"May I search your laptop?" "Certainly." "But... this is practically empty." "Yes sir. I FedEx'd my SSD to the destination."
I have a small SSD in the primary disk in my T420s, it has just enough to get me through the flight. I keep the primary in the UltraBay with a simple adapter, takes one reboot and no tools to put it back in place. Done. Happy searching! I can't log into anything even if I wanted to because I physically do not have my password store https://www.passwordstore.org/ with me. (https://github.com/chx/ykgodot I wrote this trivial script to automate yubikey neo with pass)
It's a practical approach, and my comment here isn't necessarily aimed at you, chx (since I don't know your citizenship status), but I would add this entreaty to American citizens like me:
If you ever get asked that question at the US border, please don't acquiesce to that request. They have the right to ask, and they even have the power to search it regardless of your permission, but despite an alarming drift towards a total surveillance, they have not established the right to force you to unlock/decrypt anything.
I'm flying into SFO tomorrow, and I am taking similar precautions as chx so that my laptop doesn't contain any meaningful data[1].
However, if asked to unlock my laptop, I plan to say "No, of course I cannot do that; it violates the most basic security practices and I could and should be fired if I exposed sensitive company data in that manner." And then just sticking with it. It will be inconvenient, especially if they seize my laptop and detain me, but as citizens it is up to us to resist the normalization of behaviors that push the nation further towards the precipice of idiotism.
[1]: As an American citizen, I have routinely done this when traveling to authoritarian nations like China; it's hard to express how outraged I am that my own country has degenerated to the point where sound security practices now require these kinds of procedures when traveling to the USA.
> "May I search your laptop?" "Certainly." "But... this is practically empty." "Yes sir. I FedEx'd my SSD to the destination."
Scratch that last bit. There is no need to reveal that, and it could sound suspicious (like you are trying to hide something specific by circumventing their checks, and trying to look clever (and/or make them look dim) by doing so to boot).
Just be honest without giving extra information: "yes sir, this is a travel machine and it just contains what I'm going to need while I'm between locations" if they ask why you would do that then "in case the laptop gets stolen, the less that is on it the less of a worry that could be" strikes me as a perfectly valid reason to be careful. Or perhaps "all the other data and programs I'm going to need are already with the clients/suppliers/other I'm visiting" (which it is as you've posted it, but you don't have to say the thing that might unnecessarily raise suspicion).
If you are refusing to enter the password, access to the device, or to disable travel mode, then good luck to you. IANAL, but the border agent doesn't care if the data is technically in the cloud, rather than on the device, because it restores when you unlock it.
In addition to removing the data from the device, cheers, don't you also need to be able to honestly say you can not provide access to it?
Ways to honestly answer, "not possible", and mean it:
- schedule a time period where no password is accepted.
- enable whitelist/blacklist zones via geolocation.
- set a new password that you give to a trusted friend/coworker/spouse that you must contact to retrieve.
Some combination of the above for ease-of-use, and ploys like emailing yourself the new password after a period of time for redundancy/safety.
Counter: the border agent asks "are you hiding any information from us?". answer yes, and they get you to disable travel mode. answer no, and you just committed a felony.
Answer no, and it's just as valid as if you had a hand-written notebook full of work-related records that you left in your office back home before traveling. There aren't any reasonable justifications for requiring you to bring all information you physically have access to you with you when traveling, regardless of the format it's stored in.
Not bringing something with you is inherently different from hiding it.
As a general comment to so many of the follow-ups to this post:
You really, really don't want to get into a rules-lawyering match with Federal fucking prosecutors over whether "clever technological solution" counts as "hiding" something or not. They have all of the guns in this situation, and you have a demonstrably inaccurate understanding of the relevant statute.
This whole saga just makes make me want to not visit the US for any reason whatsoever.
If I had to go there for work from Australia, I'd request a laptop and new credentials to be provided to me at the destination. For emergency comms during travels I'd wipe my mobile device and use a new prepaid mobile/cell service SIM card in it, from a different carrier, leaving the original one behind.
As such I'd not be bringing any 2FA that'd let me access my Lastpass which has just about all my stuff, and I'd be able to honestly state as much.
Based on this wording, it sounds like a team admin might be able to enforce travel mode such that the user can't disable it.
>If you’re a team administrator, you have total control over which secrets your employees can travel with. You can turn Travel Mode on and off for your team members, so you can ensure that company information stays safe at all times.
In which case, you as a user literally can't access the information without communicating with an admin at your organization. If CBP ever starts requiring that you call a third party to retrieve confidential information, well... I hope we never get to that point.
So are you required to have all the data that's ever been on your device at the time that you cross an international border? Are you required to copy passwords that were never in 1password onto your device before you travel?
EDIT: Another way to put this: Is there an expectation that a border agent could, for example, ask for the password to my bank account? If not, how would there be an expectation that if that used to be on my iPhone it should still be there when I travel?
The point of travel mode isn't to dodge border control policies or questioning; the point is to prevent the exposure of credentials when travelling, even if the exposure is to a border agency.
If a border agent asks you directly, "Did you remove information from this device to prevent us or others from seeing it when entering or within this country?" the only truthful answer is "Yes", but travel mode has still achieved its goal. Even if they confiscate your device, they can't access the credentials. You may have other issues entering the country but your data is kept secure and private.
Literally removing your access to data isn't the same thing as hiding it. Having a TrueCrypt partition on your drive that you can still unlock if you know it's there is hiding it. Securely erasing that partition is not.
I'm struggling to understand all the comments here, but it feels like I'm living in an alternate universe. All of these questions like "but do the customs agents search for hidden partitions", etc...
Who is it that is running into all these scenarios with border control? I've gone on international flights, including to the us, dozens of times, and have seen around me thousands upon thousands of travelers, and I've never seen anyone asked to open their laptop, no to mention being grilled on hidden partitions.
Not that I'm doubting this ever happens. But from these comments, someone would get the feeling that this is routine, rather than a 1-in-an-X occurence for a probably very high X.
The implementation looks sound, and it's easy to use. Props to Agile Bits for making this feature a priority.
So this is great! -- I think. My only concern is that if the authorities are already suspicious of you, and find no password vaults (or practically nothing in your password vault), they may just detain you until you reveal what you haven't disclosed to them.
There's clearly a technical solution to the problem of protecting data across borders but they do not work so well under duress. Is there any technical way to convince an adversary you are not hiding anything else or did not delete something?
This is a nice feature, but ultimately if you are concerned with border agents requiring a phone search then you should just backup and install a fresh OS before traveling, then restore when you get back. Log into the minimal number of apps after you've entered the destination country, and optionally delete/logout of said apps prior to return travel if the return border crossing is also a concern. Admittedly if you use a password manager you might need still want to make use of a feature such as the one in this article, or install the password manager app after entering the country, or just write down the passwords that you will need and hide them somewhere unfindable with your stuff.
On iOS about the only thing you would lose is your message history during the trip. It might be an annoyance if you wanted to play games that had non-cloud-based saved player state, but I can't think of too many other issues with doing this.
Can't they order you to sign into iCloud or equivalent and then just sync whatever they want, photos, texts, emails, apps (and then order you to sign into those apps like Facebook, Whatsapp, Gmail)? Bottom line is they can get you AND everything you have access to. And it you try to circumvent it by i.e. temporarily encrypting everything for 24hr boom you just committed a felony. This is my understanding at least.
>This is a nice feature, but ultimately if you are concerned with border agents requiring a phone search then you should just backup and install a fresh OS before traveling
This is just another version of the "why do you need privacy unless you have something to hide" argument.
I'm a little sad that this would require me to use the 1Password cloud-service. I would never want my 1Password vault to be on any server outside of my control. While I completely trust agilebit's intentions, I feel that their cloud service adds a very major attack surface. Someone like the NSA would certainly be able to obtain copies of the encrypted vaults, which means that everyone's vaults are just one bug/backdoor in the cryptographic stack (remember Debian RNG bug?) away from being exposed.
Hence, I only use WiFi sync for 1Password. It would be nice if 1Password added a sync option through my own WebDAV server. I'd then be happy to pay for a 1Password cloud account just for the TravelMode feature, as long as the vault data itself wasn't stored anywhere outside of my control. Having my own server would mean the the NSA (or whoever) would have to do a targeted attack on me personally, which is a whole different ballgame from everybody's encrypted vaults sitting on agilebit's servers.
In the meantime, if I had to cross the US border (as a non-citizien!), I would probably delete the whole 1Password app from my phone before crossing, and then restore the entire phone from backup afterwards.
I think this is an incredibly worrisome move on 1Password's part. Coming from the right motives, but ultimately it'll end up being used against us.
Look at it from the perspective of the government. By bringing information from elsewhere into the US, you're importing it. It just so happens that the import security is tight in airports. So you use 1Password to delay importing this data until you can reach it through an alternative import method which is much harder to regulate - the Internet.
What's going to happen is that they'll spend much more effort on tightening up the "import security" from the Internet. Things like SSL/TLS MITMing and deep packet inspection will be used to enforce compliance.
Don't get me wrong. The ability to be able to do this is incredibly important. If they had marketed this as anything other than a travel mode specifically, and let users work it out themselves, it'd probably be better. But as it is, they've created something which is basically publicly stating that it exists to break import security, and as a result it's going to get a lot of attention from the wrong people. I worry that the existence of this mode this is going to be used by the government as an excuse to have a "Great Firewall of America".
Isn't the counter simple; they ask for your logins to the 1Password vault? I guess this just adds an extra layer of obfuscation.
The most secure way I can think of is to either encrypt your drive (or wipe for travel and online restore once arriving) and physically mail the new password (or hand over to a trusted friend/store location) to the destination. Then there is no way of restoring at the airport.
Of course, then they can just detain you indefinitely for not revealing the password you don't know...
It's a clever idea, but how long before border authorities simply order travelers to log on to 1Password and turn off travel mode, or be denied entry? I'm guessing not very.
My thought on this whole situation is to simply not take my phone or laptop. I don't live nor work in the US, however, so I don't have the issues being faced by people in this thread.
Is travelling with confidential data really necessary? Wouldn't it make more sense for me to have a 'empty' notebook and store my data out of harm's way (but accessible via a VPN).
>Is travelling with confidential data really necessary?
Yes.
The whole travel with a clean laptop isn't feasible beyond a simple "access data remotely via VPN" scenario.
Company laptops are often so full of custom software (bootloaders & up) that it's impossible to replicate/reinstall a working environment over VPN.
They're crazy sensitive: e.g. On ours if you go too long away from the core network it freaks out and locks everything down. And recovering from that...well:
I've literally had IT tell me that my options are 1) Fly to the nearest office and connect to core network 2) They fedex me a fresh laptop that has recently been connected to the core.
I've come to the conclusion that this is the only reasonable technical solution.
Don't travel with sensitive data, and openly explain that you don't do so.
The frustrating part is the UX, and the fuss when you land.
I've found that this works:
- Burner android (burner account explicitly for travel) for music, podcasts, light browsing, etc.
- Cheap ThinkPad for headscratching / hacking (work over SSH, keys on a Yubikey, IP in your head. YubiKey as second factor for password manager as browser extension (uninstall before the border))
If you're a company this is easy to manage. Give people laptops with nothing on them. Don't credential them until they phone your help desk from their hotel.
Wouldn't an alternative "destroy everything" password be a good idea also ?
Would work like this : When forced to enter / give the password to your vault, you enter/give this one, and everything the vault contains is wiped out before the vault is unlocked.
One thing that I have always thought about is why Emails doesn't have disposable passwords. For example, you make 1 new password that you can use just one time.
That way if you need to use unsafe PC from a hostel, you can log in with that password.
Or why we have passwords at all. Sites like Medium have moved to a passwordless model, where you're sent a login link to access your account rather than forcing you to remember or retrieve a password.
Someone posted something like this 1-2 years ago here. They used a Yubikey (?) with TOTP to give one-time read-only (?) access to their email while traveling. They posted the project on github, I believe it was a Show HN but I cannot seem to work out the search-fu to find it.
EDIT: Ok, TOTP was wrong in my recollection. They use pregenerated one-time passwords:
I use Linux. I'm convinced that if I put a small Windows partition up (or another Linux install) and make grub boot into it automatically (with little delay) no one would ever notice. Does any one know if they check for multiple partitions at all?
And Android can have multiple users, can you set up a new user and boot into that one automatically?
They can't even ship version of their Windows client with the ability to create/edit/delete local vaults.
I think they are focusing on money before all else. They do still make a good product, but the direction they are moving towards eliminates their support for many threat levels that they had previously.
Now you have to have a cloud account and you have to store your stuff there because their supposed "cross-platform" client cannot work on their own vault format on Windows.
They might respond saying the version 4 of the windows client supports working with these vaults, but version 4 does not support OTPs so if you want to use the modern features without relying on their cloud storage...they don't care.
If you go to their forums and read the response from the community about windows not supporting creating or editing of local vaults you will see they are by and large dismissive. So I think it's really about money and resources.
Excellent effort. I do wonder though, what is to prevent authorities from forcing you to just turn off travel mode? Is there a timer that you set? Deadman's switch? Geolocating? (The last 2 are not good solutions, but you get the idea)
Edit: I missed this bit below:
> even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.
However, it won't take very long for authorities to wise up, know that 1password has a travel mode, and tell you to turn off Travel Mode, eh? Or am I missing something?
Although it's a great option, what's to stop them for asking for your 1Password account credentials?
I believe they already ask for your social media accounts, don't they? That is ridiculous in itself. Why not ask for my bank logins while you're at it?
[+] [-] chx|8 years ago|reply
I have a small SSD in the primary disk in my T420s, it has just enough to get me through the flight. I keep the primary in the UltraBay with a simple adapter, takes one reboot and no tools to put it back in place. Done. Happy searching! I can't log into anything even if I wanted to because I physically do not have my password store https://www.passwordstore.org/ with me. (https://github.com/chx/ykgodot I wrote this trivial script to automate yubikey neo with pass)
Alternative: encode the entire primary disk https://github.com/cornelinux/yubikey-luks and FedEx the yubikey. Yanking the disk is better, though.
[+] [-] veidr|8 years ago|reply
If you ever get asked that question at the US border, please don't acquiesce to that request. They have the right to ask, and they even have the power to search it regardless of your permission, but despite an alarming drift towards a total surveillance, they have not established the right to force you to unlock/decrypt anything.
I'm flying into SFO tomorrow, and I am taking similar precautions as chx so that my laptop doesn't contain any meaningful data[1].
However, if asked to unlock my laptop, I plan to say "No, of course I cannot do that; it violates the most basic security practices and I could and should be fired if I exposed sensitive company data in that manner." And then just sticking with it. It will be inconvenient, especially if they seize my laptop and detain me, but as citizens it is up to us to resist the normalization of behaviors that push the nation further towards the precipice of idiotism.
[1]: As an American citizen, I have routinely done this when traveling to authoritarian nations like China; it's hard to express how outraged I am that my own country has degenerated to the point where sound security practices now require these kinds of procedures when traveling to the USA.
[+] [-] dspillett|8 years ago|reply
Scratch that last bit. There is no need to reveal that, and it could sound suspicious (like you are trying to hide something specific by circumventing their checks, and trying to look clever (and/or make them look dim) by doing so to boot).
Just be honest without giving extra information: "yes sir, this is a travel machine and it just contains what I'm going to need while I'm between locations" if they ask why you would do that then "in case the laptop gets stolen, the less that is on it the less of a worry that could be" strikes me as a perfectly valid reason to be careful. Or perhaps "all the other data and programs I'm going to need are already with the clients/suppliers/other I'm visiting" (which it is as you've posted it, but you don't have to say the thing that might unnecessarily raise suspicion).
[+] [-] thomasahle|8 years ago|reply
Are there any examples of laptops / ssds being searched in international mail?
[+] [-] BearGoesChirp|8 years ago|reply
"I'm denying you the ability to enter the country. Next time you let me see everything instead of being a wise guy."
[+] [-] epsylon|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] alexpw|8 years ago|reply
In addition to removing the data from the device, cheers, don't you also need to be able to honestly say you can not provide access to it?
Ways to honestly answer, "not possible", and mean it:
- schedule a time period where no password is accepted. - enable whitelist/blacklist zones via geolocation. - set a new password that you give to a trusted friend/coworker/spouse that you must contact to retrieve.
Some combination of the above for ease-of-use, and ploys like emailing yourself the new password after a period of time for redundancy/safety.
[+] [-] gruez|8 years ago|reply
[+] [-] peterkelly|8 years ago|reply
Not bringing something with you is inherently different from hiding it.
[+] [-] rosser|8 years ago|reply
You really, really don't want to get into a rules-lawyering match with Federal fucking prosecutors over whether "clever technological solution" counts as "hiding" something or not. They have all of the guns in this situation, and you have a demonstrably inaccurate understanding of the relevant statute.
You WILL lose.
[+] [-] sundvor|8 years ago|reply
If I had to go there for work from Australia, I'd request a laptop and new credentials to be provided to me at the destination. For emergency comms during travels I'd wipe my mobile device and use a new prepaid mobile/cell service SIM card in it, from a different carrier, leaving the original one behind.
As such I'd not be bringing any 2FA that'd let me access my Lastpass which has just about all my stuff, and I'd be able to honestly state as much.
[+] [-] ryukafalz|8 years ago|reply
>If you’re a team administrator, you have total control over which secrets your employees can travel with. You can turn Travel Mode on and off for your team members, so you can ensure that company information stays safe at all times.
In which case, you as a user literally can't access the information without communicating with an admin at your organization. If CBP ever starts requiring that you call a third party to retrieve confidential information, well... I hope we never get to that point.
[+] [-] sethev|8 years ago|reply
EDIT: Another way to put this: Is there an expectation that a border agent could, for example, ask for the password to my bank account? If not, how would there be an expectation that if that used to be on my iPhone it should still be there when I travel?
[+] [-] edaemon|8 years ago|reply
If a border agent asks you directly, "Did you remove information from this device to prevent us or others from seeing it when entering or within this country?" the only truthful answer is "Yes", but travel mode has still achieved its goal. Even if they confiscate your device, they can't access the credentials. You may have other issues entering the country but your data is kept secure and private.
[+] [-] eridius|8 years ago|reply
[+] [-] caseysoftware|8 years ago|reply
Otherwise, they could get your for "traveling with more than $X" because you have more than $X in a bank account somewhere that you could get via ATM.
[+] [-] edanm|8 years ago|reply
Who is it that is running into all these scenarios with border control? I've gone on international flights, including to the us, dozens of times, and have seen around me thousands upon thousands of travelers, and I've never seen anyone asked to open their laptop, no to mention being grilled on hidden partitions.
Not that I'm doubting this ever happens. But from these comments, someone would get the feeling that this is routine, rather than a 1-in-an-X occurence for a probably very high X.
[+] [-] mholt|8 years ago|reply
So this is great! -- I think. My only concern is that if the authorities are already suspicious of you, and find no password vaults (or practically nothing in your password vault), they may just detain you until you reveal what you haven't disclosed to them.
There's clearly a technical solution to the problem of protecting data across borders but they do not work so well under duress. Is there any technical way to convince an adversary you are not hiding anything else or did not delete something?
[+] [-] jzl|8 years ago|reply
On iOS about the only thing you would lose is your message history during the trip. It might be an annoyance if you wanted to play games that had non-cloud-based saved player state, but I can't think of too many other issues with doing this.
[+] [-] cdolan92|8 years ago|reply
[+] [-] ben_jones|8 years ago|reply
[+] [-] Havoc|8 years ago|reply
This is just another version of the "why do you need privacy unless you have something to hide" argument.
[+] [-] MatthewWilkes|8 years ago|reply
[+] [-] IcyPickle|8 years ago|reply
Hence, I only use WiFi sync for 1Password. It would be nice if 1Password added a sync option through my own WebDAV server. I'd then be happy to pay for a 1Password cloud account just for the TravelMode feature, as long as the vault data itself wasn't stored anywhere outside of my control. Having my own server would mean the the NSA (or whoever) would have to do a targeted attack on me personally, which is a whole different ballgame from everybody's encrypted vaults sitting on agilebit's servers.
In the meantime, if I had to cross the US border (as a non-citizien!), I would probably delete the whole 1Password app from my phone before crossing, and then restore the entire phone from backup afterwards.
[+] [-] Sophira|8 years ago|reply
Look at it from the perspective of the government. By bringing information from elsewhere into the US, you're importing it. It just so happens that the import security is tight in airports. So you use 1Password to delay importing this data until you can reach it through an alternative import method which is much harder to regulate - the Internet.
What's going to happen is that they'll spend much more effort on tightening up the "import security" from the Internet. Things like SSL/TLS MITMing and deep packet inspection will be used to enforce compliance.
Don't get me wrong. The ability to be able to do this is incredibly important. If they had marketed this as anything other than a travel mode specifically, and let users work it out themselves, it'd probably be better. But as it is, they've created something which is basically publicly stating that it exists to break import security, and as a result it's going to get a lot of attention from the wrong people. I worry that the existence of this mode this is going to be used by the government as an excuse to have a "Great Firewall of America".
[+] [-] misnome|8 years ago|reply
The most secure way I can think of is to either encrypt your drive (or wipe for travel and online restore once arriving) and physically mail the new password (or hand over to a trusted friend/store location) to the destination. Then there is no way of restoring at the airport.
Of course, then they can just detain you indefinitely for not revealing the password you don't know...
[+] [-] davidgaw|8 years ago|reply
[+] [-] aoeusnth1|8 years ago|reply
What we really need is plausible deniability - if they don't know you use 1password, they don't know to ask for it.
[+] [-] movedx|8 years ago|reply
My thought on this whole situation is to simply not take my phone or laptop. I don't live nor work in the US, however, so I don't have the issues being faced by people in this thread.
[+] [-] ATsch|8 years ago|reply
[+] [-] petepete|8 years ago|reply
[+] [-] Havoc|8 years ago|reply
Yes.
The whole travel with a clean laptop isn't feasible beyond a simple "access data remotely via VPN" scenario.
Company laptops are often so full of custom software (bootloaders & up) that it's impossible to replicate/reinstall a working environment over VPN.
They're crazy sensitive: e.g. On ours if you go too long away from the core network it freaks out and locks everything down. And recovering from that...well:
I've literally had IT tell me that my options are 1) Fly to the nearest office and connect to core network 2) They fedex me a fresh laptop that has recently been connected to the core.
[+] [-] confounded|8 years ago|reply
Don't travel with sensitive data, and openly explain that you don't do so.
The frustrating part is the UX, and the fuss when you land.
I've found that this works:
- Burner android (burner account explicitly for travel) for music, podcasts, light browsing, etc.
- Cheap ThinkPad for headscratching / hacking (work over SSH, keys on a Yubikey, IP in your head. YubiKey as second factor for password manager as browser extension (uninstall before the border))
[+] [-] preinheimer|8 years ago|reply
[+] [-] lacampbell|8 years ago|reply
[+] [-] netgusto|8 years ago|reply
Would work like this : When forced to enter / give the password to your vault, you enter/give this one, and everything the vault contains is wiped out before the vault is unlocked.
[+] [-] vit05|8 years ago|reply
That way if you need to use unsafe PC from a hostel, you can log in with that password.
[+] [-] robbyking|8 years ago|reply
https://blog.medium.com/signing-in-to-medium-by-email-aacc21...
[+] [-] Jtsummers|8 years ago|reply
EDIT: Ok, TOTP was wrong in my recollection. They use pregenerated one-time passwords:
https://news.ycombinator.com/item?id=12255833
[+] [-] eggnet|8 years ago|reply
[+] [-] jscott313|8 years ago|reply
[+] [-] jlgaddis|8 years ago|reply
[+] [-] faragon|8 years ago|reply
P.S. I love the USA, don't get me wrong. I hope some day the madness on the borders gets less paranoid.
[+] [-] teekert|8 years ago|reply
And Android can have multiple users, can you set up a new user and boot into that one automatically?
[+] [-] gtirloni|8 years ago|reply
Does anyone have any insight if this is a pure business decision or there's something holding them back technically?
[+] [-] mockindignant|8 years ago|reply
I think they are focusing on money before all else. They do still make a good product, but the direction they are moving towards eliminates their support for many threat levels that they had previously.
Now you have to have a cloud account and you have to store your stuff there because their supposed "cross-platform" client cannot work on their own vault format on Windows.
They might respond saying the version 4 of the windows client supports working with these vaults, but version 4 does not support OTPs so if you want to use the modern features without relying on their cloud storage...they don't care.
If you go to their forums and read the response from the community about windows not supporting creating or editing of local vaults you will see they are by and large dismissive. So I think it's really about money and resources.
[+] [-] codelitt|8 years ago|reply
Edit: I missed this bit below:
> even if you’re asked to unlock 1Password by someone at the border, there’s no way for them to tell that Travel Mode is even enabled.
However, it won't take very long for authorities to wise up, know that 1password has a travel mode, and tell you to turn off Travel Mode, eh? Or am I missing something?
[+] [-] brokenmachine|8 years ago|reply
I believe they already ask for your social media accounts, don't they? That is ridiculous in itself. Why not ask for my bank logins while you're at it?
[+] [-] simonCGN|8 years ago|reply