Apple - Security for travelers sucks

Did you know that you can't print any recovery code for your AppleID account? The more you protect it, the more is likely you lose control over it. And do you travel a lot? Then you'd better read this!

Apple - Security for travelers sucks
Photo by Franck / Unsplash

In two days Michele and I are going to spend a week in Las Vegas as the bulletproof plan to prevent our middle-age crisis. We don’t know if it’s going to work but we both agree it’s worth trying :-)

But that’s not the point, not entirely anyway. Did you hear about US Custom and Border Protection seizing your phone and sucking from it your entire digital identity? (which is made of stuff like emails, Facebook activity, and other social data)

Here is an article that suggests you protect your privacy, the currency of the future, from being stolen or placed under unrestricted control. Take a good read now!

Because of this, I wrote a checklist of what’s on my phone and how to protect it. I don’t really need to create separate travel kits because I’m just going to Las Vegas once, but I am really considering cleaning up my phone during the flight.

Two Factor Authentication

First of all, I made sure I have enabled Two Factor Authentication on all my critical services:

  • Google Mail
  • Facebook
  • Twitter
  • Instagram
  • Dropbox
  • AppleID

In addition, I saved all the recovery codes into a file and I placed that file in my Dropbox account. At that point, I printed Dropbox’s recovery code (without any label nor explanation attached to it) and placed it in my phone case. Another copy of it is in my luggage and I am considering just memorizing it.

That security code is now the single key to unlock my entire digital identity, if used together with the proper username and password combination.

So far so good, isn’t it? Well no, there is Apple of course!

Think different (yeah, Apple does)

Of course, Apple thinks differently, Apple doesn’t provide any recovery code for you to print and use… I searched Google for that code unsuccessfully. Nothing, nada.

The only valuable piece of information I found is that a code did exist but they removed it from El Captain OSX version.

There is no code, and the only way to recover your account is to receive a code to a secure phone number or another apple device.

How to defeat US Border Control?

Honestly? You can’t beat them without buying a temporary phone that doesn’t need to be activated with an AppleID.

It’s a loophole:

  • you reset the phone on the plane
  • you land safely and go through the customs without any digital identity attached to you

so far so good but…

  • you turn on your phone
  • you have to set it up with your AppleID
  • but the recovery code is sent to your own phone
  • but the phone doesn’t work just yet
  • d’oh!

End of the story

I think this is very much paranoid. I don’t plan to reset my phone on the plane as I evaluate the chances to be placed under control very little.

But I do like to think about all those problems about our privacy, our data, and how this very innocent blog post or a Facebook comment might be placed out of context and used against me in the future that I am not yet close to imagining. Who knows?

Is it worth to care about your data? YES
Is it worth to loose your sleep on it? MAYBE NOT (YET)

What do you think?
Do you feel safe?