This question has been bugging me now for a good while. How safe is it to take an online business with you while travelling?

By online business I mean in my case day trading stocks on one of the major US brokerages.

I am planning a trip to SEA for as soon as I can get everything in order, and the destinations will be Manila, Bangkok, Jakarta, Kuala Lumpur, and Ho Chi Minh City. During my trip I will stay in generally prime areas with airbnb for at least a month and possibly more. For example, in Manila I will definitely stay in Makati.


Since I am not very well versed in travel and also have just begun getting into my current business of day trading, I was wondering how easy it would be to use the wifi in these places without someone there hacking my account and leaving me with nothing? It would be one thing to lose the money in my personal checking account, but losing the funds with which I trade would be a blow that would probably lead me to at least a year or two of finding a job just to build up my money to start over.


While I would love to just travel without any thought of work, most of the money I make is during the first hour or so of market open anyway. This means that if I can confidently believe I will not lose my funds that I can continue to make a great income over a period of many months while travelling by just focusing an hour of time at around 9:30 or 10:30 PM local time.

I am very far from being a tech type guy, so please let me know how reasonable this would be in terms of cyber security and if there are particular steps to take to greatly increase that security. Again, I am talking using my personal laptop and the wifi of seemingly reputable airbnb hosts in generally the better/best parts of those cities.

Also, any word on internet speeds as compared to the US? This would be a particular issue if the internet is just too slow or liable to cut off. I could potentially lose thousands in a matter of hours or less if for some reason I jump incorrectly into a buy or short sell and the internet goes before I can correct things.

Thank you, all advice will be greatly appreciated!

Paging DeepDiver and his DEFCON level 5 security measures.

In short, you need 2 things:

1) A Virtual Private Network (for example: AirVPN, PrivateInternetAcceess, and many more). Personally, I use AirVPN and never had any issues. Don't go looking for review sites. They all get kickbacks and every article has a new provider that is now the "best one".
2) Full Disk Encryption in case your laptop gets stolen. Bitlocker (Windows 10), VeraCrypt (Advanced - READ the documentation), FileVault (Mac)

---- Optional: ----

3) Cloud backup. In case your laptop gets stolen, you go to the nearest tech shop, buy a new one, sync with the cloud and you're up and running again. Mega (50GB for free), Dropbox
4) Encrypted password database. Store your passwords here so that you can make new ones for each site. KeePass (Advanced),LastPass,1Pass,MasterPasswordApp

--------------------

Why?

* VPN - When your computer connects to the internet, it basically just talks to a server that someone else owns. It will send packets to the server owned by your e-mail provider, trading platform, Roosh, etc. A packet is like a letter, and just like with a letter, you have to trust that the post office doesn't open it and read it. A VPN is a middle man that you have an agreed-upon code with. That way, the internet provider in Manilla can't know what you're doing or see any of your passwords. It also makes it very difficult for a hotel or cafe to redirect certain pages. For example, if I own a public WiFi hotspot, I can re-direct any visitors of rooshvforum.network to cnn.com or any other site that I make. If the site looks a lot like RVF (or your trading platform), you might end up sending your passwords to the fake site. A VPN can protect against this sometimes.

* Full Disk Encryption - I think Windows comes with BitLocker nowadays. It works and basically ensures that if someone steals your laptop, they can't just take out the hard drive, put it in a different computer and read all your files. This is important in case you ever wrote down passwords on your laptop or in case you have important information there that could be harmful if it gets out. VeryCrypt and FileVault work similarly, but VeraCrypt has very many advanced features and needs you to enter a password before the windows login screen.

VeraCrypt will also let you create a hidden partition on your hard drive. If someone puts a gun to your head and tells you to log in to your computer, you can give them a "false" password that will log into your hidden partition where you don't have any important documents (but maybe something embarrassing to justify the encryption). I assume this is NOT in your threat model, but could very well be in the future if people travel with large amount of Crypto Currencies.

* Cloud backup - Easy way to restore everything in case your laptop does get stolen. Try having your entire MyDocuments folder or even "C:\UsersYour_Username" sync with the cloud service. This is not the kind of backup you do once a month, this should be a program that runs on your laptop constantly and ensures all files are backed up as soon as they are created. Most providers will have an App for easy access on your phone.

* Encrypted Password Database - If someone can see you type your password to your e-mail account, you don't want them to just type the same into your trading platform login and try to withdraw your money. Password reuse is one of the biggest threats against computer security because it's hard to remember a new password for every bullshit site that requires you to log in. By remembering ONE password, you can unlock your password database and then use all the other ones that are now hopefully unique.

@RunningTurtles

Repped, thanks for the great information.

One question I have though is would a VPN work in an airbnb situation? Like if I am hooking up to the wifi of the person I am getting the airbnb from, do I somehow link it up to that yet it still protects me?

Honestly I just have no idea what a VPN is despite what you wrote. I will certainly get it, but I can't even guess whether it is a physical object or just something like software. Time to google.

So with these steps would you say that it is reasonable to assume I will basically be good to go? I don't think reputable airbnb people in good areas are that likely to even try to hack because they potentially have more to lose, but even if they do I should be good right?

If this is the case I'll basically be set to begin my trip MUCH sooner and be able to stay in SEA much longer as well.

Thanks again.

Quote: (01-02-2018 07:38 AM)StackGsMan Wrote:  

@RunningTurtles

Repped, thanks for the great information.

One question I have though is would a VPN work in an airbnb situation? Like if I am hooking up to the wifi of the person I am getting the airbnb from, do I somehow link it up to that yet it still protects me?

Honestly I just have no idea what a VPN is despite what you wrote. I will certainly get it, but I can't even guess whether it is a physical object or just something like software. Time to google.

So with these steps would you say that it is reasonable to assume I will basically be good to go? I don't think reputable airbnb people in good areas are that likely to even try to hack because they potentially have more to lose, but even if they do I should be good right?

If this is the case I'll basically be set to begin my trip MUCH sooner and be able to stay in SEA much longer as well.

Thanks again.

With a VPN you'll be just fine.

A VPN is something you subscribe to, and download a software client to your computer.

It encrypts your traffic, so neither your Airbnb host nor the ISP can monitor your traffic.
Take that with a grain of salt, as anything can be hacked.

Personally, I use VPN as some platforms I use require a US IP address to access them. When outside the US I still need to work, and my VPN offers a way to use a fixed IP.

By default, the IP addresses change randomly to give you anonimity, but I don't use that and just stick with one IP address.

I wouldn't be concerned about being hacked by an Airbnb host. Public wifi at parks, airports, restaurants etc would be more of a concern.

Quote: (01-02-2018 07:38 AM)StackGsMan Wrote:  

@RunningTurtles

Repped, thanks for the great information.

One question I have though is would a VPN work in an airbnb situation? Like if I am hooking up to the wifi of the person I am getting the airbnb from, do I somehow link it up to that yet it still protects me?

Honestly I just have no idea what a VPN is despite what you wrote. I will certainly get it, but I can't even guess whether it is a physical object or just something like software. Time to google.

So with these steps would you say that it is reasonable to assume I will basically be good to go? I don't think reputable airbnb people in good areas are that likely to even try to hack because they potentially have more to lose, but even if they do I should be good right?

If this is the case I'll basically be set to begin my trip MUCH sooner and be able to stay in SEA much longer as well.

Thanks again.

Thanks for the rep. I'm glad I could help.

Poseidon is completely right about the VPN, you subscribe to it monthly and it let's you connnect to one of their servers. Once connected, all programs that connect to the internet (Internet Explorer, Firefox, Chrome, Skype, etc.) will first connect to the VPN server in a way that nobody can read. From there, the VPN will connect to the website that these programs request.

I'll speak about AirVPN because it's the one I know best. You subscribe to their service for a number of months (3 months €15, I think). You then download their program called the "client". Once you're connected to the internet in your hotel, airbnb, coffee shop, you start the "Client" and it will connect to the VPN. Once the connection is made, all connections to the internet will now go through the VPN's servers. Like Poseidon says, you can choose from a long list of servers with different locations. This means that you can pretend to be in the US when you are not.


As an analogy to understand the VPN concept, imagine that you go to SEA and want to send money to your parents. If you take out $8k cash and mail it, the local post office could steal the money. Instead, you send a letter to your friend back home that says "Give my parents $8k cash, and I'll transfer the money to your account tonight." Your friend is now your "VPN" because the money never goes through the local post office. At the same time, your parents won't know you gave them the money - all they see is your friend handing them $8k cash.

StackGsMan, I am also a stock trader. I travelled in SEA, and never had a problem using the hotel wifi in many countries. Your biggest risk is losing wifi signal. Luckily, in all the hotels I stayed it was never a problem. I didn't use AirBnB so cannot comment on that.
Of course, you would never go to a public computer at an internet cafe and logon to your accounts.

If you use Interactive Brokers as your platform, then you are pretty safe, as login requires not just a
password, but a physical credit-card like device which you must have in your possession to type a code into to enable entry. As for emptying your account of funds.....I have numerous trading accounts with
different brokers, and every one of them has my registered bank accounts details and they will only
allow funds to be transferred into this bank account and no other. No ifs or buts. I cannot even PUT money
into my broker accounts from another bank account.

Running Turtles - thanks dude for great advice. It's saved me a lot of hassle and research. Repped.

In Vietnam you can have internet speed issues when "sharks" chew the underwater internet cable. This happens a few times a year.

Bangkok had fast internet in my experience.

Can't comment on the other locations.

Quote: (01-02-2018 06:32 AM)Running Turtles Wrote:  

In short, you need 2 things:

1) A Virtual Private Network (for example: AirVPN, PrivateInternetAcceess, and many more). Personally, I use AirVPN and never had any issues. Don't go looking for review sites. They all get kickbacks and every article has a new provider that is now the "best one".
2) Full Disk Encryption in case your laptop gets stolen. Bitlocker (Windows 10), VeraCrypt (Advanced - READ the documentation), FileVault (Mac)

---- Optional: ----

3) Cloud backup. In case your laptop gets stolen, you go to the nearest tech shop, buy a new one, sync with the cloud and you're up and running again. Mega (50GB for free), Dropbox
4) Encrypted password database. Store your passwords here so that you can make new ones for each site. KeePass (Advanced),LastPass,1Pass,MasterPasswordApp

--------------------

Good post.

A quick tip about using Dropbox as a backup: Create an encrypted container with VeraCrypt AND then put the encrypted container into Dropbox this way unauthorized entities can't access your sensitive information.

Further options besides the four listed:

- an Authenticator app. This allows you to do 2-factor authorization from abroad. I prefer Authy over Google Authenticator.

-HTTPS Everywhere is a free extension for Chrome, Firefox, and Opera. This forces websites to use HTTPS if it is available. Would highly recommend this.

-Use a separate computer for sensitive stuff. I recommend a Linux distro (Ubuntu) or a Chromebook due to the lack of malware for those operating systems. Only do sensitive stuff on this computer.

In the VPN category I use ProtonVPN because I trust them not to log my data.

ProtonVPN is $4/month for the basic plan (pretty good), but you can get a one week free trial of the more premium service.

Quote: (01-02-2018 04:34 PM)ffs Wrote:  

StackGsMan, I am also a stock trader. I travelled in SEA, and never had a problem using the hotel wifi in many countries. Your biggest risk is losing wifi signal. Luckily, in all the hotels I stayed it was never a problem. I didn't use AirBnB so cannot comment on that.
Of course, you would never go to a public computer at an internet cafe and logon to your accounts.

If you use Interactive Brokers as your platform, then you are pretty safe, as login requires not just a
password, but a physical credit-card like device which you must have in your possession to type a code into to enable entry. As for emptying your account of funds.....I have numerous trading accounts with
different brokers, and every one of them has my registered bank accounts details and they will only
allow funds to be transferred into this bank account and no other. No ifs or buts. I cannot even PUT money
into my broker accounts from another bank account.

Running Turtles - thanks dude for great advice. It's saved me a lot of hassle and research. Repped.

Thanks for the rep. Good to know it was useful!

Quote: (01-02-2018 07:47 PM)Lighter Wrote:  

In Vietnam you can have internet speed issues when "sharks" chew the underwater internet cable. This happens a few times a year.

Bangkok had fast internet in my experience.

Can't comment on the other locations.

Quote: (01-02-2018 06:32 AM)Running Turtles Wrote:  

In short, you need 2 things:

1) A Virtual Private Network (for example: AirVPN, PrivateInternetAcceess, and many more). Personally, I use AirVPN and never had any issues. Don't go looking for review sites. They all get kickbacks and every article has a new provider that is now the "best one".
2) Full Disk Encryption in case your laptop gets stolen. Bitlocker (Windows 10), VeraCrypt (Advanced - READ the documentation), FileVault (Mac)

---- Optional: ----

3) Cloud backup. In case your laptop gets stolen, you go to the nearest tech shop, buy a new one, sync with the cloud and you're up and running again. Mega (50GB for free), Dropbox
4) Encrypted password database. Store your passwords here so that you can make new ones for each site. KeePass (Advanced),LastPass,1Pass,MasterPasswordApp

--------------------

Good post.

A quick tip about using Dropbox as a backup: Create an encrypted container with VeraCrypt AND then put the encrypted container into Dropbox this way unauthorized entities can't access your sensitive information.

Further options besides the four listed:

- an Authenticator app. This allows you to do 2-factor authorization from abroad. I prefer Authy over Google Authenticator.

-HTTPS Everywhere is a free extension for Chrome, Firefox, and Opera. This forces websites to use HTTPS if it is available. Would highly recommend this.

-Use a separate computer for sensitive stuff. I recommend a Linux distro (Ubuntu) or a Chromebook due to the lack of malware for those operating systems. Only do sensitive stuff on this computer.

In the VPN category I use ProtonVPN because I trust them not to log my data.

ProtonVPN is $4/month for the basic plan (pretty good), but you can get a one week free trial of the more premium service.

Those are all good tips and would absolutely create more security layers. However, OP mentioned that he struggled with tech stuff, so I'd be careful recommending VeraCrypt containers combined with Dropbox, Linux Live CD/USB, and dedicated computers. If he were to host a darknet website, those are great tips, but I suspect someone new to it all would get very confused and overwhelmed. His threat model isn't escaping the FBI - it's protecting against MITM attacks on public or semi-public WiFi spots. I think the biggest value for him would be to sync all his files in the background to Dropbox or Mega so that in case his laptop gets stolen, he can get everything back to normal within minutes.

If he was trading and holding large amounts of Crypto, a cold wallet on a secure PC, like you mentioned, would also be excellent security, but it doesn't seem like that's his issue.

Authy seems great and 2-factor authentication (without a phone number) is a great idea, provided he understands how they work and that it might be a problem if he loses his phone.

Firefox with HTTPS Everywhere (Chrome Link) is another great tip μBlock for Firefox (Chrome Link) is also great to avoid scam and phishing sites.

I really don't mean to say you're wrong - those are all great points, but I know how overwhelming this stuff can be when you're starting fresh. It's much easier to mess up with VeraCrypt and Live OSs than it is with a VPN and VeraCrypt system encryption (or Bitlocker). If your adversary can compel Dropbox to give out your files, you probably wouldn't trust Lastpass or Bitlocker either. My point is that he most likely doesn't have to worry about somebody accessing his files stored in Dropbox.

Mega claims that the user holds the only private key to their files and that everything is end-to-end encrypted... I wouldn't rely on them if I was in Snowden's place, but I'm fairly certain that random criminals can't access those files.