Today a customer asked me about the best strategies for crossing a border without having has data stolen by (what he considered) a hostile government. I think this is a great question and something everyone who travels needs to know.
It was a bit funny that he’s a Canadian worrying about entering the US, but since I live in the US I probably have a blind spot to the level of hostility non-US citizens feel towards my government. This is not a vital plot point; I just thought it was kind of funny. (⌐■_■)
So, using SpiderOakONE as an example, here are some tips to secure your data when crossing a border. This assumes that you’ll have access to an internet connection once you’ve crossed. We’ll call our intrepid travel Canada Joe.
First, prepare your computer
Canada Joe knows when he is setting out on his adventure to the land down below, so he has a bit of time to get his data ready. The first step is for Joe to back up his data with SpiderOakONE. Having data securely backed up in SpiderOak means that once Joe gets to New York or Des Moines (or Kansas City if he’s lucky!) he can simply download the data to his computer.
Once the data is backed up, it should be removed from the computer’s hard drive. It’s not necessary to wipe the entire drive, but the sensitive files shouldn’t be on the hard disk. If Joe uses the SpiderOak Hive folder, all he’ll need to do is exit SpiderOakONE, then delete the Hive folder. (Also be sure to empty the trash folder.)
Next, delete SpiderOakONE’s app data folder
Like many types of software, SpiderOakONE stores account credentials in a hidden folder. Even if the application is uninstalled, the app data remains on the hard drive and could give access to if the application is reinstalled and launched. (Remember that we’re preparing for hostile actors who we have to assume are very tech savvy and understand about app data.) You can find a write-up of how to delete SpiderOakONE’s app data folder on the SpiderOak support site.
Avoid cold boot attacks
Joe is now on his journey. Before going through immigration, customs, or airport security he will need to watch out for a cold boot attack. This is pretty simple; Joe needs to make sure his computer is completely powered down for at least three to five minutes before getting in line. This ensures that the computer’s RAM will be cleared.
Accessing data after arrival
Since Joe wasn’t smuggling maple syrup (or any other Canadian delicacies!) across the border he made it across without issue. He’ll need to be careful when using public WiFi to access his data. While VPNs aren’t an ironclad guarantee, they are the easiest way to avoid most problems that result from public WiFi connections. My favorite, and the VPN I use on all my non-work devices, is VyprVPN. (There are many good VPNs out there; the most important thing is to use something rather than an unprotected connection.)
When Joe fires up his computer and connects to his VPN, he’ll then be able to reinstall SpiderOakONE, create a new device, and then download his data. When it’s time to head home he can repeat the process.
Isn’t this all a little too paranoid?
Not really. Most people aren’t the specific target of surveillance, but if you’re in a foreign country your chances of attracting surveillance attention are much higher. This process isn’t very hard, and if it takes some of the stress out of an international trip I think it’s worth it. Just be sure not to wear your tinfoil hat through security. The beeping. Not worth it. ( ⧉ ⦣ ⧉ )
Do you have any tips or hints for keeping your data safe when traveling internationally? Ever get stopped while going through the airport? Share with us in the comments!