Insights For Success

Strategy, Innovation, Leadership and Security

travel

Operational security tips to safeguard your privacy when crossing a border

GeneralEdward Kiledjian1 Comment
barbed-wire-1899854.jpg

Every week I read about another traveller that is hassled at the border to turn over his laptop, tablet or smartphone and their associated passwords. Knowing that a stranger has gone through your personal “stuff” feels dirty (similar to being robbed).

A question I get asked often by readers, friends and colleagues is “How do I travel through international borders without worrying that my life will be put on show for some stranger with a badge?”. You don’t believe that this can happen; here are some interesting articles:

Operational Security 101

The work of physical security and digital (cyber) security are merging fast and you cannot have one without the other. So what is a traveler to do?

  1. Identify your sensitive data. Before travelling, conduct an extensive analysis of the data you will be crossing the border with. This doesn’t just include intellectual property or employee information but remember that once authorities have access to your email, without you present, they can figure out what social media accounts you have, they can reset your password for any site, they can build a social graph of all your contacts (using your email, instant messages and contacts), etc.

  2. Prepare a lists of vulnerabilities you are subject to? You should consider everything from device theft to authorities riffling through your personal data with no regard for privacy.

  3. Determine your risk level for each vulnerability. As long as you back up your data and your device is encrypted, then your risk after a theft is limited to the cost of replacing your device or scrambling to buy a new one while in transit. You will realize your risk level quickly rises when you consider the exponentially increasing risk of having your device analyzed at the border.

  4. Design your countermeasure plan. For each vulnerability, design a mitigation or risk minimization plan. This is what the rest of the article will talk about.

Countermeasures

Like a broken record, I will now extol the virtues of the Chromebooks and why many security professionals rely solely on these devices when security is essential. I know many of you will email me to explain why Google is evil and shouldn’t be trusted. I respect everyone’s opinion, and if you believe using Google products and services doesn’t meet your security requirements, then, by all means, choose something else.

A Chromebook is designed to be reinitialized anytime and to restore its state very quickly. Log into a device connected to a respectable network, and within minutes, you are back up and running with your apps, extensions, bookmarks and settings. Your data is stored in the cloud, and local device storage is encrypted.

Theft

If some numskull steals your device, you will have to buy a new one but at least your data is safely stored in the cloud, and there is no unencrypted data locally to expose you. I have had my device stolen on a train in Europe (on my way to speak at a conference). At my destination, I bought a Chromebook, used the store's WIFI to restore my device, and I was up and running within 30 minutes.

Border inspection

Border inspection is a different beast because they have the authority to force you to turn over your passwords. In this case, the only protection strategy is trickery.

For people crossing the border with sensitive information, I recommend that you use a Chromebook and sync everything to the cloud. Before travelling, you Powerwash the Chromebook (aka set it back to factory default) and then log into it with a dummy Google account.

This Google account should have some emails, contacts, favourites, files stored on your Google drive, etc. It should look like it is an authentic and genuine account. When your device is inspected, it will have nothing of interest, and you will not endanger your “real” data.

Once you cross the border, find a WIFI network, Powerwash your device and log in with your “real” account.

What about your smartphone

I trust the Chromebook Powerwash process enough to reuse a Chromebook that was inspected by border security but not a smartphone. Smartphones (iPhone or Android) do not have the excellent backup and recovery properties of the Chromebook. In most cases, I travel with a real fully loaded smartphone and will destroy it if it is ever taken from me. I will immediately change all my passwords and implement honeypot style detection tools to see if they attempt to exploit me.

What are these detection techniques I am talking about? Well one example is to use the Free Canary Tokens to generate different honeypots in your work environment.

Screenshot 2019-05-25 at 9.32.34 PM.png

As an example, you create an easy to find (weaponized) Word or PDF file (stored in your Google drive) and phone that sends out a beacon when it is opened. Think of these tools as motion sensors warning you that your digital being is at risk and that you need to take extraordinary measures to protect yourself.

Conclusion

An article about traveller airport border crossing security (OPSEC) can be very long, but I wanted to give you a gentle introduction. If you are a journalist, politician or senior executive at risk, hire a good security consultant to guide you. The most expensive advice is free advice.

If you are a journalist with a reputable organization working on high-risk reporting and need security advice, I am always available to provide free guidance. I believe free and open journalism is a pillar of our modern democracy.


Review of Quip's toothbrush as a service

GeneralEdward KiledjianComment
quip.png

This blog article is not advertising and is not a sponsored post.

Quip is a new entrant in the competitive and packed electric toothbrush space. Unlike many of the larger bulkier electric toothbrushes, Quip is a sleek, shiny and well designed modern looking toothbrush.

Like all modern electronic works of art, it comes in different colours, finishes and materials.

It also has the seal of approval from the American Dental Association Seal of Acceptance. The ADA website explains it as "To this day, dentists and consumers recognize it as the gold standard for evaluating safety and efficacy of dental products."

So what how is the Quip compare? Quip is a simpler toothbrush that delivers the basics: it has a vibrating alert timer (to measure brushing each quadrant) and has gently cleaning vibrations that won't harm your gums.

What does it come with? The basic kit comes with a pre-installed battery, brush head and a slim toothbrush holder (attaches to your mirror with micro suction cups but also doubles as a travel cover). I have had it attached to my bathroom mirror for 30 days, and it hasn't fallen off once. I have traveled with it once, rinsed it with warm water when I got back, and it stuck right back on the mirror.

How do you charge the battery? I have used OralB and Philips electric toothbrushes, and they each come with their charging bases (which are usually bulky and consume valuable counter space). The Quip uses a single AAA battery that can be changed within seconds. Since Quip is a Toothbrush As A Service, when you subscribe to their toothbrush head replacement plan, they also send you a replacement battery every three months. If you travel and run out of power, replace it with a cheap AAA, you can buy anywhere, and you don't have to carry a bulky charger.

How does it compare to a "normal" (non-powered) toothbrush? The Quip is definitely better than a normal plastic toothbrush because it offers gentle vibrations and helps with timing. Additionally, they send replacement heads automatically which means you never have to worry about timing replacements.

How does the Quip compare to other electric toothbrushes? It depends. The truth is that the newer electric toothbrushes that vibrate and rotate seem to deliver an easier and better clean. However, the Quip is less than half the cost, easier to travel with and effective when used as directed (in conjunction with flossing and regular dentist visits).

General recommendations included with the introductory guide are:

  • Use a pea-sized amount of toothpaste

  • Brush gently (don’t push too hard or you will injure your gums)

  • Make sure you brush every tooth from all directions

  • Brush for two minutes (30 seconds per quadrant)

  • Brush your tongue (the back of the brush head has a scraper)

  • Don’t rinse your mouth right after brushing

What are the cons?

  • The Quip is better than a plain non-powered toothbrush, but its performance is significantly worse than the modern sonic toothbrushes.

  • The Quip's bristles are better than a non-powered toothbrush, but they aren't as good as the ones on powered brushes that seem to have better reach into hard to reach crevices.

Conclusion: I like the Quip, but it isn't the most effective electric toothbrush. Not a bad offering but you need to determine what your actual needs are. I hope Quip releases another generation of their product with rotating bristles that uses real sonic pulses.

How to make yourself an easier target for hackers

GeneralEdward KiledjianComment
Your_data.jpg

I've talked about different technologies to provide additional protection when working online (Chromebooks1, Chromebooks2, VPN1, VPN2, VPN3, etc.) The truth is that anything that is posted, shared, stored or connected online risks being hacked and leaked. 

Instead of telling you how to protect yourself, I want to share tips on how to make yourself a flashier and easier target for hackers. After all, why make their lives more difficult than it needs to be? 

Reuse the same passwords everywhere

Reusing the same passwords everywhere is convenient for you and hackers. If they manage to crack or steal your password from one site, they can then reuse that same one on your other accounts. Don't make their lives difficult and reuse the same password for all your online accounts. While you're at it, use simple short passwords using only letters to make it easier to crack.

Don't use 2-factor authentication

2-factor authentication is usually a secret code generated on your phone using a free tool like the Google Authenticator or Authy. The purpose of 2-factor authentication is to provide additional account protect that would prevent someone from accessing your account if they somehow manage to get your password.

2-factor authentication goes against our goal of making you easier to hack. Doesn't 2-factor authentication sound like a lot of trouble for nothing? Why would you want to make it difficult for hackers to access your account if they have gone through all the effort of finding and cracking your password? 

Whatever you do, do not enable 2-factor authentication so your account can be stolen easier. 

Trust everyone and click on those links

Security advocates always caution users not to click on "strange" links from known or unknown sources. Sure often these types of links are used to install malware on your machine or to steal your login credentials (phishing), but you may miss that funny joke a friend sent. 

Hackers go to great lengths to make their emails look legitimate so why not reward all their hard work by clicking on them? If you don't click on those links, you will force the hackers to work harder to steal your information, and who wants to work harder? 

So I say click on those links quickly. If you see a link click on it regardless of any doubts you may have. 

Don't update your software and operating system

All software is written by humans and is therefore imperfect. Reputable software vendors (that hate hackers) release regular updates to their products to patch vulnerabilities that may be exploited. 

Our goal is to make you an easy target so why install updates? Updates take time. It is easy to forget checking for them (on smartphones, tablets and PCs). The easiest thing to do (the most hacker-friendly) is just to leave your machine as it is, and not install any updates. After all, what if the update changes a function? 

The moral of this story is to just leave well enough alone.  Don't make a hacker's life more difficult than it has to be, don't update your software or operating system.

Don't ever turn off Bluetooth

You work hard, and anything that makes your life easier should be encouraged and used. Bluetooth is a modern convenience for anyone that uses wireless headphones. You turn it on and pair it with your favourite headphones when you first set up your device and forget about it. 

Convenience is king. When you want to listen to a podcast or some music, you shouldn't be bothered to fiddle with small switches in some control menu to turn on Bluetooth. 

There are well-known attacks against Bluetooth that could allow a remote attacker to connect to your device and steal data stored on it. Who cares? Convenience is king and outranks security. We want to make your devices as vulnerable as possible, so whatever you do, leave Bluetooth on. While you are at it, leave other data transfer features on (like Airdrop on Apple and WIFI). 

Don't use a VPN

I have written about VPNs for years. How they can be used to protect your data when using unknown or untrusted WIFI networks. This article is about making your life and the hackers life easier, not making you more secure. 
VPNs are a hassled. You have to buy a subscription, install the app on your devices and remember to turn it on everytime you connect to an untrusted WIFI network. When using a VPN you are paying to make your WIFI experience more complicated. Does this seem logical to you?

Hackers love using unprotected or poorly protected WIFI networks to perform reconnaissance and even break into your devices. Hackers have a wide variety of easy to use tools that work on devices connected to these open WIFI networks where users aren't using a VPN. So the moral of the story is convenience. After all, if you can't trust your local coffee shop with your data security, who can you trust. 

Remeber that your goal is to make your and the hacker's life easier so trust easily and trust often. Don't use a VPN to encrypt your traffic and make it impossible for a local hacker to steal your data or compromise your device. 

Share a lot and often

The purpose of social media is to share information with friends and other strangers that are connected to you. So the hacker rule is to share as much data as possible and share it often.

Peacing data together is a fantastic way for a hacker to build a profile about you so they can reset passwords, use your credit or craft believable phishing emails. Make sure that all your social media profiles are public. Then once you your profile is visible to everyone on the internet, make sure you post a tone of "useful" information such as 

  • habits: (when you go to the gym, restaurant, stores, etc) so hackers can figure out where you live
  • vacations:  everyone wants to know that you have left the country for a week of sun and relaxation. Especially those hackers and thieves. It is so much easier when the target (oops... I mean friend) lets you know it is a good time to steal from them. 
  • Date of birth: MAke sure you use your real date of birth on social media sites so friends (that can't be bothered to remember your birthday) can wish you a happy birthday. Hackers can then use this information to apply for credit in your name. It's a win-win for everyone. 

The moral of the story is to post lots of personal data, regularly and as quickly as possible. 

Conclusion

I hope you have found these tips useful. I know many hackers will thank you for being such a friendly and trusting person. Remember that good security is inconvenient and convenience is the most important factor to a busy person like you. You are too busy to worry about securing each and every service you use, so don't. 

After all, people are generally nice and trustworthy. So open that attachment. Click on that link. Share that vacation departure notice. Life is short, live a little.

9 things you should pack on every trip

GeneralEdward KiledjianComment
vw-camper-336606.jpg

As a frequent traveller, I have picked up some tricks that make travelling a lot easier. I wanted to share some of those with you and hopefully make your life a little easier.

Global WIFI Hotspot

I wrote my first review of the (gen 1) Skyroam Global hotspot in 2015 and it became one of my most used travel items. When they released (gen 2) a new LTE capable model, the Skyroam Solis, I bought one and reviewed it as well.

TL;DR: I have tested dozens of global roaming services (hotspots and global SIMs) and the product I carry in my bag every day is the Skyroam Solis.

Some readers have asked if my Skyroam tests were promotional and the answer is no. I have not received any compensation from Skyroam to test and review any of their products. When I find something that works well and is priced competitively, I recommend it.

I recommend you read my full review, but the summary is that the Skyroam Solis is a pre-paid global 4G (LTE) capable hotspot that works in 100+ countries. They offer an "unlimited" data package sold in chunks of 24 hours (day passes) for about $9 a day (or a monthly pass for $99).

solis_daypass.PNG

Most companies offering this type of service label their offering as "unlimited data" but this doesn't mean you can stream Netflix while cruising the french riviera. Every company I have reviewed imposes some type of "fair use policy". Skyroam's Solis day pass never cut-off your data access but does slow it down to a painful (and barely usable) 2G after you consumer about 500MB per 24-hour period. This period resets during each day pass.  This means that you shouldn't be streaming music or videos (Spotify, Google Music, Apple Music, Youtube, Netflix, HULU, Amazon Video, etc).

As an example, the GeefiGlobal WIFI hotspot fair use policy says "GeeFi will begin limiting the download speed after you exceed 500 MB (megabytes) of data in most countries".

buysolis.PNG

Frequent travellers can buy a Skyroam Solis WIFI hotspot for $149.99 (includes one day pass worth $9). Infrequent travellers can rent a Skyroam Solis with the appropriate number of day passes for $9.95 a day (basically $1 per day to rent the unit plus shipping costs back and forth).

rentsolis.PNG

Collapsible water bottle

download.png

I wrote about the Nomander collapsible water bottle in 2016 and still recommend it for travel.

TL;DR: The Nomander water bottle is a light flexible easy to pack piece of kit you can store easily and use when needed. It avoids having to pay $5 for a 500ml bottle of water that would otherwise cost $0.50 anywhere in the "real world".

The Nomanderis made from food grade silicone so it doesn't retain smell.  It is leakproof. Where my older recommendation (the Vapur) becomes giggly when less than 3/4 full, the Nomander retains its shape fairly well for a foldable bottle. 

With the plastic sleeve in the middle, the bottle is sturdy enough to stand on its own.  The Nomander is (top rack) dishwasher safe, You can also freshen it up, like most other water bottles by soaking a mixture of filtered water and fresh cut lemons for 24-hours.

The water filter

Browse the aisles of any camping goods store and prepare to be amazed at the dozens of water filters available for your immediate purchase. I have been camping most of my life and have travelled to many locations known for terrible horribly diseased water.

I have tried over a hundred filters, tablets and sterilizers. The one I keep coming back to over and over is the Grayl. I first wrote about the Grayl water filter in 2016 and have been recommending it since. It beats every other filter I had tried before or that I have tested since.

download.jpg

TL;DR: The Grayl water filter is the easy to use, easy to carry, low maintenance and high-reliability water filter you want when in the backcountry or when travelling to locations with questionable water sanitation practices.

When using the orange travel filter, you purify and sanitize the water with one (strong) push. This means I no longer carry a UV sterilizer (Steripen) in addition to a filter (Lifestraw or Sawyer mini).

The Grayl Orange Travel filter removes:

Grayl_Filters.PNG

Each cartridge lasts about 300 uses (with 3 full uses a day, a single filter would last 100 days). The filtering process requires a bit of brute strengh but you never have to worry about batteries and there is no need to backwash the filter. 

Portable laundry machine

Scrubba_4_-_Flat_and_Closed_-_Credit_Calibre8_1024x1024.jpg

Everyone starts travelling with lots of extra clothes and big check-in pieces of luggage. Eventually, you learn that one-bag travel is the only way to go. One-bag travel does mean you are travelling with the minimum and thus may need a way to clean your clothes while on the move. 5 years ago I bought a Scrubba wash bag and have brought it with me on almost every trip (longer than a week).

TL;DR: The Srubba is a waterproof bag with scrubbing "teeth" you can use to clean your clothes anywhere in about 10 minutes.

Scrubba has become a trusted travel item for business trips and family adventures (vacations with kids, camping, road trips, etc). I use this with either  Woolite Travel Laundry Soap individually packaged travel packets or Dr. Bronner organic Castille soap. Both of these detergents are gentle, work with all types of materials and wash out easily without leaving a soapie residue.

Airborne and NoJetlag

I started taking both of these products 6-7 years ago and believe they help keep me healthy when travelling (particularly the long North America to Asia flights).

jdwb4yupe3dts0egi3ws_a3600e38-80a6-493d-b398-38dfe2099e49_425x425_crop_center.jpg

I am not a doctor and the effect could be nothing more than placebo but since I started taking Airborne on longer flights, I find I get sick a lot less Worst case scenario, it is a vitamin C supplement but my experience has been very positive. I have managed to stay healthy even with colleagues have gotten sick.

nojetlag.jpg

When travelling to faraway destinations, I started using No-Jet-Lag. While consulting for Cathay Pacific Airlines (based in Hong Kong), a flight attendant recommended it and I have used it ever since (when travelling through more than 4-5 time zones).

The simple rule of thumb is to chew on one tablet, every time your plane takes off and every time it lands.  Then chew on one tablet every 2 hours while in flight. I normally follow the manufacturer instructions and take it an hour before or 2 hours after a meal.

I'm the first person to admit the questionable medical value of homeopathic products and my results may be nothing more than a placebo effect but it has worked for me and has been recommended to me by about a dozen different flight crew members.

Tom Bihn Synapse 25 backpack

Talking about backpacks is almost akin to talking about religion. It seems people are easily offended when you recommend something different than their preferred bag.  Unlike the average traveller, I have 1M+ miles under my belt and have recently tested about 25 different (well rated) backpacks before I recommended the Tom Bihn Synapse 25 backpack February 2018.

20180212_084052.jpg

TL;DR: If you can only buy one backpack (EDC, work and travel), I recommend the USA designed and manufactured Tom Bihn Synapse 25 backpack.

I recommend you read my full review here. This bag is light, durable and has carefully designed features that will make travel much easier. Plus it is built like a tank and will not break on your mid-trip.

Best carry on luggage

AirBoss7.JPG

I first recommended the RedOxx AirBoss in March 2012 and it has been my favourite carry-on luggage since. I have tried 50-60 different products since and always come back to this thing. It is designed to last and comes with a no questions lifetime warranty. Along with Tom Bihn, RedOxx offers the best warranty in the business. 

The RedOxx AirBoss is a 100% USA designed and manufactured bag. It is made from incredibly resilient materials. The bag you see above has travelled 1,000,000 + miles since 2012 and it looks almost brand new.

  • Since does not have wheels, I am rarely asked to check its size.
  • It has a flexible shell which means I can push and shove it into even the smallest overhead compartments.
  • It doesn't waste any room on wheels and a pull handle which maximizes available space
  • It can be used with or without packing cubes

If you could buy only 1 luggage that will have to last 10+years, this is the one.

Pacsafe anti-theft packs

There are times when you will be travelling to riskier destinations where theft is a real constant concern (Shanghai, Delhi, Mumbai, Barcelona, etc). Then travelling to these "special" locations, you may have to take specialized gear to stay safe and no one offers a wider selection of anti-theft backpacks, packs and bags than Pacsafe.

I own both a Pacsafe backpack and a shoulder pack. Both of my products are no longer offered but you can easily find something that would meet your needs. During "normal" trips, I would choose the lighter and more functional Tom Bihn Synapse 25 every time but when I need extra security, the Pacsafe products are a must.  The bags are lined with a metal mesh to prevent theft by slashing. Even the shoulder straps are reinforced with metal mesh to prevent a slash and go incident. Best of all, the Pacsafe bags look like normal everyday products.

pacsafe.PNG

I own an older version of the Metrosafe and found an everyday use for it you may find interesting. In addition to keeping my valuables safe while I travel, I use it when at the beach or public pool.  I lock it to a bench or medium tall tree and know my valuables (glasses, wallet, cell phone, etc) will be there when I get back. When at the beach, I can go swimming without worrying that someone will steal my wallet. All you have to do it pair it with a travel cable based lock. 

Calgary airport offers the best WIFI performance in Canada

GeneralEdward KiledjianComment
skyline-calgary-866032.jpg

Ookla, everyone's favourite speed test service has just published internet performance metrics for North American airports. Calgary Airport has been rated as the best performer of all Canadian airports and is the third best in North America.

  1. Seattle Tacoma International
  2. Denver International Airport
  3. Calgary International

Montreal's Pierre Elliot Trudeau Airport was rated the worst. Toronto's expensive Toronto Pearson International Airport is rated 23rd.