online privacy security Thailand

If you’re traveling to Thailand or already in the country, you may be concerned about recent reports surrounding internet freedom in the country. Thailand has some strict censorship laws and internet users have been arrested and prosecuted for publishing or agreeing with content that breaks those laws. In addition, the news that the government will be tracking public wifi use likely doesn’t sit well with residents and visitors alike.

What’s more, while staying connected when traveling is a nice perk of modern society, it can open you up to security risks. Using online banking and shopping sites or simply connecting to unsecured wifi networks can expose your personal information to hackers.

In this guide, we explain more about the privacy and security risks you face while visiting Thailand. We also provide handy tips to help keep you and your information safe.

Online security issues for visitors to Thailand

It’s important to consider offline dangers when traveling, but in our constantly-connected world, we need to think about online risks too. Travelers of yesteryear relied on the odd call from a payphone to keep in touch with home, but these days globetrotters are usually armed with a smartphone and often one or more other internet-enabled devices.

This undoubtedly offers a ton of convenience. At any time, you can transfer funds from your bank account, make a purchase from an e-commerce site, send a work email, check your social media feeds, hop on a VoIP call with family members, and lots more.

So where’s the risk? The major online security concerns while traveling arise from accessing the internet through public wifi hotspots. These are the wifi networks provided by hostels, airports, hotels, coffee shops, malls, and other outlets. Public wifi networks are often unsecured, which means that anyone can join without having to provide credentials.

These hotspots offer the perfect opportunity for hackers to lie in wait and steal your information. Common methods of attack include:

  • Man in the Middle (MITM) attacks: Where a third party intercepts your data.
  • Phishing schemes: In which a scammer tricks you into handing over information via email, SMS, phone, or a website.
  • DNS spoofing: Where a hacker tampers with the Domain Name System (DNS) to redirect your web traffic, for example, to a phishing site.

You should be especially cautious about sending sensitive information over these networks, such as when making a purchase or completing online banking transactions.

The online freedom and privacy landscape in Thailand

Freedom House considers internet use in Thailand to be “not free.” There have been multiple reports of internet users being arrested and prosecuted under the lése majesté law. This is a very strict law that makes it illegal to criticize the Thai royal family. In at least two reported cases, those prosecuted were sentenced to more than a decade in prison. Even the BBC has landed itself in hot water under the law and Facebook censors certain content to comply with it.

Some websites are blocked in the country, mainly gambling sites or those containing pornographic content. Certain VPNs have reportedly been blocked too.

Recent reports regarding government tracking are causing privacy concerns for citizens of Thailands and visitors in or traveling to the country. The government has ordered that cafe and restaurant owners who provide public wifi must monitor users’ internet traffic and store the data for 90 days.

The Guardian headline about online privacy and security in Thailand.

The government claims the data will be used by its “fake news centre.” However, critics are concerned that the monitoring will impact rights to free speech in the country.

Tips for staying secure online in Thailand

Although there are certainly risks to be aware of, they shouldn’t prevent you from enjoying your trip to Thailand. Here are some tips to help you stay secure online:

  1. Use common sense
  2. Stick to secure networks
  3. Only visit secure websites
  4. Use a VPN
  5. Turn off your device’s wifi when not in use
  6. Look out for phishing emails and sites
  7. Think twice before posting to social media

Let’s look at these in a bit more detail:

1. Use common sense

It’s easy to get caught up in the relaxed vibe of traveling, but it’s possible to relax too much. Just as it’s important to keep your wits about you to ensure your physical safety, you need to use common sense to keep yourself secure online too. Educating yourself by reading guides such as this one is a great first step to becoming more aware.

It’s hugely important to think about what information you’re sending online. For example, it’s best to avoid logging in to online banking or making purchases while connected to public wifi. Although data plans are expensive, you may consider using your cellular data network for a short period if you do need to send sensitive information.

Bank of America homepage.
Signing in to your online bank account could mean you’re handing over your credentials and other information to hackers.

Common sense can also help you avoid common online scams that are used to dupe tourists into handing over money or personal information. For example travel and ticket scams could see you out hundreds or even thousands of dollars.

2. Stick to secure networks

Unsecured public wifi networks are fairly easy to spot as they don’t require you to log in with any credentials. Try to stick to secured networks which ask you to provide at least an email address. One reason for this is that hackers are less likely to loiter on secured networks as they wouldn’t want to hand over their own personal information.

It also helps you to avoid mistakenly joining a hacker’s own network. One tactic fraudsters use to bait unsuspecting victims is to set up a network that looks like it belongs to a legitimate business. For example, a hacker could set up their own wifi network in a hotel and simply give it a name that’s similar to that of the hotel, such as “MarriottGuest.”

The thing is, most hackers wouldn’t go to the bother of requiring credentials for their network, so if you’re required to enter your email, you’re probably joining a legitimate hotspot.

3. Only visit secure websites

Websites that have a URL starting with https (instead of http) use an encrypted protocol to transmit your information. If possible, you should aim to only visit https sites, especially if you’re dealing with sensitive information.

EBay with https symbol.

For example, the padlock symbol and the presence of https in the URL of eBay’s site tells us it’s secure.

The app HTTPS Everywhere can help as it forces a connection to the https version of a site, but only if there is one available.

4. Use a VPN

A Virtual Private Network (VPN) can prove an invaluable tool whether you’re at home or traveling abroad. This software encrypts all of the internet traffic flowing to and from your device. This makes it unreadable to anyone who might be monitoring it. As such, wifi network owners, such as the folks running the cafes and restaurants mentioned earlier, won’t be able to maintain records of your activity. Any hackers attempting to intercept your traffic will also find it’s unreadable.

As a bonus, a VPN helps you unblock geo-restricted content. For example, in Thailand, if you log in to your Netflix account, even if you signed up in the US, you’ll see the Thai Netflix library. A VPN sends your traffic through a secondary server in a location of your choice, and replaces your IP address with one from that country. When you choose a US server, Netflix will determine you’re in the US and grant you access to the US catalog.

This method can be used to access a range of content from streaming, gaming, and gambling sites, among other platforms. Using a VPN is perfectly legal in Thailand.

ExpressVPN: best VPN for online privacy and security in Thailand.

When choosing a VPN, be sure to go for a reputable provider that offers strong encryption and solid privacy policy, such as ExpressVPN. Free VPNs are usually poor options as they often log your data and have weak encryption standards.

5. Turn off your device’s wifi when not in use

Is your device set to automatically search for and connect to wifi networks? While this offers convenience, it could spell trouble. As mentioned, unsecure networks don’t require any type of login. This means you could be connected and a hacker could be pilfering your information without you even noticing you’ve joined the hotspot.

To avoid this, it’s best to make a habit of turning off your wifi completely when not in use. At the very least, you should adjust your device settings so that you’re not automatically discovering and joining unfamiliar networks.

For example, in iOS, you should have Auto-Join Hotspot set to Never or Ask to Join. Note that this still doesn’t stop your device automatically joining familiar networks (those you’ve connected to before). You’ll have to turn wifi off completely for that.

iOS hotspot settings.

While you’re adjusting your settings, you may consider disabling sharing options too. You might want to share with other devices, for example, laptops and printers, while at home or work, but sharing in a public space can be dangerous.

6. Look out for phishing emails and sites

We mentioned phishing above and this is a common tactic for fraudsters to get information from you for use in other scams. Learning to spot phishing emails and websites is beneficial whether you’re at home or abroad.

Phishing emails usually come from someone posing as another individual or a company. They may be very basic or quite sophisticated, complete with company logos. Key things to look out for are poor spelling and grammar and links that direct you to odd-looking domains. Also, check the sender’s email address to see if the domain spelling exactly matches the spelling of the company it’s purportedly coming from.

Many phishing emails contain links to phishing sites which are fake websites that mimic legitimate websites. A few giveaways of a phishing site are outdated copyright information and lack of contact information. The above tip about https sites and the padlock symbol ought to be helpful here. But, unfortunately, many phishing sites have gotten around this and actually bear both.

7. Think twice before posting to social media

Social media offers a great way to keep in touch with friends, family, and fellow travelers. But it’s possible to share too much on your Facebook or Instagram page. Seemingly mundane details of your daily activities can prove very valuable to criminals who can use the information to trick you in various online scams. In addition, disclosing your existing location in real-time, such as by using the “Check In” feature on Facebook, can even expose you to risks of physical crimes.

Image credit: “Flag Wind” licensed under CC BY 2.0