Travel Security

Lock down your email account before going abroad

LAST UPDATED: 06/22/2021 (CHANGELOG)

Skill Level

INTERMEDIATE

Risk Level

MODERATE HIGH

Time Cost

MODERATE

Financial Cost

FREE

Platforms

_DEPENDING ON YOUR RISK ASSESSMENT, it might not be safe to log into your work or personal email accounts while abroad. You might want to avoid having access to your personal email altogether. If compartmentalization is key, create a travel email account.

Your risk assessment will guide which email provider you choose to make a travel account. In some cases, simply using a popular email provider with robust security features (like Google’s Gmail) is enough.

In other cases, your field work might require that you create a travel account with an email provider that offers more privacy. As an example, ProtonMail sets itself apart from most popular email providers in how it handles user privacy. Not only are emails between ProtonMail users end-to-end encrypted, all emails stored in your inbox are encrypted to a key only you have access to. So, ProtonMail itself has no access to the contents of your emails.

STEP 1

Create a travel email account, and enable two-factor authentication.

If you won’t have regular access to cellular data while traveling, prioritize setting up two-factor authentication through a mobile application, and/or a hardware token like a YubiKey.

STEP 2

Prepare your personal email before fully transitioning to your travel email account.

If it's safe to do so, enable your vacation responder. Consider forwarding certain non-sensitive emails from your personal account (from your spouse, certain friends or coworkers, your favorite non-controversial listserv) to your travel account. Use your email provider's filter rules to be as granular as possible. Not only does this keep you in the loop for important, but non-confidential, correspondence; it also populates your travel account's inbox in a way that doesn't arouse too much suspicion.

STEP 3

If you plan to send encrypted emails with your travel account, double-check that you have access to only your public key while abroad.

If you are planning on sending PGPPretty Good Privacy, or PGP for short, is a standard for public key cryptography that is commonly used for sending and receiving encrypted emails. The most popular implementation of PGP is similarly named GPG.-encrypted email while you’re abroad, make sure you have your public keyIn encryption systems that rely on public key cryptography, such as PGP, a public key is used to encrypt messages, and can be shared widely with others. stored on your keyring. Please note — it’s not advisable to travel with your private keyIn encryption systems that rely on public key cryptography, such as PGP, a private key is used to decrypt messages, and should therefore not be shared., but rest assured you can always decrypt messages once you’ve made it back from travel. See our desktop, travel-essential tips for more details on potential travel PGP setups, or contact the trainers at Freedom of the Press Foundation for advanced support.

Photo by Shannon Patrick. CC BY-NC-ND 2.0