Insights For Success

Strategy, Innovation, Leadership and Security

Operational security tips to safeguard your privacy when crossing a border

GeneralEdward Kiledjian

Every week I read about another traveller that is hassled at the border to turn over his laptop, tablet or smartphone and their associated passwords. Knowing that a stranger has gone through your personal “stuff” feels dirty (similar to being robbed).

A question I get asked often by readers, friends and colleagues is “How do I travel through international borders without worrying that my life will be put on show for some stranger with a badge?”. You don’t believe that this can happen; here are some interesting articles:

Operational Security 101

The work of physical security and digital (cyber) security are merging fast and you cannot have one without the other. So what is a traveler to do?

  1. Identify your sensitive data. Before travelling, conduct an extensive analysis of the data you will be crossing the border with. This doesn’t just include intellectual property or employee information but remember that once authorities have access to your email, without you present, they can figure out what social media accounts you have, they can reset your password for any site, they can build a social graph of all your contacts (using your email, instant messages and contacts), etc.

  2. Prepare a lists of vulnerabilities you are subject to? You should consider everything from device theft to authorities riffling through your personal data with no regard for privacy.

  3. Determine your risk level for each vulnerability. As long as you back up your data and your device is encrypted, then your risk after a theft is limited to the cost of replacing your device or scrambling to buy a new one while in transit. You will realize your risk level quickly rises when you consider the exponentially increasing risk of having your device analyzed at the border.

  4. Design your countermeasure plan. For each vulnerability, design a mitigation or risk minimization plan. This is what the rest of the article will talk about.

Countermeasures

Like a broken record, I will now extol the virtues of the Chromebooks and why many security professionals rely solely on these devices when security is essential. I know many of you will email me to explain why Google is evil and shouldn’t be trusted. I respect everyone’s opinion, and if you believe using Google products and services doesn’t meet your security requirements, then, by all means, choose something else.

A Chromebook is designed to be reinitialized anytime and to restore its state very quickly. Log into a device connected to a respectable network, and within minutes, you are back up and running with your apps, extensions, bookmarks and settings. Your data is stored in the cloud, and local device storage is encrypted.

Theft

If some numskull steals your device, you will have to buy a new one but at least your data is safely stored in the cloud, and there is no unencrypted data locally to expose you. I have had my device stolen on a train in Europe (on my way to speak at a conference). At my destination, I bought a Chromebook, used the store's WIFI to restore my device, and I was up and running within 30 minutes.

Border inspection

Border inspection is a different beast because they have the authority to force you to turn over your passwords. In this case, the only protection strategy is trickery.

For people crossing the border with sensitive information, I recommend that you use a Chromebook and sync everything to the cloud. Before travelling, you Powerwash the Chromebook (aka set it back to factory default) and then log into it with a dummy Google account.

This Google account should have some emails, contacts, favourites, files stored on your Google drive, etc. It should look like it is an authentic and genuine account. When your device is inspected, it will have nothing of interest, and you will not endanger your “real” data.

Once you cross the border, find a WIFI network, Powerwash your device and log in with your “real” account.

What about your smartphone

I trust the Chromebook Powerwash process enough to reuse a Chromebook that was inspected by border security but not a smartphone. Smartphones (iPhone or Android) do not have the excellent backup and recovery properties of the Chromebook. In most cases, I travel with a real fully loaded smartphone and will destroy it if it is ever taken from me. I will immediately change all my passwords and implement honeypot style detection tools to see if they attempt to exploit me.

What are these detection techniques I am talking about? Well one example is to use the Free Canary Tokens to generate different honeypots in your work environment.

As an example, you create an easy to find (weaponized) Word or PDF file (stored in your Google drive) and phone that sends out a beacon when it is opened. Think of these tools as motion sensors warning you that your digital being is at risk and that you need to take extraordinary measures to protect yourself.

Conclusion

An article about traveller airport border crossing security (OPSEC) can be very long, but I wanted to give you a gentle introduction. If you are a journalist, politician or senior executive at risk, hire a good security consultant to guide you. The most expensive advice is free advice.

If you are a journalist with a reputable organization working on high-risk reporting and need security advice, I am always available to provide free guidance. I believe free and open journalism is a pillar of our modern democracy.


Review of the Asus C434 Chrombook

GeneralEdward Kiledjian

I am lucky enough to have the chance to test a tone of devices every year. Chromebook testing is an interesting endeavour because the higher end units usually are fantastic to use, while the cheaper products are slow and clunky. Chromebooks that live in the middle ($500-600) typically inherit the bad characteristics from both categories.

The mid-priced ($600) Asus C434 doesn't fall into this typical model.

Build quality

Most (non-premium) Chromebooks feel cheap and flimsy. They creek and crack when you grab them from an edge.

The Asus C434 is an all-aluminum design that looks and feel premium. The design includes chamfered edges that give it a more premium feel. Even the hinges are chrome covered, which adds to the premium look and feel.

When used in laptop mode, the hinges slightly raise the screen end of the keyboard which makes typing slightly more pleasurable.

It feels like Asus has crammed a 14-inch device in the body of a 13-inch device without sacrificing usability.

If you haven’t figured it out yet, the design of the Asus C434 is wonderfully tough-out and makes using the device a joy.

The screen

My everyday personal use device is a Pixelbook. I love my Pixelbook, but it's enormous bezels make it feel dated. Although the Asus C434 isn't breaking any new bezel records, its design is noticeably modern (87% screen to body ratio). It has a very good 14-inch Full-HD screen (1920x1080) IPS panel that has good viewing angles, good colour reproduction and respectable (300 nits) brightness.

The Asus C434 screen isn't class leading like the Pixelbook or Samsung Pro but isn't a slouch either. Most users will find the screen amazing and a pleasure to use.

The keyboard

Keyboards can make or break a device. Look at the thousands of vocal Macbook fans on Reddit that have jumped ship to Windows because they can no longer deal with the horrible butterfly keyboards included in most new MacBooks.

So a lousy keyboard can kill even the best most thoughtfully designed laptop. Luckily the Asus C434 does reasonably well in the keyboard category. For users coming from an HP x360 or a Pixelbook, the keyboard doesn't feel as good, but for most users, this thing will be a joy.

Asus chose a non-glass trackpad which makes using it a bit more of a chore. The included trackpad is acceptable, but the device does suffer a bit from a less usable trackpad. Remember that I am comparing the Asus to the premium end of the market. If you compare this to a $500 windows laptop or other similarly priced Chromebooks, you will not be disappointed by the trackpad’s performance.

The ports

I regularly curse at my Pixelbook for not including at least one USBA port. Sure I love all things USBC, but I still have a tone of useful accessories that are USBA, and I seem to forget my dongles when I need them most.

This is where the Asus C434 beats my Pixelbook; it has a tone of ports. The Asus C434 has USBC ports on either side but also a USBA port, a headphone/microphone port and a microSD card slot.

The Asus C434 has the ports you need to get your job done without worrying about dongles or adapters.

The Internals

Most reviewers based their tests on the Core m3 (m3-8100Y) device with 4GB of RAM. While 4GB is good enough for the casual web user, it isn't enough to load a tone of Android apps and to comfortably run Linux apps.

The Asus C434 comes in the m3, i5 and i7 varieties and power users will probably opt for the mid-tier i5 processor with 8GB of RAM and 128GB of internal storage.

As I write this review, most sites still don't offer the 8GB/128GB version of the unit (Amazon, B&H, etc.) but it is coming. Unless you need a device right away (then get the 4GB/64GB), I would wait a couple of weeks to pick up the more powerful model.

VPN Support coming to Linux apps on Chromebooks

GeneralEdward Kiledjian

It seems everyone has jumped on the VPN bandwagon these days. On Chromebooks, we can use VPN extensions, but these don't protect Android apps. We can use Android VPN apps, which protect the entire ChromeOS (including Android apps but not Linux apps).

So what happens today? Even if you have an Android VPN running, the Linux apps go our via your origin IP bypassing the VPN network adapter. If you need to use a VPN with the Linux container today on ChromeOS, you have to install a Linux VPN client in the container itself.

In Chrome 76, Google will finally fix this issue and app Linux traffic will also flow through the VPN (extension of Android app). You can test this today if you have the developer or Canary versions of ChromeOS installed on your Chromebook.

We expect ChromeOS 76 to be released to the Beta channel June 13-20 and to the stable channel around July 30.

Other cool features coming with the ChromeOS 76 release will be

  • "Picture In Picture" support for most video platforms

  • "Web Share Target Level 2" which will allow any installed application to receive a file share (using a manifest)

Comparing NordVPN and ExpressVPN

GeneralEdward Kiledjian

This is not a sponsored post, and none of the links are affiliate links?

Readers regularly ask me to compare NordVPN to ExpressVPN

  • "Can you compare NordVPN to ExpressVPN?"

  • "Is NordVPN better than ExpressVPN?"

  • "Is ExpressVPN faster than NordVPN?"

Both NordVPN and ExpressVPN are considered to be top of the line premium VPN services. Both offer similar premium services and functionality such as:

  • reliable connectivity

  • fast connection speed

  • well designed strong encryption

  • 30-day money back guarantee

  • 24/7 technical support

  • No log policy

  • Kill switch to prevent leaking of your true identity or location

If you want a VPN to watch geographically locked streaming services such as Hulu, Netflix, BBC then ExpressVPN is probably your preferred choice. ExpressVPN seems to be one of the only services that has not been blocked by the Netflix proxy filter. In addition to successfully working around the Netflix proxy filters, ExpressVPN offers the fastest performance; therefore you are less likely to get buffering or lag.

Although NordVPN has had some issues with various streaming services blocking them, the support team works quickly to work around these issues so you should have access to most of your shows most of the time. NordVPN isn't as fast as ExpressVPN but is close enough for most users. NordVPN now has more than 5,092 servers which is an amazing amount (more than ExpressVPN).

NordVPN also offers a feature called DoubleVPN. DoubleVPN is a technique called VPN chaining (called on ProtonVPN). The concept is that they encrypt all the traffic once (standard VPN functionality) and then pass it through a second VPN server (encrypting again) before finally exiting to the internet. SoubleVPN will improve your security posture but will reduce your connection speed.

Conclusion

In summary, ExpressVPN offers better and more reliable access to streaming services and faster VPN speeds. NordVPN is good but not as good as ExpressVPN. NordVPN's claim to fame is the price.

NordVPN offers one of the best VPN services available today at a price that is significantly cheaper than ExpressVPN (especially with a multi-year subscription).

With a 15 month ExpressVPN plan, the service costs $6.67 a month. On a 3-year plan with NordVPN, the monthly price is $2.99 (less than half).

Regardless of what service you choose, make sure you check for deals (which can discount as much as 50% sometimes).

Send large file via the internet securely and for free

Edward Kiledjian

I wrote about the original test version of the free Mozilla Firefox Send service in July 2018.

Mozilla Firefox Send is a free service open to any user, accessible with any browser, that allows you to securely send a large (up to 2.5GB) file to another internet user. The process is very simple, you upload a file, they provide a unique link that you share with the intended recipient.

The file can be expired after one to one hundred downloads or 1 to 7 days.

You can also protect the file with a download password

There are other services but most charge for add on features like download password protection or expiry configuration. Firefox Send is completely free and comes from the fine folks over at Mozilla that we trust.