2FA, for services that support it, with the second factor being a device that isn't with you when cross the border would be a solution that would be near absolute in prevention of logging in at the border, whether from your own device or a CBP-controlled device (of course, it wouldn't prevent you from any consequences CBP applies to not logging in.)

Of course, there's a question of the risk to that device, which somehow has to cross the border separate from you, which creates its own ream of problems (you could protect the access to that device with 2FA that uses the device you do keep with you, which mitigates the security risk of loss, but you still risk losing access to the services it protects if it is lost in transit; obviously, you want to make sure your 2FA has a recovery process and one that isn't usable from arbitrary locations or the device you carry across the border, but will be usable by you when you get home, at least.)

Can you set up Facebook to require 2FA when you log in from a mysterious new device? And configure 2FA so it'll fail to reach you while you're traveling?

Edit: Actually, a sufficiently robust Suck Mode would make 2FA impossible. And I think all you have to do to get there is configure your cell network settings wrong, set Boingo Wireless as the top Wi-Fi SSID to connect to, and not pay for Boingo.