Digital Security Tips to Prevent the Cops from Ruining Your Trip Abroad

I&#x27;m a US citizen and surely not of any interest to the government. I&#x27;d like to travel abroad, but I have an admittedly irrational fear of being denied re-entry (or, at the very least, being subjected to considerable unpleasantness upon re-entry) that gives me great pause. (I keep justifying to my wife that we haven&#x27;t been to all of the US yet but that argument will only go so far.)<p>I absolutely would not travel with any of my daily-driver devices. I worry having a completely empty phone w&#x2F;o a SIM or a visible history of use would cause me to be more heavily scrutinized. Same goes for a computer.<p>I&#x27;ve heard there&#x27;s an expectation for some returning travelers to divulge passwords for online accounts upon re-entry to the US (at the risk of &quot;unpleasantness&quot;).<p>I worry because I don&#x27;t have accounts on the common major social networks. For the accounts I do have (basically Facebook, LinkedIn, and a moribund Gmail account I have grudgingly) I wouldn&#x27;t know the passwords (because I use a password manager and random passwords exclusively). I wouldn&#x27;t have my password manager or 2FA seeds with me either.<p>I know I&#x27;m a crazy person when it comes to other aspects of my life. Am I a crazy person when it comes to this? (It definitely doesn&#x27;t help that I&#x27;ve watched various &quot;reality TV&quot; border&#x2F;customs TV shows...)

&gt; The first digital security rule of traveling is to leave your usual personal devices at home. Go on your trip with “burner” travel devices instead.<p>I thought it was just easier to do this for Israel. An Israeli company snail-mailed the phone to me before I left, and I mailed it back to them when I returned. You don&#x27;t have to worry that the phone will work in that country.<p>It might be different if I were traveling on business or crossing a lot of borders.<p>I didn&#x27;t do this, but I should have:<p>&gt; Just as you shouldn’t bring your usual devices, you also shouldn’t bring your usual accounts. Make sure you’re logged out of any personal or work accounts which contain sensitive information. If you need to access particular services, use travel accounts you’ve created for your trip. Make sure the passwords to your travel accounts are different from the passwords to your regular accounts, and check if your password manager has a travel mode which lets you access only particular account credentials while traveling.

Can we also tackle the general problem, by considering the snooping to be a diplomatic problem of the locale that does it?<p>A lot of travel is discretionary, such as vacations. Academic and trade conferences can often choose where they&#x27;re located. Business can often choose where they do business or expand.<p>A public interest Web site could publish a trustworthy database of incidents and report card grades of different locales, covering more concerns than the US State Dept. does.<p>Say, ExampleCon 2024 is announced to be in sunny Barlandia, and a bunch of members respond that they don&#x27;t feel safe attending, because the database says that Barlandia Customs often clones the devices of visitors without apparent justifiable cause, and some alarming specific incidents. Some respond privately; some publicly announce not traveling to Barlandia, and why.<p>When planning ExampleCon 2025, organizers consider the convention center in Footopia but have learned to check the database, and find that Footopia has a totalitarian attitude towards privacy&amp;security, as well as elevated incidence of harassment of LGBTQ+ and certain ethnic&#x2F;racial identities. They don&#x27;t tell the membership that Footopia was considered, but when they announce the choice of Bazland, they also link its favorable status page on the database Web site.<p>Meanwhile, the Blortcity government is taking note of this, and embarks on a intense campaign to make their status page numbers look great. A side effect -- besides their consequently growing tourism industry, and increasing tax base from new residents -- is that a lot of abusive&#x2F;hostile behaviors are stopped for everyone living and visiting there.

I don&#x27;t understand the point of traveling with clean burner devices and keeping your data encrypted in the cloud. Yes, it protects for threats where the devices are stolen or compromised when out of sight, but not for cases where government authorities are targeting you, as described in the article. What happens when govt. goons tell you to write down a list of your cloud accounts (email, storage etc.) and their corresponding security credentials and threaten you to not leave any out? Or, when you are asked to log in to your cloud accounts with the threat actors hovering around you? How many of us would refuse and&#x2F;or roll the dice on not revealing certain accounts and risk them being discovered later (along with implications of not having revealed them earlier when specifically told to do so)?<p>Wouldn&#x27;t it be more rational and reasonable (for everyday folk, not journalists, activists, dissidents, etc.) to never travel with or keep on cloud storage any data that they would rather authorities never, ever see, if at all they have such data?I think the vast variety of business and personal data does not fall into this category.<p>Note that, in principle, I am all for privacy and resisting govt. intrusions into private lives by crafting appropriate legal frameworks and strong technical mechanisms. In practice, as an average Joe, I don&#x27;t know how much I should resist if&#x2F;when I am personally targeted and threatened with dire consequences while traveling in a foreign country. It is easy to think that in such a situation, my priority would be to get out of that situation asap and folding completely may be seen as the fastest way to achieve that.

Sounds excessive. Probably the only country I would bring burner devices to would be China. Even that idk, I&#x27;d have to research and make sure I&#x27;m not just a victim of media fear mongering.<p>Who&#x27;s the target audience for this article? I&#x27;ve been to I think 16 countries, I think i only talked to a cop once, that was at a traffic check point.

These suggestions seem inconvenient. I guess like a lot of security there’s a trade-off to be made between risk, impact &amp; the cost of mitigation. If you travel frequently, need to work while in transit, you’re going somewhere with unreliable internet, or just don’t consider yourself a likely target then you’re not going to bother with most of this.

&gt;takes your phone or laptop to another room, the safe bet is to consider that device compromised if it’s brought back later, and to immediately procure new devices in-region, if possible<p>Isn&#x27;t an easy solution to this is to have your &quot;laptop&quot; just have a generic OS install, but have your real machine a bootable USB or SD?

Summary: bring burner devices, tamper-evident bags, and keep your devices empty when crossing borders.

&quot;Travel&quot; shouldn&#x27;t be considered a special risk. I had my laptop stolen on a San Francisco BART train.<p>It is possible to set up Apple devices so they&#x27;re bricks in anyone else&#x27;s hands. If you&#x27;re not satisfied with your level of security for travel, why are you comfortable taking your device out of a locked safe?

I don&#x27;t dare take my real smartphone or laptop with me when I fly domestically in the US. I certainly wouldn&#x27;t take them with me when flying internationally, either.