There's a really great post on tips for airplane travel over on ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
sweetmusic_2 that I've been meaning to point to for a long time.
Go read it, especially if you haven't traveled by air much.
This post isn't very closely related at all; it just seemed like
a convenient excuse for a link. This post is more directly related to this post on
Techdirt.com and related matters, which point out that customs agents
on both sides of the US/Canadian border are searching and in some cases
seizing laptops and cell phones.
OK, we all know that keeping sensitive data on your laptop is a bad idea.
And we all know that you can encrypt your home directory -- at least on
Linux and Mac. And you can use something like TrueCrypt to make a complete virtual
encrypted disk. Both will protect your privacy pretty well, but if your
laptop gets stolen or seized, you still lose the use of your data.
Similarly, you can set a master password in Firefox, but it's probably not
going to protect your login cookies, it might be breakable, and customs
might be able to force you to reveal it in any case.
So here's a better idea: don't have secrets anywhere on your computer when
you cross the border. This is the software equivalent of taking all the
metal out of your pockets and using a piece of rope for a belt as you go
through the security checkpoint.
This relies on having all of your private data accessible via the
web. It has to be either encrypted, or on your home server and accessible
through an encrypted tunnel like ssh. Because your connections may be
slow, it also helps to minimize what you really need: basically your
keychain file(s) and your ssh and gpg private keys.
The private keys will all be protected by long passphrases anyway, if
you're doing it right. You can encrypt your browser password file with a
master password as well. Your IM client probably keeps your account
passwords around; find that file too. If you keep a separate file of
website passwords, as I do, you should encrypt that. Now put
them all in a directory, zip it up, and encrypt the zip file.
Note: do not use your gpg private key for this: it's not going to
be on your machine when you need to decrypt the secrets! Use AES and a
long passphrase.
Mail the resulting zip file, as an attachment, to yourself on any
convenient webmail account. Or put it on a website that you control. If
you want to be really safe, use steganography to put it inside an image.
Now delete all your secrets, using a secure deletion program that
overwrites all the files with random bits before actually deleting them.
Clear your browser cache, history, and cookies, again with a secure
deletion program. Go.
When you get to your destination, retrieve the secrets file, decrypt and
unzip it, and put everything back in the directories where they belong.
I'll be doing some international traveling in a couple of weeks; by that
time I'll have some scripts I can post for you.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
