Whether you are heading to a local meetup or travelling internationally for an event, protecting your privacy and digital security is essential. This guide provides supportive, plain-language steps you can take before and during travel, as well as some tips when attending meetups and events, and crossing international borders. Anyone can be affected by digital safety risks, whether through targeted threats or simple accidents. Some risks include: device loss or theft, phishing, surveillance, and device seizures.

Before you travel, take a few minutes to think about what is on your devices and what it could mean if one or more were lost, stolen, or searched. This helps you decide what to bring, what to leave behind, and how to protect yourself and others. Threat modelling is a simple framework that can help you make more informed decisions about your privacy and digital security. See this guide by the Electronic Frontier Foundation for more information.

Travel lightly

• Limit the devices you bring on your trip. The more electronic devices you carry, the greater the risk of theft, loss, or compromise. If possible, use a dedicated travel device containing as little information, such as files, contacts, or communications, as possible.

Enable multi-factor authentication

• Ensure your accounts are doubly secure by enabling multi-factor authentication (MFA) on all accounts where you can enable it. This adds an extra layer of protection if your password is compromised.
• For information about enabling multi-factor authentication for your Wikimedia accounts, see Help:Two-factor authentication.

Is your software updated?

• Keeping your operating system, apps, and security software up to date is crucial. Updates often contain security patches that protect against new threats. Enable automatic updates or manually update everything before you leave.

Do you need all the apps?

• Review the apps on your devices and remove any non-essential apps before travelling. Some apps may track your location, have excessive permissions, or open your device to security risks. If you must keep them, consider deleting and reinstalling them as you travel through different spaces (such as border control), limit their ability to access sensitive data in your settings, and make sure the app is updated.

Reduce files stored locally on your device

• The less data you carry, the less you lose if your device is stolen or compromised. Remove information and documents that you would not want others to obtain from your devices. Store them securely in encrypted cloud storage instead (if you need continued access) or an external drive that is not travelling with you.

Accounts and social media

• Stay logged out of accounts unless you need them. This reduces the risk of unauthorised access if your device is lost, stolen, or seized. Consider making your social media accounts private. Review your browsing history and delete any accounts or websites, social media posts (including posts you have been tagged in), replies, comments, or other engagement you wouldn’t want others to see. Check the content of any messaging apps or social media on your devices to make sure there’s nothing that could put you or others at risk.

Set up “Find My” device

• Activate “Find My iPhone” (Apple) or “Find My Device” (Android) to help locate your device if it gets lost or stolen. Ensure remote lock and wipe features are enabled so you can erase your data if needed.

Encrypt your devices and avoid using biometric locks

• Turn on full-disk encryption on your devices; this helps protect your data if your device is lost, stolen, or taken. Use a strong passcode or password instead of fingerprints or face unlock.

Do not plug your devices into any unknown computers or cords to charge.

• Avoid using public charging stations at airports, hotels, or conference venues. These can be compromised with malware or data theft techniques ("juice jacking"). Instead, use your own charger and plug it into a wall outlet or carry a portable power bank.

Do not use any public computers for work or personal correspondence.

• Public computers, such as those in hotels, airports, or internet cafés, can be infected with malicious software, which can steal your credentials. Always use your own trusted devices for accessing sensitive accounts or work-related tasks.

Maintain all electronic devices on your person (ideally at all times).

• Try not to leave your laptop, phone, or other electronic devices unattended, even in a hotel room or conference space. Your device is most vulnerable if someone has physical access to it. If you must step away, secure your devices with a strong password and encryption. In case of theft or loss, having remote wipe features enabled can help protect your data.

Be aware of phishing or social engineering attempts.

• Bad-faith actors may take advantage of the excitement surrounding events and conferences to launch phishing attacks. These deceptive emails or messages often masquerade as legitimate organizations and aim to trick you into revealing sensitive information or clicking on malicious links. Always double-check the sender’s email address or phone number and verify any suspicious requests before taking action. See Shira App and Google’s quiz to learn to identify and defeat phishing attempts.

Be wary of your social media activity.

• Avoid sharing real-time travel updates or location details and photos publicly, as this can make you an easier target for bad-faith actors. If posting about your trip, consider delaying updates, using privacy settings to limit who sees your posts, and be aware of posts you might be tagged in. Additionally, review and monitor your social media presence for content that could be flagged or misinterpreted by authorities at certain ports of entry. Posts related to activism, political opinions, or affiliations may be considered sensitive in some contexts.

Be cautious of public Wi-Fi.

• Public Wi-Fi networks, especially in airports, hotels, and cafés, can be compromised by hackers who intercept data. Avoid accessing sensitive accounts (like banking or work-related platforms) while on public Wi-Fi.

Try to connect via VPN

• A Virtual Private Network (VPN) encrypts your internet traffic, protecting you from surveillance and data interception. Please note that VPN use is banned or severely restricted in some jurisdictions; review local laws accordingly. Before travelling, if permissible, where you will be, set up and test a trusted VPN. Whenever possible, keep your VPN enabled, especially when connected to public Wi-Fi.

• Be mindful when discussing potentially contentious political, social, cultural, or religious topics, either in person or online, especially in public or potentially insecure channels. Where you need to discuss sensitive topics, consider the most appropriate space, platform, or channel for such exchanges.
• Verify information you receive (including URLs and attachments) by cross-checking with trusted sources, colleagues or peers.
• Take time to think about the risks, undertake a risk self-assessment of threats you may face, and create a plan to support your safe attendance.
• Wikimedia conferences generally have an audio-visual policy whereby you can indicate your consent to be recorded via a specific lanyard.

International travel often means facing different legal systems and security practices. What is considered private or protected in one country might not be elsewhere. Border agents in some places have the authority to inspect your devices, ask you to unlock them or stop you for further questioning. It is important to understand what to expect and take steps to protect yourself and others. The non-exhaustive list of tips and resources below can help you prepare.

• Research your destination before you travel: Take some time to learn about the local laws, customs, and political situation of the place you're visiting. Knowing this in advance can help you make informed decisions about what information to carry, what apps to use, and how to stay safe while you're there.
• Assess risks based on your background: Consider how your immigration status, country of origin or destination, prior travel history or digital footprint (posts, comments, images, etc) might increase your chances of being stopped or questioned.
• Avoid oversharing sensitive opinions: Refrain from posting or engaging in discussions about political, social, cultural, or religious topics that may be considered contentious. Even well-meaning or personal reflections can be misinterpreted. If you have already shared such content, consider reviewing your public online presence, adjusting privacy settings, and archiving or deleting sensitive posts or discussions.
• Emergency preparation: Keep a list of emergency contacts and develop a check-in procedure with key contacts. Make sure they are aware of your travel plans and can provide support if necessary. Always keep emergency contact information on paper in case of device issues.
• Be respectful: While knowing your rights is important, avoid provoking border agents. Being evasive, impolite, or aggressive can prompt them to use their full authority, which could result in detention, equipment seizure, or refusal of entry.
• Minimise visible associations: Remove any stickers, logos, or badges from your devices, bags or clothing that might indicate your affiliation with an organisation, political activities, or could otherwise be considered offensive in the country you are visiting. Such information may lead to additional questions or scrutiny at borders.
• Do not lie: Lying to border agents can be a crime in some countries. If you attempt to hide or encrypt something that is usually accessible, or if you refuse access to a device when legally required, it may raise suspicion. Know and assert your rights, but be aware of the potential consequences.
• Avoid sensitive content: Do not carry files or images that could be illegal or dangerous in the destination country. For example, if you are travelling to a country with hostile policies toward LGBTQ+ individuals, avoid storing sensitive information that could put you at risk.
• Review the data on your devices: Check your devices before you travel and remove any data that could compromise you or others.

• Government travel advisories: Governments sometimes issue travel advisories that provide travel advice and warnings to help citizens stay informed and safe when travelling to specific countries. For example, check out the websites of the Foreign and Commonwealth Office in the UK, the Department of Foreign Affairs & Trade in Australia. This WikiVoyage page further includes links to the travel advisories of various countries.

• WikiVoyage: WikiVoyage offers useful general advice relevant to many destinations. See the Stay Safe page for overall safety tips and the border crossing page for guidance on crossing international borders.

• CPJ Safety Advisory (English): Traveling to the USA, including a downloadable digital safety checklist to help you prepare as well as a risk assessment you can conduct to better understand your unique situation.

• Rory Peck Trust - Border Crossings (English, French, Farsi, Russian): General best practices to protect yourself at border crossings and checkpoints where devices can be inspected, tampered with or confiscated.

• ACLU guide to your rights when encountering law enforcement at the airport in the US (Arabic; Spanish; French; Farsi; Chinese).

• International Gay and Lesbian Travel Association (IGLTA): Provides resources and travel safety guidance for LGBTQ+ travellers.

• EFF Digital Privacy at the U.S. Border: Protecting the Data On Your Devices (English; Arabic; Spanish). Includes risk assessment factors to consider, primer on the law and policies related to border search of digital devices, as well as best practices to secure privacy on digital devices.

• 1Password Travel Mode: “Travel Mode” is a feature designed to protect your sensitive data during international travel by temporarily removing specific vaults from your devices. When activated, only the vaults you've marked as "Safe for Travel" remain accessible on your device; all others are completely removed, leaving no trace. This ensures that, even if you're compelled to unlock your device only the designated vaults are visible.