it to get stolen/whatever does not seem likely, but that is just my opinion.

> If I choose not to bring my phone with me to the border, and an agent remarks on the suspiciousness of that fact, if I were to reply, "I didn't bring it because I didn't want to travel with it," did you commit a crime?

Probably not.

> We are hinging on the subtle difference between deletion and non action.

I agree, and my argument is that "activating Travel Mode" is clearly the former, regardless of its technical implementation, because it requires positive action.

I don't see why the distinction matters. Deleting data because you don't want to travel with it should be no different than leaving your phone at home because you don't want to travel with it.
I think I would feel reasonably comfortable telling a border agent that I didn't bring a phone / specific data because I felt uncomfortable about the idea of having it searched at the border. There's certainly nothing wrong with that, and I doubt it would get you denied entry (unless they pulled you out for a non-routine reason anyway). You're certainly not required to bring anything across a border.
This is starting to head down the road into absurdities, though.

If I have a laptop and phone with sensitive work information on them, and simply choose not to take them with me on a trip, would you argue that's a crime? After all, the reason I chose not to take them with me was to "conceal... with the intent to impede" CBP's ability to access all that data.

What if someone just refuses to travel to the US as long as policy allows this type of search? Would they need to be extradited for their act of concealment?

And I could argue that my intent was to protect myself from identity theft, should my device be stolen. It's a reasonable explanation for having deleted the data.

I'd also argue that I could've purchased a completely new device immediately prior to travel and brought that along, with the intention of being able to say that the device had never contained information that I was trying to hide.

I think that part of the point is that they'd have to prove intent. It's easiest to prove if you refuse to unlock the device, harder to prove if you provide a destrutive password, harder still if you remove your passwords and keys before leaving, and essentially impossible if you have a device that never contained sensitive data in any form.

> [proving intent is] essentially impossible if you have a device that never contained sensitive data in any form.

I'd like to see a short story based on this premise: man is arrested and tried for crossing the border with a brand new phone, having left his usual phone at home. The prosecution argues that since he presumably usually keeps sensitive information on his phone, not copying that data to the phone he was carrying proves his intent to hide information from border police.

I think it's a race already, between the story being written and it actually happening to someone.
> he presumably usually keeps sensitive information

Wouldn't they have to argue that he was a person of interest for some time now. That they have records of him traveling two and from countries of interest. That he is on a watch list?

For the average Joe. I don't think this would get very far.

My response would be. "What sensitive information are you looking for?"

I was proposing a short fictional piece based on this premise -- not sure if you meant to respond to that specifically. In any case, it's speculative fiction: we put the story in a not-too-distant dystopian future where the laws and norms have changed just enough to make this plausible. I think it's more fun too if the protagonist actually doesn't have anything to hide, and is not suspected of any criminal activity before, during, or after his attempted border crossing.
Or literally anyone else in the country to which I'm travelling. Perhaps I feel I'm at an increased likelihood to either lose or have my phone stolen? Saving my passwords from a potential thief (who may or may not have tools to break into the device assuming I secured it) is a reasonable precaution.
No, you're deleting it because you don't want to transport it across the border. You're just not bringing it, and border control can't inspect what you don't bring.
There would be no backlash unless the person was well-known, all they would have to do is show an unflattering picture of the victim and accuse them of 'possessing hacking tools' and 'hiding information from law enforcement.' Both would be true, the latter being actually true and the former applying to anyone using a terminal with black background and green text.
The "matter within the jurisdiction" of border control is to inspect anything being brought across the border. You're not impeding that. You're simply not bringing something across the border. This is different from e.g. hiding drugs in your suitcase (or even data on a device): there you're impeding their ability to inspect those drugs.
I think using it would be tampering with evidence in the USA. So probably a bad idea.
Not clear you're destroying evidence -- is it evidence if there's no probable cause for the search? If a crime hasn't been committed?

Hard to apply ordinary statutes & case law here because the 4th amendment doesn't seem to apply to border agents.

Is it evidence at the point where, say, a CBP agent asks you to show him your data? I mean, they're not a judge, and it's not a trial, or even an investigation into some crime.
Do you want to go to prison?
There needs to be a crime before someone can be charged with tampering. No crime, no evidence, no tampering.
No. That's only a good idea if the criminal sentence for destruction of evidence is less than the criminal sentence you'd receive for possessing whatever data it is you just destroyed.
Once again we drum up technical "solutions" to what ultimately is a policy issue.

A better idea is to change our laws so that our constitutional rights are respected. If that's not possible then the next solution is to change our elected officials.

While it is a policy issue at its core, changing law and policy moves at a glacial pace, and it's not even a certainty that it'll get changed at all (the "nothing to hide" defense gets brought up a lot on these matters, and it's a pretty persuasive argument to those that can't recognize the fallacy). Technical solutions have the benefit of being much quicker to enact, albeit in a flawed way that is, if highly successful, a band-aid on a bullet wound.
Nothing wrong with using technical "solutions" to prove the point of needing policy changes.
> change our elected officials

In America, who you vote in has very little effect on public policy, and by very little I mean a near zero/statically insignificant amount (unless you're part of the top 10% of income earners):

http://fightthefuture.org/videos/does-voting-make-a-differen...

Eeyore / South Park style cyncism actively forments apathy. Self-fulfiling prophesy.

Counterpoint: My friends and associates do amazing things. Marriage equality, marijuana legalization, DREAM Act, etc, etc. I (a yeoman) also do what I can.

Maybe think of politics, society, culture like thermodynamics:

Organization requires continuous effort, to mitigate entropy.

Keep in mind Marriage Equality in America came via the supreme court, not legislation (unlike New Zealand, Canada, et. al.)

I'm not saying people shouldn't be active. Groups like The Anti-Corruption Act (https://www.youtube.com/watch?v=lhe286ky-9A) are doing a lot, not to mention the group that pushed Maine's ranked voting amendment.

But the vote itself is not very useful. There are other forms of activism that are more worthwhile; those that seek to slowly and fundamentally change the system. Focusing on the left right paradigm will ultimately lead people to being angry at two parties that are essentially the same.

> Keep in mind Marriage Equality in America came via the supreme court, not legislation […] But the vote itself is not very useful.

Liberal supreme court judges do not materialize out of thin air, do they?

> A better idea is to change our laws...

Oooookay, sure. We'll get right on that one. In the mean time, I'll take a technical solution.

Have you called your congressional representatives and made it known to them how important these issues are? I find that many people who despair about our political climate can't even name their representative.

Start there and work your way out.

Blow up Sovereign Immunity ffs. If someone gets detained they have no recourse or compensation to mitigate it being used as a threat.
You'd want to make sure it erased the data while making it seem like the data set was empty. You'd even need that special password to remove traces of itself and how it erased the encrypted data, as anything left over could be evidence for destroying evidence.
Perhaps not wiped out, but your normal password could unlock your normal store, while a "duress" password would unlock a store of dummy information.
Is travelling with confidential data really necessary? Wouldn't it make more sense for me to have a 'empty' notebook and store my data out of harm's way (but accessible via a VPN).
I've come to the conclusion that this is the only reasonable technical solution.

Don't travel with sensitive data, and openly explain that you don't do so.

The frustrating part is the UX, and the fuss when you land.

I've found that this works:

- Burner android (burner account explicitly for travel) for music, podcasts, light browsing, etc.

- Cheap ThinkPad for headscratching / hacking (work over SSH, keys on a Yubikey, IP in your head. YubiKey as second factor for password manager as browser extension (uninstall before the border))

Any recommendations for a "burner android" phone?
I'd just go to your local phone repair kiosk and see what they have lying around for cheap.
I'd just go on Amazon and find some cheapo phone like the BLU R1 HD. Just find one that is compatible with your provider.
If you're a company this is easy to manage. Give people laptops with nothing on them. Don't credential them until they phone your help desk from their hotel.
>Is travelling with confidential data really necessary?

Yes.

The whole travel with a clean laptop isn't feasible beyond a simple "access data remotely via VPN" scenario.

Company laptops are often so full of custom software (bootloaders & up) that it's impossible to replicate/reinstall a working environment over VPN.

They're crazy sensitive: e.g. On ours if you go too long away from the core network it freaks out and locks everything down. And recovering from that...well:

I've literally had IT tell me that my options are 1) Fly to the nearest office and connect to core network 2) They fedex me a fresh laptop that has recently been connected to the core.

What's to stop them just asking the password for your VPN? I mean if they can already ask for facebook passwords, what's the difference?
Counter: the border agent asks "are you hiding any information from us?". answer yes, and they get you to disable travel mode. answer no, and you just committed a felony.
How is setting software to "travel mode" hiding anything?
It's not the software set to travel mode, it's the account.
Literally removing your access to data isn't the same thing as hiding it. Having a TrueCrypt partition on your drive that you can still unlock if you know it's there is hiding it. Securely erasing that partition is not.
This is closer to the former than the latter. You aren't erasing the data that's protected under the vaults. You're just temporarily removing the vaults from local storage, disabling access and obscuring its presence. It's trivial to re-enable that access, so you are hiding, not destroying.

Nice mental gymnastics, though. I'm genuinely curious whether the first Federal judge to see this argument laughs or issues a contempt citation first.

Can the border patrol ask you to sign into any online service? Because that's essentially what this is.

The data isn't on the computer they are searching, it's on a server thousands of miles away. The data was erased from the device. If they can force you to sign into that service, they could also force you to sign into your bank, github, etc.

> Can the border patrol ask you to sign into any online service?

If you're a non-citizen attempting to enter the US under a visa waiver program, from certain countries, yes, they can.

Then you can just turn around and be deported. Non-citizens don't have many rights at the border.

The big questions is for Americans, who also have fewer rights at the border (4th amendment for example). Can they force you to sign into external services at the airport if you're a citizen? Everyone should refuse to do this.

I'm not a lawyer, and I hate having to preface that. But Hell No they can't. They can ask. They can threaten. But once they know you're a US citizen, they either detain you or they let you go (on to customs).
They can confiscate your belongings though.
a border officer searched for me on fucking facebook when i was going into the us in march. she said "i just want to know who you are and why you are coming".

i don't have a facebook account. she said this was really suspicious.

oh and she also found suspicious that i had two us entry stamps within a week of each other and didn't accept my explanation that i had gone through the us to go to england with my wife (even after i pointed to the GB entry stamp).

i hate going through the us border control.

Actually they ask for social media accounts when applying for a visa waiver now, e.g. ESTA.

I bet they'll mark you as suspicious if you travel without any electronics too, because that has become uncommon.

> she said "i just want to know who you are and why you are coming".

Isn't that what passport and visa are for?

Seems like it's a tough argument though, I never have all my email on my phone, or all my dropbox files, etc. If I choose to not sync certain GMAP labels to IMAP, does that mean I am 'hiding' them?
Have you kept the data off your phone specifically for the purpose of not letting them see it, intending to sync back up afterwards?
What if I don't sync the data back to my phone until I return home? Is that concealing? Is it any different than leaving sensitive items from my wallet (say social security card) at home while I travel?
I don't understand your logic. Facts matter. Either you have the data on your laptop or you don't. If it's been removed, you don't.

Yes, they can ask you if you've deleted things, or if you have things elsewhere, but that's not generally what they ask or look for, or the issue at hand.

The data is still on the device. Only the password "vaults" have been wiped, obscuring the presence of the data and removing its access.

Look, you can twist the words however you want. At the end of the day, if a CBP agent or Federal prosecutor clues to the fact that you're using this functionality, their interpretation is almost certainly going to be "'late2part is hiding something!", and they will bring their (considerable) powers to bear in response to that, in order to figure out what that is.

Your indignation about or lack of understanding of that reality aren't going to change it.

The vaults are the data. I'm not sure what data besides the vaults you're referring to that's still on the device. The fact that the data is still on a server somewhere is irrelevant for searching the device. However if they ask to login to your 1Password account that's a different matter.
Does "travel mode" remove all the cookies, local storage, and any other indications that you're a user of the site(s) in the removed vault?

Remember: if you're this far down the rabbit hole at immigration, the machine is out of your bag, open, and unlocked. They can take it, while in this state, and image it. If there is evidence that you've been even unintentionally untruthful with the CBP folks, you're screwed. Not only have you lied, but you may have handed over evidence of obstruction of justice/tampering with evidence.

Federal charges like that stack up quickly. If they want to fuck with you, they will.

I would say this is more like a local git repository than what you said. When you add passwords to a vault, then it gets saved to your local copy and then synced to the server. When changes are made elsewhere, it downloads the changes and syncs your local repository.

Now "travel mode" simply removes the local git repository. The data still exists in the cloud, but you have to actively go out and log in to their service to retrieve it. Are you "hiding something" because you deleted a local copy of something from your device? There isn't something on your device that is somehow hidden. It's not there.

(comment deleted)
Is there any difference between securely erasing a TrueCrypt partition vs forgetting the password?
Yeah, in the former the information is truly gone, but in the latter, you're trying to convince people that you forgot something you used to know, and they may not believe you.
Don't most secure erase tools just write a stream (over several passes) of pseudo-random noise? If so, then it should be indistinguishable from a TrueCrypt partition.
Answer "There is no hidden information on this computer, or any of my other devices".
"Are you hiding any drugs from us?" "Oh yeah, I've got lots in my apartment in $ANOTHER_COUNTRY"

Why should the actual answer be any different with data than it would be with the drugs?

Have you set things up so the drugs will be available to you once you have gone through security?
You're not hiding anything, you're creating a legal barrier to someone accessing it. This is the privacy vs secrecy conversation.
If you're a citizen you don't have to answer any question until you've been accused of a crime and have a lawyer present.

Also, the case law is iffy on whether a one-word answer of 'no' can be used in an obstruction charge. (read about 'exculpatory no doctrine').

I don't know, I think the border is a no-man's land. They can pretty much keep you in limbo as long as they want.

Edit: Yes, US citizens are allowed to ask for a lawyer (at the U.S. Border). But, the 4th Amendment is mostly out the window.

That's not really true. As a US Citizen, on basic legal principle, I believe that once Immigration has established you are a US Citizen, they have to let you leave unless they suspect you of a crime.

Customs is sort of a different issue, they can go through your physical and digital belongings and search you.

They have to let you in, but they can confiscate everything you have with you at the border crossing.
...can you clarify this?

Looking up 'exculpatory no' implies that the matter was clearly settled in 1998 by the Supreme Court, which decided the doctrine is wholly invalid and the obstruction charge can be applied.

If there's iffy case law here, I'm not finding it successfully.

I'm not a lawyer so don't trust my take on what's safe to say to the cops.

I feel like I saw a recent exception to this, but even if I didn't:

1998 is pre-9/11, pre-TSA, pre- the large riots of the 2000s and 2010s like ferguson and occupy. It's pre-snowden, pre-aaron swartz. It's pre-iphone which means its pre every case about recording cops in public. It's pre stop and frisk.

Criminal justice has changed a lot since 1998.

Answer no, and it's just as valid as if you had a hand-written notebook full of work-related records that you left in your office back home before traveling. There aren't any reasonable justifications for requiring you to bring all information you physically have access to you with you when traveling, regardless of the format it's stored in.

Not bringing something with you is inherently different from hiding it.

Lying to a federal employee is a felony; if you know you are answering untruthfully and the USG can prove it then you are probably going to prison.
What lie has been told?
From what I understand, it removes everything but ones marked as safe therefore you're not hiding anything.

It's like moving your private files from a device before travelling, you're not hiding anything you just didn't bring it.

That's how I understand it. It is the physical presence of data that allows the warrantless search in the first place. Leaving data off of your device would be treated no different than leaving your device at home entirely.
So how does the whole "show us Facebook" thing work then? They're interested in your Facebook bits stored on the internet, not the bits on your device.
Right. And there is absolutely no legal justification for requesting you go fetch those bits from a data center hundreds of miles away and show them to the CBP employee.

However, they are hoping that people don't know that and do it anyway, even though they don't have to. Also, a lot of CBP employees probably don't understand that distinction anyway. It feels like it's all "on the phone".

Of course that distinction between data in your possession on your device and data that's hundreds or thousands of miles away might not matter if enough precedent accumulates to support forcing people to go fetch things when they're at the border. So we need to stand up for freedom from government intrusion now!

>And there is absolutely no legal justification for requesting you go fetch those bits from a data center hundreds of miles away and show them to the CBP employee.

Except they are allowed to deny your entry if you don't satisfy their whims.

I think we need a lawyer here, but this seems totally wrong. You're only committing a crime if you lie under oath, either to a court or congress. Cops lie to people all the time.

You should use your right to be silent rather than answer any questions of course, but that right disappears at the border.

Still, lying to a customs agent isn't a felony (at least not in the US). (If so, please cite the law). If you're not a citizen of the country you are entering, the most they can do is refuse entry. If you are a citizen, well there is where it can get complicated.

> You're only committing a crime if you lie under oath, either to a court or congress.

False: the relevant statute, 18 USC § 1001, doesn't mention the word "oath" once, and applies to "any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States".

Very much not true. Counter to the way we think America should work perhaps, but many people have gone to prison for lying to federal officials while not under oath. Martha Stewart being one of the most famous. Your best strategy when confronted with uncomfortable questions by federal officials in the US is to say "I wish to consult with my attorney before answering any questions." The result might be a lot of unpleasantness and delay, but they cannot throw you in prison for saying those words.
I don't think lie detection using ultrasonography is very reliable...
> There aren't any reasonable justifications for requiring you to bring all information you physically have access to you with you when traveling... regardless of the format it's stored in.

I think many of us would equally argue there isn't any 'reasonable justification' for forcing phone unlocks on random strangers in airports, but that still happens. I think you are asking for a reasoned distinction from people incapable of drawing them, and that while what you say makes sense, we are not dealing with a sensible system.

I can absolutely envisage some asshole airport security staff member causing grief over these kind of features should they grow in popularity - the existing interactions over phone unlocks are already in a weird constitution-free legal grey area in the US, even for US citizens. For foreigners the situation is worse still - basically zero options but compliance, or feel free to go home and never be granted entry ever again.

Exactly. People are already forced to log into social media accounts and such. So it appears anything you're able to access online is considered fair game.
> Not bringing something with you is inherently different from hiding it.

But you don't have access to your notebook once in the country. The 1Password travel mode is not for while you're in the country, but specifically just for the border crossing.

Travel mode, especially on a Team plan though, is essentially asking one of your co-workers to scan and e-mail the notebook to you after having crossed the border.
It's not really the same thing at all. Something you leave in your office is something you won't have access to at your destination - so it's logical that it wouldn't be subject to customs. Something online, regardless of physical storage location, is something you will have access to at your destination, so it should be subject to customs.
So if you travel without your phone, they still have the right to demand access to your email account? How does that make any sense?
I don't know whether or not they have the right - do they have the right to read some sealed-up documents in your briefcase? Whatever your answer to that question is, it should probably be the same answer to the e-mail question. All these trick arguments about "oh but the e-mail's not actually on my phone, it's in the cloud!" don't hold water for me; it's information you're bringing into the country. Either it's subject to search or it isn't.
But how are you "bringing your email into the country" any more than you would be if you just sent an email?

If they can't access my sent email when I send it from abroad without a warrant, then how does me entering the country without a phone or computer allow them access to my email?

So are you required to have all the data that's ever been on your device at the time that you cross an international border? Are you required to copy passwords that were never in 1password onto your device before you travel?

EDIT: Another way to put this: Is there an expectation that a border agent could, for example, ask for the password to my bank account? If not, how would there be an expectation that if that used to be on my iPhone it should still be there when I travel?

Are you a citizen? Because if not, the answer to all of this is "whatever the hell border patrol wants". As far as I know, you absolutely could be asked for your bank account password. You wouldn't be, because any agent asking would probably be fired to avoid a media circus, but it's not actually against any rule. Border patrol discretion for non-citizens is almost absolute.

If you are a citizen, it's not clear that anything at all can be demanded, even logging into an account already on the device. It just hasn't been put to an unambiguous court challenge.

This issue seems to be a bit of a geek trap. Yes, border agents have a fair amount of authority. No, you're not required to twist your mind into a pretzel trying to decide whether what you choose to put on your device constitutes hiding the things you left off. If an agent is asking you something as specific as "did you enable travel mode in 1password" you've probably already triggered some suspicion.

Some of the responses on this thread make it sound like there are people who would actually start explaining travel mode unprompted because they arrived at it by some twisted logic about what 'hiding' means.

you can't disable it from the app
Based on this wording, it sounds like a team admin might be able to enforce travel mode such that the user can't disable it.

>If you’re a team administrator, you have total control over which secrets your employees can travel with. You can turn Travel Mode on and off for your team members, so you can ensure that company information stays safe at all times.

In which case, you as a user literally can't access the information without communicating with an admin at your organization. If CBP ever starts requiring that you call a third party to retrieve confidential information, well... I hope we never get to that point.

> If CBP ever starts requiring that you call a third party to retrieve confidential information

What would they do, do you think, if said third party was a foreign citizen—of a country with no deportation treaty with the US—and upon getting the person you have in hand to call them (presumably under duress), they just said "I don't negotiate with hostile governments" and hung up?

>of a country with no deportation treaty with the US

I'm not sure what this means, afaik there's no such thing as a "deportation treaty" (perhaps you're thinking of extradition?). If you aren't a citizen, you can be deported, no treaty necessary. Furthermore, if you're at the border you're not even being deported, you're just being denied entry - you get to not pass customs at all and sleep in the airport lounge until you can secure a flight back to your home country, if the CBP decides to turn you away for any reason they choose. As a non-citizen outside the border, you really have no rights at all, and no recourse against any decision the CBP chooses to make.

Yes, that's the one I was going for, extradition treaty—I was referring to the fact that CBP can't just lean on the other country to send them the person they actually want to interview (i.e. extradite them for a crime they've been implicated in by the testimony of the person they just interviewed), so they really are stuck with just getting the detained person to call them up and negotiate.

If US CBP catches a low-level gang member from the UK, they can use their testimony to get an extradition order for higher-ranking gang members—so CBP are incentivized to detain low-level gang members and grill them to see what they know, even if they haven't done anything. But if it's e.g. a low-level Russian or Chinese or Iranian gang member, then the "extradite" part of the "use testimony as evidence to extradite higher-level members" plan doesn't work, so there's relatively little point to grilling such people.

At first, I thought the same thing. But if they ask that question, then no, I'm not hiding it from the border agent. I'm disabling a feature while I travel so that nobody has the potential to get to it.

Edit: Besides, if I ever travel out of country with my work phone, if anyone wants access to it they'll need to call my work's legal office as I'm not allowed to let anyone access that phone without their permission.

As a general comment to so many of the follow-ups to this post:

You really, really don't want to get into a rules-lawyering match with Federal fucking prosecutors over whether "clever technological solution" counts as "hiding" something or not. They have all of the guns in this situation, and you have a demonstrably inaccurate understanding of the relevant statute.

You WILL lose.

More than that, everyone is getting up on the wording of the particular hypothetical question posed above. It could easily be replaced with "Did you remove any data from your device so that we wouldn't be able to see it?", or "Did you enable Travel Mode in 1Password?", or even "Please sign this form affirming that you have not hidden anything from us or employed anything from this list of loopholes thought up by cheeky engineers."

Your adversary here is a group of humans. Not a Bash script.

> Your adversary here is a group of humans. Not a Bash script.

This is an awfully good summary. There are a thousand different questions that would invalidate this, and the idea that maybe-possibly-sort-of outwitting one question solves the problem is insane. Any reasonable plan has to be prepared for a question that can't be invaded - whether that means "yes, here's the data", or "yes, but I can't get the data", or "no comment, I want a lawyer".

If the question is "are you hiding any information" then the obvious (and true) answer is no. If the question is "did you use travel mode for 1password" then that's a very different question. Unless you can point out a statute that requires you to travel with certain information on your device it's hard for me to see the problem.

Your position seems to be that if you were carrying your checkbook (as an American) and then decided against it because you were worried someone might get your bank account number then you somehow risk getting into a debate over technicalities with a border agent. I would strongly recommend not getting into that debate as well by not bringing it up.

I don't think searches of accounts are in any way excusable either, but for the purpose of rules-lawyering:

You have deliberately chosen to make certain information not available during the search period and are planning to make it available again once the search is over. I can absolutely see how that counts as "hiding".

Therefore, if you had a device to withdraw money remotely that required entering your pin, and if the security agent asked you for your pin, would you provide it?

What if my laptop had similar capabilities?

The bank PIN isn't really comparable as government agents can access bank info (in UK at least); the only purpose of the PIN is money withdrawal - surely there is no situation where a border agent would be legally asking for that PIN?

If it's going to bother you why not just use a dumb device and a VPN to access your sensitive data?

And crucially, "can see how" is all that matters here. If the argument isn't prima facie absurd, then you get to go to court with the government, where you won't win and will face horrible harms even if you somehow do. "But I'm technically right!" doesn't count here, only "but there's reason to dispute that".
Haha, your life matters more than standards. Weak cunts everywhere in this thread
This is especially true if you allow them to frame the action as "hiding". L

First you must ask them to not use loaded terminology like "hiding" when dealing with information you own and don't feel like accessing. Don't answer "yes" or "no" to whether you're hiding something. If you use their words then they have a huge advantage.

I'm gonna bet that trying to "language-lawyer" how your CBP agent phrases their questions is a one-way ticket to a private interview, because that's not suspicious at all.
You don't have to explain yourself to them. They don't know the legalities involved, they are grunts. Just tell them simply that you will only answer the question a single time, and the answer is no, and you will ignore future questions about the matter. And ask for your lawyer. If you aren't going to allow access into your personal devices to begin with, you're probably getting that interview regardless.
Looks like there is a business opportunity for an airport located on-demand lawyer practice.
It honestly sounds like it would be irresponsible to travel to the US without a lawyer with you. In fact, sometimes the US sounds like you need a lawyer on hand at all times.
(comment deleted)
The data is actually removed from your device so you aren't hiding anything. Like someone else said it would be ridiculous if you were forced to have all your data on your device when you travel.
You literally don't have the data on you so you're not concealing anything. Just because you can download it later seems like flimsy reasoning.

Otherwise, they could get your for "traveling with more than $X" because you have more than $X in a bank account somewhere that you could get via ATM.

(comment deleted)
The point of travel mode isn't to dodge border control policies or questioning; the point is to prevent the exposure of credentials when travelling, even if the exposure is to a border agency.

If a border agent asks you directly, "Did you remove information from this device to prevent us or others from seeing it when entering or within this country?" the only truthful answer is "Yes", but travel mode has still achieved its goal. Even if they confiscate your device, they can't access the credentials. You may have other issues entering the country but your data is kept secure and private.

At some point, you're going to have to have a separate device for international travel. Then they'd have to ask: "Do you have another device back home that you didn't bring because it contains sensitive information?"
Even back in the 90s, I knew people who would bring a separate travel laptop that would just have the basic set of apps and a VPN client. So, once you got to your destination, you'd login via VPN and download what you needed. This was at Nortel, so it's not like it was a very high security company, just moderately secure. Not everybody did that, but certainly enough people did. The department kept a couple spare laptops for just this purpose that would get wiped and restored to their default config after the travel.
This whole saga just makes make me want to not visit the US for any reason whatsoever.

If I had to go there for work from Australia, I'd request a laptop and new credentials to be provided to me at the destination. For emergency comms during travels I'd wipe my mobile device and use a new prepaid mobile/cell service SIM card in it, from a different carrier, leaving the original one behind.

As such I'd not be bringing any 2FA that'd let me access my Lastpass which has just about all my stuff, and I'd be able to honestly state as much.

Same here. It's ridiculous when it's getting to a point where I'd take at least as many precautions travelling into the US as China.
> the border agent asks "are you hiding any information from us?"

Answer yes, always, because: I have client data I'm most certainly hiding from you on my computer because they'd in general be worried if it i didn't, also I have passcodes to friends mail servers I manager for them I'm hiding from you, also I'm hiding from you all the emails I've sent to my parents, I'm also hiding from you all the pics of my gonads I sent to my lover. So yes, I'm hiding information from you. What country is this anyway? <asks the person arriving to the US from Germany>

(comment deleted)
This feature really should ask you to commit to your duration of travel beforehand. It's no use if you can be compelled to readd the data.
That doesn't solve the problem, because you could be detained until the data is accessible again.
I admit, my threat model doesn't include indefinite detention at a border, but that is a valid concern depending in where you are going. Unfortunately, it's common not to believe people that say they don't know their password, otherwise the solution would be to just change your password and leave it at home without learning it.

For me, the time lockout changes the claim you can make to an official from "I don't know the passwords, I have a record that I didn't bring with me, but can retrieve online" to "I don't know the passwords and have no ability to retrieve them while here". For me, that distinction is valuable and the benefits outweigh the risks. But everyone has different requirements and risk sensitivity.

It's beyond disturbing that we have reached the point where we are discussing this as a potential feature, and not a plot element of a dystopian scifi.
No you can't be detained indefinitely (unless they have evidence to charge you with a crime). You could have your devices confiscated, and as a non-citizen, you could be denied entry.
I believe you can be detained indefinitely, and without probable cause, by border agents.
Yes, THIS. THIS. Lying to a federal agent brings a world of hurt (obligatory disclaimer: I am a law professor but I am not YOUR lawyer...). Right now any customs agent with a brain can just ask "do you have that travel mode turned on? Ok, turn it off," and most courts will allow them to force compliance with that order. It would be really useful to be able to honestly say "I can't."

It's true, if they really want to make someone give up the info, they can arguably detain that person until the timer expires. But that move is much more costly to the government, as well as subject to all kinds of interesting potential legal challenges. So a timer makes the data strictly more secure, even if not perfectly secure.

Better, the feature should _always_ show both "Enable Travel Mode" and "Disable Travel Mode" buttons so that it's not possible to tell whether or not it's enabled. Disabling travel mode should prompt for a password, then return a message like "all vaults protected with this password are now enabled" no matter what the result of the operation is.
So if you're in Travel Mode and you don't want them to know, you'd intentionally put in the wrong password to unlock? I agree that sounds like the best option. It's a lot like TrueCrypt's concept of having an encrypted drive with one password, and another, hidden encrypted drive in the same file with a different password. No-one can prove you have the second hidden one.
Yes, exactly. It would be impossible to tell whether you even had any Travel-Mode-hidden vaults without exhaustively testing every possible password.
Setting GPS locations where the vault can be readded to your device and disallowing it everywhere else would be good.
Came here to make the same suggestion, and strongly agree. I should not be able to re-add the vault if I am not in my house.
I thought about mentioning this too, as well as things like IP addresses and 2FA. The problem with GPS is proving that the location or request isn't spoofed. Ultimately, the phone is trusted when it supplies coordinates, so a determined adversary can easily circumvent it (for example, a SDR running a GPS spoofer). That's not to say it's a bad idea, as it certainly inproves security, but we are talking about state level targeting here.

The other options, like IP and 2FA are more likely to result in failure demand by non-expert users. It's really tricky to get the balance right, as it's hard to justify to yourself a full wipe when going to a relatively low but nonzero risk country.

GPS location can easily be spoofed, and your ID has an address on it.
This is a nice feature, but ultimately if you are concerned with border agents requiring a phone search then you should just backup and install a fresh OS before traveling, then restore when you get back. Log into the minimal number of apps after you've entered the destination country, and optionally delete/logout of said apps prior to return travel if the return border crossing is also a concern. Admittedly if you use a password manager you might need still want to make use of a feature such as the one in this article, or install the password manager app after entering the country, or just write down the passwords that you will need and hide them somewhere unfindable with your stuff.

On iOS about the only thing you would lose is your message history during the trip. It might be an annoyance if you wanted to play games that had non-cloud-based saved player state, but I can't think of too many other issues with doing this.

That may be a solution, but I'm never going to have the time to do that personally.
But are you concerned with border agents searching your phone? If you are then any time spent on this is time well spent. Although protecting your password manager is obviously of vital importance, there's a lot more to be concerned about sitting around on your phone if they can get in.

There's also the general concern -- although I don't know if it's ever been proven to have happened anywhere -- of border agents installing tracking software / malware. They often take the phone out of sight for a while. This is probably more of an issue with Android phones but again if you are a journalist or human rights activist or anyone with legitimate reasons to be concerned, I would absolutely want to wipe the phone as soon as possible after a border crossing if agents had forced me to hand it over for inspection.

Then it's a burner phone for you. Can't afford that? According to the security state, then you pay by risking your information.

I agree with both you and the parent poster. It's sad that we're paying a privacy tax on something that should be constitutionally protected.

Can't they order you to sign into iCloud or equivalent and then just sync whatever they want, photos, texts, emails, apps (and then order you to sign into those apps like Facebook, Whatsapp, Gmail)? Bottom line is they can get you AND everything you have access to. And it you try to circumvent it by i.e. temporarily encrypting everything for 24hr boom you just committed a felony. This is my understanding at least.
IANAL and I don't have an answer to this, but I would be deeply alarmed if this were the case. I can understand them making the case that anything on your personal is searchable (though I disagree that this should be allowed).

By asking you to sign in and sync, they're not just requesting access to information on your person -- that's an enormous expansion of their search powers.

Isn't it established that they'll ask for social media credentials which sync old data automatically?
You know what's strange? I just can't remember my password to this account.

Real talk, if you play games they will find a way to fuck you up, and even if it is not strictly legal, even if you with some kind of relief later (not likely a nice settlement), you will still have to deal with getting fucked pretty bad at the time. Not a great outcome.

Yeah, no shit. "Oh, you can't remember your password? That's OK, we have a nice place here for you to sit until you do."
(comment deleted)
"And it you try to circumvent it by i.e. temporarily encrypting everything for 24hr boom you just committed a felony"

This isn't true. Encrypting your device is not illegal, and they do not have the legal authority to compel you to unencrypt it or make you sign in to anything. They can make your life miserable, but the constitution still applies.

>This is a nice feature, but ultimately if you are concerned with border agents requiring a phone search then you should just backup and install a fresh OS before traveling

This is just another version of the "why do you need privacy unless you have something to hide" argument.

In a true democracy this would be a pointless feature.
How the law was created has nothing to do with it. I suspect that most of us would be surprised with how many US citizens support this idea.
Why? What prevents a "true democracy" from enacting strict border controls?
A democracy is not just a system of governance. The fact that a law was voted by congress means it is a republic, or a parliamentary monarchy.

To be considered a democracy a country needs to provide its citizens more than the ability to elect a legislative body. There needs to be some basic freedoms and guarantees as well, like strong protections against unlawful detentions (habeas corpus) and unlawful seizures.

Border control agents are provided exceptions to the normal rules. They can check your luggage for weapons or illicit goods without any probably cause. The logic behind these exceptions is that it has a deterrence effect on criminals that would like to bring in illegal goods.

But going through your digital information makes no sense in that regard. If you were "up to no good" you would be able to send that information digitally without stepping foot in the country. Going through someone's private information is not about ensuring the safety of the country. It is an invasion of privacy and an intimidation tactic. The deterrence effect is not against criminals. The government uses this power to intimate people they do not like. For instance Loira Poitras and Glenn Greenwald are routinely subjected to this, for political reasons. Many muslims are subjected to this, simply because they are muslims.

These are the tactics of non democratic regimes. It is sad to see them becoming more and more widespread in the US.

The world is bigger than one country. It's not for traveling to democracies, it's for traveling to totalitarian regimes. Sadly, that's where the US seems to be heading now. But it will also be useful for travel to China or North Korea.
I don't get how this would prevent border agents from asking to unlock / turn off travel mode.

Why not make this feature tied to a geo-location? Like the hotel or the conference centre I will be attending.

AFAIK you can only deactivate the travel mode on the web profile. Of course it would be much more effective when you use it in the team mode. So that someone else has to deactivate the mode for you.
One thing that I have always thought about is why Emails doesn't have disposable passwords. For example, you make 1 new password that you can use just one time.

That way if you need to use unsafe PC from a hostel, you can log in with that password.

Backup codes are exactly that, though they're more in case you don't have access to your 2FA device.
You're basically describing two factor authentication, when you have not authorized the particular computing device in question to skip it.
Or why we have passwords at all. Sites like Medium have moved to a passwordless model, where you're sent a login link to access your account rather than forcing you to remember or retrieve a password.

https://blog.medium.com/signing-in-to-medium-by-email-aacc21...

Where would you send a link to log into your email?
I was thinking it would be super cool if you could use something like https://krypt.co/ and use public key private key.

Sure, you would need that ssh daemon running on the computer, but I bet it could it could be retrofitted to use qr codes or something.

... so a link sent over a protocol that is considered "insecure" by any sane security expert allows account access? Not to mention you still have to "secure" a password to your e-mail account.

I'm sorry, what in the world is Medium thinking? This is a step backwards from a user/password model.

They cover this in the article: "reset my password" emails are already the norm, so it's not any riskier than your existing online banking or social media accounts.
Resetting via link alone is yet another bad thing, because as you pointed out it leads to the exact situation you just described. Password resetting should involve some type of challenge/response, and accounts should be secured with 2FA on top of all that.

Medium still isn't winning any security points here.

> Medium still isn't winning any security points here.

Sure they are. Removing a credential—in this case, passwords—is strictly more secure. It's the same rationale as to why 2FA with just a TOTP app is more secure than TOTP app + SMS backup. And the emailed links are analogous to password reset links so there's no erosion of security there, provided they're properly secured (one time use, time bounded, etc.).

Also, realistically, if they used passwords, many of their users would probably re-use the same email,password pair at other sites. If any of those other sites use bad password hashing hygiene AND get hacked, then the users' account security is busted.

Someone posted something like this 1-2 years ago here. They used a Yubikey (?) with TOTP to give one-time read-only (?) access to their email while traveling. They posted the project on github, I believe it was a Show HN but I cannot seem to work out the search-fu to find it.

EDIT: Ok, TOTP was wrong in my recollection. They use pregenerated one-time passwords:

https://news.ycombinator.com/item?id=12255833

Yeah, it is a little different if it is pre-generated. And if you face a situation where you need access your email from an unsafe computer, it is probably because you can´t use your smartphone.

So, two steps authentication is not a great option. And from my experience traveling, this kind of situation happens a lot.

Edit: Apparently LastPass has this option: https://helpdesk.lastpass.com/your-lastpass-icon/loggin-in/o...

I have some ideas I think will improve our security in this direction. Apple seeks to make it technically impossible to extract iPhone data and I've been wondering how we can do the same with using someone's credentials to enter the systems we build.

One idea is to allow users to define how many concurrent sessions they can have so they can manage those slots and require something sign out before their credentials can sign in again.

The other is to allow users to configure a schedule when their credentials work so you can block most of the world and probably most of most days too.

The fact that this is a necessary feature today is a horrible thing, something I would never have thought about a few years ago.
They can only legally view the data you bring into the country on physical media in your possession as you pass through customs.

Though it's not difficult to remove the app/vault and then reinstate it after customs...

The video/onboard tried too cute to make the Travel mode = off a confusing ambiguity by making just gray. If you don't want to waste people's time make things explicit.
Would it be equivalent if my (for example with LastPass) vault required a 2FA token to access, and I simply left the 2FA token at my house? I would in that case similarly be incapable of complying.
The right solution to this problem is, when traveling, always answer "no" to "may I search your laptop?"

It sucks, and it many mean a lot of hassle ranging from confiscated equipment to being held at the border to being refused entry, but this is just one of the new risks of travel. Border security only gets away with this because people say yes.

Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation. You should be able to say, honestly and credibly, "I won't unlock my laptop because I don't want to get fired."

Do you honestly think customs agents care whether you'll get fired or not? US immigrations will permanently sever families that have been together for years or even decades with utter disregard for the emotional trauma they're inflicting.

Your job matters exactly fuck-all to a CPB agent.

That border agent is a real person, who is "only doing their job". So are you. It works both ways. If enough people say no, then after a hellish but hopefully short adjustment period, the policy will change.
> the policy will change.

The policy might change to include cells at the borders where people are detained until they hand over login details or voluntarily decide not to enter.

Should the slope become that slippery we'll have a much better reason to stand outside a legislator's office with pointy sticks than "I was mildly inconvenienced by the TSA."
If what is already happening across the country is not a good enough reason already, I doubt anything will be.
Yep. Quite simply, the 0.1% of the US population here on HN does not care about privacy nor protesting nor writing to their local or state government.

HN needs to stop living in a bubble. Only 1/3 of the US even bothered voting in the Trump v Clinton presidential election. I'll let you think about that for a moment. Now think about border searches. Has your phone been searched? Neither has mine. I'll go back to my company catered lunch now.

Where did you get the 1/3 from? It's been 55% of eligble voters. Counting non-eligibles wouldn't really make sense in your argument

Source: https://www.google.de/amp/s/amp.cnn.com/cnn/2016/11/11/polit...

If you really care about the issue, why abstain just because someone else doesn't want to count your vote?
Actually you should count all Adults not just "eligible" for a few reasons

1. No one once reaching the age of majority should have their voting rights taken, for any reason including criminality

2. The figures also do not include people of age who are ineligible to vote or have not registered. The "Have not registered" is a key part because many stated in the last 2 election cycles have been passing a number of laws to disenfranchises segments of the populations making it harder and harder to register

3. The concept of our nation is "Consent of the people", that is all people, not just those voting. the majority of PEOPLE reject the 2 candidates put forth buy the corrupted and unethical political parties then the government can not claim to have the consent of THE PEOPLE...

Many many many Americans feel complete disenfranchised by the political systems that gives them 2 Choices that are equally terrible and corrupt. Forcing a defensive vote that is mainly against the person you do not want to win instead of voting for a qualified person you actually want to be in office.

As a life long Libertarian, I have no interest in voting for either a Republican or Democrat

None of these reasons you list make sense in this context.
If the 55% is from people registered to vote, it makes perfect sense.

Seriously? You need to register to have the privelige of voting in your country? That is beyond fucked up.

Obviously, if you don't plan on voting, you won't bother to register.

In our busy and overwhelming lives it is easy to procrastinate about civic responsibilities while still caring about living in a just and fair world.

My phone has not been searched, either, but the issue here is to stand up for your rights. If you have never been wronged by a person or organization in position of authority in US government then consider yourself lucky. I and most people I know living in the US have.

Border guards were doing this stuff long before Trump was elected, and it was never a significant campaign issue one way or the other. Stop trying to make everything about Trump.
That job they're "just doing" is, as it's drilled into their minds, to act as a barrier against anything that even might be a threat in some form or fashion to their country. They have pretty broad authority toward that end.

You (the notional you) aren't even from here. If you say no, you've identified yourself as a potential threat, and can just sit in a room by yourself for as long as it takes to put you on the next flight back to wherever you came from, at your expense. And you probably won't be allowed to return.

If you're a citizen and say no, they might confiscate the device, and might make you wait around long enough to miss your connecting flight (and maybe even the next couple, if they're feeling particularly peevish), but that's about all they can do.

That job they're "just doing" is, as it's drilled into their minds, to act as a barrier against anything that even might be a threat in some form or fashion to their country.

They may get that drilled into their skulls, but I think it's more that they just don't want their boss to yell at them.

No police officer arrests a DUI and says "but I'm just doing my job." It's only when the other person (the traveler in this case) has an entirely legitimate reason to resist them that "I'm just doing my job" comes out, with an implied threat that the authority they're appealing to (that they themselves don't have) will come down on everyone involved, and they don't want that.

Also, they don't have any personal liability for anything that goes wrong in this process, except perhaps that the company they work for will lose the contract (unlikely here). Again, "boss will yell at me."

These people are better thought of as clerks than cops. And yes, they can inconvenience you, but that's not the same thing as compliance.

I assume you're referring to illegal immigration, in which case there is at least a legal (if possibly not moral) basis for screwing people over.

The story with stealing citizens' personal information is entirely different; there is almost certainly no legitimate legal basis to fuck over US citizens for excercizing the basic rights explicitly protected by the 4th and 5th amendments, just because they happen to be at a border area.

But what about non-Americans? As a Canadian, I can have a very valid reason to go to the States, and even refusing a search once could cause me issues any time I try to go to the US.
Yup. The correct solution is to stop traveling to the US. Stop sending your employees to the US as well. If the rest of the world starts insisting that US companies always come to them because of how US border agents act, that shit will bubble up to the lobbyists real fast.
It's just that easy.
If hurts people with money, something will change.
No, it's not. That's similar to saying just stay away from bullies, or leave if you don't like your job/school/whatever. It is easy if you view the issue in isolation, but for a lot of people it is more complicated, such as how will you see your loved ones / do your job / travel freely? In this case, the ones most dependent on being able to travel have little choice if they can't take on almost unlimited (potentially, but still) risk to their livelyhood.
It's amazing how disparate the experience is in Europe. The first time I flew to CDG a year ago I honestly thought I somehow skipped customs accidentally. Heathrow, on the other hand, feels like a dystopian experience straight out of Minority Report. 20 questions and having your photo taken at every turn for simply connecting through the UK.
I think the authoritarianism is a Anglo Saxon phenomenon. At least in more recent history.
Bingo.

Why would anyone want to go through that on their vacation? Unless you enjoy that sort of thing, go somewhere pleasant instead. (And if you enjoy that sort of thing, there are far easier ways...)

I say this as a US citizen who will be sad if it comes to pass, but this bullshit won't stop unless the rest of the world refuses to put up with it. Your average US citizen doesn't travel internationally (only about 10% of the population has a passport), so they don't notice unless it hits their wallets.

Please force us to stop.

Put up with what? I go through Houston Customs almost every month and they rarely search anyone. It's like a river of people walking right out the airport doors after a cursory glance at the customs declaration. I have never once seen a person with an open laptop in the search areas. That doesn't mean it doesn't happen but good grief, what's the actual percentage? I am willing to bet a minuscule percentage gets their devices searched.
I don't believe the data on that is available; at least, I haven't been able to find it[1]. I'd love to be wrong, if someone else has information.

I'm glad your frequent travels are eased through customs to the point where you don't see what happens. But allow me to suggest that a frequent traveler through one port once a month is an insufficient data set from which to draw conclusions?

If nothing else, you have available the fact that a software vendor sees sufficient demand to invest in this feature, to go along with your google skills to find counterexamples to your experience. I don't know if that's sufficient to get you past your blithe dismissal of others' concerns and lived experience and on to a skeptical but open view or not.

[1] Which would be typical; one of the easiest tactics to steer public discussion is to pick and choose what data to collect and release. The US has a long history of this tactic, especially with issues that touch on law enforcement. The lack of decent data on killings committed by police is well-known; categorical refusal to allow studies on various drugs is too. But this is a frequent problem; hammering on killer cops with video is provoking grudging, slow change on the first and incremental legalization of pot is changing the second. But there are lots of issues over which this happens.

> Why would anyone want to go through that on their vacation?

honestly? the us is a beautiful country, with amazing people. i love visiting and love going to weird towns to meet different people. (also, my sister is married to an american citizen, and i want to meet her every once in a while).

but at the same time, it's really fucking awful to be treated as a criminal every time you try to go to the country.

I'm in Australia. I like a lot of things about the US and lots of the people in/from the US as well. I went there about 15 years ago and had an awesome holiday.

I would never go there now that a dangerous buffoon like Trump is in office, also for a long time now it's been known that outsiders will be treated like a criminal at the border for no reason. And I mean literally no reason because I could easily not have all my masses of terrorist information on the laptop and just download it from the terrorist servers when I get there. So there is literally zero reason to be searching my digital property, and I'm not about to take the gamble that I could be prevented entry or delayed enough to possibly cause thousands of dollars personal cost for no good reason. The security theatre is ridiculous.

Outsiders are obviously not welcome so I'm not coming.

There are plenty of sane countries around the world to go to, why would I go to the US?

I hope the American people can find the motivation to vote and pressure their representatives to actually do something about their own freedoms. Not only border patrol but your militarised and outrageously unaccountable police force.

Sorry but that's just, like, my opinion, man.

As a foreigner married to a citizen, I'm not too satisfied with this suggestion.
You sound like a weak cunt with no spine
It completely depends if you are white or not. If you are white, and speak politely, the agent will care deeply about your concerns, including potential firing as an example. If you are not white, and especially if you appear black, Latino or Arab, then your comment will definitely hold true.
You are absolutely the worst kind of person.
(comment deleted)
Recently delayed by the TSA to the point of missing my turn to board. Was subjected to additional searching. Upon finding nothing, I discovered the extra searching was what they do when you fail the hand swab test. I had not had the test administered. So they administered the test. I passed. They then searched my things again and I was questioned regarding the quantity of business cards I was carrying.

Oh also I'm white.

TSA is not the same agency as CBP. They don't receive the same training, encounter travelers in the same situations, enforce the same laws, or execute the same authority.
I've had similar experiences with CBP too. It's still a pretty silly unqualified comment. They tend to be on power trips any chance they get, brown or black or white.
I didn't mean to comment on the use of racial profiling; I've just noticed that there's a lot of confusion about the difference between TSA and CBP.
(comment deleted)
Pretty sure parent was just saying that it's way more likely to happen to you if you're not white, not that 100% of white people will pass through unaccosted.
Well given that parent used phrases like "entirely depends" and "definitely", I didn't get that at all. And given my own experience of being consistently delayed in most locations and being white, I think there are clearly more factors. And if true, those factors affect more people and amplify the effect of racially motivated factors.
Careful, you're showing everyone you're a racist asshole.
By calling the border police racist?
Wow, quite an accusation!

Is there any actual data source on this, or is it just a narrative you prefer?

Are... are you seriously doubting the racial profiling that happens at the hands of border agents? I'm genuinely curious. Do you know literally nothing about America's history or the current political climate?

I'll even help, since apparently Silicon Valley hasn't invented a $400 way to enter text into a search bar: http://lmgtfy.com/?q=US+border+patrol+racial+profiling

Does customs anywhere else the world care more? Explain your refusal to allow a search to a Chinese, Korean or UK customs official.
(comment deleted)
If you, as an innocent person, don't refuse to have your belongings inspected, you participate in making belonging-inspection-refusal into a great heuristic for determining guilt.

This is a form of "citizen duty".

I've witnessed US border agents mocking someone for hours in the waiting area before summarily sending him back to where he came in from.
Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation

So which is a better option? Losing a job (or) refused entry/detention/harassment after 24+ hours on the plane/getting treated like a criminal....? (not that criminals need to be treated badly)

The right solution to this problem is saner laws and educating the public about privacy and related topics

The right solution to this problem is saner laws

Considering the history of the civil rights movement in the US, we're not going to get saner laws without a little civil disobedience. It sucks to bear the brunt of this harassment, but saying "yes" only enables the system to harass everyone more efficiently.

I opted out for years and made fun of TSA agents during the pat down. It turns out you're not allowed to requests pat downs from specific agents. Who knew? ;)

But now I don't even opt out.

Instead I tell them that I can't raise my arms above my head. They direct me around the scanner (sometimes the metal detector too), swab my hands, and call it done. I often skip 10-15 people in the process. If they ask why, I tell them I have a medical condition and they're not allowed to ask further so I don't explain.

Hopefully the bad guys never figure it out!

wow this is a great idea especially considering i have real shoulder issues. thanks for the tip!
Does that count as lying to federal government agents? (Title 18, United States Code, Section 1001)
Not if its true. We don't know if it is or not, unless you know this person in real life.
Who said I'm lying? I'm not going to disclose private medical issues to rent-a-cops.
Or on Hacker News, for that matter...
After you leave make sure you don't accidentally do a "yes!" arm in the air gesture!
One time I might have said "I can't raise my arms like this" :D
Will try this. How many times has it worked / not worked?
And the possibility of not being able to go to the US ever again, meaning something that will get in the way when searching other employment.

It's one thing to decide not to go to the US, it is quite another to be force to it in order to defend my employer shareholders interest on a trip mandated by them. If you send me to the US, you implicitly agree the company is fine with US borders to do whatever they want with the company data.

It is 2016, I can rebuild a whole laptop from scratch with my whole data anywhere in the world. There are affordable ways to work around the problem: provisioning a VDI and even buying a laptop on site is a fraction of the cost of flight and accommodation.

If NASA engineers aren't allowed to refuse to unlock their work devices containing confidential NASA information, what hop is there for us?
> always answer "no" to "may I search your laptop?"

in my case, that would mean deportation due to not being american. i either get deported and lose all the traveling plans or i get searched.

I think in this case the correct technical term is "denied entry". You haven't passed immigration to the country.

Deportation is the expulsion of someone who's actually in the country, past the border, and resident or visiting.

Potato/potahto, really. Good luck getting a visa next time if you've ever been "denied entry".

Really, for non-Americans the best advice is just don't go in the first place. Second best advice is just comply with border security personnel.

Any tricks like leaving the battery empty, bringing a burner, not bringing a laptop and getting a loaner when you get there etc, they do nothing but raise suspicions.

> they do nothing but raise suspicions

Oh god, no. Technical measures - of course - do work. So does erasing data from phones, laptops, hard drives, etc.

Do not let the security theater scare you into obedience.

Again, this is not valid advice for non-citizens. If you're a citizen, sure, feel free to go through with an empty or password-protected device. Maybe you'll be detained for a while, inconvenienced, given a stern talking to, etc.

If you're not a citizen? You can be denied for literally anything the agent feels like. They feel you're suspicious because you claim (falsely or not) you don't have a facebook account? You're not coming in. Visa denied.

yup. cbp officers can deny your entry if they think blond hair is ugly.

> Visa denied.

you know what's shitty? i have a b1/b2 visa. cost me 100 usd and two working days. i also visited the us ~6 times, never overstayed by an hour. but even then, i'm suspicious because i'm brazilian (that's a theory, of course. i have no proof other than brazilian friends also having problems with cbp).

What you are describing is not the result of yourself protecting your privacy but the result of being found to be suspicious.

Not appearing suspicious is an important part of protecting your privacy. While it's true that acting stupid or careless can bring you in trouble this is not sufficient to deny the utility of privacy enhancing behavior.

> Any tricks like leaving the battery empty, bringing a burner, not bringing a laptop and getting a loaner when you get there etc, they do nothing but raise suspicions.

as i said on another comment, even not having social media is suspicious. which is insane, because it means you cannot have privacy if you want to go to another country.

And I happen to not have social media, for real. Whoops. I need to go through U.S. Customs at least once a year. :(
i usually plan to travel to the us once a year for tourism. that's basically ending this year because of the way cbp treats foreigners.

i know at least another 5 people that are not going to the us because of that.

Not bringing a laptop is probably not as suspicious as you'd expect, particularly given recent discussions of banning carry on laptops on flights from a large chunk of the world.

  > Good luck getting a visa next time if you've ever been
  > "denied entry".
I would not want neither visa nor "next time" after this. If they want their walls, let them have them.
Correct. We'd have to comply.

US citizens, however, can choose to deny them and go through any hassle that CBP may want to put them through, but they cannot deny them entry.

> Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation. You should be able to say, honestly and credibly, "I won't unlock my laptop because I don't want to get fired."

The USG has shown that it is perfectly happy to kneecap entire domestic industries (aerospace, semiconductor) for the sake of "national security" via ITAR. You really think they give a shit about one person's job?

The solution to this problem is to not visit US.
Then Europe is going to do the same, and the solution will be to not visit Europe, and so. Eventually we won't be able to leave our country without giving up our privacy.

The real solution is that people from the country protest when such an abusive policy is introduced.

Only the UK is doing the same, in France civil rights still do exist. No worries. Even if they are at war right now, and abolished civil rights for a few years.
This is the solution my company chose for a milestone trip we will undertake in half a year.

The plan was to go to NYC, now the plan is either Paris or Tokyo instead for the 70+ employees.

Ill tell the TSA no if you buy me a new laptop/phone when it happens.
good luck with that.
He can tell them whatever he wants. Doesn't mean they will care.
Ill tell the TSA no if you buy me a new laptop/phone when it happens.
I can tell you most of the corporate policy says comply with all law enforcement requests when asked while traveling and report it to corporate security/legal.
Many US workers are not citizens. Your solution would mean losing both their job and home if they were stopped on their way back into the US.

A better solution is to not allow people to travel with anything that would be catastrophic if lost. My former employer would give employees loaner devices for travel to certain countries.

I think part of the point is that employers also can't lose all employees, so they are encouraged to fight back with their economic blight, in part by lobbying.
>always answer "no" to "may I search your laptop?"

Good luck with that when faced with a border nazi & zero rights.

I just leave my personal laptop behind when travelling to countries with dubious personal freedom policies...like the US.

Just saying "no" will work in very few countries.
It's always Americans who can, at worst, get their laptops and phones seized that have this stupid ill-informed opinion.

If you enter the United States as a non-citizen and don't submit you will be denied entry for 5 years or life, still have your devices seized, and any visas or permanent residency can be cancelled. Possibly be jailed.

Hey, look, a citizen (or non-USian) commenting on immigration matters. Without any clue what this means for non-citizens who live in the US. If you're e.g. an H1B visa holder your friendly ICE officer might decide "no" is reason enough to eject you out of the country.

Just one of the new risks of travel. (Well, not new that they can send you back, but a new reason for the little tinpot dictators who revel in their power)

> Companies need to make clear to their employees (and the public) that sharing passwords is a terminable policy violation.

Companies cannot tell their employees to not comply with lawful request of a federal officer, and some companies specifically underline that in a company policy.

Have you done this in practice? Have you been asked and answered "no"?

If not, it is probably way to easy to make such a statement.

I think this is bad advice. Protect your sensitive data with plausible deniability, that's what the pros do. The travel feature is just that, as well as truecrypt decoy partitions. Showing you have nothing to hide is a lot more pragmatic and versatile than the cryptonerd fantasy alternative https://xkcd.com/538/ .
Most large companies I worked for ask me to unlock my corporate laptop shall CPB agents ask me to do so (and tell the corporate security afterwards for obvious reasons). I don't think an American company will fire you for complying with the law enforcement.
I'm a very happy 1Password customer.

Repeating my #1 feature request here, dovetailing this thread, please forgive.

Problem: My logins keep breaking as websites evolve, change their forms, etc.

Suggestion: Online catalog of login config/scripts.

a) Pre-populate with "official" scripts for top 50 websites. Also serve as examples to show everyone how its done.

b) Permit users to submit new scripts.

c) Version these scripts. Use some kind of repo.

d) Keep track of success rate, a la bugmenot, retailmenot, etc. Anonymize feedback, of course.

(comment deleted)
I thought the trick was to back up the phone on one side of the border, factory reset / wipe, restore the phone on the other side of the border.

Obviously that doesn't work for laptops - but for a phone it is in the realm of possible.

I don't understand. Why would people not just change their passwords by someone they know, travel, plausibly deny kniwlege of the password, and call the relative to unlock once crossed the border?
Because they don't want to get detained, be denied entry, have to travel home at their own expense, and be refused/blacklisted entry in the future, probably?

If you're not a US citizen, there's no plausible deniability, due process or rights at the US Border; CBP agents can deny entry to whoever, for any reason at all - they have _very_ wide latitude and there is no appeal.

Legal details vary by country, but this is pretty much the case at all borders, afaik.

There is a lot of weak pussies in this thread
Mandatory "No Linux client" comment :|

Does anyone have any insight if this is a pure business decision or there's something holding them back technically?

They can't even ship version of their Windows client with the ability to create/edit/delete local vaults.

I think they are focusing on money before all else. They do still make a good product, but the direction they are moving towards eliminates their support for many threat levels that they had previously.

Now you have to have a cloud account and you have to store your stuff there because their supposed "cross-platform" client cannot work on their own vault format on Windows.

They might respond saying the version 4 of the windows client supports working with these vaults, but version 4 does not support OTPs so if you want to use the modern features without relying on their cloud storage...they don't care.

If you go to their forums and read the response from the community about windows not supporting creating or editing of local vaults you will see they are by and large dismissive. So I think it's really about money and resources.