Of the robbery affair

2024-05-07 @Travel

Some weeks ago in Porto Seguro, Bahia, already in the last two-week stretch of my annual season of Brazil, I was pillaged for a fair share of goods. The tablet, the phone, most cash, most cards and a part of my ego were swiped from the confines of my very quarters. I’ll leave out the villainy particulars, which hardly inspire but momentary sensationalism anyway. Let’s rather explore the aftermath.

Increasingly consumed by silence, disconnected an extra several echelons, the paper regime at the peak of the blossom, I’ve taken time aplenty to reflect on the nomadic infrastructural fragilities, inferences drawn, precepts reanalyzed.

Oh, the frustration, the borrowing of phones and computers to communicate and carry out redress procedures, reacquire the missing travel data, secure emergency funds. There were about ten days pending of my sojourn after all, so it became a matter of scraping by. Occur the affair mid-course and I would’ve had to adapt drastically different stratagem.

Contrary to all petty robberies of the past, I formalized the case via Policia Civil this time around, the unit predictably nonchalant but kind enough to also let me use their computer as I segwayed back and forth between that and the case agent.

Expecting nothing to come of it, what actually came of it was almost nothing, the difference quiet substantial. The culprit had been arrested days later in the neighboring Arraial d'Ajuda, also my subsequent destination and hardly coincidental. At the local station I recovered my cards (one already blocked and deactivated after fraudulent transactions), but none of the inherent valuables.

It wasn’t strictly my case but the numerous others where the rodent operated systematically and which instigated police curiosity. I’d not even chance upon the update if not for the owner of the local hostel following these affairs, bless her heart.

Moving on. It appears that in 2024 the internet cafes are wanting, at least hereabouts the tropicalia. Nowhere did I gather as much as a clue on making an international, fixed-line call, not even at the one such LAN cafe I did locate. Mind you, those computers sported no microphones nor VoIP software. No soul knew how to go about it. It’s as if the world ceased to communicate but through phone internet messengers.

Days later it occurred to me to reactivate an online calling card account, which thankfully did not require an email confirmation, as at that point I lacked access to any primary or backup email, the way I had my infrastructure over-engineered (more on that below). So I thus managed to call international through a local access number through a borrowed phone.

(Must acknowledge the kindness of these folks repeatedly lending me their phones and computers and sympathies.)

But however succinct or straightforward any of the above appears, it made a sloppy, stinking, bloody mess. And it entirely disrupted my operational momentum. It took me a month, to just about this point, to resume the writing habit. Not to mention lapsed work across any publishing pursuit.

That is where I was most annoyed: the sheer loss or misuse, or the ineffectiveness, rather, of time.

I spent many days bemoaning, taking frustration, doubting the security of my data despite the devices' enforced authentication mechanisms and the supposed auto-erasure strategies following so many failed attempts at entry. The latter I can’t quiet recall if indeed the case or if I’d imagined it; hoping for the nonexistence of any backdoors, hoping that whatever scoundrel ultimately came in possession of these widgets would sooner factory wipe than bother to fiddle.

Hoping the same for the gigabytes of photography saved precisely on the unencrypted external storage, and especially the whatever sensitive data I might have incidentally left thereabouts.

The realization that I can’t simply ‘connect’ via some cloud but need a properly and elaborately configured device with authentication keys to communicate with my services and conduct work, sent my mind afrenzy, if just a bit.

Suffice to say, the affair put a cramp on these remaining Brazilian days. Imagine now had it been my entire bag lifted in lieu of those hand-select wares? And why not? I carry a light, compact, under-the-seat item, which, at the time, freed of clothing, demanded hardly any effort. And then, gone the documents, the passport, the IDs, gone the disparate paperwork with all sorts of private tads and bits, gone … oh, the horrors. Maybe some of that would have made the holds of the Police station. Maybe not. But the imaginary yet not implausible scenario screams catastrophe.

The likelihood of which, however low, I needed to conduct a security reassessment, which led to the following ruminations.

The lessons and the reinforcements

The resilience of simple, non-omni-potent devices, as far as the selective, targeted thievery (more on that below). The older, the more inconspicuous, the better. In my case, the MP3 player, the small photo camera, the band-less wristwatch, intact. And especially the paper, all those paper books, documents and the such.

Don’t know how viable to encrypt storage-card elements. Or better to enforce a hard policy of never storing anything on those cards I’d mind going public, however improbable? Unlikely was there anything indeed compromising on those micro-SDs. But I lack uttermost certainty. And plenty of photography there was. And for what it’s worth, I’ve never taken comfort at its leaking into the open.

Most of everything was backed up, synchronized and/or committed elsewhere. Most, but not all. And there I lost the fruit of some labor. I thought me already rigorous, but it behooves to apply yet further rigour.

Never neglect a storage locker when one is of avail. A bag with a locked zipper might not prove sufficient, as this case demonstrated.

Don’t carry more cash than necessary. Avoid foreign currency of no immediate use. But since cash needs be carried in some substantial quantity at one point or another, need to better conceal. Same applies to the cards. Have long neglected this exercise.

Airplane/flight mode seems the way to go, I think … Effectively, my devices remain entirely offline at night and much otherwise. And plundered in such a state, inaccessible without their PINs, they can’t receive inbound communication either (including confirmation calls or messages). And nothing but spam would arrive on the local SIM number, even if transferred. So while I might miss a small window of opportunity to track these devices by online means, I gain the assurance of their not compromising further security. Or is there a back-door or other dimension to which I remain ignorant?

Need to investigate the disabling of pinless debit card transactions.

Most of my authentication and password management is confined to the device. Nor have I configured web access to my email, but through traditional IMAP, nothing quickly configurable per se on a borrowed device. And I’ve only lately began to consider a backup, external email not personally hosted.

One might argue that I’ve over-engineered. Debatable. But I certainly need to reassess potential backdoors and redundant points of entry for just such an eventuality as this.

And a final observation. For the consecutive time, the thief appears strictly interested in immediately resolvable assets: computers, cards, cash. Lest other circumstances delude my reasoning, it appears this enterprise by no means expels ethics nor tenets. That is, plenty of belongings could be plundered of hardly any value to the agent, but of insurmountable value to me, the subject: insofar that the paradigm seems to apply across these lower, petty ranks of thievery. I can’t speak for the tiers of politicians or rubber barons.

Safe travels.

Questions, comments? Connect.