Sep 13 2019 | 7:08 pm EDT bb10adopter111

Get a burner phone and SIM prepaid with cash using an alias. Then use a VPN and don't log in to any account for which you don't use multi-factor authentication.

Use your phone as little as possible.


Posted with my trusty Z10

Sep 13 2019 | 10:17 pm EDT brookie229

Just go with your phone and slap in a sim when you get there. You won't have any problems. Oh - no Google anything and even VPN's can be glitchy/blocked. Just mind your business, don't cause any trouble, enjoy the culture and be amazed at the things you see. If you are going into a rural area be aware of the fact you may be stared at (unless you are of Asian ancestry,lol) or asked by people if they can take a photo with you. Avoid the salads, tap water because you will get sick if you don't! Have a great trip!

Sep 13 2019 | 11:21 pm EDT TrumpetTiger

Be aware that every single thing you look up will be tracked. Assume all Internet use is monitored...because, well, it is over there.

Posted via CB10

Sep 14 2019 | 7:32 am EDT scrannel

Went with family -- my son even called his pals from the Great Wall. Used our regular T-Mo (USA) SIMS. In other words, no prep. Everything worked unless no signal. Also, wifi-calling worked.

Sep 14 2019 | 10:57 am EDT FF22

Thanks for the replies.

Keep those cards and letters coming - can't have too much info.

Sep 14 2019 | 11:19 am EDT bb10adopter111

The main thing is to be aware that there are literally tens of thousands of government intelligence agents monitoring EVERY unencrypted data packet, call and SMS you send. These agents have several main goals:

1) Credential theft. Remember that the Chinese government likely controls the DNS service you are using and will redirect to falsified login sites and sites without Https:// in order to steal credentials. Their main targets are Gmail and work credentials.

2) Message interception. If you don't use encrypted email (and hardly anyone does), you should assume that all of your messages are being read. NEVER email anything for work that you wouldn't want adversaries to know. This includes business plans, intellectual property, names of co-workers that can be used to compromise your account, etc. My recommendation is to use Signal for all work and personal communications while in China unless you have encrypted email capabilities.

3) Social network mapping: The government is looking for social relationships to use for intelligence gathering. Try to minimize your communications on Facebook, LinkedIn and other networks. Also, don't connect on social media to anyone you don't know well during or after your trip.

Posted with my trusty Z10

Sep 14 2019 | 11:58 am EDT brookie229

Doesn't work in China. OP, if this is a holiday don't worry about all this spying stuff - just enjoy!

I've been to China several times over the last 10 years and never any problem with my own device and a Chinese telecom sim which I purchased for a tiny amount. Of course you are tracked as you are anywhere in the world (including Canada and USA) - so what? As long as you are a tourist only you won't have any trouble with your existing device.

Sep 14 2019 | 12:40 pm EDT bb10adopter111

Thanks for the tip. I haven't been to China myself since 2013, when I was in Shanghai. I was traveling on business (nothing to do with the government or cyber or defense) but my company would not let me take my work phone and set up a burner for me. I used encrypted VOIP for all my phone communications.

At the Hotel I logged in to my personal Google account over hotel WiFi, just to live dangerously, and my account was attacked within a day, with the compromise foiled by my hardware authentication key.

I don't consider protecting myself from a government who routinely attempts to violate my privacy as "spy stuff" but I absolutely agree that you should decide what, if anything, you wish to protect, take care of that, and then relax and enjoy your trip. I loved every minute of my time in China!

The simplest thing is to just go old school. Turn off your phone as often as possible and connect with your surroundings.

Posted with my trusty Z10

Sep 15 2019 | 9:27 am EDT FF22

Thanks. I guess I have some good background info. But then yesterday, there was an article on "exit bans" was it. Mostly aimed at former Chinese citizens or relatives of them.

So just one more (so far) question - I presume using a VPN might hide log-ons or such but do they work and would using one trigger suspicions about what communications you are trying to hide. I don't know much about VPN's but I guess the amount of data going through a local wifi is known or noticed even if encrypted.

And you are right - just go and enjoy the terracotta warriors and the great wall. Strictly a tourist on a Road Scholar trip. But in the down time in the evening, I do tend to be a news junky checking on local stories and tariff rates (g). and hiking reports about local trails.

But I appreciate the answers a lot.

Sep 15 2019 | 11:37 am EDT brookie229

Regarding the VPN situation in China. As I stated above, the current status is sketchy at best. Sometimes it works well but other times it fails and this can be the case for any of the services you subscribe to. The best bet RIGHT NOW is ExpressVPN but even it can fail in some situations. I know that it's not what you want to hear but that's the reality in China. A second good alternative is NordVPN as they maintain an entire team dedicated to getting by websites that are blocked in countries such as Iran, Saudi Arabia and China.

I had problems with a VPN the 2nd last time I went so last time just gave up and avoided using the Internet for the most part. Texting and calls etc were my mainstays. Good Luck!

Posted via CB10

Sep 15 2019 | 6:10 pm EDT stevec66

I travel to China 4 times a year on Business never ran into a problem, all good advice given above my only comments would keep any political thoughts to yourself especially with what's going on in Hong Kong, my stock answer is always I never follow the news I have no idea what's going on sorry. If you are male good chance you will be approach in hotel bars by very pretty call girls don't be tempted especially in the major centres, keep it in your pants.

Sep 15 2019 | 7:56 pm EDT zephyr613

^ This.... very much so, THIS!!!!!

Sep 15 2019 | 8:50 pm EDT Chuck Finley69

I, Chuck Finley69, use a burner phone domestically on missions... so ...... it would always seem the prudent choice...

Sep 15 2019 | 9:37 pm EDT brookie229

Tiny story: the last time I was in China (Hunan province and later Tibet), I went to a mobile mall (massive plaza full of micro booths with everything mobile under the sun) in Changsha, whipped out my Passport for the telecom rep to put a sim in it and received looks of disbelief from everyone in the booth. I had to show the rep where to put the sim in the device but while I was doing that another guy called colleagues over to look at the weird device. No one in there had seen one but they did recognize the BB symbol. Maybe everyone was being polite but there was absolutely NO snickering which was weird compared to some of the snide remarks I get in North American providers.

Sep 16 2019 | 12:12 pm EDT dubengeldu

Hey an interesting globetrotter discussion nevertheless. And i thought my highlights were weird,when a seagull stood still in strong counterwind, but managed to crap right onmy top hand. Eating a small pizza onthe statue of liberty. Tourist Rosewoodpen. Chris on it

Posted via CB10

Sep 17 2019 | 2:01 am EDT scrannel

If you want to use a "burner" phone, prepaid SIM and in general play James Bond, live it up. But it's all nonsense (unless you really are a spy!). Just take your current phone and SIM and you will be fine.

And yes, avoid Big City girls picking you up in bars. Who they are depends on who you are.

Sep 17 2019 | 11:13 am EDT bb10adopter111

If you have no information or other assets to protect, never intend to have an important job or work for a company with government contracts, sure, go ahead and share your digital life as freely as you wish. But many companies that send executives to China provide burner phones and laptops for good reason.

Posted with my trusty Z10

Sep 17 2019 | 11:44 am EDT bb10adopter111

Here's a standard set of recommendations. Sorry it took me so long to pull them together.

This is not "spy stuff." This is best practice corporate and personal cyber hygiene.

-- Leave your regular laptop, phone, and tablet at home. If you're traveling for work, have your IT department prepare a hardened device for foreign travel without access to any sensitive data.

-- Limit the data you take. If you have to take devices at all, back up any data not required for the trip, ensure that you have secure disk encryption with a very long pass phrase (Mine has 148 characters). Delete all old emails you don't absolutely need from all your devices. DO NOT CARRY USB DEVICES AS THEY ARE EASILY STOLEN, AND EVEN EASIER TO SWAP WITH MALWARE INFECTED ONES. (However, carrying a carefully marked fully encrypted USB drive might be a sensible choice, so long as it is always in your physical possession)

-- Email files you need to access to your partners in advance of the trip, via encrypted email.

-- Before you leave, change all the passwords of devices or services you need to access while in China (since they may already be compromised) Use unique and complex passwords together with an encrypted password manager on your encrypted drive.

-- Keep your devices within your physical posession. IF YOU LEAVE A LAPTOP OR PHONE IN A BUSINESS CLASS HOTEL, YOU SHOULD ASSUME THAT A PROFESSIONAL WITH SERIOUS SKILLS WILL TRY TO COMPROMISE IT WHILE YOU ARE OUT.

-- Don’t use public charging outlets. If you must, use a "USB Condom" that blocks data.

-- Limit public connections to the Internet. Don't use any public Wi-Fi, including the service in your hotel. Just don't do it. Don't use computers located in the hotel’s business center, WHICH ARE GUARANTEED to malicious software. Use a VPN to access your employer’s server. Keep in mind that the Chinese government maintains strict control over internet usage via its “Great Firewall.”

-- Disable your phone’s Bluetooth and Wi-Fi capabilities.

-- Always sign out of apps and browsers.

-- Have a plan to wipe any lost or stolen device immediately. Know how to do it remotely or who to call.

-- Assume the trip compromised your devices. The best practice is to DESTROY your devices upon your return, since the MAC address has already been exposed. If that isn't practical, assume any devices you take overseas end up being compromised. If you have an IT security team, have them run diagnostics on it, but, in any case, replace the hard drive or do a secure wipe, then reinstall the OS, software and data.

Sep 17 2019 | 11:58 am EDT zephyr613

ALL excellent suggestions - 1 last one, whatever device you choose to carry, make sure "Location" is disabled as well. I wholeheartedly agree with @bb10adopter111 and Chuck. This is all good Security Hygiene and should be followed accordingly.

I can tell you a story of a Corporate Exec who happened to be traveling on the same plane as a Government person, they BOTH had their phones and laptops infected while overseas and supposedly "locked" in a hotel safes - both were compromised at the same level of sophistication.

Just know that whatever you take will be compromised at some level and be prepared to toss them upon your return.

Sep 19 2019 | 4:12 am EDT scrannel

You mean, this?


Steps to Secure Your Devices and Data Before Traveling to China – FirstCall

Or even worse... right in our own back yards.

https://www.travelandleisure.com/art...devices-secure

And my all-time favorite: "Tourists crossing the Chinese border into the Xinjiang region have had their phones seized by border guards, who then install Android malware called BXAQ or Fengcai. It searches for… parts of the Quran, Dalai Lama PDF files and music from a Japanese metal band, Unholy Grave."

Sep 19 2019 | 6:32 pm EDT FF22

I guess they'd want a piece of me - my Social Security. I believe I am beyond, WAY beyond picking up or being picked up in bars.

But maybe my ego could use the boost. Any other boost would be chemically induced! (g)

Sep 19 2019 | 6:50 pm EDT FF22

I had not checked this thread for a few days.

I tend to use Gmail! Obviously, Google is a no-no.

I think I've been convinced that the laptop stays home.

As I might have written, I just got a Pixel 3 and am using google-fi with it. Do you think that I will be able to send casual mail to my friend and sister using the email and GMAIL capabilities of the phone. The friend won't even use the data on her phone - she wants no part of google "watching" her!

I really do not relish throwing out a new phone when I return home. Can it be securely wiped once I return home.

Should I instead grab my older PRIV and get a local sim? Not that I'd want to throw that away either.

I really am a tourist. And an OLD one at that. But my foreign trips have been limited to Euro countries and Norway/Iceland. I never even made it to East Berlin when it was East Berlin.

Sep 19 2019 | 7:07 pm EDT bb10adopter111

I would not worry about your phone if you use proper hygiene, but definitely change your Google PW both before and after your trip, and limit your use to one account.

USE 2-Factor Authentication with an authentication app, NOT SMS.

A security wipe after you return would be prudent.

Use a VPN if you can.

Never plug your phone into a public USB charger.

If you're traveling for work, it's more complicated. If you could use a burner, that would be a bit better, but not critical.

You might want to strip personal info (birthday, address etc.) off of your Google account and any social media accounts you'll be using.

Posted with my trusty Z10

Sep 19 2019 | 7:32 pm EDT Chuck Finley69

I’d go buy an unlocked Android from Wallyland, Costco or BestBuy for $150-$200 and setup unique Android ID for device. Swap out local SIM while you’re there. Use google voice number or similar for domestic calls unless blocked. I’m not rich but for the price of 2-3 simple nights out at outback, longhorn etc, if the phone gets corrupted or not, it can be wiped and sold on eBay or letgo and recoup at least one night out back.

Sep 19 2019 | 8:43 pm EDT bb10adopter111

This would be my recommendation, too. Even a dirt cheap Android should be enough to stay connected during your trip.

Just try to limit the data you expose by logging in to as few services as possible, use a VPN if you can, and enjoy a great trip without worrying about your technology!

Posted with my trusty Z10

Sep 19 2019 | 9:06 pm EDT FF22

I'm going to have to try not going nuts or further nuts. They already have my birthday, etc from the extensive visa app! But you probably mean other "actors" I might run into in my travels.

I've never do two-factor but will be looking into it. I've never been a member of Facebook snapchat, insta-whatever. Of course, I'm sure my government would not believe that either if they wanted data.

Hopefully, it be a less and more interesting trip in the appropriate ways.

Sep 20 2019 | 8:59 am EDT scrannel

Nearly every country in the world is capable of this sort of behavior. The questions is "who are you" (to them) and if you are of interest, what is your potential exposure? I am very low on the exposure potential; in other words, I am pretty boring. I do travel often in the Middle East where things can get a bit lumpy (though I personally have never had any issues). So I take two phones and two passports. One set I never use. The other set I travel on.

As far as being approached in a bar in China... She's not a cute young thing, nor a cute young hooker. She's a government agent but, as I said in a previous post, who she is depends on who you are.

A friend was in Shanghai on a large profile project, when he encountered the cute young agent who picked him up in a bar. They went back to her suite where he proceeded to go large, all the while everything was taped. Apparently the government tried to use this perv-tape as leverage... except my friend loved the tape! Asked for copies so he could post on his social media. Even the Chinese government can't win them all.

Sep 20 2019 | 1:56 pm EDT bb10adopter111

Yes. The government obviously has your actual identity, which is required to visit. You just want to make it harder for the government and other actors to connect your true identity with your digital accounts.

Posted with my trusty Z10

Sep 20 2019 | 2:01 pm EDT bb10adopter111

If you don't add a second factor, please assume that any account you log into will be compromised. It's possible that it won't happen, but I've never seen an instance where someone logging into their Gmail in China without 2FA didn't have their Gmail hacked within 48 hours.

If your email is hacked, you'll have to go through all settings to make sure that the hackers don't set up email forwarding or other ongoing compromises that will persist even if you reestablish control.

Posted with my trusty Z10

Sep 20 2019 | 2:19 pm EDT FF22

Since I am totally unfamiliar with two factor thingies! (g)

How hard to set up and will my phone be able to retrieve it automatically or will I have to take additional steps to retrieve email. And can I reasonably undo it when I get back home?

Maybe this trip was ill-planned! (g)

But I really seriously appreciate everyone's comments. I really don't want to have my email screwed up and potentially lose control of not only gmail, but anything else which might come into the account while abroad.

Sep 20 2019 | 3:02 pm EDT Chuck Finley69

Last year I set up a 12 month contract with a client organization that was stuck in 1995 technology and compliance procedures. I doubted the client organization’s ability to move forward at the speed and implementations that would be worthwhile to renew for one more year. Part of their antiquated procedures was the necessity of using my private email for certain attached documents in a mobile environment since they relied on Lotus Notes on laptop only for email.

Since I wasn’t going to give them unlimited access to my private email for compliance review and supervision on my private mobile device, that’s when I purchased a better quality burner device like I mentioned earlier. I setup everything separately partitioned and siloed from my true private life. When I didn’t renew the contract, the client tried hijacking all my private data that was proprietarily developed. Since I was able to offload the data to my own real technology, I was able to shutdown all the unique accounts on the mobile burner and factory reset.

Personally, for a trip, it seems easier to setup the VPN and limited info on the burner than hoping to really secure your totality of real actual data and normal footprints.

Sep 20 2019 | 3:17 pm EDT brookie229

You are VASTLY overthinking this, lol.

Sep 20 2019 | 5:25 pm EDT bb10adopter111

I think a trip to China is well worth a few reasonable precautions!

Google has great documentation about setting up 2FA. Avoid using SMS because it's less secure and a PITA if you're switching SIMs. Use the Google Authenticator app

Posted with my trusty Z10

Sep 20 2019 | 6:14 pm EDT Chuck Finley69

I agree with this and would still go!!!

Sep 20 2019 | 9:08 pm EDT FF22

One NOT LAST question (g)

If I'm using BlackBerry Hub aka INBOX, is that already secure or do I need to set up the the 2FA?

And if I take my current Pixel 3, if BB Hub is NOT secure, I gather I should remove the accounts from the Hub for this trip. I have two Gmail accounts and a Yahoo account.

Also I have BBM-enterprise.

Oh, a wrinkle - I tend to use Nogago Tracks to keep track of how many miles I've walked or hiked. It uses the gps but does not report home only storing the stats on the phone. A NO-NO! How much jail time? (g)

Sep 21 2019 | 2:14 pm EDT bb10adopter111

The 2FA secures your account on Gmail's server so that someone who acquires your username and password (relatively easy to do on a compromised network through a "man-in-the-middle" attack) can't log in to your account, as they have to also present the second factor.

So, you set the 2FA on the account, then validate it individually on every device you use to access the account (phone, computers, etc.)

The second factor I recommend for you is the Google Authenticator app, which you'll install on your phone. Then, whenever you (or anyone else) attempts to log in to your account, they will have to also enter a code that's only available on your phone.

Two-factor authentication means using something you know (username and password) plus something you have (only your phone can provide the authentication code) so that no one can log into your account without BOTH.

Posted with my trusty Z10

Sep 26 2019 | 8:10 pm EDT FF22

Sorry to be so, well, uniformed and needing more info.

Okay, I've secured by gmail account with two-factor. So now my question (which I suspect I know the answer to...) is that the PHONE, physical device, is not really secure since if the phone falls out of my possession, the Google Authentication will be happily provide the proper codes to read the email. Two-factor merely protects my account if someone remotely gains access to and sees my password traveling through the airwaves or funky hotel wifi? They would not have access to the "key" code sent by google.

One other non-phone type question - using a credit card for purchases: I know in Europe and Canada, at restaurants, they usually bring a reader to the table. In the archaic USA cards still disappear into the back room or cashier station. What about China? What about using a cash machine since I really don't know how much cash to drag along.

Thanks again.

Sep 26 2019 | 8:19 pm EDT bb10adopter111

For the phone, make sure you set your password and maintain control of your device. Make sure it's set to lock after a very short period of activity. I think mine is set to 30 seconds.

I'd someone steals your phone, it will be a huge hassle, but they should be able to break in to it if you've set it up properly.

Just in case, you can, and should print and keep a couple of "one-time use" backup code to use as a second factor in case your phone is lost or stolen. You can also set a second phone as a backup for your trip, such as a spouse or traveling companion. Google documents all this in their 2-Step Verification help.

Posted with my trusty Z10