Privacy and digital rights advocates generally support the strategy of creating a travel-specific device from scratch. However, they warn that a phone appearing excessively clean, reminiscent of a burner phone, might draw unwanted attention. Matt Mitchell, founder of CryptoHarlem, a security and privacy training nonprofit, advises users to ‘seed’ the device by using it for at least a few hours or a day to avoid suspicion. Mitchell suggests creating an additional social media account for travel purposes, acknowledging that many individuals already manage multiple profiles.
Amnesty International’s Cyr emphasizes that a genuine burner phone would be a basic device incapable of running encrypted communication apps. Cyr highlights the benefit of smartphones for secure, encrypted communication, cautioning that any non-encrypted communication is less secure than encrypted messages or phone calls made through apps such as Signal.
For those opting to use a travel device, it’s advised not to use a prepaid SIM card linked to their regular phone number, given its connection to numerous digital accounts. Instead, users should consider purchasing a separate SIM card for the trip or use the device solely on Wi-Fi networks.
Another method for safeguarding devices during border crossings involves preparing one’s primary smartphone before travel. This preparation entails removing outdated photos and messages, clearing out unnecessary apps, and either eliminating some apps entirely or logging out of them and logging back in with travel-specific accounts.
Mohammed Al-Maskati, digital security helpline director at Access Now, recommends a thorough cleanout of devices before travel. Al-Maskati advises being especially cautious about removing dating apps and those related to LGBTQI communities, particularly for individuals at higher risk of device inspection. This approach requires meticulous attention to detail, ensuring that all potentially risky apps are removed.
Travelers can also convert their primary phone into a travel device by backing it up, wiping it, installing only necessary travel apps, and later restoring it from the backup upon return. While feasible, this method is time-consuming and presents more opportunities for operational security errors, known as “opsec fails.” For instance, overlooking the deletion of an app could expose old social media accounts or forgotten data. Messaging apps might retain searchable archives of photos and files, and backing up data to the cloud without logging out of linked accounts could lead to requests for data inspection.
