Archive for September, 2017

The rest of the trip was uneventful, at least as far as bits were concerned. (Do not get me started on transportation. Or pest infestations either.)

My new SIMs worked as expected, with a recent legal change I can use the ones I bought in Italy to roam at no extra charge in other EU countries. This was super handy for the five hour layover in Germany. It also means (I think) I can keep them active. I go to Europe from time to time, but not Italy every year as would be needed to refresh my phone service and keep the number. (Important note: Italy requires a national tax ID number to buy a SIM. I have one, but most tourists don’t.)

The downloadable encrypted disk worked, and once I got it I was able to access the keys for my server. I was still cut off from everything tied to my US phone, but it was tolerable. Web email only, and I had to send messages from the mail application because of my setup. So that data was still local. But there were only a few things I really had to reply to. Besides, I was supposed to be speaking Italian, not websurfing.

I have a separate laptop login, with restricted permissions, that I intended to use for general web browsing. I mostly used the phone, however. The one helpful thing was my mifi had more bandwidth than my phone, so I could connect to it by wifi and VoIP calls over the VPN were less terrible.

On the flight back home, I deleted the disk image, cleared data in all the browsers I had been using, and shut down. That logged me out of websites, with no way to get access without my US phone. Nothing actually happened at customs, but the point of practicing one’s security plans is so you are more confident they would work (and you can execute them) if actually needed. And, in my case, to write up what I thought about it.

The most unexpected surprise was the reminder that average people have no idea what two factor auth is. They were confused why I could not login to Facebook, when I had a perfectly good phone and laptop right there. I mean, everyone is on Facebook right? It was challenging to explain that I required a message that was sent to a device I didn’t have. (I think I was then deemed one of those “computer people.” Fair enough.)

The VPN set up for always-on worked about as well as it does in the US, so I’m happy with that. (Some websites still reject you tho, boo.) I tried to use public wifi in various locations (the mall, inside train stations, etc) but mostly they did not work correctly and I was stuck with whatever signal I could find on my own. (They were either over-used and not responsive, or blocked my VPN connection.)

Next time I’m going to get a plan for my phone that includes voice service. I couldn’t call taxis, and that was a pain. I was not in a big city where it’s easy to find a taxi.

I’ve been in Italy a few days now, with only travel-specific phone and laptop. Both are set up with a VPN and the laptop drive is encrypted. I’m using web versions of the services I need, with the exception of outgoing email. (My weird mail setup relies on self-hosted SMTP, that essentially forges my From: address.)

I decided to not logout of everything on the phone (my point of entry, Germany, is not known as a hotbed of traveller phone searching.) So no need to involve my spouse to relay authentication tokens from home.

I did have some trouble with iCloud two factor auth and had to resort to using a recovery key. Despite the appearance of auth tied to a device and not only a phone number, I couldn’t get the login token with my new SIM.

Once I got everything working it’s been ok, I just have to not flush browser data and lose my auth. Not having email on my phone is a minor nuisance, but I can live with that for two weeks.

I have no passwords saved locally, instead I made an encrypted disk image with passwords and other important things (like a photo of my passport and server ssh keys.) It’s on my web server, so I can download it from anywhere. For now I’m keeping the encrypted image locally and only opening it as needed. I’ll delete it before I get to the US.

The only real nuisance has been trying to minimize data cached on my phone from web browsing. I try to not open random links without a private window, but on a phone particularly it’s sometimes hard to tell what you are clicking on.

I have Twitter set up in Brave (a security-minded mobile browser), Safari configured without Javascript or cookies, and Dolphin for things that need both. This involves a lot of copying links between browsers, but it’s the same thing I do on the desktop.

I have a much better data plan for the phone than last time, so I’m actually doing most things there. I also have a new SIM for my mifi, although it’s unfortunately still locked to Vodafone. (Someone at Vodafone NZ suggested Italy could unlock it, but they won’t.)