Assess & Plan › Protect your information and devices while traveling

Protect your information and devices while traveling

更新 8 May 2025

目录

...加载目录...

    Traveling exposes you, your devices and your data to many risks. Laptops and other devices can fail or get stolen, lost, damaged or impounded. Data in transmission from public access points such as airport and hotel wifi networks can be intercepted. Using untrusted systems may expose you to keyloggers and other attacks designed to capture information that should be kept secure.

    In addition, when you are crossing any national border you have few if any rights to protest or refuse when a border control or customs officer wants to inspect any part of your luggage, including the data stored on your laptop, mobile device, digital camera or recorder. In many countries, including the US, a customs officer needs no "probable cause" or warrant to search your machine or confiscate it for further inspection.

    Ask yourself: will you be able to work if your machine and all its data are inaccessible? Will your co-workers, supporters, aides, allies or donors be endangered if the data you're carrying is exposed to outside scrutiny? What will you do if someone who has intercepted or accessed your data uses what they've learned to impersonate you, potentially damaging your personal reputation and that of your project or organization and endangering those who innocently respond?

    This guide includes a series of recommendations to prepare for your travels and minimize risks for your data and devices when traveling and crossing borders.

    Basic security practices

    Some of the following recommendations are general security practices, but they should be implemented with special care when planning a journey.

    • If you haven’t defined a general password policy, it is important that you do so when preparing for travels.
    • To minimize the risk of someone accessing your email and social media accounts, set up multi-factor authentication whenever possible.
    • Update your operating system and software. Whatever measures you can take among the steps included in this guide, if your system and your software are not up-to-date, they are more vulnerable to attacks.
    • Make sure an updated antivirus is running in your device.
    • To prevent phishing attacks and malware infections, avoid opening unrequested attachments or links included in emails or other messages.
    • Investigate the situation of the country you will be visiting. In particular, check if the internet is censored and if using VPNs and other censorship circumvention tools is allowed, if encryption is banned and if there is any law that forces to hand over your device password, your encryption keys, your email credentials and other passwords or codes to the border police when entering the country.
    • Set your device to lock automatically when unattended. Most operating systems provide a way of automatically locking the keyboard and display after the device has been inactive for a while. This is a good solution even though the best practice is to never leave your device unattended when you're in a place you don't completely trust. Similarly, you should set your device to require a password at login and whenever you resume from standby.
    • Watch out for shoulder surfers. Always be aware of who is in your immediate vicinity when you type in passwords, passphrases and the PINs that protect credit cards and debit cards. Protecting against shoulder surfers who pick up your user IDs and passwords by watching from behind you or remotely (look for cameras) is the reason why today's operating systems replace the passwords you type in with a series of dots. But the same information can be picked up by watching your fingers on the keyboard or screen, so be careful.

    Prepare for crossing borders

    Minimize the data you'll be carrying with you

    • Ask yourself what data you actually need while traveling and what can be left behind.
    • Copy everything you do not need to another fully encrypted computer or hard drive that will remain safe at your home or office and delete it from the devices you'll be traveling with.
      • While you are doing this, also back up your sensitive data onto media such as external hard drives and USB sticks and store them in a secure location separate from your main computer such as a small combination safe outside of your office.
      • Learn how to back up your data securely.
    • Consider storing either just your data (after encrypting it) or an entire image of your system complete with software on a cloud service provider and traveling with a barebone laptop. Once arrived at your destination, you can download the data and/or software, re-uploading it before departure. This setup provides both data minimization and an accessible backup, although it limits what work you can do in transit.
    Learn why we recommend this

    Data you are not carrying with you cannot be lost or stolen.

    When crossing borders, it's particularly important to ensure that you are not carrying any data that could be illegal in any of the countries you are traveling to. Potentially illegal data might include authorized copies of copyrighted material (such as music and video), pornography and even innocent photographs of unclothed children you're related to. If such material is found in a border search, your laptop could be confiscated.

    Use an alternative email address

    Learn why we recommend this

    Border agents may want to check your mailbox, which may contain a lot of sensitive information. Furthermore, during your travels you will probably have to use untrusted connections and systems, exposing your email to many possible attacks. An important tactic to limit the consequences of such attacks is to create a new, web-based email address just for the trip and to dispose of it afterwards.

    Use this address for all non-sensitive communications while traveling so that if the account is compromised it will give the attacker no value beyond the end of your trip. Do not log in to your regular email account until or unless you can be confident that the connection and computer are safe.

    Remove your social media accounts from your devices

    • Log out of your accounts before crossing the border.
    • Remove (or hide) social media apps from your devices.
    • Consider creating a second profile on some of the most widespread social media platforms. Populate these accounts with content starting some weeks or even months in advance, and log in to them from the mobile device you are traveling with.
    Learn why we recommend this

    Border agents might want to inspect the social media accounts they find in your devices. By logging out of these accounts, and even removing the relevant apps, you'll make sure that they don't know on which social media you publish potentially compromising content.

    If you think that agents who are checking your device may find this suspicious and may not believe that you don't have any social media presence, you can create an account on some of the most widespread social networking platforms. If you decide to do so, it's a good idea to start populating your alternative accounts with harmless content (like messages with small talk and pictures of food and cats).

    Clean up your web browsers

    • Log out of any account, like email and social networking platforms.
    • Clear temporary internet files and browsing history.

    Manually clean up your chat apps

    • Consider what chat apps you have installed (for example in some countries being spotted at checkpoints with Signal on your devices may put you at risk).
    • Look for sensitive words in your chat history and remove those chats from your history.
    • Change the name of groups if you are the admin, use non-descriptive names that don't contain sensitive words.
    • Set up disappearing messages in your sensitive chats.
    • You can always unistall your messenger apps if you don't have time, but consider that not having a messenger app can be seen as a red flag.

    [Advanced] Hide your sensitive files or folders

    Learn why we recommend this

    If you really need to carry some sensitive files with you while crossing the border, you can consider hiding them inside your device using native Android or iOS functionalities or, better, secure apps like Tella or VeraCrypt, which will not only hide your files, but also protect them inside an encrypted folder.

    Use encryption to protect your data and communications

    Learn why we recommend this

    While it is always advisable to encrypt the data stored in your devices, the import, export and/or use of cryptography is illegal in some countries.

    In some cases you may need to apply for an import or export permit; in a few cases personal use may be banned entirely. You should also check on the legal situation with respect to handing over your private keys to law enforcement: in some countries you may go to jail if you refuse to cooperate.

    If encryption is illegal in the countries you're traveling to, the best way to protect your data is deleting all sensitive information from your devices and uploading the files you will need to a secure cloud storage platform after encrypting them.

    Encrypt your devices

    Learn why we recommend this

    Encryption is an important technique for ensuring that if someone gets hold of your laptop or other device and tries to access your data without your passphrase all they will see is a random pattern of 1s and 0s.

    Be aware, however, that using encryption makes recovery of your data harder if your hard drive suffers a drop, violent knock or other form of accident. The costs of this type of advanced data recovery are out of scope for most human rights defenders and civil society organizations. Keeping good backups is essential.

    [Advanced] Protect your cryptographic keys

    If you encrypt your email, probably the most valuable data on any device you carry with you will be your private PGP encryption keys. You should pay particular attention to protecting them and the passphrase that unlocks them. This means not allowing such devices to be in the hands of third parties without supervision and not leaving the devices unattended when others have access to them. You may prefer not to keep your private keys on your devices at all. Instead you could keep them on an encrypted USB thumb drive that hangs around your neck and that you keep under your control at all times.

    Public access

    When traveling, you may frequently use public systems, whether these are computers provided in libraries or other public areas or the wired or wireless networks in hotels, conference centers and elsewhere. Each of these situations has its specific risks.

    Shared computers

    • If you're planning to use shared computers while traveling, you should always consider these devices insecure.
    • To reduce the risk of a physical keylogger being used to spy on your communications, consider taking with you a small USB keyboard that you can plug into the untrusted computers you use.
    • To reduce the risk of being surveilled through spyware installed in the shared computer you're using, consider traveling with a custom live USB that you have prepared with your choice of operating system and the basic software you need. This way you can boot your own trusted operating system from the USB and bypass the untrusted computer's standard setup entirely.
      • If you are planning to prepare a custom live USB, consider using Tails, which will also protect all your connections routing them through the Tor network.
    Learn why we recommend this

    The most likely way your security could be thoroughly compromised while you travel is through logging into your accounts on a machine that is not trusted.

    The particular danger is keyloggers and spyware, which can capture everything you do on a computer.

    Hardware keyloggers are dongles inserted into the cable running between the keyboard and the computer. You should check for these before using any keyboard that is not your own.

    Software keyloggers and other kinds of spyware are a much more dangerous threat because it is so difficult to tell if they are present. For that reason, gaining any level of confidence in an untrusted computer is a daunting prospect.

    Protect your connections when using untrusted networks

    Learn why we recommend this

    The need to use untrusted connections to the internet is a constant when traveling. These include hotel wired and wireless connections, municipal and commercial hotspots and so on. Rogue nodes in such networks may be able to perpetrate what are known as machine-in-the-middle (MITM) attacks. These can capture the addresses of sites you visit and the addresses and contents of email communications. A rogue node can also divert your traffic from the genuine site you're trying to access to a dangerous fake.

    Encryption, as always, is the most important technology to ensure that data cannot be read by anyone who intercepts it in transit. A common solution is to use a trusted VPN. But what's most important is to make sure that you protect your connections by always using HTTPS, which encrypts all your traffic, whether you're visiting a website or using another online service.

    Internet censorship and blockages

    Learn why we recommend this

    In some countries, access to the web may be limited due to censorship of certain websites or to country-wide blockages.

    Mobile phone security

    Leave your phone at home and travel with a different one

    Mobile phones should generally be considered insecure. When traveling, it's best to leave your phone at home and to travel with a different mobile device that does not contain all your data. If you have to take your work phone with you, back up all your data in a different device and remove it from your phone. To limit the risks your phone is exposed to, you can read our guides on securing Android devices and iPhones or iPads.

    Communicate through secure messaging apps

    Learn why we recommend this

    While you're traveling, some of the fastest ways to secure your communications could be offered by messaging apps on mobile devices. If the people you need to communicate with use secure messaging apps, you can consider using these tools to encrypt messages and files as well as voice calls.

    [Advanced] Hide your sensitive apps in your mobile device

    Learn why we recommend this

    If you need to keep some sensitive apps installed in your mobile device while you're traveling, you can hide them using native functionalities available both for Android and iOS.

    References