summaryrefslogtreecommitdiff
path: root/old/published/How To Wiki/securetravel.txt
blob: 8891acc19e39d070772933d86281789ce25aacc7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Most people traveling abroad for vacation or even business can take some basic steps to secure their data on the road and rest easy knowing that their data is reasonably safe. Sometimes however, you might be headed for more serious situations, for example, journalists or human rights workers, both of whom often travel to overtly hostile countries.

In these cases the potential consequences of exposing your data is considerably more serious than need to cancel some credit cards. If you're headed somewhere beyond the ordinary world of holiday travel and want to make sure you don't end up in some foreign gulag you need to make sure that your data is encrypted and kept doubly safe from prying eyes.

Here's our guide to making sure that your digital ass is covered while you travel to world's darkest corners.

== Nothing is foolproof ==

The first thing to bear in mind is that every system, no matter how well considered, is potentially vulnerable. Even the best security systems can be defeated. That's doubly true if you're up against potentially hostile nation states rather than just crafty individuals. The resources amassed against you are even bigger and much more frightening when an entire government is footing the bill.

That doesn't mean you should just throw in the towel, become a xenophobe and mutter to yourself about the dangers of the world while pacing the confines of your secure underground bunker.

As with all things there is a middle ground that consists of assessing the threats, identifying your potential vulnerabilities and securing against attacks as best you can.

== Assessing Threats ==

If you're headed to North Korea, Iran or some place where you may not have the right to resist searches of your property and person the first thing to do is minimize your exposure. Do you need to bring those PDF files outlining Ghandi's guide to successful non-violent protest? Probably not.

Assume from the start that someone will get into your file system and eliminate everything you don't absolutely need and certainly anything that might be seen as incriminating by foreign agents.

What remains should be only the absolute necessities which you can now work on securing.

==Encryption==

Your first line of defense, encryption hides your data from prying eyes. When it comes to encrypting your files, all the major operating systems offer some form of whole disk encryption. Turn it on and set a secure password. For more info see our previous article on how to [http://howto.wired.com/wiki/Encrypt_your_Hard_Drive Encrypt your Hard Drive] and be sure to use AES encryption if it's available.

That keeps your hard drive and files reasonably secure, but what about your connections to the outside world? Wifi connections are vulnerable and e-mail, as well as any other network data you plan to access, needs to be secured as well. To secure your e-mail follow the steps in our [http://howto.wired.com/wiki/Encrypt_Your_E-Mail Encrypt Your E-Mail] guide.

The first rule of free public wifi is that you never connect directly to it. Ever. It's convenient, ubiquitous and almost impossible to secure, which is why you're going to connect to the web through a VPN instead.

== Virtual Private Networks ==

Virtual Private Networks, or VPNs, are more or less just tunnels that connect your laptop to another network elsewhere -- ideally your own network at home, which you control. All data is then sent and received by the other network. From your end everything seems as through you're simply connected directly to your own network. Running over a wifi network, a well-secured VPN session "looks like" a standard https connection to someone watching the packets as they come and go over the wifi network. That means it will defeat most surveillance, interception, or data theft.

At the time of this writing there are no known exploits to subvert the security of VPNs based on open, peer-reviewed frameworks like [http://openvpn.net/ OpenVPN]. If you prefer not to set up your own VPN, you can always use commercial offerings like [https://www.ipredator.se/ iPredator] (from the same folks that started The Pirate Bay), [https://www.witopia.net/ WiTopia] or others.

== Don't forget the real world ==

Not all threats are clever high tech hackers sniffing wifi or border patrol guards running cracking software, some vulnerabilities are more mundane. For example, perhaps the simplest thing you can do to keep your data safe is make sure it's always on your person. Don't give it to anyone, ever. That includes hotel lockboxes and hotel safes in the lobby. After all what's stopping an agent of the state from opening that safe and having his way with your laptop while you're out to dinner? That right, nothing at all. Don't let anything you want to keep private out of your sight and trust no one with your data.

== Conclusion == 

Keeping your data secure in hostile environments is not easy, nor is it something for the feint of heart, but it's not impossible. Government agents, NGO works and journalists do it all the time and in most cases they do it using the same tools you can. Just remember to be safe, obey local laws and always know the best route to your embassy doors in case you need to get there in a hurry.