Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] best practices - roundup

Steve Weis steveweis at
Tue Oct 9 12:04:24 PDT 2012

Here are a few more suggestions, with the caveat that they presume some
technical know-how:
- When connectivity permits, run everything remotely in a safe location,
and use your laptop as a remote desktop client over a VPN. You could even
remove the hard drive from the laptop and boot from read-only media.
- If running remotely is not feasible, I'd probably have a minimal
installation on the host laptop and run my day-to-day apps in encrypted
virtual machines. This makes it easier to secure the host, isolate
applications, and migrate to new hardware.
- Always use full disk encryption.
- Set a BIOS password.
- If you intend to boot from a hard drive, disable booting from PXE, USB,
or CD from within the BIOS.
- Firewire, Thunderbolt, and PCMCIA slots present a risk of DMA attacks.
Either use a laptop without them, or find out how to address the risk.

Despite these precautions, someone with physical access to your machine for
even a few minutes can generally compromise it. That risk can be mitigated,
but it's beyond the scope of this use case.

On Tue, Oct 9, 2012 at 9:23 AM, Katy P <katycarvt at> wrote:

> Best practices for traveling to an internet-hostile regime.
> There is a lot of variance - obviously the regime's capabilities as well
> as one's own visibility come into play.
> And, if it isn't obvious, I'm not a security expert. This is not official,
> legal advice. Everyone needs to research this on their own and make good
> decisions for themselves.
> If you're really not tech-savvy, it might be worthwhile to hook up with a
> tech-savvy friend (or IT professional) to do some of these steps.
> Regardless, here are some hints from the community:
> - your laptop and mobile device should be ones that are fresh - factory
> reset to the original operating system and best case would be "burners" --
> devices that you can factory reset upon return home (some suggested also
> using a bootable Linux install)
> - do not link your Dropbox, GDrive, or other file service at any time
> - do not be logged into GMail, social media sites, etc.
> - be careful with what photos you have on your phone (before leaving the
> country especially)
> - have a virus scanner installed
> - make sure that all software is up-to-date (Windows Updates, virus
> scanner)
> - any sensitive data/documents should be on a USB drive, not kept in an
> obvious place (like throw it in with your toiletries or something) with an
> encrypted volume
> - change all of your passwords to something very secure before your trip
> - install TOR
> - consider a mobile security app (Here's a review of some Android ones:
> - encryption may be illegal and may cause more concern
> - don't be logged into anything
> - be polite
> - don't be nervous
> - when on WiFi, DNSCrypt
> - set up a VPN connection
> - never leave your devices anywhere (even hotel safe)
> - assume phone conversations are monitored
> - turn off GPS
> - turn on encryption for your social media sites (Facebook encryption
> Twitter
> - some suggest having a different "burner" social media account
> - be careful posting pictures and updates during trip
> - if possible, it might be a good idea to do a factory reset on devices
> before going to the airport (??)
> - upon return, do factory resets of all devices
> - change passwords upon return
> Thanks to everyone that made suggestions.
> --
> Unsubscribe, change to digest, or change password at:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list