Internet access has become a basic need for many travelers. You may be glad to be free of it for a while, but keeping in contact with family and friends can be cumbersome without it. It is essential for most business travellers and for digital nomads who work while travelling. It may also be useful to access Wikivoyage and other travel-related sites wherever you are in the world.
Understand
- See also: Telephone service, Mobile phones, Computers
Travellers have a wide variety of expectations and expertise regarding the Internet. Some need to be online as much as possible, others not so much. This article gives an overview of what options there are for travellers to connect to the Internet while traveling.
Access types
Wi-Fi
Availability of Wi-Fi, especially free Wi-Fi, varies very much by region. In cities in developed countries there are usually lots of Wi-Fi access points, but finding free access points open to the public may require quite some searching. Local laws can hamper accessibility. In Germany a law that was worded in such a way that it could mean the owner of a Wi-Fi connection was liable for any illegal acts done with it and only when this law changed did free open Wi-Fi become common.
Wi-Fi wireless access come in different types:
- Free and open public access points permit any device to access the Internet via Wi-Fi. These are sometimes provided by hotels, airports, restaurants, malls, libraries, or transportation networks. They are even sometimes available across entire city centres, such as Bristol, Cadiz, and Marseille. Often these require you to start up a browser to accept some terms and conditions before you can access the Internet. They may impose limits on the amount of time for which you can connect or the amount you can download in a day. They may limit access to browsing and email only, and may require registration.
- Free but secured public access points work in the same way as free and open-access points, require a password to discourage non-patrons of the establishment from using it. These are more likely to be found in restaurants, hotels and airports. If you are a customer, just ask for the password.
- Private open access points left open by their owners, usually as a friendly gesture to the community.
- Commercial public-access points. They usually charge per hour or day. Fees can be cheap, reasonable or very high, and can vary widely even within the same locale – even occurring alongside completely free service. A provider may provide free and fee-based Wi-Fi access at the same access point at the same time, with the fee-based access being faster. Such commercial access points are growing increasingly common, especially in areas where travellers are 'trapped' (airports for example). Payment can be by credit card at the time of use, or by prepaid card/voucher, or through an arrangement with your mobile/cell phone carrier.
- Roaming gives you guest access to private or commercial access points on the basis of some contract or relationship that you have with an institution or company at home. An example is Eduroam, a service that gives members of universities access to the wireless networks of other universities (and sometimes those of cooperating institutions around the city).
Wi-Fi access schemes
Many universities are part of the Eduroam network, allowing Wi-Fi access to their campus networks to students and staff of participating institutions. Get the key and test your configuration before your travel.
Some commercial public-access points participate in a Wi-Fi access scheme such as Boingo, where subscription access can be purchased for a fee, or is included with a credit card. These schemes oftentimes cover a variety of access points. For example, Boingo Wi-Fi includes in-flight Wi-Fi on WestJet and Delta (in addition to other Panasonic systems), and Wi-Fi access to a variety of commercial access points at US Airports and international hotels.
Credit card access to Boingo is the most generous, and almost all Mastercard World Elite tier (and some Mastercard World tier) cardholders can gain free access using Mastercard's partnership with Boingo. Business and Corporate Cards from American Express US sometimes also include free access to GoGo in-flight Wi-Fi, which activates upon entering an American Express credit card number within payment details.
Wi-Fi plans are occasionally offered as niche products by major telecom carriers, such as the US Mobile Wi-Fi access scheme. They are frequently sold out and rarely go on sale. Multinational corporations sometimes subscribe to a Wi-Fi access scheme called iPass for their traveling employees.
Public-access computers
The simplest form of access for the broadest range of users are computers made available to the public, usually for a fee or included as a service for patrons of a hotel, restaurant, or café. These are often available even in the most remote regions of the world, often driven by local demand for access to the Internet. In fact, they are often most common in areas where private, individual access to the Internet is least common. However, there can be difficulties:
- The only application you can generally count on being fully functional is a web browser, and sometimes some of their plug-ins are disabled. They may lack support to connect your camera, to use Skype, or to read IMAP/POP based email. You will want to make sure your email is accessible with a web interface.
- In many places, language is an issue. Even if you know your own computer well, using software in Arabic or Chinese will probably pose problems. Usually you can get a web browser to work, but not much else. It's worth being familiar with the keyboard layout of the country you are in (and your own), since the position of some punctuation keys differ, even if their writing system or language is the same as in your home country. You may be able to switch to a keyboard layout where you find the keys you need, but at the cost of not having the engravings on the keys match.
- Security is an issue, as café computers could have keyloggers and other nasty forms of spyware to capture passwords, or temporary files may be left for other customers to find. See Security concerns below.
Cellular phones
- See also: Mobile telephones
For GSM phones, the worldwide standard pretty much everywhere except Japan and South Korea, GPRS (packet data) is common. The newer UMTS standard and its enhancements HSDPA and HSPA+ are also widely available. Yet another, even faster standard named LTE has become widespread since 2013. While GPRS offers basic modem speeds suitable for email and some browsing (particularly text-heavy rather than graphics-heavy sites), the newer technologies offer speeds comparable to fixed-line broadband. Most modern GSM phones, even very cheap models, are GPRS enabled, and current smartphones are at least HSDPA enabled. Using mobile internet services may require activation with the provider.
International mobile Internet roaming can be ludicrously expensive, so check with your operator at home before you start downloading those multi-megabyte attachments (or enable roaming data connections at all). In EU there are maximum prices, as long as you use an EU based SIM card and network (be careful in border regions and at sea).
Smartphones can use Wi-Fi when in range of an access point, thus reducing costs.
Smartphone apps may generate quite a lot of Internet traffic on their own, such as by checking status or downloading updates. Thus, if you enable roaming Internet access, you are not going to pay only for your conscious Internet use. It may be worth checking how to minimize the "extra" Internet access. When using the phone as gateway, this applies also to programs on your laptop. Some web sites have the web browser downloading content never actually shown (to make the site seem responsive in case you need it), some sites update the content in the background. Check your options to avoid unnecessary traffic.
There are two basic ways of using Internet with your phone:
- Use mobile Internet to download mail directly to your phone and surf the web. While this can be done on most any modern phone, you will want an iPhone/Android/Windows Phone-type device with a large screen to make this practical.
- Use mobile Internet to connect another device, typically a laptop, to the Internet. This is normally done with a USB link ("tethering") or a Wi-Fi link ("hotspot"). Be sure to shut down any PC apps which download pointless and costly "updates" in the background; what's tolerable on a fixed broadband connection quickly gets annoying on a dime-a-megabyte local prepaid SIM or a roaming handset.
Using Internet with the phone itself will come in handy if you have a smart phone with apps that help you navigate around the city or check social messaging sites.
The frequencies in use in the Americas, in general, do not match those in the other ITU zones. 850/1900 MHz are common in the Americas, while 900MHz along with 1800 or 2100 are common elsewhere. Unless your handset has the local frequencies, it will not work even if unlocked.
In the US, 4G LTE is widespread and 5G is being rolled out. CDMA is in the process of being discontinued. Of the remaining larger CDMA carriers, Verizon is shutting down CDMA at the end of 2022 and US Wireless is shutting down non-voice call functionality at the end of 2022. AT&T and fourth-ranked T-Mobile use GSM There is also a confusing array of regional carriers and mobile virtual network operators (branded resellers).
Prepaid mobile Internet
Prepaid Internet plans on mobile devices are increasingly becoming more affordable and a local one may be far cheaper than roaming Internet access by your normal provider. With two providers you will have two SIM cards, which means you need to change back and forth to be reachable by your normal phone number, unless you have two devices or a dual SIM phone.
If you have a laptop, you can buy a mobile broadband modem ("connect card", "USB dongle" or similar; see Wireless modems below) for the 3G SIM and leave the phone alone. Some smart phones may also be able to use such an external device for Internet connections. Otherwise you might consider buying a cheap second phone to use for calls from people at home (or all calls). In that case you want to find out how to transfer contact information between the phones (maybe by storing it on the SIM card).
For best results, purchase a prepaid SIM card in the country you are visiting. The prepaid Internet plans come in the form of purchasing data bundles for a fixed price good for a certain number of days. An example of a plan is 200 MB for 3 days available for US$4. You usually need to key-in something on your mobile phone (via the dialling keypad) or send an SMS. The cost is immediately deducted from your prepaid credits and service becomes active instantly. Check with the mobile provider if one day is equivalent to 24 hours or is good until midnight. If the latter, you might want to wait until after midnight before you activate it, or purchase the plan first thing in the morning. If the data plan incurs any recurring charges, be sure to cancel it when you're done.
Most plans that feature more than 30 MB for at least one day is more than enough for mobile Internet surfing, just make sure you go easy on the graphics. Modern phones use a nano-SIM card, with older smartphones using a micro-SIM card, ancient devices using a mini-SIM card (originally the full credit-card sized SIM card was used). These are all compatible except for the size and shape of the plastic. New SIM cards you buy will usually be the 3-in-1 (slightly thinner) kind with perforations so you can tear off the right amount of plastic to make the SIM card the sight size for your phone, but check first.
Public-access phones and tablets
Many shops that sell smartphones and tablets now have a selection of these devices available to the public to try out. Often they are connected to the Internet, allowing you to do a quick web search or two absolutely free, without a device of your own. Just remember not to use any sensitive private information (user names, passwords, credit card numbers).
Wired Ethernet
Wired Ethernet is seldom used by travellers, due to widespread Wi-Fi deployment and because many modern devices lack Ethernet ports. However, USB Ethernet adapters and Ethernet cables can be purchased from computer stores. A wired connection may be more reliable and is potentially faster if you do have access and the upstream connection is by optical fibre.
Some hotel rooms and some other locations will provide standard RJ-45 Ethernet jacks which you can plug your computer into, although these are becoming less common due to widespread Wi-Fi deployment. Usually a local DHCP server will tell your computer its IP address and other connection details, so that the connection is set up automatically – if the connection is allowed.
Internet cafés and libraries often do not allow this kind of access, instead offering public access computers or Wi-Fi (see above).
Wireless modems
Wireless modems for computers are unnecessary if you have a smartphone. Your smartphone can act as a wireless modem either by USB tethering or Wi-Fi hotspotting your laptop or other devices.
Wireless modems are plugged to a desktop or laptop computer via a USB port and will receive a signal from a mobile phone provider, in the same way as if you were using your mobile phone as a modem. A program to connect to the Internet usually starts-up automatically after plugging. If not, printed instructions to install software are provided. These modems should use standard USB protocols, though, and thus be usable with the operating system support alone (but you may have to explicitly enable the connection).
Oftentimes modems are locked to a particular mobile provider and you must purchase the modem and a data SIM card (either prepaid or plan) as a bundle. SIM cards and top-up/recharge chards are usually available at convenience stores, from the provider's service centre or authorised dealer. Mobile broadband plans on a PC are generally affordable and can come as either time-bound or data-bound plans or both. For instance time-bound plans will last you for several hours or days while data-bound plans give you allowance of several hundred megabytes or a few gigabytes. Once your time is up or you have consumed the allowed data of your plan, the service is terminated or you may be charged at the "pay as you go rate" which is much more expensive than the bundled rates.
If you have a modem from before (and it is unlocked or you can unlock it), you can use an ordinary SIM card with a generous enough data plan. In places like Finland you can get prepaid limitless 3G/4G data access for a week for €8.
Satellite
- Main article: Mobile phones#Satellite phones
Internet access via satellites has been available for decades, but because of the costs, the use has mostly been professional or very low-volume. Capacity of these systems vary from 2.2 kbit/s to 150 Mbit/s. Costs vary from place to place and are sometimes reduced by special offers, but expect to pay $500 or more for the equipment and from $100 a month or per byte for the data. Latency is an issue, especially for some applications, and varies depending on the satellite configuration and connection strategies.
Accessing email
In many countries it is easier to use email to keep in touch with friends and family back home than it is to call home regularly. Email has advantages over phone calls: it doesn't require you to account for time zone differences before contacting your family, it doesn't cost any more to send e-mail around the world than down the street, and it's possible to contact many people with a single email. Just make sure that the recipients check their email regularly or let them know you will be sending them email from time to time.
Another advantage of email is that messages are easy to document. This comes in handy when you need a written record of accommodations or other arrangements as you can just print it out from a shop or save it on your smart phone.
Webmail provides access to your email over a web interface, and is necessary if you are going to be accessing email from a variety of locations and equipment. An increasing number of email providers such as ISPs are setting up webmail interfaces for their users so that they can check their mail on the road. But many people choose to use one of the dedicated webmail providers, many of whom provide a free service. You may want to set up a separate account also for security reasons, see below.
Security concerns
Network security
Although eavesdropping or tampering of content should not be possible with encrypted connections (https, VPN etc.), they do not hinder an intruder from blocking the connection. If encrypted connections cannot be established and you resort to unencrypted ones instead, that may be exactly what the intruder wanted. Do not send sensitive data over such a connection.
HyperText Transfer Protocol Secure (HTTPS)
- HyperText Transfer Protocol Secure (HTTPS). Use HTTPS for any sensitive web connections (look for the ending "s" in "https:" at the start of the address and the padlock icon in your web browser conveying to you that your connection is encrypted and the address of the site you connected to is certified as being the one it claims to be).
If you are using your own device, but connecting to a public wireless or wired network (any unfamiliar network) the provider of the network can eavesdrop on any unencrypted communication and read confidential data, or steer the connection to their own servers. However, many websites where this might be a concern — such as banks and corporate sites — make use of encryption to prevent eavesdropping and make it possible for you to notice connection hijacking.
WARNING: Take seriously any warnings your browser may give about insecure certificates – check at home to know what warnings are due to misconfiguration at the website, and what the real certificates should look like. | |
Your web browser does not know where you want to connect, so note the real address at home and look out for similar-looking but different ones, such as banking.example.net instead of banking.example.com or any misspellings in the name (including similar letters in foreign scripts, which may look like being in an odd font).
Virtual Private Networks (VPNs)
- Virtual Private Network (VPN). A VPN encrypts your Internet connection and routes it through a 'tunnel' to the VPN provider. The rest of the connection is treated as were you physically near the VPN server. Of course, the routing between you and the VPN server is at the mercy of local routers, so as above, don't ignore warnings. The downside is the encryption overhead, and that also connections to local sites are routed overseas, via the server (unless configured otherwise), perhaps including services that are only available locally or that give different info when contacted from abroad.
One way to avoid local eavesdropping and manipulation of the connection is to use a Virtual Private Network (VPN) service which changes your global IP address and often the country which websites perceive you to be visiting from.
There are many VPN services available, both free and paid. Carefully scrutinise VPN providers before using one and remember that often free VPNs earn their revenue from selling user activities to advertisers. Also, many universities and bigger employers provide the service for their students and staff to access resources externally.
The Onion Router (TOR)
The Tor project provides Internet connections which are encrypted, and designed to be anonymous and untraceable. Ways to use this service include the project's own Tor browser (Windows, Mac, Linux or Android), an app called Whonix (Windows, Mac, Linux or the security-oriented QubesOS), or a Linux distribution called Tails which boots from USB. The Brave web browser also supports TOR, but this isn't a recommended way to use it.
Public computer security
If you are using a public computer, a common threat to a traveler's Internet security is key loggers and other programs designed to monitor the user's activity for information that can be exploited, such as online banking passwords, credit card numbers, and other information that could be used for identity theft. For this reason, public Internet terminals (such as those found at libraries, hotels, and Internet cafés) should preferably not be used to make online purchases, or access banking information.
Avoid using important passwords on a public computer. Online banking on a public PC is particularly risky, and you should think twice before having your TANs or other security-sensitive data be visible as not only can the computer be unsafe, but there have also been cases of security camera footage being used to spy PINs and TANs. Public libraries are a good source of public-access computers that should be generally trustworthy.
If you have to have access to potentially sensitive information on your journey, such as your professional email account, discuss it with the security staff. Probably you have to carry a trusted device for the purpose. One-time passwords or a temporary account can help with some of the problems.
If you're saving or downloading private files, transfer them directly to your memory stick/thumb-drive if possible and delete the files on the computer's hard drive after use; while some computers automatically do this, others don't. This does not save you from spyware, but avoids having the files accessible by later customers.
If you absolutely must use your online banking or send credit card information using a public terminal, the following precautions should be taken:
- Check for virus and spyware scanning software on the computer, and ensure it is enabled (this is difficult if the operating system is unfamiliar or the computer is set up not to show such security-sensitive information to visitors).
- Talk to your bank ahead of time, many banks can enable limits on your online banking profile that, for example, restrict the ability to transfer money to third parties who have not been pre-approved – and if you didn't tell about your journey, they may lock your account when you log in from some unanticipated country.
- Obtain a credit card with a provider that can issue you temporary, one-shot credit card numbers specifically for use in online purchases.
- Always be certain you have logged out of your online banking, and shutdown or restart the computer (or the user interface, as visitors may not have the privilege needed for shutdown) before walking away.
Circumventing censorship
Types of censorship
Content filters
Some Internet cafés and Internet providers may restrict access to certain websites based on content. Common restricted content includes: sexual content, content unsuitable for children, commercial competitors and political content of certain types. The blocks can be wide-ranging, blocking for example, any site that includes the word "breast". With some misfortune any site might be blocked by mistake. They may also block access to certain types of traffic, for example web (HTTP or HTTPS), e-mail (POP or IMAP), remote shell (SSH).
Political firewalls
Several countries (for example China) have a policy of blocking access to different areas of the Internet at a country level. The description below is based on China's access policy, but applies to several other countries (such as Cuba, Myanmar, Syria, South Korea, North Korea, Iran, Thailand, Singapore, the European Union...).
Typically the following sites may be blocked: human-rights NGOs' sites; opposition sites; universities; news outlets (BBC, CNN, etc.); blogging or discussion forums; webmail; social media; search engines; and proxy servers. Often they will duplicate the sites that have been blocked but (not so) subtly modify the content. Websites, pages, or URLs containing certain banned keywords may also be blocked. The firewalls may block non-political content such as pornography, and may also block some foreign websites as a form of economic protectionism to help domestic competitors. Some sites may not be blocked completely but instead slowed down to the point of being virtually unusable.
Due to Russian's invasion of Ukraine, access to Russian news sites like RT and Sputnik News is blocked in the European Union, as are posts from these outlets on social media sites like YouTube, Facebook and Twitter.
IP geofiltering
An increasing number of services on the Internet are restricted to IP address ranges corresponding to a certain country/countries. If you try to access those services from outside that country, you will be blocked. Examples include video-on-demand (Movielink, BBC iplayer, Channel 4), web radio (Pandora), and news. Content providers want to make sure their service is only available to residents within the right jurisdiction, often to avoid possible copyright breaches or data privacy regulations in other countries. IP geofiltering is a simple, if somewhat crude way of achieving this. For travellers this can be very frustrating, since the system discriminates based on where your computer (or a proxy you use) is located, not on who you are and where you live. So even if you have legitimately signed up for a movie rental service in the US, you can no longer use it while you are spending a week in the UK. YouTube also blocks a lot of its content based on the location of its users.
Fortunately there are straightforward ways of getting around IP-geofiltering. Your best option is to re-route your Internet traffic via an IP address in your country of origin, typically by using a VPN or a proxy configured to hide the original IP address (see below). The service will then think that your computer is located there and allow access.
VoIP blocking
Certain Internet providers and hotels around the world have started the practice of blocking all VoIP traffic from their networks. Though they usually justify this with esoteric explanations such as "to preserve network integrity", the real reason is normally much simpler: VoIP allows travellers to make free or very cheap phone calls, and the authority/company in question wants to force the user to make expensive phone calls over its plain old telephone land line. In the worst case, VoIP traffic can be blocked in a whole country (this tends to happen in countries with a state telephone monopoly). Saudi Arabia and the United Arab Emirates are known for blocking VoIP services.
The best anti-VoIP-blocking measure available to the average traveller is a VPN provider (see below). Make sure that you choose a VPN provider with sufficient bandwidth, otherwise your phone calls may suffer from poor quality, disconnects, or delays.
Signal jamming
Some venues attempt to interfere with mobile telephones and their associated data services by willfully transmitting interference on the same frequencies. A more subtle variant transmits fraudulent data packets; a handset can be tricked into connecting to a bogus base station instead of a real carrier's towers, or a client-owned mobile Wi-Fi hotspot may be disrupted by sending bogus "dissociate" packets to disconnect the user. By their nature, the interfering signals don't abruptly stop at the edge of the offending vendor's property but fade gradually into free space at a rate based on the square of the distance to the interference source. For this reason, jamming devices are illegal to operate (and often illegal to sell) in most industrialised Western nations, with rare exceptions granted for prisons or sensitive government installations. In 2014, the US Federal Communications Commission levied a $600,000 fine against the Marriott hotel chain for jamming client-owned mobile Wi-Fi hotspots on the convention floor of one of its hotels in Nashville.
If the Wi-Fi connection between a mobile handset and a portable computer is being subjected to unlawful interference, replacing the wireless link with a USB "tether" cable will mitigate the problem; the same is not true if the signal from the upstream cellular telephone network is being jammed. In developed nations, complaints to federal broadcast regulators will usually get the interference shut down... eventually. By then, the traveller who reported the interference has most often already left. Putting as much distance as possible between the affected device and the interference source is the only effective solution in the short term.
Internet shutdown
Particularly during large demonstrations and contingencies, governments may shut down the entire Internet for security reasons. Iran and India did it in 2019 to suppress local protests, while the same was also observed in Myanmar in 2021 during the coup. In such case, even the best VPN can't help with such situation, and you may have to rely on other communication methods.
Mesh networking mobile applications like FireChat and Bridgefy may be useful, but their short-transmission distance is limited, and data sent by these applications can be insecure.
Apart from politically motivated shutdowns, domestic Internet services may also be suspended due to natural disasters, improper operation of ISPs, or simply accidental damage to Internet cables.
Getting access
Editing Wikivoyage
While viewing is not affected, the English Wikivoyage, along with other Wikimedia projects, blocks VPN users from editing to prevent vandalism. If you are affected by internet censorship against Wikimedia projects and you wish to contribute, you can apply for an IP block exemption here. Alternatively you may send an email to stewardswikimedia.org if you cannot edit the linked page. |
In general, if using someone else's connection you will need to be careful about evading their filters. Doing so will almost certainly end your contract to use it if you're discovered evading a firewall through a connection you're paying for, and might upset someone even if you aren't. In some areas evading firewalls may be a criminal offence; this even applies in some Western countries when evading content filters aimed at blocking pornographic content.
In addition, unintentional disclosure of your personal information can make circumventing censorship dangerous. Especially for political censorship, there could be government officials tapping on the censored website watching for unwelcomed opinion and hints of the speaker. Political activists could also take advantage of doxxing to harass adversaries. See #Security concerns for privacy tips.
Proxy servers
The most common (and straightforward) way to avoid blocks on certain websites is to connect to a proxy server and have that proxy server connect to the blocked site for you. However, the organisations doing the blocking know this, and regularly block access to the proxy servers themselves. If you are likely to need access to sites which are commonly blocked at your destination, it is most likely that you will be able to get access through an unadvertised proxy server you set up yourself or have a friend set up for you. There is a risk if you search for too many 'naughty' keywords (like 'counter revolution') you'll get the proxy taken down or blocked. Proxies that use an encrypted protocol (such as https or ssh) are immune to this, but the protocols themselves are sometimes blocked.
Some gateways (for example, those in China) monitor not only where you connect but also the data transferred: thus many sites are not accessible at all with an unencrypted connection. One workaround is to use an ssh tunnel to connect to a proxy server outside the country via an ssh server, from a local port (e.g. 4321), then to connect to the proxy server like that.
If you're interested in seeing what might be blocked from inside the firewalls before you leave, it is sometimes possible to surf through a proxy server in the country you're going to be going to.
VPN providers
A VPN ("virtual private network") creates an encrypted tunnel to your provider and by default directs your internet traffic to go via them, thus not showing the real endpoint to local routers and firewalls. They are an excellent way of circumventing both political censorship and commercial IP-geofiltering. They are superior to web proxies for several reasons: They re-route all Internet traffic, not only http. They normally offer higher bandwidth and better service. They are encrypted and thus harder to spy on. They are less likely to be blocked than proxy servers.
Many people have access to a VPN of their employer or university. If you don't, or don't want to use it, there are commercial VPN providers, whom you can sign up with. Most work like this: You sign up with the provider who gives you an account name and password. Then you use a VPN program to log on to their server. This creates an encrypted tunnel that re-routes your Internet traffic to that server. Prices range from €5 to €50 per month (US$7–70), depending on bandwidth, quality, and security. Routing all traffic through the tunnel requires admin access, so unless you configure that yourself, you have to use a provider you trust.
Logging on to a VPN is very straightforward on Windows machines since their built-in VPN program is usually available to ordinary users. As long as you know your username, password, and server address, you are likely to be able to use VPN from most Internet cafés. Since VPN is encrypted, there is no way for the connection provider to filter the sites you are accessing. However, VPN offers no protection against snooping software installed on the computer itself, so it's always a better idea to use it from your own laptop.
VPNs are routinely used by millions of business travellers to connect securely to their office computers or to access company documents. Therefore, they are tolerated in all but the most repressive dictatorships. It is unlikely that simply connecting to a VPN will attract attention in China for instance. However, in a small number of autocratic regimes (Cuba, Iran) the mere usage of VPN is illegal and can land you in prison, although this penalty may not be applied to tourists.
Tor
Tor is a worldwide network of encrypted, anonymizing web proxies. It is designed primarily for the purpose of making an internet user untraceable by the owner of the site he/she visits. However, it can also be used for circumventing filters and firewalls. Unlike other methods explained in this section, Tor automatically rotates the servers used to access the internet, making it harder to discover your identity. However, there are only around 3000 Tor servers in the world, and their IP addresses are public knowledge, making it easy for governments and organizations to block them. Even so, new Tor servers join the network all the time, and if you wait patiently, you may connect to one that isn't blocked yet. The Tor Project has introduced a function which allows for connection to unlisted bridges (no public database), intended to circumvent oppressive governments, but this feature is difficult to use.
Using Tor requires installation of software and usually also a plug-in for the browser.
SSH access
SSH (Secure Shell) is a good way of tunneling traffic other than http. However, you will normally need access to a server to use SSH. If not provided by your university or employer, this can be expensive. Using your or your friend's home PC is not too difficult, but requires either a static IP address or a way to figure out the current dynamic one. The home PC should be on at any time when you want to connect (also after a power outage; have someone check it from time to time). See also #Servers below.
- If you control the server via which you want to connect, you can have your processes listen on ports that are unlikely to be blocked. A common technique is to have an SSH daemon listening on port 443, the secure HTTPS port, which is rarely blocked. This must be set up before going to the location with blocks on usual connections.
- If you have SSH access to a third server, connect via SSH to that server, and utilise SSH port forwarding to open up a tunnel connection to the target server.
Filtering junk
As your connections will be slow or expensive, at least from time to time, it may be worthwhile setting up some filtering mechanism, so that you get just the data you want. Some of the advice is easy to heed, some requires quite some know-how.
For e-mail, most servers have junk mail filtering software in place. Often you can choose the level of filtering, sometimes set up your own filters. A common setup is that obvious junk is denied or deleted on sight, while probable junk is saved in a separate junk mail folder. If much junk gets through with your current settings, you could change the threshold, such that only real mail gets through, and check the folder for probable junk only when you have a good connection. You might want to temporarily unsubscribe from some high volume email lists.
With more elaborate options, you can direct non-urgent mail (such as that of many mailing lists) to separate folders, to be checked later. If you are downloading all of the message when reading it (mostly, unless using a web interface), you could filter away large attachments (keep an unfiltered copy in a separate folder for later viewing). There is software to convert most documents to plain text, you might be able to use it to convert attachments so that you can view some of them without downloading the original versions. Ask your friends to send only plain text email, configuring their e-mail software to not send HTML, if possible.
Any setup which uses amateur radio as a gateway to transfer e-mail from the open Internet will by necessity use a "whitelist" approach; any mail arriving at the Internet side from anyone not in an address book at the gateway is rejected. A "ham" radio gateway is an inherently-slow connection which is effective for getting small amounts of mail to disaster areas or watercraft at sea, but its operators are legally prohibited from sending commercial traffic on amateur frequencies – hence their zero-tolerance on gating advertising or spam.
If you use a web server for reading mail, you might want to limit the bells and whistles of the web interface. If this is impractical and you can filter your e-mail, you might want to use the web service only when normal e-mail access is blocked – but many providers do not advertise or even provide normal (IMAP) mail access.
Proxies
There are proxy services providing filtered web content, mostly intended for web access with mobile phones, where heavy graphics, javascript and untidy HTML code were a big problem before 3G and powerful smartphones. Some filters are available specifically for personal computers, often targeted at removing advertisements and big brother features. With some browsers you can turn off loading third party content (mostly advertisements) and in some other ways restrict what pages are downloaded. A proxy is needed to filter unwanted content of the file to be downloaded, such as inline junk. To use a proxy is easily configured in the browser, but to choose and configure a proxy to your needs is more work.
The extreme lightweight solution is to use text based access (terminal emulator + SSH) to a computer with good connections (at home or wherever) running the e-mail and browser programs (e.g. alpine and elinks). This was the standard way to have Internet access in the old days of 14.4 kbit/s, and still works at least for e-mail (some configuring may be necessary if you have friends writing their e-mail with office suites – and images might have to be explicitly downloaded before view).
Servers
For some travellers, it may be worthwhile to set up a server in your home country or a third country (or perhaps just arrange access to an employer or client's server) before hitting the road. Management and use will be easier if the server has a static IP address or proper DNS records; most ISPs can provide this, but they may charge extra for it.
Among the possible advantages:
- off-site backups for your portable machine
- some data may be more secure if it is not kept on a portable machine, and is accessed only via encrypted network connections
- having more computing power available than a portable machine can reasonably provide
- the ability to run services that would be difficult to manage on a portable machine, such as Git for source code management, Mastodon for social networking, or your own email server
- run your own proxy service which hides your location and can protect the portable machine from various attacks and annoyances
- access to media that have geographic restrictions (many files and some entire sites); for example if an online movie or TV channel is available only in the US, you can view it anywhere if you have a server in the US
- having your own VPN or Tor server, needed in countries like China where the Great Firewall blocks most public VPN servers. This will give you access to other sites that the firewall blocks, notably many social networking sites and Western media. China is by no means the only country with such restrictions; see the Connect section of the article on your intended destination(s) to check.
There are many ways to set up such a machine.
- Freedom Box. This software is designed as a home server that lets you escape the "surveillance capitalism" of companies like Google or Facebook (which don't see you as a customer; you are the product that they sell to advertisers). It can provide all the common Internet services – email and web servers, blogging, file sharing, video conferencing, etc. – plus privacy-oriented services such as a VPN server.
It will run on a small (paperback book), cheap (under $100) server that uses little power; these are available as turnkey systems or you can build your own. The software can also be installed on a surplus machine (are you leaving a desktop computer behind as you hit the road?), or on a more powerful machine which could support additional services or more users.
Do you have a friend who would give such a machine shelf room while you are away?
Many companies (especially the smaller local ISPs) will happily host a server for you, though some can accommodate only rackmount machines. This gives you the advantages of their infrastructure – high-speed net connection, clean power with backup, air conditioning, a firewall and likely an intrusion detection system, often backup of your data to one of their machines (but perhaps you need to encrypt the backups). Most will rent you a suitable machine too, and provide service in the event of hard drive failures or other problems. They may also offer a virtual server, i.e. something that looks like a server regarding functionality, but shares hardware with other virtual servers. The latter has most of the advantages of having your own server, and is more flexible than a physical server. If you find you need more resources, those can be provided just by changing the configuration of your virtual machine.
Also many cloud companies (including small ones) can provide a virtual server. Some can offer the services you need without your having to take any responsibility for technical administration.
If you go for your own, you need to arrange for somebody to have physical access to it. Ideally it has backup power (an UPS, in essence an external battery), closes down during extended power breaks and boots up cleanly. But if there is some kind of failure, you don't want to travel overseas to fix it. It is also good if somebody exchanges external disks once a week or something, taking backups elsewhere, as a power surge – or a cracker – could destroy any backup media that is electrically connected. Unauthorised access could have been granted through a trojan on your laptop, in which case both it and the server may be compromised simultaneously. In any case, you need to take care (or have somebody else take care) of the security of the server, such as configuring firewalls and installing security updates.