In most countries, a hotel is simply a convenient place for you to stay and recharge. Without naming any specific countries, local intelligence agencies in some of them are known to use hotels as an information collection tool on guests.
In these countries, you should assume that everything you do is monitored including
- telephone conversations via the telephone
- assume the hotel's internet service is monitored
- assume the room is bugged for audio monitoring and sometimes even video
This being said, it is important to never leave your laptop, PDA or confidential/important documents in the room. Understand that intelligence agencies are not thieves and will not steal your items but are more likely to copy or clone them so as not to arouse suspicion.
Some tips and tricks related to laptop safety
- Travel with the minimum. When travelling overseas where there is the potential of device confiscation or espionage, ensure that you travel with the minimum information you need. Some people mistakenly assume that strong encryption (like Truecrypt is enough). Understand that any customs agent can ask you to unlock your encrypted drive or partition. If you want to go this route, use hidden volume within an encrypted drive to ensure you have plausible deniability. Move everything you don’t need onto an external drive (kept at home) and then use a tool to wipe the empty space on your disk with at least 7 over-writes.
- Update your PC. Before travelling, ensure your software and operating system are updated. Keeping them updated minimizes the risk of having gaping exploitable vulnerabilities. For software checks, I recommend you install and use the Secunia Personal Sofware Inspector (http://secunia.com/vulnerability_scanning/personal/)
- Secure your PC with software. Ensure you are running a good PC firewall (not the one built into Windows) and a good Antivirus. And of course… keep them updated.
- When possible, use https to secure your internet communications. If you are using Firefox then I strongly recommend you install a free plugin called HTTPS Everywhere produced by the Electronic Frontier Foundation - https://www.eff.org/https-everywhere The EFF describes it as “It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.”
- VPN it. When travelling, nothing beats a reliable VPN connection back to your home country. There are lots of services and you should choose one you feel comfortable with. With a VPN connection, all traffic from your PC to the internet is encrypted and routed through your VPN service provider. Which means a man-in-the-middle wouldn’t be able to intercept your traffic. Make sure you choose a reliable company since the VPN provider sees the tail end of your traffic in unencrypted format (unless you use https over the VPN).
… to be continued