Its hard. Really hard. I recently took a work trip that required me to be really mindful of my digital footprint. It’s much harder than it looks.

Keep your phone’s bluetooth, WiFi and cellular service off upon arrival. Wait until you’ve left the airport before turning them on. Having these services on allows others to created a digital profile of you with which your movements can be tracked.

I’ve worked with some mobile phone companies before, as soon as a phone registered to another country is turned on it will reach out to all the local carriers looking for one which will accept it’s roaming request. Personally I wouldn’t have been too concerned about the Bluetooth and WiFi profiles, more just the cell request. I guess the issue is tying that request to the individual, I don’t think that’s 100% possible, at least from the carrier side. The carrier would know it’s a foreign request and the foreign network it came from, and it would have some unique IDs for the subscriber, but not the subscriber’s name. I guess if someone is physically watching you at the airport then obtaining the local radio footprint would be easier, if you were a target of course.

But it is not just the phone’s radio signals, it’s every app on your device. Think about it:

  • Facebook; automatically logs location information and will share it with a post
  • Twitter; basically the same as facebook
  • LinkedIn; same
  • Banking App; Oh good lord !
  • Reddit; hey - have you seen the latest news for your geographically local area?
  • Previous websites you’ve visited where you’ve consented to share location details, yup that too
  • Airline apps for check in; location.
  • Tor / Onion browser; ok it is intended to ensure no site knows where you are coming from, and they can’t. But they do know it’s a Tor connection. In addition the network you are connected to will spot the tell tail signals from your device advertising that your device is using Tor.

In app & web adverts are a great way to see how much data is actually leaked from your device, I mean they apps don’t need your precise GPS, just the IP address that you connect from would be enough, and suddenly your getting local adverts being served to you.

When you think about it your mobile is basically a giant digital signboard that says “Hey Lads! Im here!!”.

Doing it differently

What I learnt not to do

During my trip I tried to keep as low a profile as I could, but I would say in the world of digital security, I might get higher marks for trying, than results. They say every failure is an opportunity to learn and I did learn. My key take aways are:

  1. If you don’t need it don’t bring it. Amazon kindle, forget it. New wireless mouse, look if you can use your laptop’s track pad do. Leave it at home. Spare USB stick, leave it behind.
  2. Personal phone - just forget it. It’s like a sieve leaking your data everywhere. Just don’t. Leave it at home.
  3. Smart watch; hello radio leaking device. Stop. Just don’t. A cheap mechanical one is the way to go.

What I probably should have done

Ideally, I guess I’d want a clean phone. Installed with a secure chat app, Wire? Signal? I’d power it with a pay as you go SIM card. You’d also want to limit the applications installed. The basics for getting around and nothing else. Ensure you never use it without a VPN connection. There will be more folks using VPNs in general than using Tor, and you’d just hope that from a network point of view you don’t stand out.

But basically if it is electronic, emits a signal, then, well, leave it at home.

Update - Feb 1st 2023: Forget your smart watch. Just forget it at home, instead use a mechanical one, or a battery powered one. Timex? Casio? Avoid Apple iWatch, or a FitBit, just leave anything with bluetooth at home. Speaking of Bluetooth, leave your AirPods / Buds, any any Bluetooth wireless devices. Bring an adapter an hook in a pair of wired headphones. In fact, speaking of wired headphones I’m amazed by the number of wired headphones that I’ve started to see users in Airports start to use. Is this cost? or is this security? - either way, it seems to make sense. Oh, and leave your wireless mice at home too.