OPSEC — Travel & physical security

OPSEC — Travel & physical security

Sub-nota atomica del manual maestro manual-paranoid-opsec. Cada capitulo es una nota propia para consulta directa por dominio operativo.

11. Travel OPSEC & Physical Security

11.1 Threat Landscape

Travel introduces unique risks that combine digital, physical, and human vulnerabilities.

  • Border searches may include device confiscation, forensic imaging, or forced account access.
  • Hotels, airports, and conference venues often have compromised Wi-Fi and surveillance systems.
  • Physical surveillance teams may track movement, habits, or meeting patterns.
  • Carrying sensitive data across jurisdictions increases exposure to lawful intercept and coercion.

11.2 Pre-Travel Preparation

  • Define the mission’s minimum digital footprint — take only the devices and data you truly need.
  • Use burner devices instead of personal hardware.
  • Prepare devices with minimal local data; everything else should be in encrypted containers stored offline.
  • Research local laws (encryption, journalism, data handling) to anticipate risks at customs.
  • Use dummy accounts or benign identities to handle casual inspections.

11.3 Devices in Transit

  • Assume all luggage is subject to search; carry sensitive items on your person if possible.
  • Power down devices before travel — reduces risk of live memory extraction.
  • Use encrypted drives with plausible deniability (hidden volumes).
  • Carry only throwaway SIM cards; avoid roaming on personal accounts.
  • Keep devices in Faraday pouches when not in active use.

11.4 Hotels, Airports & Venues

  • Treat all public Wi-Fi as hostile; use VPN/Tor.
  • Avoid logging into sensitive accounts on hotel or conference networks.
  • Use tethered mobile data instead of shared networks.
  • Be cautious of room safes; many can be opened with default codes.
  • Watch for physical tampering on locks, doors, or devices left unattended.

11.5 Meetings & Movements

  • Use varied routes and schedules to avoid pattern detection.
  • Arrange meetings in neutral locations with multiple exits.
  • Limit use of taxis or rideshares that log identity and travel patterns.
  • Keep situational awareness: surveillance cameras, suspicious observers, or unusual activity.

🔥 Extreme Practices (Optional)

  • Travel only with single-use, anonymous devices purchased specifically for that trip. Destroy them afterward.
  • Carry no sensitive data across borders; instead, transfer via trusted couriers, encrypted cloud dead-drops, or steganographic methods.
  • Pre-stage equipment in the target country (purchased anonymously by proxies).
  • Use Faraday bags at all times except during active operations; assume all radios (Wi-Fi, Bluetooth, GSM) are beacons.
  • Employ anti-surveillance techniques: detect tails, use counter-surveillance routes, monitor for hostile surveillance gear (RF detectors, thermal sweeps).
  • Use layered decoy devices: a “clean” laptop for inspection, another hidden and encrypted for actual work.
  • Maintain false travel narratives — prepare cover stories, benign digital accounts, and plausible explanations for all devices carried.
  • In hostile states: avoid carrying any digital equipment; rely entirely on non-digital tradecraft (paper, codes, human couriers).

Themes