How would you travel on an airline with your life's data and devices?

I work for an airline. Some points.

1. Don’t check anything you wouldn’t be ok loosing. (Raspberry PI can be replaced, photos cannot)

2. People travel with weird stuff all the time and no one cares or things twice. (USA) not sure how this applies internationally. Generally how suspicions you look is proportional to how much flack you receive. So if you feel and act normal, likely no one will care.

3. A locked hard case like a pelican case that fits within the carry-on size requirements and is well used will look a lot less suspicious than a bunch of laptops in a backpack.

4. People move all the time. For you it’s a big event, but for the airport / airline staff, someone traveling with all their possessions because they are moving is a routine occurrence.

5. At customs, be prepared to explain (honestly and truthfully) why you have lots of electronics. I am moving here and here is my documents, by the way I am a software developer, is a perfectly valid reason.

The above advice applies for lawful travel. You are on your own if you’re trying to hide something.

Your question leads with infosec concerns, but you may also want to think about customs or import regulations at your destination. You seem to already think it appears excessive as a typical "personal use" travel package. Would a customs official think the same thing...?

So, you might find better suggestions by looking to immigrant/expat community resources for the destination country. You might learn of particular paperwork or least-friction options to ship the majority of it and avoid surprise seizure or customs duties, etc.

Also, some combination of encryption and online backups does sound like a good idea to me, unless of course the countries involved have nasty restrictions on encryption tools. Leaving a copy with a trusted friend or relative in your origin country can also give you a recovery plan. If all else fails, you can work with them to arrange an online transfer in the future, or just wait and get another copy the next time you visit your original country.

You also might want to remove personal data from devices before shipping them, and plan a factory-reset/wipe procedure when you receive them on the other end if it gives you peace of mind.

I travel around with two MacBook Pros, two smartphones, and a PS4. All of this fits in my backpack, and it’s a mild pain to go through airport security, but it’s not too bad.

What I’d do is ask yourself which of these things you REALLY need and take those in a carry on. Putting laptops in checked luggage may be difficult, as they don’t like lithium ion batteries because of the risk of fire in the luggage compartment. Shipping used electronics is risky, probably expensive, and perhaps impossible.

It all depends on how customs works. For example, shipping a laptop to Mexico with an import partner is quite difficult, and Indonesia may not allow it at all. Shipping to a Western European country may require paying a lot in import duties.

What I’d do if I were you I’d this. Put everything you can carry into one backpack. Put the stuff you could afford to lose in a carry on suitcase, which they could potentially make you check if overhead luggage is full (pack with some padding, like put things between your clothes or whatever). Try carrying it through and see what happens. They may not stop you, and if they do, just be prepared to pay a fee or abandon your equipment.

Another option could be just making two trips, or paying someone to fly with you.

You can encrypt drives if you want, but that could be a pain if they ask you to turn in the equipment. That happens. Maybe just backup the stuff you need and wipe the drives if you’re really concerned about security.

Good luck!

> almost two terabytes

Stick it on a little encrypted USB drive and put it in your pocket? Maybe with a couple of spare drives in your checked luggage, and post one as well. Nobody will care. Wipe the devices if you really want. Not the huge problem you think it is.

Backblaze B2 is $5/TB-month. It only takes me about a month to upload 2TB at crappy ~20mbps cable upstream.

Movers moved the physical servers and hard disks about 9 years ago when I moved; they all spun up just fine at the other end.

It sounds more convenient to insure(!) and ship most of the hardware once the data on them is backed up.

You're likely not going to be able to take multiple laptops with LiIon batteries on a plane, baggage or carry-on. EDIT: I have flown with two laptops in the same carry-on without problems, so it probably depends on exactly how many you need to bring.

Depends on what country you're moving to. But in my experience, moving from Canada to Europe and back, it's not seen as "weird" travelling with computer stuff. My suitcase even had a PC monitor and motherboard tucked in with my shirts and slacks.

For simplicity, it's probably cheaper and easier to send some peripherals to the Sally Ann or Goodwill and replace it in the new locale.

As for the data, 2 TB isn't that much these days. It's just a small portable drive and no one will bat an eye. Photos from my DSLR alone take up more space than that!

> something being implanted on any one of the devices or drives

This really depends on your threat model. If you're of interest, they don't need to do this at the airport, when a real person of interest is likely most alert to tampering.

If you're not of interest, they're not going to bug every random traveler with a hard drive using state-level technology and risk giving the game away by being found out by a perspicacious security researcher one day.

Regardless of what equipment you do or don't travel with, I would recommend backing up up anything important to storage that won't be carried on your person. Even if flying goes smoothly, equipment could still be lost / stolen / damaged at other stages of the trip.

I’ve lived abroad a few years and had to move all my devices quite a few times.

* invest in actual end to end encrypted cloud storage like tresorit. Keep copies of everything important there. Log out when traveling. Encrypted drives could compel password sharing if they have a problem with you.

* delete all work projects from all devices. Log out of work emails. Travel mode on 1Password etc.

* don’t actually delete everything off of every device, that’d be a flag

* delete all the sensitive photos off your phone. Photos of anything financial, passport/visa scans. Personal photos etc.

* raspberry pi can go in checked luggage. Try to attach some product packaging, don’t pack a ton of those little connector wires as that invites an inspection

* if you want to ship, UPS is pretty decent and fully owns their international ops better than other couriers. FedEx contracts out too much. I’d trust UPS to go through my boxes, but not FedEx. And local mail companies use gvmt customs clearances and just ship on passenger planes. More likely to open and inspect.

Having moved cross-country recently, this proved to be a fool's errand. If it doesn't fit in your carry-on, leave it behind.

I paid a lot of money to have a bunch of junk shipped, and all I received was a pile of twisted metal-- it was all destroyed in transit. Trying to salvage the data from the hard drives cost me hundreds of hours, was only partially successful, and the only aspects of the mess you get reimbursed for are shipping cost and retail value of old computers (do you have all of the receipts/invoices for them?). You don't get paid for your time or grief.

The only country I've ever seen that takes issue with travelers carrying too many is Japan, but the more of anything you have, the more opportunity for any single piece to get lost along the way. Transfer important data to two encrypted xTB-sized personal drives and toss those in your carry-on. You are your own courier.

Make peace with the fact that all of your gear is disposable when you get on that plane.

If you insist on shipping...

* Bring copies of your original purchase receipts/invoices for items shipped with you on the plane. You will not be able to substantiate any loss/damage claim if the documents you need to prove losses were themselves lost or destroyed.

* You can increase handling diligence by adding a gun to the parcel and following legal firearms-shipping procedures. Carriers attract a lot of heat when they lose guns. This may or may not be an option for you, and will limit your carrier options to FedEx (and maybe DHL?).

* Remove all hard drives from their chassis. (This one, I overlooked, and being the only part I actually cared about it cost me dearly.)

* Have your stuff packaged by a UPS/eq. Store. DO NOT do it yourself, even though you would do a better job of it-- when you need to make a damage claim against the carrier, your claim will ALWAYS be denied on account of improper packaging if you're the one who packed it.

* Some insurance riders will require signature confirmation at delivery. When you sign for it, write "DAMAGED" above your signature-- whether or not there's anything apparently wrong with the package. Not all damage is immediately obvious, the terms for reporting concealed damage are easily faulted, and signing that pad with only your name affirms you received the package intact-- and guarantees any subsequent damage claim will be denied.

Encrypting all the drives will not work because the authorities in the new country more than likely have the leeway to "kindly request" that you unencrypt the data for them. I don't need to know the country to know there is a high likelihood that this is true.

Your best bet is to back up all the data from all of them onto one large hard drive, encrypt that, wipe everything and travel with everything but the hard drive. Then let them poke around whatever they want. Maybe keep some stuff like family photos and whatever just so that it doesnt look like you wiped everything before leaving.

If you travel with that many drives you're likely to gather some suspicion, so they're likely to want to poke around.

As far as getting the data to you, you could have a friend or family member mail the drive to you, or have it hooked up to an internet connected FTP server, or even an open VPN or wireguard tunnel to the network it's on with local only access.

I've done this multiple time across several countries, I usually upload my data to the cloud before the trip, just in case of lost/seizure. For very sensitive data (let's say crypto keys), you create multiple offline copies, leave them on the origin country and make sure they are destroyed when arriving to the new place.

I would get something like a Pelican case, get a lock for it, and ship that. Not perfect but much more likely to make it in one piece. Before that, I would take my most critical data and back it up encrypted in a cloud service or take it on a portable device that stays on my person.

This is highly dependent on the two countries in question, your passport(s) / visas, and your day job.

I had to do something similar and shipped everything with a slow method that took about 7 days. I knew the address where I would be staying and shipped with registration and insurance. I also shipped a lot of books and comics and physical media.

Then I just carried a single laptop and a small drive that wasn’t found by airport inspectors with about 10gb of important data.

This was before cheap cloud storage was available and if it was, I’d put a copy there as well.

2TB is an NVMe. You can even put it in your wallet, or better in your backpack. A copy also to an online back up service. Leave a third copy behind, to be destroyed once confirmed on the other side. If you have someone in destination, you can send the data a priori.

There are rugged SSDs, but they are expensive and may not survive luggage handling.

On airport, there is a chance that you are asked about the encryption password, especially in US.

Do you have any family in your current country? I would backup everything to external hard drives, and leave multiple copies back at home with trusted family members. You can encrypt the drives if you don't entirely trust these people.

If your travel goes smoothly, no problem, if not, someone can ship you one of the drives, or perhaps hook it up to their own computer or NAS and set up a downlink, or send to Backblaze, etc.

When crossing borders, I store all my data encrypted in the cloud and wipe the device. Many countries can request full access to your devices, and non-compliance can result in denied entry or possibly even arrest. Your devices may get confiscated.

In Australia for example: https://www.theguardian.com/australia-news/2022/jul/20/exper...

From memory if they gain access to the data they retain it for something ridiculous like 15 years, and are exempt from all data protection/privacy laws.

Even though the risk is small, having all my data leaked like this is unacceptable.

Another rule is that if my devices are taken out of my sight, I won’t use them any more; I’ll sell them and buy new devices. You don’t know what exploits are out there and again it just isn’t worth the risk.

I’d ask if you really need multiple laptops? You’re obviously concerned about this, so minimising your attack surface seems like something worth investigating.

Planning this myself.

I use a Pelican 1495 briefcase and I carry it with me at all times. It's waterproof and padded and terribly strong. It locks (non TSA approved, so carryon only!) with a passcode. I carry a small laptop and a desktop replacement in this case, along with some paper, a mouse, a bluetooth keyboard, two chargers, a bag of adapters, and a partridge in a pear tree.

I understand that your data is irreplaceable, but in terms of size, 2 TB isn't all that much these days. I would recommend you upload it all to www.backblaze.com just to have a cloud backup anyway. Even if you weren't moving, if your house got destroyed (fire/earthquake/whatever), I'd hate for your data to get lost.

Honestly if your data is this much worth to you, it might make sense to rent a VPS temporarily (with a big storage/SSD), and to get e.g. a 4TB SSD as an external drive as a redundancy.

Encrypt via LUKS to protect your data. Even if TSA doesn't snoop on you, others might if you lose the drive.

When moving in the past, I sent myself packages in advance but in some countries the pickup time is very limited (e.g. Germany has 6 work days pickup time), which could lead to problems if you are stuck at customs for whatever reasons.

Usually TSA is mostly worried about batteries, so if you have 4 devices with the batteries removed, it shouldn't be a problem.

Do you have a storage rental service in your city? Sometimes it's possible to send them packages with your belongings if you ask nicely.

Pelican case with the hardware. Your carry on or backpack with the data.

Think about journalists and photographers, they do that every day (my uncle was a cameramen). Ask to them.

Call to the embassy or the airport security, they are not always a bunch of jerks.

Be honest at customs, depend on the country they could want to access the data (even when they just see the desktop or just some pictures).

Don't check anything that you are not ok loosing it..

I travelled with some cameras, notebooks, tablets, hard drives using that (pelican with some padlocks, 2 different brands and systems on each lock.., I really hate airports, they stole my Adventure Time tag) and an Oggio renegade backpack.

Not exactly the most eco friendly option, but if it's getting close to upgrade time anyway, can you consolidate any of it? Just sell most of it and get less bulky replacements? Do you need multiple laptops or will VMs do plus maybe 1 backup laptop?

I think I would either want to have a cloud backup of everything, or at least 2 copies, 1 by plane and 1 by mail. Traveling with irreplaceable data seems pretty scary.

Then again I would be much more worried about something getting lost than any security concerns.

I personally don't encrypt drives other than a few specific folders, but I assume that most HN readers would want to.

i just did that. with kids, 6 laptops (two small ones and two dead ones, that i hope to still revive somehow) several harddisks. (5TB data in triplicate (and a 4th copy on cloud storage)). security checks on three airports. they checked, but it was all routine, not a hint that this could be suspicious. on one airport the did that explosive trace detection by touching every piece of equipment and into some pouches, but that too was all professional.

3 out of the 6 suitcases were flagged for manual inspection, but passed after a quick look after confirming that the things they saw on the scan were fine after all.

in there i had a full desktop without harddisks (which were in the carry-on) and several other harddisks in a stack which in one scan did show up as a black square causing a search of that area of the suitcase because the person there didn't initially think that the disks could be the cause. once we confirmed that it must have been the disks (i guess if you pile up enough of them they do show up dark) it was given a pass.

the nightmare started when none of the checked luggage was showing up at the destination. confirming that i was right to remove and back up the disks. (but after two days i got the call that the luggage has arrived, it has just missed the last transfer)

Host it somewhere encrypted (GPG) and download it when you get to destination?

backup + encryption ( Veracrypt) !

> implanted on any one of the devices or drives

use "glittery nail polish" for tamper protection

https://mullvad.net/en/blog/2016/12/14/how-tamper-protect-la...

An important point: depending on the country it can be better to ship it; I mean, if there are key disclosure laws, traveling with data simply isnt an option to me. Even if its just family photos, I wouldnt want them to be copied and stored forever like they do in Australia/USA

You might want to look into sending the items as freight. Either with an airline or a freight company. You can get insurance, tracking, you can package the goods securely and they have a better chance of arriving intact. Downside is that you’ll have to drop off and pick up the goods at a depot.

If there is anyone you can trust in the country you are leaving then buy enough drives to make a copy of your stuff and leave that (encrypted) copy behind.

All of the stuff you take with you should be encrpyted. If anyone were to try to look at it then you dont know how to open any of it.

You could get 2TB onto BackBlaze or iDrive fairly cheaply. Maybe use both (one backup service backing up the other!).

(If paranoid, encrypt it yourself before backing up. But if you lose the key you lose all the data)

Wipe all devices before going. Take a dumb phone for phone calls.

For the data: you can back everything up on an encrypted SSD and mail it to your destination.

I've travelled with a 20 tib nas as hand luggage.. customs saw it and asked what it was, I explained it was a big external harddrive, I popped out a few drives for them to see, then was let through

To keep your seedphrase secure while crossing borders, consider https://www.borderwallets.com

I would think along these lines: https://xkcd.com/538/

I have travelled with 4 laptops and 2 tablets before, so no issues there.

Travel on an airline with your life's data and devices?

I wouldn't. Bring the devices if you must (with you, not under the plane), but the data should be put in a Veracrypt volume[0], note the SHA-256 sum, and upload it to somewhere secure, perhaps with a technology like SecureDrop[1]... or just stick that blob in a zip file or something and park it on some random SFTP server, that might actually stick out less and thus be more secure.

If you need secure passphrases, you can bootstrap entropt by creating a mnemonic, then putting that mnemonic into a hash algorithm so you have something that would require a very targeted decryption effort but easy to remember. Other sources of seed could include things like the serial numbers on currency.

For example, I used the serial number on the last two dollar bill my deceased grandfather as salt combined with a code word set up back in the 2000s as the password to the encrypted Kali virtual machine I set during the Trump administration and tore down after the 2020 election.

In my experience, I have found that when you are trying to live that cyberpunk lifestyle (confidentiality, integrity, availability)... you can often only achieve two while interacting with an enemy.

And make no mistake: ANYONE who tries to coerce you into giving up your most intimate data without a warrant to simply travel on an airline is an enemy. The tools and techniques I taught to journalists traveling to the most oppressive regimes in the world must now be deployed by private citizens beating hasty retreats from fascist regimes the world over.

Have a safe holiday season OP, if you can. It's like the fall of the USSR at there, complete with гла́сность[2] :-)

Sincerely, Greg.

Edit: I messed up the formatting on the citations -- sorry.

--

[0] https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit

[1] https://securedrop.org/

[2] https://en.wikipedia.org/wiki/Perestroika#Perestroika_and_gl...

Unless you're some government/military official - why do you care so much? Who would ever care about gigabytes of your stuff?

And if you are a VIP — you shouldn't store that much sensitive information on you anyway.