Travel Security Guide: Watch Your Digital Footprint

1.0 Introduction

Digital privacy in the context of travel refers to the protection of your personal information and the preservation of online privacy while you are engaging in various digital activities during travel. It involves safeguarding your sensitive data, maintaining control over your personal information, and minimising the risks of unauthorised access to your device. Threats to digital privacy while travelling can come from anyone from petty criminals to organised hacking groups and even corrupt government agencies.

1.1 Petty criminals

Criminals such as pickpockets and thieves pose a significant threat to digital privacy while travelling. They particularly target tourists and travellers who may be unfamiliar with their surroundings. Generally, their primary objective is to steal valuable devices like mobile phones, laptops, or tablets. However, their interest extends beyond the physical value of these devices. Petty criminals recognize the potential black market goldmine of personal information and sensitive data stored within these devices.

1.2 Organised hacking groups

Organised hacking groups are a significant threat to digital privacy, and their activities transcend borders. These sophisticated cyber criminals employ advanced techniques to gain unauthorised access to personal devices, networks, or online accounts. Their motives range from financial gain through identity theft or phishing attacks to ideological extremism through the disruption of services.

1.3 Corrupt government agencies

In some cases, travellers may encounter threats to their digital privacy from the country they’re travelling to (or through). These entities often have a lot more resources and engage in surveillance or employ sophisticated hacking techniques to target individuals of interest. They may also cast a wide intelligence-gathering net and attempt to covertly collect data from as many individuals as possible, even if they are not a person of interest or security threat.

1.4 These malicious actors have different means to go after your data, which  may include:

• Wi-Fi sniffing: Hackers can intercept unencrypted data transmitted over public Wi-Fi networks, capturing sensitive information such as login credentials or financial details.

• Social engineering: Cyber criminals may employ social engineering techniques to manipulate travellers into divulging personal information or granting unauthorised access to their devices or accounts. Travellers should be cautious of unsolicited communication, suspicious requests for personal information, or unexpected offers, and should verify the authenticity of such requests before taking any action.

• Physical and Digital surveillance: In some cases, travellers may be subject to surveillance by unfriendly individuals or entities. This can involve monitoring their physical activities, tracking their online presence, or attempting to gain access to their devices undetected. Sharing travel experiences on social media can be exciting, but it also exposes personal information to a broader audience, especially sharing photos of tickets or your airport gate. Posting real-time updates that reveal your location and your absence from the hotel room can pose serious security risks if devices like laptops and tablets (and non-digital valuables!) are left there unattended.

By understanding threats to digital privacy while travelling and adopting appropriate security measures, travellers can minimise their risk and enjoy a more secure travel experience. Digital security lets you focus on the most important part of travelling: the destination!

2.0 Digital Privacy Techniques While Travelling

2.1 Keep Your Devices Physically Secure:

Maintaining constant physical control over your devices is the best way to prevent malicious tampering or outright theft. For me, this means having a slim backpack that I can take with me everywhere I go. My devices are never left in a hotel room, hostel, or Airbnb. When on the move, the pack is either on my back or between my legs. When seated, such as on a train or at a coffee shop, I keep the bag between my legs, with a leg through one of the pack straps. Leaving vulnerable items like a laptop, mobile phone, or tablet in the room is simply not a secure option. Browse my social media to see how easily doors with electronic locks (like hotel doors) can be opened with trash found outside on the street. Hotel safes offer only the illusion of security, as the most common units can be opened with a quick online search of the default factory password.

2.2 Keep Devices Out of Sight and Avoid Conspicuous Signs of Wealth

Flaunting the latest tech gadgets WILL get the attention of thieves in your area. Use devices only when necessary and maintain awareness even while you’re using them. Don’t get sucked into a social media scrolling session while you’re riding in a taxi. Keep the phone stowed away and enjoy the view outside. You might also consider leaving the fancy tech at home and having dedicated travel devices. We will look at this option in more depth in the Advanced Techniques section.

2.3 Secure Power Connection

While it may seem convenient to charge your devices using public charging stations or unfamiliar USB ports, these connections pose significant privacy risks. Bad actors can exploit these charging points to gain unauthorised access to your device, steal personal information, or install malware without your knowledge. 

To safeguard your privacy while travelling, employ USB condoms or a charging block. USB condoms, also known as data blockers or charging adapters, act as a barrier between your device and the charging source. By physically disabling the data transfer pins, USB condoms prevent any potential unauthorised data exchange between your device and the charging port while allowing power flow. Charging blocks serve as intermediaries between the power source and your digital device, isolating them from potentially compromised charging stations. They provide power through their own circuitry, minimising the risk of data theft or malware installation. 

Additionally, using external batteries to charge devices can also offer privacy benefits. External batteries allow travellers to charge their devices without relying on potentially untrustworthy charging sources. By using your own external battery, you have control over the charging process and can ensure the privacy and security of your data, even in compromised environments.

2.4 Use Secure Internet Connections

Exercise caution with public Wi-Fi networks. Public networks are rarely secured properly, making them prime targets for hackers to intercept sensitive information. Locations like cafes, coffee shops, bookstores, travel agencies, clinics, libraries, airports, and hotels can pose a heightened vulnerability for travellers. Instead, use a Virtual Private Network (VPN) that creates an encrypted tunnel between the device and the internet, helping to protect the data from potential eavesdropping. VPNs add an extra layer of security, even on unsecured networks.

Be sure to prioritise websites that use Hypertext Transfer Protocol Secure (HTTPS) when accessing sensitive information, such as online banking and email accounts. HTTPS is a secure communication protocol that encrypts the data exchanged between the device and the website, offering an additional layer of security for digital privacy. HTTPS also provides additional assurances to users by verifying the authenticity of websites through SSL (Secure Sockets Layer) certificates. These certificates validate that the website is legitimate and that the user is connecting to the intended destination rather than a fraudulent or malicious site. This verification process helps prevent phishing attacks or accessing fraudulent websites that may attempt to steal personal information. Most reputable websites today employ HTTPS by default, and modern web browsers often display a padlock symbol or a “Secure” label in the address bar to indicate a secure connection.

2.5 Use Encrypted Communication Channels

Encrypting your communication ensures that messages, calls, and other forms of communication are protected from unauthorised access or interception. When travelling, people often rely on communication channels such as email, messaging apps, or voice calls, to stay connected with loved ones, access important information, or conduct business. Encryption scrambles the content of messages, rendering them unreadable to anyone without the decryption key. With end-to-end encryption, the content of messages is encrypted on the sender’s device, transmitted in encrypted form, and then decrypted only on the recipient’s device. This ensures that the communication remains confidential throughout the entire process and cannot be deciphered by intermediaries or third parties.

In certain regions, travellers may encounter surveillance or censorship by authorities. Encrypted communication channels can help circumvent such surveillance efforts, preserving privacy and enabling individuals to communicate freely and securely. Encrypted communication channels often incorporate features to verify the authenticity of participants. This helps prevent impersonation, phishing attempts, or man-in-the-middle attacks, ensuring that individuals are communicating with trusted parties.

Travellers should consider using trusted messaging apps such as Signal or Wire in lieu of traditional SMS text messaging and voice calling. When using email, opt for services that support encrypted email communications, such as ProtonMail or Tutanota. At the same time, some popular encryption apps are banned or compromised, so check on what the country you’re travelling to restricts and does not restrict.  

2.6 Multi-Factor Authentication

Multi-Factor Authentication (MFA) typically involves requiring something the user knows (such as a password), something they have (such as a smartphone or hardware token), and/or something they are (such as a fingerprint or facial recognition) before a secure account can be accessed. This multi-layered approach significantly increases the difficulty for unauthorised individuals to gain access to an account or device, even if they manage to obtain or guess the password. In the unfortunate event of device loss or theft, MFA ensures that even if the device falls into the wrong hands, the additional authentication factors make it exceedingly difficult for the perpetrator to access the device’s data or accounts. If all of the previously mentioned privacy techniques somehow failed, MFA would be the last line of defence against complete data loss or fraudulent account takeover.

To maximise the safety benefits of MFA while travelling, enable MFA on all digital devices, including mobile phones, laptops, tablets, and any other device containing sensitive information or granting access to online accounts. Use a combination of authentication factors such as passwords, biometric recognition, or hardware tokens for added security. Regularly update and strengthen passwords and use a password manager. While MFA is a strong layer of security, you should still use strong, unique passwords for all accounts as the first line of defence.

3.0 Tips and Tricks

• Keep your phone in your pocket or in a dedicated pouch in your pack. Don’t place it on the seat next to you. Don’t leave it on the table in the cafe while you go grab napkins. And definitely don’t place it in the airline seat pocket in front of you. As a general rule: never place anything non-disposable in those seat pockets, whether it is in a taxi, bus, aeroplane, or train. Take every precaution to reduce the risk of leaving your devices behind.

• Purchase a waterproof pouch to keep important items like your passport, mobile phone, and boarding passes safe. Look for one with loops or anchor points so that it can be tethered directly to your belt or to a pocket in your pack.

• Do not put your “real” phone number on any luggage tags. Use a VOIP provider to create a “burner” number dedicated specifically to your luggage if it should become lost.

• In crowded airports, cafes, or public transportation, it’s common for people to glance at your screen, intentionally or unintentionally invading your privacy. A privacy screen protector limits the viewing angle of your device, ensuring that only you can see the content on your screen. This prevents prying eyes from accessing sensitive information such as passwords, personal messages, or confidential documents.

4.0 Recommended Digital Privacy Tools

4.1 VPNs

• https://protonvpn.com/
• https://www.privateinternetaccess.com/

4.2 Encrypted Communications

• https://www.signal.org/
• https://wire.com/en/

4.3 Multi-Factor Authentication

• https://www.yubico.com/product/yubikey-5-series/yubikey-5-nfc/

4.4 USB Condoms, Data Blockers

• https://www.amazon.com/PortaPow-3rd-Gen-Data-Blocker/dp/B06XGM6LJB
• https://sapgear.com/collections/digital-security/products/usb-data-blocker

4.5 Charging Blocks and External Batteries

• https://www.anker.com/

4.6 Waterproof and Weather-resistant Pouches

• https://www.amazon.com/Nite-Ize-Runoff-Waterproof-3-1-1/dp/B07MBPJRPR/ref=sr_1_1?crid=1WKPO7AO9GA51&keywords=nite+ize+dry+bag&sprefix=niteize+dry%2Caps%2C123&sr=8-1
• https://www.amazon.com/Magpul-Window-Pouch-Zippered-Tactical/dp/B07NPKH48N/ref=sr_1_7?crid=TX80L3ORA480&keywords=magpul%2Bdaka&sprefix=Magpul%2Caps%2C192&sr=8-7&th=1
• https://loksak.myshopify.com/collections/aloksak

4.07 VOIP Provider

• https://mysudo.com/

4.8 Privacy Screens

• https://www.amazon.com/laptop-privacy-screen/s?k=laptop+privacy+screen

4.9 Secure Storage

• https://veracrypt.eu/en/
• https://drive.proton.me/

4.10 Operating Systems

• https://grapheneos.org/
• https://pop.system76.com/
• https://ubuntu.com/
• https://tails.boum.org/

4.11 Travel Router

• https://www.gl-inet.com/products/gl-axt1800/

5.0 Common Mistakes to Avoid

5.1 Using Unsecured Wi-Fi Networks

Connecting to unsecured public Wi-Fi networks exposes your data to potential eavesdropping and hacking attempts. Avoid accessing sensitive information or conducting financial transactions on unsecured networks. Instead, use a Virtual Private Network (VPN) to encrypt your internet connection and ensure secure browsing.

5.2 Neglecting Software Updates

Failing to update your devices, apps, and operating systems while travelling can leave them vulnerable to known security flaws. Regularly install updates to patch vulnerabilities and improve the security of your devices.

5.3 Ignoring Privacy Settings

Many apps and social media platforms have privacy settings that allow you to control the information you share and who can access it. Neglecting to review and adjust these settings can result in oversharing personal data and compromising your privacy. Take the time to customise your privacy settings to your comfort level.

5.4 Falling for Phishing Scams

Phishing attempts often increase while travelling, targeting tourists who may be less familiar with their surroundings. Be cautious of suspicious emails, messages, or websites asking for personal information. Avoid clicking on suspicious links or providing sensitive data unless you can verify the legitimacy of the request.

5.5 Publicly Sharing Travel Plans on Social Media

Broadcasting your travel plans and locations on social media can be an open invitation to criminals. It reveals that your home may be unoccupied, making it a potential target for theft. Share your travel experiences and photos after returning to maintain the privacy and security of your home.

5.6 Using Weak or Repeated Passwords

Weak passwords or reusing the same password across multiple accounts put your digital privacy at risk. Use strong, unique passwords for each account and consider using a password manager to securely store and manage your passwords.

5.7 Leaving Devices Unattended

Leaving your digital devices unattended, even for a short time, increases the risk of theft or unauthorised access. Always keep your devices with you or secure them in a safe place when not in use.

5.8 Using Public Computers for Sensitive Tasks

Public computers in internet cafes, hotels, or other shared spaces may have keyloggers or other malware that can capture your personal information. Avoid using public computers for sensitive tasks like online banking or accessing private accounts.

5.9 Not Using Privacy Screen Protectors

When working on your device in public, it’s crucial to protect your screen from prying eyes. Privacy screen protectors limit the viewing angles of your screen, preventing people nearby from easily seeing your sensitive information.

6.0 Advanced Techniques

6.1 Laptop and Mobile Device Usage:

When travelling, especially internationally, the risk of encountering malicious actors who target your data increases significantly. This includes the possibility of unfriendly government entities demanding access to your devices before you enter their borders. Many countries have adopted forensic technology such as Cellebrite, which can extract all data from a mobile device in minutes.

Unfortunately, the storage and handling practices of this data are unknown. While the country itself may have little interest in the collected data, unauthorised individuals who later gain access to it can exploit it without your knowledge. To avoid any potential privacy violations, advanced measures can be taken when moving internationally.

Here are some of the steps you can consider:

For those travelling outside of the US but within North America, one approach is to ensure digital privacy by using a Linux laptop and a GrapheneOS mobile device. To further protect privacy, travellers can remove  the SIM card from the phone and acquire a new one locally. Before the trip, logging out of all programs and applications on both devices is recommended. If SMS text messaging or standard voice calling is not commonly used, there won’t be stored message or call data on the phone. Communication can take place on encrypted messaging platforms. In the event of being compelled to unlock either device, it would only reveal a series of login screens, safeguarding sensitive data.

When travelling outside of North America, choosing not to bring a mobile phone at all is an option. Since preferred encrypted communication applications are cross-platform, most travellers can use a laptop for all communication needs. Upon arriving in the destination country, you can always buy a local budget phone and prepaid plan.

You can do a lot to protect your data in case your laptop is lost, confiscated, or stolen. Completely wiping the hard drive and installing a fresh version of Linux is recommended. You should also enable full-disk encryption and download software like VeraCrypt or a VPN. Refraining from logging into any applications further secures the device.. Upon reaching the destination, downloading an encrypted VeraCrypt container from ProtonDrive, a privacy-focused alternative to Google Drive, can provide a secure space to store sensitive information required while in the country. Before returning home, repeating the exact same process of wiping the laptop, installing a fresh version of Linux from a USB, and travelling with a clean device ensures maximum privacy.

6.2 Use the TAILS Operating System:

TAILS (The Amnesic Incognito Live System) is a Linux-based operating system designed with privacy and anonymity in mind. It is a live boot USB that offers significant privacy benefits for security-conscious travellers. TAILS routes internet traffic through the Tor network, which helps conceal your IP address and online activities, making it difficult for third parties to track your online presence and enhancing your anonymity. TAILS includes pre-configured, encrypted communication tools such as the Tor Browser, email client, and instant messaging applications. These tools enable private and secure communication, protecting sensitive conversations from potential eavesdropping. 

TAILS runs entirely from a USB drive, leaves no traces on the host computer, and ensures that no data or browsing history is stored on the local machine. You can also create an encrypted persistent storage area on the USB drive with TAILS, which provides a secure space for your sensitive files, passwords, and other confidential information during your travels. TAILS incorporates strict security measures, including a read-only file system and robust sandboxing, to defend against malware and other malicious software encountered while using public or untrusted computers. 

• While TAILS offers robust privacy features, don’t treat it like a foolproof solution.  Follow best practices such as keeping the TAILS software up to date, browsing safely, and be aware of potential threats. Additionally, using TAILS alone does not guarantee complete anonymity, as user behaviour and other factors can still impact privacy. 

• Keep in mind that hiding your data sometimes raises suspicion from local law enforcement and security staff. The vast majority of travellers do not carry a USB with TAILS installed, so in the unfortunate event that border agents are checking USB drives, the discovery of TAILS might lead to questioning. In countries with limited regard for privacy, trying to keep your data private might make them more curious. 

6.3 Get Yourself A Travel Router

Using a travel router simplifies the process of maintaining a secure and private connection across people and devices. A travel router with a VPN is a device that creates a secure Wi-Fi network and encrypts all data transmitted between devices connected to it. The VPN service is responsible for encrypting the data, which is then transmitted through the secure Wi-Fi network created by the travel router. The encrypted data is sent to a VPN server, decrypted, and forwarded to the internet. The reverse process happens when receiving data from the internet. Instead of logging into a VPN with a phone and laptop, you just need to connect to the router.  

As previously mentioned, it is recommended to avoid connecting devices to public Wi-Fi networks. Instead, connecting the travel router to the hotel network and then connecting all devices through the travel router provides continuous protection. This setup allows an unlimited number of devices to connect to the network, and all of them will be protected by a single VPN connection with a kill switch. The hotel, hostel, Airbnb, or café will only see the router as the connected device. The travel router can connect via Wi-Fi, SIM card, Ethernet, or tethering to another device. It’s also possible to connect an external storage device like a USB drive and create shared network storage for all devices.

7.0 Conclusion

Personal information is increasingly vulnerable. As criminals and unscrupulous border agents get more and better tools to gain access to travellers’ data, they must prioritise digital privacy more than ever. By staying informed of the newest tools and products, taking proactive measures, and using recommended digital privacy techniques, travellers can enjoy a more secure and worry-free travel experience.At the end of the day, prioritising digital privacy allows travellers to focus on their journey, explore new destinations, and create lasting memories while maintaining control over their personal information.