Digital Privacy While Travelling 2026: VPNs, eSIMs, Burner Devices, and the Border Search Reality

The actual digital threat landscape for wealthy travellers

Digital privacy content for travellers splits into two unhelpful categories: mainstream tech journalism that treats privacy as a mass-market concern with generic advice, and prepper-adjacent content that assumes nation-state adversaries and recommends impractical stacks of tools. Neither is useful for wealthy travellers, because the real threat landscape sits between the two.

The actual threats that affect wealthy travellers in real life, in descending order of prevalence:

1. Hotel Wi-Fi compromise. The DarkHotel campaign and its successors actively target senior executives and public figures at luxury hotels. Hotel networks are consistently among the most compromised public networks in the world for structural reasons — they concentrate high-value targets, the IT infrastructure is outsourced and under-maintained, and segmentation between guest traffic is typically weak.
2. Public Wi-Fi eavesdropping at airports, cafes and transit hubs. Less targeted than hotel attacks but far more common. Anyone with a laptop and free software can intercept unencrypted traffic on open Wi-Fi networks, and the attack is trivially executable.
3. Border device searches. Routine at US, UK, Canadian, Australian and Chinese entry points. Approximately 40,000 device searches per year at US ports of entry alone. The searches range from a brief officer review to full forensic imaging, and the legal protections vary by jurisdiction and citizenship status.
4. ISP-level surveillance in authoritarian jurisdictions. China, Russia, UAE, Saudi Arabia, Iran and several other countries operate deep packet inspection on their internet infrastructure. Travellers to these jurisdictions who connect to local networks without a VPN have their traffic logged and analysed.
5. SMS interception and SS7 attacks. Text-message-based two-factor authentication codes can be intercepted via SS7 protocol vulnerabilities in mobile networks. Not common but genuinely happens, particularly in sophisticated targeted attacks. The fix is to use app-based 2FA (authenticator apps) or hardware security keys instead of SMS.
6. Data broker aggregation of travel history. Commercial data brokers buy and sell payment card data, flight booking data, hotel stay data, and location data, aggregating it into profiles that can be queried by journalists, investigators and stalkers. The barrier to entry is $50 to $500 per month of subscriptions.
7. Malicious charging stations ('juice jacking') at airports and public locations. Public USB charging stations can be compromised to deliver malware to connected devices. The fix is to use your own charger and plug into AC outlets, or to use a USB data-blocker (a cheap adapter that allows power but blocks data lines).
8. Stolen or lost devices at airports, hotels and in transit. The most mundane threat. A device left behind in a taxi or stolen from a hotel room exposes every unencrypted account stored on it. The fix is full-disk encryption, strong passcodes, and biometric locking with automatic wipe after failed attempts.

The stack in this article addresses all of these threats with a coherent set of tools and protocols. Most of the defence is simple — the hard part is actually doing it consistently.

VPN — what it does and which one to use

A good VPN is the single highest-leverage privacy tool for most travellers, and it is also the most misunderstood product in the consumer privacy market. Most of the marketing is misleading, most of the advice online is wrong, and most people use VPNs for reasons that do not actually work.

What a VPN actually does

1. Encrypts traffic between your device and the VPN server. This is the core protection. When you connect to hotel Wi-Fi without a VPN, the hotel network and anyone sharing it can see all the unencrypted traffic you send and receive. A VPN tunnels all your traffic through an encrypted connection to a server elsewhere — the local network only sees encrypted data it cannot read.
2. Hides your true IP address from the websites you visit. Without a VPN, every site you visit sees the IP address assigned to you by your local network, typically tied to your hotel, airport or home ISP, and therefore to your location within 5 to 50 km. With a VPN, sites see the IP address of the VPN server, which can be in a different country entirely.
3. Lets you access region-locked services. Useful for watching your home streaming services abroad, accessing your home bank's website if it geo-blocks foreign logins, and viewing news sites that are blocked in the country you are visiting.

What a VPN does not do

• It does not make you anonymous. The VPN provider sees your traffic. This is why the choice of provider matters — you are trusting them to not log, not sell and not hand over your data under legal pressure.
• It does not protect you from malware. It encrypts traffic in transit, not file contents.
• It does not prevent browser fingerprinting. Sites can identify you via device characteristics that have nothing to do with your IP address.
• It does not defeat targeted state-level attacks. If you are specifically targeted by a nation-state adversary, consumer VPNs are not your defence.

Why we recommend NordVPN for travellers

The consumer VPN market is crowded and most options are either free (and monetising your data) or paid-but-mediocre. NordVPN is the one we recommend for travellers for specific reasons:

• Panama jurisdiction. NordVPN is headquartered in Panama, which is outside the 14-Eyes intelligence sharing framework and has no mandatory data retention laws that would compel logging of user activity.
• Independently audited no-logs policy. NordVPN's no-logs policy has been audited by third parties (PwC and Deloitte) multiple times, which provides a level of verification that most VPN providers cannot match.
• Large and diverse server network. 5,500+ servers across 60+ countries means you always have a nearby option, which matters for latency-sensitive use (video calls, online banking, streaming).
• Proven ability in restricted networks. NordVPN's obfuscation technology works in heavily-restricted networks (China, UAE, Russia, Iran) where most consumer VPNs fail. If you travel to these jurisdictions, a VPN that actually works on the ground is worth more than a VPN that theoretically has privacy features.
• Multi-device licensing. A single subscription covers up to 10 devices, so phones, tablets, laptops and home routers can all be protected with one account.
• Kill switch and split tunnelling. Essential features that most cheaper VPNs do not implement properly. Kill switch ensures your traffic is never exposed if the VPN connection drops. Split tunnelling lets you route specific apps through the VPN while leaving others on the local network, which matters for apps that do not work over VPN (some banks, some streaming services).

How to actually use a VPN as a traveller

1. Install NordVPN on every device you will travel with, before you leave home.
2. Configure it to launch automatically at device startup and to connect to a server in your home country by default.
3. Enable the kill switch so that your internet connection is blocked if the VPN drops.
4. Connect to the VPN the moment you connect to any public, hotel, airport or café Wi-Fi network — before you open any app or website.
5. Leave the VPN on continuously for the duration of your trip. Modern VPNs have minimal impact on speed and battery life.
6. For specific tasks that require accessing region-locked home services (your home bank, your home streaming service), connect to a NordVPN server in your home country rather than the local country.

eSIMs — the privacy tool most travellers miss

The single most underrated privacy tool in the wealthy traveller's stack is the eSIM. Most people think of eSIMs as a convenience and cost tool — cheaper than international roaming, faster than queueing at an airport SIM kiosk — and they are. But they are also a privacy tool, and for three specific reasons.

Reason 1 — You avoid hotel Wi-Fi entirely for sensitive tasks

Hotel Wi-Fi is the single most compromised network most wealthy travellers connect to (see the hotel Wi-Fi section below). Using mobile data via an eSIM as your primary connection means you never need to touch the hotel network for anything sensitive. Email on cellular, banking on cellular, Maps on cellular, and leave hotel Wi-Fi for streaming Netflix where the privacy stakes are zero.

Reason 2 — You avoid the local SIM identity-document requirements

In many countries — including the UAE, Saudi Arabia, China, Russia, Vietnam, Thailand, and increasingly EU jurisdictions — buying a local SIM card requires presenting your passport and having your identity tied to the SIM in a national database. This creates a permanent record that you were in the country, with the specific SIM and therefore specific phone number associated with your identity. eSIMs purchased from international providers (Airalo, Yesim) are typically not subject to these local identity-tying requirements — you purchase the eSIM plan with a credit card, activate it via the provider's app, and the local mobile carrier sees only the international provider's bulk account, not your individual identity.

Reason 3 — Mobile data breaks the room-number link

A hotel Wi-Fi login ties your device to your room number and your guest account. The hotel knows precisely when your devices are active, which apps are generating traffic, and which sites you are visiting. An eSIM data connection is tied to the local mobile network, not to your physical location within the hotel. For travellers concerned about the hotel's operational knowledge of their activity patterns, eSIM data breaks this link completely.

Airalo vs Yesim — the two providers worth using

Hotel Wi-Fi — why it is actually dangerous

Hotel Wi-Fi networks are consistently among the most compromised public networks in the world, and the reasons are structural rather than accidental. Understanding why hotel Wi-Fi is specifically dangerous (versus other public networks) helps explain why the fix is so simple and so important.

Why hotel Wi-Fi specifically

• Concentration of high-value targets. Luxury hotels concentrate senior executives, public figures, wealthy individuals and high-value traveling professionals in one network at one time. The ROI on attacking a single hotel network is materially higher than attacking a random café or airport.
• Outsourced and under-maintained IT. Most hotels do not operate their own IT infrastructure — they outsource it to a third-party vendor (Guest-Tek, iBAHN, Nomadix and similar) whose business model is to deliver network access at the lowest cost to the hotel. These vendors typically do not invest in security measures beyond what is required to keep the network functional.
• Weak network segmentation. In many hotels, the guest Wi-Fi network is not properly segmented from the hotel's back-office systems, from other guests on the same network, or from connected devices that are part of the hotel's infrastructure. Attackers who gain access to one part of the network can often reach other parts.
• Captive portal authentication. Hotel Wi-Fi typically uses a captive portal (the web page that appears when you connect and asks for your room number) that is a known attack surface. The portal itself can be spoofed, compromised, or used to deliver malware disguised as network updates.
• Guest expectation of frictionless access. Guests want to connect fast, which means hotels disable security features that would slow down connection (WPA3 personal mode, per-device network isolation, DNS filtering). The trade-off favours convenience over security and the guest bears the risk.

The DarkHotel campaign and its successors

Kaspersky Lab first documented the DarkHotel campaign in 2014, describing a sophisticated attack operation that specifically targeted senior executives at luxury hotels across Asia. The attackers infiltrated hotel Wi-Fi networks to deliver targeted malware to specific guests based on room number, deploying the malware via fake software update prompts that appeared legitimate. The campaign remained active in various forms for years afterwards and inspired multiple imitators. More recent research has shown that hotel network attacks are routine rather than exceptional, and the attackers include both organised criminals and state-level actors targeting business travellers.

The fix

The fix for hotel Wi-Fi is straightforward:

1. Do not use it for sensitive tasks. Email, banking, work accounts — use mobile data via eSIM instead.
2. If you must use hotel Wi-Fi, use it only with an always-on VPN. The VPN encrypts your traffic before it leaves your device, rendering the compromised network unable to see what you are doing.
3. Never install software updates prompted by the hotel network. Legitimate software updates come from your device operating system, not from hotel captive portals or pop-up windows.
4. Consider the hotel Wi-Fi compromised by default. Behave as if any unencrypted traffic you send over it will be intercepted, because it might be.

Device hardening before you leave

Most of the device-level privacy benefit available to travellers comes from a short list of configuration changes that can be done in 30 minutes before a trip. These are not sophisticated security measures — they are baseline hygiene that most people skip.

On iPhone

• Enable a strong passcode (not 4 digits, not 6 digits — use the alphanumeric option with 8+ characters). Settings → Face ID & Passcode → Change Passcode → Custom Alphanumeric Code. This is the single most important device change.
• Disable Face ID / Touch ID before border crossings. Biometric unlock can be compelled in some jurisdictions; passcodes cannot (for US citizens at US borders). Press and hold the side button and a volume button for 2 seconds to immediately disable biometric unlock — the phone will then require the passcode for the next unlock.
• Enable 'Erase Data' after 10 failed passcode attempts. Settings → Face ID & Passcode → Erase Data (at the bottom). This protects you if your device is stolen.
• Sign out of iCloud before aggressive border crossings. Data stored in iCloud that is not actively synced to the device is not accessible to a border search. Sign out before crossing and sign back in after.
• Enable Advanced Data Protection for iCloud. Settings → Apple ID → iCloud → Advanced Data Protection. This applies end-to-end encryption to most iCloud data, meaning Apple itself cannot access it.
• Disable Control Center access from lock screen. Settings → Face ID & Passcode → Allow Access When Locked → disable Control Center. Prevents a stolen device from being put into airplane mode to defeat Find My iPhone.
• Review all app permissions. Settings → Privacy & Security. Revoke location access, microphone, camera and contacts for apps that do not need them.

On Mac / Windows laptop

• Enable full-disk encryption. FileVault on Mac (System Settings → Privacy & Security → FileVault → Turn On). BitLocker on Windows (Settings → Privacy & Security → Device Encryption → Turn On). Without full-disk encryption, a stolen or searched laptop exposes everything on it.
• Set a strong user password and require it after sleep. System Settings → Lock Screen → Require password after sleep or screen saver begins → Immediately.
• Sign out of cloud accounts (Dropbox, Google Drive, OneDrive) before border crossings. Same principle as iCloud — data not actively synced is not accessible to a border search.
• Use a privacy-respecting browser with tracking protection. Firefox with Enhanced Tracking Protection or Brave are both genuinely privacy-improving. Safari is acceptable. Chrome is not, for privacy-sensitive use.
• Install a reputable VPN and configure it to auto-connect. NordVPN on Mac and Windows both support auto-connect at startup and kill switch — enable both.

Across all devices

• Use app-based two-factor authentication, not SMS. Authy, Google Authenticator, Microsoft Authenticator, or — best — a hardware security key (YubiKey). SMS-based 2FA can be intercepted via SS7 attacks or SIM swapping.
• Use a password manager with strong, unique passwords for every account. 1Password, Bitwarden, or Dashlane are all legitimate options.
• Travel with a dedicated travel device where possible. A secondary phone and laptop with minimal personal data, separate Apple ID or Google account, and only the apps you need for the trip.
• Disable all unused radios when not in use. Bluetooth off when not pairing, Wi-Fi off when using cellular, AirDrop set to Contacts Only or off entirely.

Border device searches and the CBP reality

US Customs and Border Protection conducts approximately 40,000 device searches per year at US ports of entry. The authority is broad, the policy is inconsistent, and the practical implications for travellers depend on citizenship status and destination.

The legal framework

CBP has broad authority under the 'border search exception' to the Fourth Amendment to search persons and their effects at US ports of entry without a warrant, without probable cause, and without reasonable suspicion. Courts have extended this authority to electronic devices, though the scope of permissible searches has been the subject of ongoing litigation.

CBP's policy distinguishes two types of device search:

• Basic search: Manual review of the device by a CBP officer with no suspicion required. The officer can browse through apps, photos, messages, and other data physically stored on the device. The search is limited to data on the device itself, not data stored in cloud accounts that are not actively signed in.
• Advanced search: Connection of the device to forensic equipment that can image the device's storage and permit detailed analysis. Policy requires 'reasonable suspicion of activity in violation of the laws enforced or administered by CBP' for advanced searches, but the threshold is applied inconsistently in practice.

What happens if you refuse

• US citizens cannot be denied entry. A US citizen's right to re-enter the US is not conditional on cooperating with a device search. However, the device can be seized and held for weeks or months while CBP seeks a warrant or completes a forensic analysis.
• Lawful permanent residents generally cannot be denied entry but the consequences of refusal can include extended secondary inspection, device seizure, and implications for future entries.
• Non-citizen visitors can be denied entry. Refusing a device search when you are a visitor to the US is grounds for exclusion.

Similar authorities in other jurisdictions

• UK: Schedule 7 of the Terrorism Act 2000 gives police at UK ports of entry authority to detain, question and search travellers and their devices for up to 6 hours (extended to 9 hours in some cases) without reasonable suspicion. The authority has been challenged in court and the European Court of Human Rights has found some applications of it to violate privacy rights, but it remains in force.
• Canada: Canada Border Services Agency (CBSA) asserts authority to search electronic devices at ports of entry. Recent court rulings have constrained this authority somewhat, but searches still occur regularly.
• Australia: The Australian Border Force has broad authority to search electronic devices under the Customs Act 1901. The threshold is low and searches are common.
• China, UAE, Saudi Arabia: Broad authority, inconsistent application, with the additional consideration that device contents may be subject to local speech and content laws.

Practical protocols for border crossings

1. Travel with a dedicated travel device when entering aggressive jurisdictions. Minimal data, separate accounts, no sensitive historical messages.
2. Power devices fully off before crossing the border. A powered-down encrypted device with a strong passcode is the most protected posture. iOS devices in particular are harder to forensically analyse when powered off than when in sleep mode.
3. Sign out of cloud accounts before crossing. Data not actively synced to the device is not accessible to a basic search.
4. Disable biometric unlock in border zones. Use the passcode only.
5. Do not hand over passcodes voluntarily. Know your rights in the jurisdiction and the consequences of refusal. For US citizens at US borders, refusing a passcode is legally protected but can result in device seizure.
6. Keep a separate minimal-data 'border crossing' profile. For Android users, a work profile or separate user account with only the apps needed to demonstrate device functionality.

Burner devices vs dedicated travel devices

For most wealthy travellers, the honest answer to the burner phone question is 'not a burner, but a dedicated travel device'. The distinction matters.

A 'burner phone' in the popular sense is a cheap prepaid device bought anonymously, used once, and discarded. This is an operational posture appropriate for specific high-threat scenarios (investigative journalism in authoritarian jurisdictions, specific legal contexts) but excessive and impractical for ordinary wealthy travel. It also signals a threat model that most travellers do not actually face and creates operational complications (how do you stay reachable by your office, your family, your hotel if your burner number changes every trip?).

A 'dedicated travel device' is a secondary phone and/or laptop that you own, maintain and reuse across trips, but which contains only the data you need for travel. The key properties are:

• Minimal personal data. Only the contacts, emails, documents and apps you need for the trip. Your 15 years of personal photos, your entire message history, your 200 saved passwords — all on your primary device, none on the travel device.
• Separate cloud accounts. A travel-specific Apple ID or Google account tied to a travel-specific email address. Personal iCloud or Google accounts are not signed in on the travel device.
• Separate phone number or eSIM. Your primary phone number is not on the travel device. You use an eSIM with a travel-specific data plan and voice/SMS via apps where needed.
• Standard traveller apps only. Maps, translator, browser, messaging, banking app for a travel-specific account, minimal social media. No work email, no personal password manager, no sensitive document access.
• Full device encryption and a strong passcode. As on any device.

The dedicated travel device setup takes an hour to configure initially and a few minutes per trip to prepare. It dramatically reduces your exposure to border searches, hotel Wi-Fi compromise, and lost/stolen device scenarios. For travellers who make more than 3 or 4 international trips per year, the one-time cost of a dedicated travel phone ($400 to $1,500) is trivially justified by the privacy benefit.

For the vast majority of wealthy travellers who will never genuinely need a single-use burner phone, the dedicated travel device is the practical answer that provides most of the privacy benefit without the operational cost.

The signal intelligence footprint you leave

Even with a VPN, an eSIM, a dedicated travel device and proper hotel protocols, you are still leaving a signal footprint that can be collected, aggregated and analysed. Understanding what you cannot hide is as important as understanding what you can.

What the mobile network always sees

Every mobile device connecting to a cellular network leaves a record at the network level. The carrier sees your IMEI (device identifier), your IMSI (SIM identifier), your rough location via cell tower triangulation, and metadata about your calls and data sessions. A VPN encrypts the content of your data traffic but not the fact that your device is on the network at a specific location at a specific time. For threat models that include network-level surveillance, this is a real limitation.

What airport and hotel networks see

Even with a VPN, the local Wi-Fi network sees your device's MAC address (a unique hardware identifier) and the fact that your device connected to the network at a specific time. Modern iOS and Android devices use randomised MAC addresses for new networks by default, which mitigates this, but some networks capture additional identifying information at the captive portal login.

What your devices broadcast passively

Devices with Wi-Fi enabled broadcast probe requests looking for known networks, which can be collected by anyone running a Wi-Fi monitoring tool nearby. Bluetooth devices broadcast beacons that can be correlated over time. AirTags and similar trackers broadcast their presence to the Find My network continuously. The fix is to disable Wi-Fi and Bluetooth when not actively using them.

What payment networks see

Every card transaction is visible to the card network (Visa, Mastercard, Amex), to your bank, to the merchant's processor, and increasingly to data brokers who buy transaction feeds. A VPN does not protect against this. The fix is to use cash for privacy-sensitive purchases, to use dedicated travel cards that are not tied to your primary identity, and to avoid loyalty programme linking at luxury retailers.

What your social media reveals

The single highest-leverage action you can take for travel privacy is to not post about your travel on social media in real time. No amount of VPN, eSIM or device hardening can compensate for a public Instagram story showing your hotel room view. Brief your travelling companions on this rule before the trip.

Jurisdiction-specific notes

The operational checklist

Everything in this guide distils to a checklist you can actually execute before a trip:

Before the trip (30 minutes)

1. Install NordVPN on every device you will travel with and configure auto-connect + kill switch.
2. Install Airalo (and optionally Yesim) and purchase eSIM plans for your destination countries.
3. Enable full-disk encryption on laptops (FileVault on Mac, BitLocker on Windows).
4. Set a strong alphanumeric passcode on iPhone and iPad.
5. Sign out of iCloud and cloud accounts on any devices you will carry across aggressive border jurisdictions.
6. Configure app-based or hardware 2FA for all sensitive accounts (bank, email, work). Disable SMS 2FA where possible.
7. Review social media privacy settings for you and brief travelling companions on real-time posting.
8. Prepare a travel wallet with only the cards you need for the trip; leave primary cards at home.

On the day of travel

1. Connect to VPN before connecting to any airport Wi-Fi.
2. Activate your eSIM data plan as soon as you land.
3. Disable Bluetooth and turn off Wi-Fi scanning while in transit.
4. Avoid public USB charging stations; use your own charger or a USB data-blocker.
5. Before crossing borders into aggressive jurisdictions: power devices fully off, disable biometric unlock, sign out of cloud accounts.

At the hotel

1. Use eSIM mobile data as your primary connection for sensitive tasks.
2. If you use hotel Wi-Fi, VPN on before any other app.
3. Decline loyalty programme offers for high-privacy stays.
4. Do not install software updates prompted by hotel captive portals.
5. Charge devices only from your own charger or verified hotel AC outlets, not unknown USB ports.

On return home

1. Sign back into cloud accounts only after crossing the border.
2. Review travel card statements for unexpected charges.
3. Consider a factory reset of the travel device if it was searched at any border.
4. Delete one-time eSIM plans from your device to free up slots.

For the rest of the privacy stack including private aviation, hotel check-in protocols and residence planning, see the companion pieces: our hub guide to the traveller's privacy stack, our guide to private jet privacy, our guide to hotel check-in privacy, and our guide to residence and domicile privacy.