Ask HN: How would you travel on an airline with your life's data and devices?
I am moving to a new country and it will require travelling by plane with all of my possessions. That includes many laptops, Raspberry Pis, routers, hard drives, USB drives, and SD cards. I think that this may firstly look suspicious, and secondly I am concerned about something being implanted on any one of the devices or drives if they are ever out of my sight, or being "asked" if they can be viewed (i.e. being compelled to give in to plugging in the drives).
What would you do? Encrypt all the drives? Transfer almost two terabytes to encrypted cloud storage (which provider?)? What about the laptops (I have 4, one Android tablet, two iPads, a current and old phone)?
I could ship these in the post ahead of time. Though I don't think if it's any safer.
70 comments
[ 4.5 ms ] story [ 140 ms ] threadAnd if you are a VIP — you shouldn't store that much sensitive information on you anyway.
Reminds me of someone (maybe Preet Bharara?) who said that when posted abroad in some places, high-level officials have to have even any domestic arguments in a SCIF[1] to avoid leaking pressure points.
[1]: https://en.wikipedia.org/wiki/Sensitive_compartmented_inform...
1. Tar up with `tar c folder | pigz -z > folder.tar.gz`
2. Encrypt with `gpg -c folder.tar.gz`
3. Split into (say 1GB) files with `mkdir pieces && cd pieces && split -b1073741824 ../folder.tar.gz.gpg`
Then just copy those files into some sort of bucket storage like GCP for Google with something like:
gcloud alpha storage cp -R pieces gs://bucket/pieces
That might cost like 40$ for 2TB. Above people are posting about much cheaper storage costs. I guess at that point you don't have to worry really since the files are encrypted you can host them wherever.
Of course you have the question of how to transport the machines. I.e. should they be wiped? I guess that's up to you.
You can generally find good options at camera shops.
Check on customs laws to be sure that shipping or carrying a lot of electronics with you is legal and pay any import duties that might be necessary. I imagine moving companies have experience with this kind of international move and also raise absolutely no suspicion about random electronics that are part of a permanent move to a new location.
Bro is time travelling with these questions tho
But the caveat I have no knowledge whether your concerns are practical or theoretical. No knowledge of what is actually at stake. Is it state secrets, a few billion BTC, or cat photos.
For simplicity, it's probably cheaper and easier to send some peripherals to the Sally Ann or Goodwill and replace it in the new locale.
As for the data, 2 TB isn't that much these days. It's just a small portable drive and no one will bat an eye. Photos from my DSLR alone take up more space than that!
Movers moved the physical servers and hard disks about 9 years ago when I moved; they all spun up just fine at the other end.
It sounds more convenient to insure(!) and ship most of the hardware once the data on them is backed up.
You're likely not going to be able to take multiple laptops with LiIon batteries on a plane, baggage or carry-on. EDIT: I have flown with two laptops in the same carry-on without problems, so it probably depends on exactly how many you need to bring.
Stick it on a little encrypted USB drive and put it in your pocket? Maybe with a couple of spare drives in your checked luggage, and post one as well. Nobody will care. Wipe the devices if you really want. Not the huge problem you think it is.
If your travel goes smoothly, no problem, if not, someone can ship you one of the drives, or perhaps hook it up to their own computer or NAS and set up a downlink, or send to Backblaze, etc.
So, you might find better suggestions by looking to immigrant/expat community resources for the destination country. You might learn of particular paperwork or least-friction options to ship the majority of it and avoid surprise seizure or customs duties, etc.
Also, some combination of encryption and online backups does sound like a good idea to me, unless of course the countries involved have nasty restrictions on encryption tools. Leaving a copy with a trusted friend or relative in your origin country can also give you a recovery plan. If all else fails, you can work with them to arrange an online transfer in the future, or just wait and get another copy the next time you visit your original country.
You also might want to remove personal data from devices before shipping them, and plan a factory-reset/wipe procedure when you receive them on the other end if it gives you peace of mind.
Your best bet is to back up all the data from all of them onto one large hard drive, encrypt that, wipe everything and travel with everything but the hard drive. Then let them poke around whatever they want. Maybe keep some stuff like family photos and whatever just so that it doesnt look like you wiped everything before leaving.
If you travel with that many drives you're likely to gather some suspicion, so they're likely to want to poke around.
As far as getting the data to you, you could have a friend or family member mail the drive to you, or have it hooked up to an internet connected FTP server, or even an open VPN or wireguard tunnel to the network it's on with local only access.
I paid a lot of money to have a bunch of junk shipped, and all I received was a pile of twisted metal-- it was all destroyed in transit. Trying to salvage the data from the hard drives cost me hundreds of hours, was only partially successful, and the only aspects of the mess you get reimbursed for are shipping cost and retail value of old computers (do you have all of the receipts/invoices for them?). You don't get paid for your time or grief.
The only country I've ever seen that takes issue with travelers carrying too many <item_type> is Japan, but the more of anything you have, the more opportunity for any single piece to get lost along the way. Transfer important data to two encrypted xTB-sized personal drives and toss those in your carry-on. You are your own courier.
Make peace with the fact that all of your gear is disposable when you get on that plane.
If you insist on shipping...
* Bring copies of your original purchase receipts/invoices for items shipped with you on the plane. You will not be able to substantiate any loss/damage claim if the documents you need to prove losses were themselves lost or destroyed.
* You can increase handling diligence by adding a gun to the parcel and following legal firearms-shipping procedures. Carriers attract a lot of heat when they lose guns. This may or may not be an option for you, and will limit your carrier options to FedEx (and maybe DHL?).
* Remove all hard drives from their chassis. (This one, I overlooked, and being the only part I actually cared about it cost me dearly.)
* Have your stuff packaged by a UPS/eq. Store. DO NOT do it yourself, even though you would do a better job of it-- when you need to make a damage claim against the carrier, your claim will ALWAYS be denied on account of improper packaging if you're the one who packed it.
* Some insurance riders will require signature confirmation at delivery. When you sign for it, write "DAMAGED" above your signature-- whether or not there's anything apparently wrong with the package. Not all damage is immediately obvious, the terms for reporting concealed damage are easily faulted, and signing that pad with only your name affirms you received the package intact-- and guarantees any subsequent damage claim will be denied.
In Australia for example: https://www.theguardian.com/australia-news/2022/jul/20/exper...
From memory if they gain access to the data they retain it for something ridiculous like 15 years, and are exempt from all data protection/privacy laws.
Even though the risk is small, having all my data leaked like this is unacceptable.
Another rule is that if my devices are taken out of my sight, I won’t use them any more; I’ll sell them and buy new devices. You don’t know what exploits are out there and again it just isn’t worth the risk.
I’d ask if you really need multiple laptops? You’re obviously concerned about this, so minimising your attack surface seems like something worth investigating.
What I’d do is ask yourself which of these things you REALLY need and take those in a carry on. Putting laptops in checked luggage may be difficult, as they don’t like lithium ion batteries because of the risk of fire in the luggage compartment. Shipping used electronics is risky, probably expensive, and perhaps impossible.
It all depends on how customs works. For example, shipping a laptop to Mexico with an import partner is quite difficult, and Indonesia may not allow it at all. Shipping to a Western European country may require paying a lot in import duties.
What I’d do if I were you I’d this. Put everything you can carry into one backpack. Put the stuff you could afford to lose in a carry on suitcase, which they could potentially make you check if overhead luggage is full (pack with some padding, like put things between your clothes or whatever). Try carrying it through and see what happens. They may not stop you, and if they do, just be prepared to pay a fee or abandon your equipment.
Another option could be just making two trips, or paying someone to fly with you.
You can encrypt drives if you want, but that could be a pain if they ask you to turn in the equipment. That happens. Maybe just backup the stuff you need and wipe the drives if you’re really concerned about security.
Good luck!
In Germany, a security officer once pulled me aside and said "so... many... electronics..." and I politely pulled them all out and showed them. Once they realized that I just travel heavy, it was nothing.
It's not what I would take to China on business (that would be a cheap Android phone with a prepaid SIM that would be discarded entirely on return), but I've taken it to Kenya and Tanzania, the Caribbean, Western and Central Europe, Canada, and Mexico. If none of them batted an eye at that for a trip of two weeks or less, I don't imagine they will care much if you're actually moving.
I use a Pelican 1495 briefcase and I carry it with me at all times. It's waterproof and padded and terribly strong. It locks (non TSA approved, so carryon only!) with a passcode. I carry a small laptop and a desktop replacement in this case, along with some paper, a mouse, a bluetooth keyboard, two chargers, a bag of adapters, and a partridge in a pear tree.
There are rugged SSDs, but they are expensive and may not survive luggage handling.
On airport, there is a chance that you are asked about the encryption password, especially in US.
* invest in actual end to end encrypted cloud storage like tresorit. Keep copies of everything important there. Log out when traveling. Encrypted drives could compel password sharing if they have a problem with you.
* delete all work projects from all devices. Log out of work emails. Travel mode on 1Password etc.
* don’t actually delete everything off of every device, that’d be a flag
* delete all the sensitive photos off your phone. Photos of anything financial, passport/visa scans. Personal photos etc.
* raspberry pi can go in checked luggage. Try to attach some product packaging, don’t pack a ton of those little connector wires as that invites an inspection
* if you want to ship, UPS is pretty decent and fully owns their international ops better than other couriers. FedEx contracts out too much. I’d trust UPS to go through my boxes, but not FedEx. And local mail companies use gvmt customs clearances and just ship on passenger planes. More likely to open and inspect.
This really depends on your threat model. If you're of interest, they don't need to do this at the airport, when a real person of interest is likely most alert to tampering.
If you're not of interest, they're not going to bug every random traveler with a hard drive using state-level technology and risk giving the game away by being found out by a perspicacious security researcher one day.
After the stress of travel and clearing customs, the usual next steps are abandoning all luggage in your hotel room and going out for food.
There's a reason some countries insist on knowing your full itinerary and/or all of the hotels you intend to stay at...
Then I just carried a single laptop and a small drive that wasn’t found by airport inspectors with about 10gb of important data.
This was before cheap cloud storage was available and if it was, I’d put a copy there as well.