this post was submitted on 14 Jun 2025

71 points (87.4% liked)

No Stupid Questions

41515 readers

1159 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.

Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.

Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.

Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago

MODERATORS

L3s@lemmy.world

technopagan@lemmy.world

jeffw@lemmy.world

L3s@hackingne.ws

How risky is it for an American to import electronics from another country? Is customs gonna tamper with your stuff? (eg: a Fairphone 5... customs putting malware/keyloggers...) (sh.itjust.works)

submitted 20 hours ago by throwawayacc0430@sh.itjust.works to c/nostupidquestions@lemmy.world

33 comments fedilink hide all child comments

all 34 comments

sorted by: hot top controversial new old

[–] pulsewidth@lemmy.world 8 points 5 hours ago* (last edited 5 hours ago)

Its just as risky for a non-American buying from a US company. And despite what others have said, customs can be a point of interception. But it's not customs you need to worry about, they hand-off to the spy agencies to do their thing when they get a valid order to do so. Example program:

https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/

Like others have said though, your threat model is what's important. And if you are a person of interest to security agencies eg a whistleblower or journalist then you'd be wise to have someone you know make the purchase instead of you.

I'd be more concerned about Chinese products in general, as they have been caught again and again with pre-embedded untargeted malware. Meaning, everyone who ordered that model got a helping of malware, not just those under active surveillance by three letter agencies.

A few examples in this blog entry: https://georgetownsecuritystudiesreview.org/2018/05/23/flawed-by-design-electronics-with-pre-installed-malware/

If you're not a person of interest though then you are 99.99% safe. You could always reinstall the OS when you get it and ensure the bootloader is locked. Again that would keep everyone except state security agencies out.

[–] Diddlydee@feddit.uk 7 points 9 hours ago* (last edited 8 hours ago) (1 children)

Who do you think customs are? All they care about is import duty and illegal substances, and they don't even nearly have the manpower to do that fully.

[–] IphtashuFitz@lemmy.world 2 points 4 hours ago

No, but if somebody like the NSA comes along with a request to intercept a specific package, or even a bunch of packages then customs will gladly turn them over. As was posted elsewhere in this thread, NSA has been known to do this in targeted cases and installed software into routers etc. before returning them to customs for delivery.

So it truly depends on whether an organization like the NSA has you on their radar.

[–] Randomgal@lemmy.ca 15 points 13 hours ago (1 children)

You need to touch some grass if you think the CIA is bugging your devices.

[–] throwawayacc0430@sh.itjust.works 4 points 12 hours ago

CIA isn't targeting me, but ICE certainly is.

[–] Steve 87 points 19 hours ago (1 children)

Unless you're actively being targeted for some specific reason (NSA kind of reason) in practical terms it's unheard of.

[–] stinerman@midwest.social 31 points 19 hours ago (2 children)

Yes. If you're a rando, sorry you're just not that interesting.

If you're someone the US considers an actual threat, then yeah don't buy anything from the US (use a 3rd party). But if you're that big of a threat you already know that.

[–] Jimmycrackcrack@lemmy.ml 10 points 18 hours ago* (last edited 12 hours ago) (1 children)

Their question seems to be about buying from outside the US rather than from. They're asking about risks involved with importing stuff there.

[–] stinerman@midwest.social 3 points 15 hours ago

This is a very good point. I misunderstood the post.

[–] WhyJiffie@sh.itjust.works 1 points 15 hours ago (2 children)

if you are not white, are you closer to being a rando, or to being (perceived as) an actual threat?

[–] Makhno@lemmy.world 6 points 14 hours ago

You're dramatically overplaying how much skin color matters when it comes to this stuff.

[–] stinerman@midwest.social 7 points 15 hours ago

We're talking about "I am a prominent member of an organization designated by the US as a terrorist organization."

Either way I misunderstood OP's question and my post wasn't on-topic.

[–] themeatbridge@lemmy.world 21 points 17 hours ago (1 children)

Customs isn't the organization that does that. If you're a target for espionage, someone at the NSA or CIA or somesuch organization will find ways to tap your devices, but they don't do this to every phone imported to the country. Just consider the sheer volume of data that would produce, and the number of analysts who would need to review it. I wouldn't assume privacy, though. Act like they are watching everything.

[–] IphtashuFitz@lemmy.world 3 points 4 hours ago

The NSA is already known to have tapped into the fiber optic lines at an AT&T datacenter back in the early 2000’s. That sort of tap would generate absolutely massive amounts of data.

If they did something like that 20+ years ago then the volume & analysis isn’t the issue. It’s whether or not they decide they need to perform mass surveillance of mobile devices.

[–] towerful@programming.dev 30 points 19 hours ago

Your threat assessment is way off.
So, you import a phone. What sim do you use? Where do you use it? When do you use it? Who do you contact with it?
All of that is more valuable and easier to get for the police than some sort of modification of firmware or platform as it passes through customs.
If in doubt, flash your own firmware.

If this is actually a threat assessment to you, asking on Lemmy is the wrong place. You need people with the same experience that an entire country has at their disposal.

If it's a concern as opposed to an actual threat, buy some 2nd hand phones from random places and buy some prepaid sims (ideally via smurfs or black market means). And be aware of how you use them

[–] Sixtyforce@sh.itjust.works 18 points 19 hours ago (1 children)

You'll be fine for now so long as you're not already a Person of Interest of a three letter agency.

[–] Nemo@midwest.social 8 points 17 hours ago (1 children)

MRW I'm on a list with the CIA and the NRA but it's the Culinary Institute of America and the National Restaurant Association.

[–] mdd@lemm.ee 5 points 17 hours ago

Now that you mention it I may be on the same CIA list (eaten there several times).

[–] ragingHungryPanda@lemmy.zip 7 points 16 hours ago

If the CIA wanted to put a keylogger on your phone, it would be customs, the CIA would intercept it at some point, possibly in customs, then put it in the boot loader or on the SSD firmware or something so you'd never know it was there and wouldn't reasonably be able to overwrite it no matter what.

That probably doesn't help you though. If you want to be sure you'd have to reflash every bit of the phone, not just the OS.

[–] angelmountain@feddit.nl 7 points 18 hours ago

Pretty sure all your electronics are imported from another country. That what the carrot is complaining about though, isn't he?

[–] mortalic@lemmy.world 8 points 18 hours ago

If you're importing a FP5, just wipe it and put Murena /e/os on it. Then it won't matter

[–] dhork@lemmy.world 10 points 19 hours ago* (last edited 19 hours ago)

There is a difference between customs and immigration. Customs cares about things (and import duties on those things), Immigration cares about people.

As a US citizen, you should be able to just enter as long as your paperwork is in order. (And if Immigration is interested in you beyond the formalities, it means you are probably on some sort of list, and good luck to you!)

Customs will care mainly that you are only bringing in personal goods, and not commercial goods you intend to sell. They will also care if you buy any goods abroad to take back, because you may owe import duties. So they will not care about your Fairphone unless you bought it while in your trip abroad. In normal times you will have an exemption that allows you to bring in some amount of goods duty-free but the world is all topsy turvy now so I would check what the duty-free allowance is before coming back.

They are used to people bringing phones, laptops, camera equipment, and other expensive personal effects with them on trips. They won't care unless you have a lot of things, and they think you are not being truthful when you say none of it was purchased abroad in that trip. Having five phones for one person would be a red flag, for instance.

[–] irelephant@lemmy.dbzer0.com 3 points 18 hours ago

If you're very paranoid, try flashing a custom ROM to it.

[–] severalkittens@ani.social 4 points 19 hours ago

I bought my Xperia from German Amazon since it's not sold in the US. Had 0 problems.

[–] loomy@lemy.lol -1 points 15 hours ago

trump gonna thump you

[–] bacon_pdp@lemmy.world 0 points 19 hours ago (2 children)

Who cares if you can flash the firmware (which will remove any thing that they might be able to do)

[–] cecilkorik@lemmy.ca 5 points 18 hours ago (1 children)

"remove any thing that they might be able to do" is a hilariously broad brush to apply to three letter agencies in this day and age that were doing things like this 50 years ago.

I'm not saying it's realistic that OP is being targeted for such surveillance. But if they are, good fucking luck! Flashing your firmware ain't going to do shit when they've just gone ahead and replaced the chips on your board with their own that act exactly like a normal chip but have extra code that doesn't get flashed when they don't want it to.

[–] bacon_pdp@lemmy.world -2 points 16 hours ago

Well it is true hardware implants and hardware replacements can’t be fixed by flashing but they are detectable and they can only deploy so many of those before everything is a major news story and if you feel that the odds are that high, making one’s own hardware is an option but generally not a good one.

[–] mortalic@lemmy.world 2 points 18 hours ago (1 children)

Is this not true? Why the downvoters?

[–] f4f4f4f4f4f4f4f4@sopuli.xyz 2 points 13 hours ago (1 children)

Phones' modems have their own firmware that gets flashed by the cell provider, so I think spies would target that.

[–] mortalic@lemmy.world 1 points 39 minutes ago

Ahh interesting, and that's a valid point. I'd love to read up more on that.