top of page
Search

How to Keep Your Physical Location Private as a Remote Worker

Are you tired of feeling like you're living in a digital fishbowl, where anyone can track your every move? As a remote worker, it's essential to maintain control over who knows where you are. In this article, I'll share my top tips and strategies for keeping your location private, from portable routers to virtual machines - so you can work freely, without worrying about prying eyes.


With the rise of remote work, maintaining privacy about your physical location can be important. You might prefer not to disclose that you're currently in a place like Thailand, which could be perceived as a vacation spot, even if you're working full-time. Some people choose to rent a winter villa in Spain or the Caribbean but wish to avoid comments from team members about "partying" abroad. Additionally, company policies may restrict working from certain countries. This post discusses methods to protect your location privacy while working remotely.


Remote office
Hola senjor Speedboat! Please a little quiet today, I have a Teams meeting with my team now.

In my experience, the following scenarios have arisen:


  • Working from Spain for Four Months: Although it wasn't prohibited, I wanted to avoid causing envy among colleagues, so I kept my location private.

  • Remote Work from Thailand: I was employed by a bank that allowed remote work but only domestically. I spent five months in Thailand working remotely without drawing attention.

  • Various Trips Worldwide: I've taken numerous trips where I needed to appear as if I were in my home country.


Many people suggest using a VPN service like NordVPN, Mullvad, or ExpressVPN. However, commercial VPNs can be easily identified and might raise suspicions, as they are often associated with "VPN IP lists." They can also leak information through IPv6 queries or DNS.


Even if you manage to log into Teams using a masked IP address, your company might have set up Microsoft Authenticator to request location data. To address this, I use the authenticator app with a VPN and disable location services for the app to ensure privacy.


Choosing the Right VPN Endpoints


As mentioned earlier, commercial VPNs like ExpressVPN or NordVPN are not ideal since they are often blacklisted. Instead, I set up a WireGuard or OpenVPN connection using devices like the GL.iNet GL-AR750S or servers from providers like Hetzner. Hetzner offers locations in the US, Germany, Finland, and Singapore, allowing me to switch geolocations without appearing suspicious.


How Do Companies Detect Location Discrepancies?


Modern IT security systems enable administrators to set up automatic alerts that track user activity. Rapid changes in login locations can trigger alerts, especially if a user supposed to be in the USA suddenly appears to log in from a different country such as Portugal. Administrators can review your login history, identify the use of VPN services, and note other details that might raise concerns. These issues can be escalated to your company's IT department, potentially leading to direct communication or involvement of your supervisor. Prepare to roll out the excuses, and good ones. Like your wife went for vacation and accidentially took your phone with her. So why did she use the corporate services there? Um..


In-Flight Wi-Fi Considerations


Using in-flight Wi-Fi can cause location discrepancies. For example, some airlines use services like Panasonic Aero Wi-Fi, which might geolocate to Phoenix, USA. I've been questioned about why my IP address suddenly indicated I was in the US when traveling between European airports. These situations are generally easy to explain to IT departments.


To enhance privacy, I use a VPN on planes by sharing the internet connection through my GL.iNet GL-1300 travel router, which has built-in VPN capabilities and can block connections if the VPN fails. I use this setup in hotels and public networks abroad to ensure a secure connection and prevent location tracking.


I also have a dedicated phone for Microsoft Authenticator. Its location services are turned off, and it only connects via VPN.


Handling Phone Communications


In the past, when phone calls were more common, I needed to work on some tricks with my phone number to avoid high fees for incoming calls while abroad. I would let calls go unanswered and then return them using Skype, which allows you to perform an ordinary landline (VoIP) call (with local call rates) and display your local mobile number as the caller ID. This method saved money and added a layer of privacy. While phone calls are less common now, and I'm more likely to be contacted via Slack or Teams, it's still a useful strategy, for some.


Equipment and Software for Enhanced Privacy


The hardware I use includes the GL.iNet router, which provides automatic VPN connection, connection blocking, telemetry, and ad blocking. You'd be surprised how much telemetry services like Slack or iCloud send out. On my Mac, I use an app called Little Snitch to monitor and prevent unwanted outbound traffic. On Windows, I use GlassWire. Both allow for advertisement and telemetry blacklists. On my Ubuntu system, I have an automatic VPN setup using WireGuard that connects upon boot, ensuring my location isn't exposed.


I prefer using Slack in a browser because the app version sends out more telemetry data.


Challenges Encountered


I've faced some challenges while trying to maintain location privacy. For instance, my devices have automatically connected to local Wi-Fi networks in foreign countries that I had used before. To prevent this, I nowadays "forget" these networks and primarily use my travel router when visiting cafes or beaches in other countries. Sometimes, I've forgotten that a customer-specific Windows virtual machine was running in the background while I connected to a local network in some remote country without VPN protection, inadvertently exposing my location. The guest virtual machine was running all the typical apps like Slack, Outlook and Jira, so the exposure was noted. I talked myself out of this explaining that I had used a VPN software to appear to be in another country in order to view a Netflix series not available in my home country. Of course they believed me.



Using Corporate VPNs


Some companies require the use of a corporate VPN to access certain services. Standard solutions like Cisco AnyConnect can be intrusive and may not allow nested VPNs, detecting the use of additional VPN software. To navigate this, I use a secure Wi-Fi network with automatic VPN connection or employ nested virtualization. I set up dedicated virtual machines with the necessary client-specific software and VPN, isolating them from the rest of my system.


Client-Specific Phone Applications


Many companies offer phone applications like:

  • Slack

  • Outlook Mail

  • VPN Clients


These apps often request permissions to access geolocation, network information, photos, and other personal data. The amount of telemetry these apps collect can be substantial. I avoid granting these permissions and do not install corporate apps on my personal devices. The only exception I make is for Microsoft Authenticator, which doesn't request access to personal data like photos, although geolocation requests depend on company policy.


Client Isolation


I use different machines or dedicated virtual machines for different clients to prevent accidental exposure of client data during screen sharing. This also keeps my work and personal data separate. While having multiple laptops can be costly, it ensures professionalism and privacy.

 
 
bottom of page