Hi all,
American traveling to China for IETF, and making my tech prep plans (bringing a laptop, phone, tablet, kindle, and steam deck). I won’t bias with my current plans too much, but I do already run Linux+LUKS and GrapheneOS.
For those with experience, what tech prep would you do?
Thanks!
Completely depends on what your threat model is, but personally:
I’d make an encrypted image of my drives, upload that to remote storage, zero out the drives for border crossing, then restore over the wire on the other side.
Don’t zero, install windows. Use company laptop or loaner, might catch hardware backdoor on the border. Don’t use for critical stuff or to access critical stuff. Discard or return afteru the fact.
A VPN is essential to access most of the Western/English-speaking internet (in Mainland China, less so in Hong Kong). The VPN might also be blocked though, so research ahead of time to find one that currently works in China.
I currently have a PIA account, Wireguard server running in the homelab, and can spin up OpenVPN in Linode, so I should be good here (I hope!). IETF hotel and venue also have “unfiltered internet”, as that is a requirement of them agreeing to host there.
You should be good. China doesn’t block ALL VPNs. Just typical consumer VPNs commonly used for climbing the great firewall of China.
Their blocks are aimed towards low hanging fruits. Blocking it all would be detrimental to industry.
Source: I run multiple VPNs between China and other countries as part of my job
Thank you
For cases like this, having a server somewhere else and know-how of OpenVPN or wireguard comes in really handy.
Source: I may have been in Saudi Arabia, browsing sites containing media with women with exposed hair.
Yeah It won’t work, you are going to get your VPN IP banned in 15min-a day depending on where you are in China.
Wireguard may have worked a few years ago, but nowadays you have to use a VPN that specifically tries to hide itself
Source: me
What is your reference point? Are you in China now and/or Shenzhen specifically? I’ve received conflicting info on this, so I may set up SSH tunnels and/or VPN over https as backups.
Wasn’t in Shenzhen which I would believe should be less restrictive. It also didn’t help that I was living in a normal appartement and not an hotel. I self hosted wire guard at home (EU) and not on a VPS.
So definitely not the best case, but I was genuinely surprised that it didn’t work while it worked before.
Haven’t had that problem myself. Sure, being in the IPv4 space of CNPC helps, but I’ve had no issues connecting to my home server VPN from a some residential IPs either.
Never been, sounds like an adventure! (Also a grapheneOS user, that’s awesome) How long is your trip?
I’d be thinking about a dual sim burner phone and a laptop I don’t care about for the trip myself. Possibly unnecessary but I always err on the side of caution, often to a fault. I’ve never been and can’t speak from experience.
Yea since my phone will be on me, I’m less concerned on the need of a burner, especially as I can use a second profile.
But for laptop, I am considering a fresh build/take down on my old one, thanks for reaffirming that. The big catch is tablet, SD, and kindle, which would likely be left in a room and don’t have the same security features.
