Touring, online accounts and the potential problems

[Ming the Merciless]

Possibly......
But I would probably have relied on Google to store it

Best to write it down in your notebook or diary or log you have. Then you’ll have it to hand to get back into your email. Back up modern tech with old tech pen and paper.

 

[Sallar55]

Even better just leave phone behind and take a big wedge of cash or top up the debit card . Also take a camera , going back to the pre mobile phone days will give any holiday a real adventure experience. Just imagine what its like not knowing what tomorrow brings.😲

 

[chris667]

I was a very early adopter of smart tech, however for the last couple of years I have been removing my presence from them (as much as you can!).

I enjoy holidays much more now I'm disconnected, like @Sallar55 says. I don't even have a camera. I'm just present.

Now, I realise that isn't practical for a lot of people but if you really do need access to things I would suggest not to depend on any one service on a device you don't control. There have been countless numbers of Google making completely arbitrary decisions which ruined businesses and even people's lives. Same with Facebook, Whatsapp, Apple. I could go on.

If you must have access to a device on tour, I suggest a tablet or phone you can use on wifi but with your passwords on a database on the phone with a backup on a USB stick. These can be the size of your thumbnail - it's no problem to stash one inside a barend, for example. On it you can place your password database and a portable version of a program which can run on a computer you'd find somewhere else to access it.

KeePassXC is my favourite password manager. It runs on all the popular computers and you can find versions which work on Android phones too. You won't have to depend on your phone then.

To really own your data you to give yourself more ways of accessing things. If you do depend on Google Drive and photos or some other solution, I suggest making backups to another service. Google lose files all the time. I really like www.rsync.net - it is a bit technical to begin with but I'm happy to help you set this up if you like. $18/year for 100GB of storage, and you can make it backup automatically with a script direct to Google using rclone. My business used it and it saved my bacon more than once (actually, not true because I have local backups too!).

Also, when you get home, if the data is important, copy it all to your PC when you get home and make backups of that. Three backups is the gold standard.

I hope this doesn't come across as giving advice after the fact, but the offer of help is genuine. There are tools to protect yourself - use them.

 

[Sea of vapours]

As an addition to several good suggestions above, consider using a Yubikey as your two factor authentication (2FA) device, rather than a phone, wherever possible, or as an additional 2FA object in case the phone is lost / dead / out of signal / down a toilet.

A Yubikey is a very small object - the smallest are very little more than the part of a USB plug which actually plugs in. You could keep it in a bar end, for example. Combine that with a Laspass account where you know the master password and use the Yubikey as the 2FA object and the vast majority of issues are not issues. These are passive devices, with no battery, so they are very reliable. Critically, in this instance, they can act as the 2FA object for Google accounts.

 

[HobbesOnTour]

Best to write it down in your notebook or diary or log you have. Then you’ll have it to hand to get back into your email. Back up modern tech with old tech pen and paper.

Backing up to paper only solves a part of the problem. In the event of requiring access from a completely new device and with only a password to hand there will still be a problem with Google because it's a new device. You have suggested that Apple is different.
It's entirely possible that testing this at home (familiar WiFi) will negate that issue but it will be serious on the road.

Even better just leave phone behind

take a big wedge of cash or top up the debit card

I couldn't imagine leaving for any length of time and depending on only a "wedge" of cash.
The bankcard is fine until it is damaged, misplaced or stolen. A phone would be handy then.

Just imagine what its like not knowing what tomorrow brings

It's all well and good to romanticise the good old days but I'll take my phone for much the same reason that I ride a bike with gears - the journey is more enjoyable.

My phone is one of my cameras (GPS location on photos is great!), my journal, my source of maps and navigation planner. It's my entertainment (when I need some), my translator when things get tricky, and an online reservation tool if I need one, as well as containing all tickets, boarding passes and vaccination certification.
I have used it to buy bike parts when I couldn't get them locally, to have parts replaced under warranty from the other side of the world and it also allowed me to travel during COVID.

It's a resource for repairs, for up to date travel information and weather forecasting.

And let's not forget that it is an emergency device able to call for help or accurately locate my position when needed, whether by cellular or online.

And it's also a phone that allows me to communicate with people. And them me.
It's also worth remembering that for some people left at home a way to make contact is not a bad thing. And for us to check in it's worth remembering that public telephones have practically disappeared from Western Europe. Cyber cafés are going the same way. For the camping bike tourist public communication options are becoming fewer and fewer.

Just because I have a phone that does all that doesn't mean that I know what's down the road tomorrow. In fact, the security of that phone means I'm far more likely to head off into pure mystery.

I enjoy holidays much more now I'm disconnected

Well, of course. We're all different. And I can still be disconnected if I have a phone or similar. And where we're going and for how long has a huge bearing on these things. Also if we're solo or not. If I was to head away for any length of time and be uncontactable there would be people having conniptions!
It's common enough for discussions like this on US fora to involve always-on gps trackers so that those at home can see exactly where the tourist is. And even offer alarms if still for too long. Now that would drive me around the bend. There's an element of managing anxiety or fear to all of this.

a backup on a USB stick

I backed up my photos on both SD cards and memory sticks. Unfortunately, not all of them survived without being scrambled. I'm hopeful that when I get to a proper computer that I can recover them. In the meantime they did their job by storing the photos until I could get them backed up online. (Backing up photos from a camera and a phone to an SD card or memory stick is not exactly a straightforward task, nor fast, when on the road with only a phone or tablet to work with. It also requires specific connections or adapters).

I suggest making backups to another service.

That's always good advice. However, the thrust of my OP was about being on tour. It was days and sometimes weeks before I had a chance to backup to Google. Adding another layer on top of that is unlikely, at least for me. I could use a different service, of course. To make a single post on my Travelogue here with 10 pictures often took up to three hours.

I hope this doesn't come across as giving advice after the fact

Not at all. Anything that gives people pause to think or suggests solutions should be appreciated. I thought I had my bases covered. And I didn't. Hopefully people can learn from that without having the same experience.

consider using a Yubikey as your two factor authentication (2FA) device, rather than a phone

That's interesting but not cheap and still won't work with several of my "important" apps. The wireless option isn't compatible with my phone, either. Perhaps as coverage expands it may become more viable for the bike tourist. If I was to use something like that I'd want it to cover all bases. It does raise the question, though, what happens if it's lost or damaged on tour?

Another device I always carry with me is a Kindle. As well as books it's also a repository for back up storage of things like my passport etc. For some reason I never stored "sensitive" data on it. That attitude has now changed.

 

[Ming the Merciless]

Backing up to paper only solves a part of the problem. In the event of requiring access from a completely new device and with only a password to hand there will still be a problem with Google because it's a new device.

That’s what the generated backup codes are for, that’s what you are writing down, to avoid all the problems you encountered with your gmail. The backup code when used, doesn’t need access to an existing trusted device.

 

[HobbesOnTour]

That’s what the generated backup codes are for, that’s what you are writing down, to avoid all the problems you encountered with your gmail. The backup code when used, doesn’t need access to an existing trusted device.

Yes, I understand now. Apologies

 

[Sea of vapours]

and still won't work with several of my "important" apps

It would certainly be better if it did, but it's not important. It's not a substitute for the phone - you've already said you need the phone for all sorts of things. Losing the phone still requires you to replace the phone. The Yubikey idea is that it's a 2FA object which can get you into key things, most crucially into [something equivalent to] Lastpass, where you would have stored all your backup codes for all services so that you can recreate your old phone on a new one. Doing that gets around the 'unknown device' issues in a secure manner. As to losing / damaging the Yubikey itself, the cheapest, non-wireless ones are relatively pretty cheap; very much so when compared to taking a second phone, which is another way of removing all the issues, but expensive, bulky and heavy. i.e. take two, which is what I do when travelling.

 

[HobbesOnTour]

I've just taken a look at my security/recovery options again prompted by all this discussion.
I've deactivated phone verification and two step verification* for Google, selecting email verification to a separate email account.
I've also acquired the emergency access codes which, Google tell me may help if logging in from a new device. The "may" is a tad worrying

* To use two step verification without using a phone number requires using a code. I'll have a think about that before activating it.

What struck me as I did this is that these codes are relatively new. Certainly, they weren't available when I originally opened a Google account all those years ago. (Back then they asked personal questions that could be used to verify an account. They don't do that anymore)

I thought it a timely reminder for all of us to go back and check those settings as things may have changed since we originally opened our accounts.

 

[chris667]

That's always good advice. However, the thrust of my OP was about being on tour. It was days and sometimes weeks before I had a chance to backup to Google. Adding another layer on top of that is unlikely, at least for me. I could use a different service, of course. To make a single post on my Travelogue here with 10 pictures often took up to three hours.

The photos wouldn't need to be uploaded twice. Rclone runs on Rsync.net's servers and you can script them to automatically check Google's servers without interaction from you and copy everything over directly without your intervention - there no need to upload anything twice. With my backups, I never know it's happening. I just have a second place to check if Google loses my files. Backups should always be automatic.

I've deactivated phone verification and two step verification*

That's a massive step backwards. If someone else works out your passwords you can lose access to everything permanently.

TOTP codes (which are time based, so work without the Internet) are something you can store in your Keepass vault, or even print out as QR codes and store somewhere safe.

 

[HobbesOnTour]

The photos wouldn't need to be uploaded twice

Thanks for the reply and this is interesting information. I presumed that I would have needed to make a backup from my phone to an alternative host.

However, that in itself raises an issue if Google were to "lose" some or all of my photos because whatever is on Google (nothing) gets backed up to the alternative host, no? overwriting the "good" data?

On the road in the time taken to realise that Google has lost the data the alternative host may have backed up the "newer" (and emptier) Google.

I'm not trying to be difficult but trying to think my way through the situation.

Rsync.net

Interesting resource but it seems set up for people who are IT proficient, a group I don't include myself in.

you can script them to automatically check Google's servers without interaction from you and copy everything over directly

Unfortunately, that pretty much rules it out for me. I've a vague notion of what a script is but writing one would be beyond me.
The concept of an alternative host automatically backing up Google is really interesting. But for me, it would need to be idiot proof.

That's a massive step backwards

Well, I can understand that view and thanks for highlighting it.
However, I probably should have expanded: I'm currently in one place and have access to three devices. I've recently changed all my passwords. I am planning to reset one of the devices when I have the time and test out the various options for regaining access with different levels of security.

Two step phone verification is not going to feature in my future in any case. At least not with my phone number. I've learned that lesson!

TOTP codes (which are time based, so work without the Internet) are something you can store in your Keepass vault, or even print out as QR codes and store somewhere safe.

I mean no disrespect and all this is useful information but I have no idea what a TOTP code is.

In any case, something that we either store on a device, in the cloud, on a memory stick or on paper ultimately comes back to one question - "What happens if I lose access to that storage?"

That prompts the question "Where best to store it?"
The answer to that, it seems, is multiple places.

But that's only one part of the equation.
I'd imagine it's quite easy for the non-tech minded (like me) to be a bit casual towards these things or not understand deeply enough. I was and didn't.

For instance, it seems (no answer from Google) the fact that I had two step verification set up to my phone number meant that Google did not allow me to use an alternative email address for recovery, despite listing that address as my recovery email (and receiving an email every time I tried to log in!) I had my password. It's just that I was using a new (and unknown to Google) device on a new (and unknown to Google) WiFi. Cellular was the same.

It's also interesting that the breakthrough with Google, when it came, was not through My "Google Account" nor "Google Drive" but the "Google One" app that brought me through a different process than the first two and did allow me to enter my recovery email address. Whether that is standard or due to my account being flagged after persistently raising my case with umpteen Google people in the accounts department I do not know.

Even for short trips (mine was pretty long) it's worth looking at the things we take for granted.
Will my phone work abroad? For data as well as calls? Will my bank card or credit card? Even down to something we might never think of at home - does my gps have the maps I need? (I've done that! Happily crossed a border and after a few kms lost all the mapping on my gps unit )
I met a chap here in Spain who couldn't figure out why he couldn't call anyone in the UK. It turned out that all his contacts had been stored without UK location/area codes so here in Spain the number made no sense without the international dialling code.

Thanks again for the input and suggestions

 

[classic33]

All my numbers are stored using the international dialling codes at the start.
Something I've done since I got a mobile phone. Important numbers stored on the SIM card and not the handset.

 

[chris667]

Interesting resource but it seems set up for people who are IT proficient, a group I don't include myself in.

There's a really good tutorial on the website. It really isn't that hard, but if you get stuck drop me a line and I'll help.

However, that in itself raises an issue if Google were to "lose" some or all of my photos because whatever is on Google (nothing) gets backed up to the alternative host, no? overwriting the "good" data?

I didn't include this in my original explanation, but Rsync uses something called zfs snapshots. Mine is set up to have automatic snapshots every month for six years - if my last backup is trash, I can roll back to the last snapshot which wasn't. Snapshots don't count towards your quota of data. The snapshots are immutable - you can't accidentally delete them.

Of course, if the photos are never uploaded correctly to Google or Google lose them before rclone copies over, then your photos are lost (or rather they never existed to copy). That isn't rsync.net's fault. The state of the art is limited.

 

[HobbesOnTour]

Thanks for the detailed reply, Chris

I didn't include this in my original explanation, but Rsync uses something called zfs snapshots.

That's very kind. I'm pretty crap at looking for or accepting help but I may well come back you.

There's a really good tutorial on the website. It really isn't that hard, but if you get stuck drop me a line and I'll help.

I'll have a look at that later when I've a bit more time. There's no urgency right now for me.
I had been thinking about an alternative/backup to Google but focusing on the more "mainstream" options

Of course, if the photos are never uploaded correctly to Google or Google lose them before rclone copies over, then your photos are lost (or rather they never existed to copy). That isn't rsync.net's fault. The state of the art is limited.

Of course, that's very true. And again, it's something that some of us will find hard to get a handle on.
For example, at home all my photos are backed up to Google automatically whenever I'm on the Wifi. That can lead us to a false sense of security from never having to think about it.

I should also have mentioned that I use Strava (for free!) as a form of backup for my photos on tour, attached to each daily ride. Slow to upload, of course, and the pictures won't be the best quality, but at least I have something in the worst case scenario.

Many thanks

 

[mjr]

but I keep those in a note in Lastpass - which is itself also set up with 2FA on the same phone.

You might like to upgrade to a KeePass-based solution. LastPass has shown itself to be just one more insecure commercial single point of failure:
LastPass Data Breach: It’s Time to Ditch This Password Manager | WIRED – https://www.wired.com/story/lastpass-breach-vaults-password-managers/