Before you travel:

Device inspection (and possible seizure) can be a significant risk, passing through international borders, at check points and while attending actions. It is worthwhile to take the following precautions in preparation for travelling to an event.

• Ensure two-factor authentication is enabled on your accounts. This should be set up to generate a one-time passcode in an app (e.g. 2FAS or Google Authenticator), rather than receiving a code by SMS (which is significantly less secure).

• Do not bring more devices than necessary. Consider travelling with a wiped or ‘burner’ device rather than your personal phone or laptop. You can create a burner from an old unused or second-hand device by completing a factory reset and copying over only the basic data you need while travelling / attending the event. Don’t try to make this burner device TOO clean. Having some photos, messages, browser history, etc., will help reduce suspicion if your device is searched.

• Delete old text-message threads, WhatsApp conversations, Signal chats, or other communications with sensitive contacts (or alternatively uninstalling certain chat apps completely before crossing the border and reinstalling when you arrive). Avoid relying on chat histories to save sensitive or important information.

• Delete photos or old social media posts that might bring unwanted attention to you or others.

• Back up information discretely to a secure and secret location (like a cloud service you can log out of, an encrypted VeraCrypt container, or even an obscurely named document) and delete from your main device.

• Install a VPN to enable you to access websites or apps which might be blocked. Search online for VPN providers currently recommended for use in the country you will be visiting.

• Log out of all social media accounts, email, and other online services that might hold sensitive information on all of your devices.

• Turn off biometric authentication (facial or fingerprint passwords), use a number/letter-based password, and lock or turn off your devices when travelling through checkpoints.

Communicating with others:

• Don’t use SMS or regular phone calls. Always use an end-to-end encrypted messaging platform. Signal is the most secure, followed by WhatsApp and Telegram (with secret messages turned on). Download and set-up Signal ahead of your travel, and make a plan with your buddy and others in your delegation about communication protocols.

• Remember that Signal is only secure when using it to communicate with other Signal users. On IOS and desktop it is only possible to send messages to other Signal users, so these messages are always secure. However, on Android it is possible to configure Signal to send SMS messages to your contacts who are not using Signal. Messages sent as SMS are unsecure. If you have this set up, check here to understand which of your messages are secure. You can increase your security when communicating on Signal by verifying your contacts' safety number. This protects you against someone impersonating your contact.

• Configure disappearing messages in Signal and WhatsApp. Remember that changes to the disappearing messages setting only impacts new messages sent to that group. Delete the entire chat to clear messages sent before you turned on disappearing messages.

• Google and other cloud vendors track who accesses and edits documents, so your username and IP address may be logged. This has been used by some governments to prosecute people who have participated in anti-government direct actions. At a minimum, use private browsing and don’t use your real name or accounts when accessing public files.

• Authorities have been known to pose as members of the activist community in order to gain access to social media or chat groups. Never post or chat on sensitive topics unless you know everyone who is in your group. Consider setting up several layers of communication, keeping sensitive details within a small group of trusted individuals.

Digital Security Recommendations for Attending Direct Actions & Events:

• Be aware that coordinating with other activist groups might put you at greater risk - some groups may be targeted for police action. Do not make your connection to high-risk groups visible (including keeping communications on your device) unless you are prepared for police attention.

• If you do not want authorities to know the location of your phone, turning off GPS or location services is not sufficient protection. To make it harder to find your location, turn off your phone entirely, or switch on airplane mode.

• Authorities regularly review social media to find evidence to support charges like property destruction or assault. Discuss with organisers before uploading photos and videos of direct actions that show people’s faces. Consider how your social media posts not only put you at risk, but also others who you are participating in direct actions or events with.

Encrypting or Hiding Data:

Not having data on your devices is the safest approach to data security. However, there are sometimes situations where you might need to travel with sensitive information. There are steps you can take to make this information less likely to be found during a device search. None of these techniques are perfect, and all require some level of technical knowledge. If you believe it is essential for you to travel with such sensitive information, please reach out for support.

• Use VeraCrypt to create an encrypted container hidden somewhere on your computer. You can even create a “hidden” container with two passwords – a fake one that unlocks fake data and a real one that unlocks your truly sensitive information.

• Carry two phones and/or laptops so you can hand one over while keeping the other in a secret location. Be aware that multiple devices will be visible when your luggage goes through airport scanners.

• Take photos from within the Signal app and send them to yourself or a friend – this prevents the photos from showing up in your Photos app. (Search ‘Note to Self’ in your Signal contacts list to send messages to yourself.)

• Use a Virtual Machine (e.g. with Virtual Box) on your laptop for all sensitive browser and organising activities.