Ask HN: How would you travel on an airline with your life's data and devices?

55 points by walrus_pen ↗ HN
I am moving to a new country and it will require travelling by plane with all of my possessions. That includes many laptops, Raspberry Pis, routers, hard drives, USB drives, and SD cards. I think that this may firstly look suspicious, and secondly I am concerned about something being implanted on any one of the devices or drives if they are ever out of my sight, or being "asked" if they can be viewed (i.e. being compelled to give in to plugging in the drives).

What would you do? Encrypt all the drives? Transfer almost two terabytes to encrypted cloud storage (which provider?)? What about the laptops (I have 4, one Android tablet, two iPads, a current and old phone)?

I could ship these in the post ahead of time. Though I don't think if it's any safer.

70 comments

[ 4.5 ms ] story [ 140 ms ] thread
Unless you're some government/military official - why do you care so much? Who would ever care about gigabytes of your stuff?

And if you are a VIP — you shouldn't store that much sensitive information on you anyway.

I don't understand your sentiment. Most of the data is decades of family pictures and videos.
Which is completely innocuous and, assuming you aren't anyone special, if no interest at all to anyone else. If you are someone of high enough profile that knowing who went to your birthday party is valuable intel, then your problems don't end with getting your devices through the airport.

Reminds me of someone (maybe Preet Bharara?) who said that when posted abroad in some places, high-level officials have to have even any domestic arguments in a SCIF[1] to avoid leaking pressure points.

[1]: https://en.wikipedia.org/wiki/Sensitive_compartmented_inform...

Host it somewhere encrypted (GPG) and download it when you get to destination?
Yeah with Linux commands easiest might be:

1. Tar up with `tar c folder | pigz -z > folder.tar.gz`

2. Encrypt with `gpg -c folder.tar.gz`

3. Split into (say 1GB) files with `mkdir pieces && cd pieces && split -b1073741824 ../folder.tar.gz.gpg`

Then just copy those files into some sort of bucket storage like GCP for Google with something like:

gcloud alpha storage cp -R pieces gs://bucket/pieces

That might cost like 40$ for 2TB. Above people are posting about much cheaper storage costs. I guess at that point you don't have to worry really since the files are encrypted you can host them wherever.

Of course you have the question of how to transport the machines. I.e. should they be wiped? I guess that's up to you.

I would get something like a Pelican case, get a lock for it, and ship that. Not perfect but much more likely to make it in one piece. Before that, I would take my most critical data and back it up encrypted in a cloud service or take it on a portable device that stays on my person.
Or place the thing in overhead. I did exactly this with several TB of data when I emigrated a while back.

You can generally find good options at camera shops.

I would think along these lines: https://xkcd.com/538/
Relevant but not sure how it's helpful. I should just give up?
You should be as low-profile of a traveler as possible to avoid getting investigated in the first place. Fly with one laptop, one external storage drive, and other normal personal things.

Check on customs laws to be sure that shipping or carrying a lot of electronics with you is legal and pay any import duties that might be necessary. I imagine moving companies have experience with this kind of international move and also raise absolutely no suspicion about random electronics that are part of a permanent move to a new location.

Ironically something like 2TB iPad or iPhone would be least sus and likely most secure

Bro is time travelling with these questions tho

My advice would be to assume that you are already compromised or that nobody cares about the terabytes you have or that a well motivated adversary will be sufficiently resourced to circumvent whatever you do.

But the caveat I have no knowledge whether your concerns are practical or theoretical. No knowledge of what is actually at stake. Is it state secrets, a few billion BTC, or cat photos.

Regardless of what equipment you do or don't travel with, I would recommend backing up up anything important to storage that won't be carried on your person. Even if flying goes smoothly, equipment could still be lost / stolen / damaged at other stages of the trip.
Depends on what country you're moving to. But in my experience, moving from Canada to Europe and back, it's not seen as "weird" travelling with computer stuff. My suitcase even had a PC monitor and motherboard tucked in with my shirts and slacks.

For simplicity, it's probably cheaper and easier to send some peripherals to the Sally Ann or Goodwill and replace it in the new locale.

As for the data, 2 TB isn't that much these days. It's just a small portable drive and no one will bat an eye. Photos from my DSLR alone take up more space than that!

Backblaze B2 is $5/TB-month. It only takes me about a month to upload 2TB at crappy ~20mbps cable upstream.

Movers moved the physical servers and hard disks about 9 years ago when I moved; they all spun up just fine at the other end.

It sounds more convenient to insure(!) and ship most of the hardware once the data on them is backed up.

You're likely not going to be able to take multiple laptops with LiIon batteries on a plane, baggage or carry-on. EDIT: I have flown with two laptops in the same carry-on without problems, so it probably depends on exactly how many you need to bring.

I’ve flown with 4 laptops in a carry on. No one really cares.
(comment deleted)
I understand that your data is irreplaceable, but in terms of size, 2 TB isn't all that much these days. I would recommend you upload it all to www.backblaze.com just to have a cloud backup anyway. Even if you weren't moving, if your house got destroyed (fire/earthquake/whatever), I'd hate for your data to get lost.
For the data: you can back everything up on an encrypted SSD and mail it to your destination.
This is highly dependent on the two countries in question, your passport(s) / visas, and your day job.
> almost two terabytes

Stick it on a little encrypted USB drive and put it in your pocket? Maybe with a couple of spare drives in your checked luggage, and post one as well. Nobody will care. Wipe the devices if you really want. Not the huge problem you think it is.

Do you have any family in your current country? I would backup everything to external hard drives, and leave multiple copies back at home with trusted family members. You can encrypt the drives if you don't entirely trust these people.

If your travel goes smoothly, no problem, if not, someone can ship you one of the drives, or perhaps hook it up to their own computer or NAS and set up a downlink, or send to Backblaze, etc.

I have travelled with 4 laptops and 2 tablets before, so no issues there.
Sometimes they care and sometimes they don't... do you want to have to cancel your trip because on that day they decide to ask for your laptops to be able to get in the plane?
Your question leads with infosec concerns, but you may also want to think about customs or import regulations at your destination. You seem to already think it appears excessive as a typical "personal use" travel package. Would a customs official think the same thing...?

So, you might find better suggestions by looking to immigrant/expat community resources for the destination country. You might learn of particular paperwork or least-friction options to ship the majority of it and avoid surprise seizure or customs duties, etc.

Also, some combination of encryption and online backups does sound like a good idea to me, unless of course the countries involved have nasty restrictions on encryption tools. Leaving a copy with a trusted friend or relative in your origin country can also give you a recovery plan. If all else fails, you can work with them to arrange an online transfer in the future, or just wait and get another copy the next time you visit your original country.

You also might want to remove personal data from devices before shipping them, and plan a factory-reset/wipe procedure when you receive them on the other end if it gives you peace of mind.

Encrypting all the drives will not work because the authorities in the new country more than likely have the leeway to "kindly request" that you unencrypt the data for them. I don't need to know the country to know there is a high likelihood that this is true.

Your best bet is to back up all the data from all of them onto one large hard drive, encrypt that, wipe everything and travel with everything but the hard drive. Then let them poke around whatever they want. Maybe keep some stuff like family photos and whatever just so that it doesnt look like you wiped everything before leaving.

If you travel with that many drives you're likely to gather some suspicion, so they're likely to want to poke around.

As far as getting the data to you, you could have a friend or family member mail the drive to you, or have it hooked up to an internet connected FTP server, or even an open VPN or wireguard tunnel to the network it's on with local only access.

Encryption with veracrypt gives you a second hidden volume accessible over an alternate password, and plausible deniability as to whether it exists.
Yeah I'm aware, but I think sensitive data is best transferred over a less tangible channel. Moving the hardware with the data on it through a channel that necessarily gives custody of it to authorities for any duration is a risky proposition even with tools like veracrypt. All someone has to do is notice a discrepancy between the size on the label and the size showing on disk. The last thing you want to do is give authorities an excuse to hook the proverbial car battery up to your proverbial balls.
Having moved cross-country recently, this proved to be a fool's errand. If it doesn't fit in your carry-on, leave it behind.

I paid a lot of money to have a bunch of junk shipped, and all I received was a pile of twisted metal-- it was all destroyed in transit. Trying to salvage the data from the hard drives cost me hundreds of hours, was only partially successful, and the only aspects of the mess you get reimbursed for are shipping cost and retail value of old computers (do you have all of the receipts/invoices for them?). You don't get paid for your time or grief.

The only country I've ever seen that takes issue with travelers carrying too many <item_type> is Japan, but the more of anything you have, the more opportunity for any single piece to get lost along the way. Transfer important data to two encrypted xTB-sized personal drives and toss those in your carry-on. You are your own courier.

Make peace with the fact that all of your gear is disposable when you get on that plane.

If you insist on shipping...

* Bring copies of your original purchase receipts/invoices for items shipped with you on the plane. You will not be able to substantiate any loss/damage claim if the documents you need to prove losses were themselves lost or destroyed.

* You can increase handling diligence by adding a gun to the parcel and following legal firearms-shipping procedures. Carriers attract a lot of heat when they lose guns. This may or may not be an option for you, and will limit your carrier options to FedEx (and maybe DHL?).

* Remove all hard drives from their chassis. (This one, I overlooked, and being the only part I actually cared about it cost me dearly.)

* Have your stuff packaged by a UPS/eq. Store. DO NOT do it yourself, even though you would do a better job of it-- when you need to make a damage claim against the carrier, your claim will ALWAYS be denied on account of improper packaging if you're the one who packed it.

* Some insurance riders will require signature confirmation at delivery. When you sign for it, write "DAMAGED" above your signature-- whether or not there's anything apparently wrong with the package. Not all damage is immediately obvious, the terms for reporting concealed damage are easily faulted, and signing that pad with only your name affirms you received the package intact-- and guarantees any subsequent damage claim will be denied.

(comment deleted)
When crossing borders, I store all my data encrypted in the cloud and wipe the device. Many countries can request full access to your devices, and non-compliance can result in denied entry or possibly even arrest. Your devices may get confiscated.

In Australia for example: https://www.theguardian.com/australia-news/2022/jul/20/exper...

From memory if they gain access to the data they retain it for something ridiculous like 15 years, and are exempt from all data protection/privacy laws.

Even though the risk is small, having all my data leaked like this is unacceptable.

Another rule is that if my devices are taken out of my sight, I won’t use them any more; I’ll sell them and buy new devices. You don’t know what exploits are out there and again it just isn’t worth the risk.

I’d ask if you really need multiple laptops? You’re obviously concerned about this, so minimising your attack surface seems like something worth investigating.

I travel around with two MacBook Pros, two smartphones, and a PS4. All of this fits in my backpack, and it’s a mild pain to go through airport security, but it’s not too bad.

What I’d do is ask yourself which of these things you REALLY need and take those in a carry on. Putting laptops in checked luggage may be difficult, as they don’t like lithium ion batteries because of the risk of fire in the luggage compartment. Shipping used electronics is risky, probably expensive, and perhaps impossible.

It all depends on how customs works. For example, shipping a laptop to Mexico with an import partner is quite difficult, and Indonesia may not allow it at all. Shipping to a Western European country may require paying a lot in import duties.

What I’d do if I were you I’d this. Put everything you can carry into one backpack. Put the stuff you could afford to lose in a carry on suitcase, which they could potentially make you check if overhead luggage is full (pack with some padding, like put things between your clothes or whatever). Try carrying it through and see what happens. They may not stop you, and if they do, just be prepared to pay a fee or abandon your equipment.

Another option could be just making two trips, or paying someone to fly with you.

You can encrypt drives if you want, but that could be a pain if they ask you to turn in the equipment. That happens. Maybe just backup the stuff you need and wipe the drives if you’re really concerned about security.

Good luck!

My standard travel carryon when I'm with my wife has a laptop, an iPad, two Kindles, a big bag of chargers (helpful at security - you can pull it out and let them re-run the main bag, and they only have to physically inspect the chargers, which will turn out to be a boring pile of wires), two good-capacity batteries, two spare cell phones (neither of us can afford to have cell phone outages lasting more than a few hours), noise-cancelling headphones, and a digital camera or two. She carries her own laptop, headphones, and iPad because otherwise my shoulder will fall off.

In Germany, a security officer once pulled me aside and said "so... many... electronics..." and I politely pulled them all out and showed them. Once they realized that I just travel heavy, it was nothing.

It's not what I would take to China on business (that would be a cheap Android phone with a prepaid SIM that would be discarded entirely on return), but I've taken it to Kenya and Tanzania, the Caribbean, Western and Central Europe, Canada, and Mexico. If none of them batted an eye at that for a trip of two weeks or less, I don't imagine they will care much if you're actually moving.

Planning this myself.

I use a Pelican 1495 briefcase and I carry it with me at all times. It's waterproof and padded and terribly strong. It locks (non TSA approved, so carryon only!) with a passcode. I carry a small laptop and a desktop replacement in this case, along with some paper, a mouse, a bluetooth keyboard, two chargers, a bag of adapters, and a partridge in a pear tree.

2TB is an NVMe. You can even put it in your wallet, or better in your backpack. A copy also to an online back up service. Leave a third copy behind, to be destroyed once confirmed on the other side. If you have someone in destination, you can send the data a priori.

There are rugged SSDs, but they are expensive and may not survive luggage handling.

On airport, there is a chance that you are asked about the encryption password, especially in US.

I’ve lived abroad a few years and had to move all my devices quite a few times.

* invest in actual end to end encrypted cloud storage like tresorit. Keep copies of everything important there. Log out when traveling. Encrypted drives could compel password sharing if they have a problem with you.

* delete all work projects from all devices. Log out of work emails. Travel mode on 1Password etc.

* don’t actually delete everything off of every device, that’d be a flag

* delete all the sensitive photos off your phone. Photos of anything financial, passport/visa scans. Personal photos etc.

* raspberry pi can go in checked luggage. Try to attach some product packaging, don’t pack a ton of those little connector wires as that invites an inspection

* if you want to ship, UPS is pretty decent and fully owns their international ops better than other couriers. FedEx contracts out too much. I’d trust UPS to go through my boxes, but not FedEx. And local mail companies use gvmt customs clearances and just ship on passenger planes. More likely to open and inspect.

> something being implanted on any one of the devices or drives

This really depends on your threat model. If you're of interest, they don't need to do this at the airport, when a real person of interest is likely most alert to tampering.

If you're not of interest, they're not going to bug every random traveler with a hard drive using state-level technology and risk giving the game away by being found out by a perspicacious security researcher one day.

> If you're of interest, they don't need to do this at the airport, when a real person of interest is likely most alert to tampering.

After the stress of travel and clearing customs, the usual next steps are abandoning all luggage in your hotel room and going out for food.

There's a reason some countries insist on knowing your full itinerary and/or all of the hotels you intend to stay at...

I had to do something similar and shipped everything with a slow method that took about 7 days. I knew the address where I would be staying and shipped with registration and insurance. I also shipped a lot of books and comics and physical media.

Then I just carried a single laptop and a small drive that wasn’t found by airport inspectors with about 10gb of important data.

This was before cheap cloud storage was available and if it was, I’d put a copy there as well.