Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Facebook Privacy Security Social Networks Twitter United States Politics

'Social Media Needs A Travel Mode' (idlewords.com) 144

Maciej CegÅowski, a Polish-American web developer, entrepreneur, and social critic, writes on a blog post: We need a 'trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers. Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home. Both Facebook and Google make lofty claims about user safety, but they've done little to show they take the darkening political climate around the world seriously. A 'trip mode' would be a chance for them to demonstrate their commitment to user safety beyond press releases and anodyne letters of support. What's required is a small amount of engineering, a good marketing effort, and the conviction that any company that makes its fortune hoarding user data has a moral responsibility to protect its users. To work effectively, a trip mode feature would need to be easy to turn on, configurable (so you can choose how long you want the protection turned on for) and irrevocable for an amount of time chosen by the user once it's set. There's no sense in having a 'trip mode' if the person demanding your password can simply switch it off, or coerce you into switching it off.
This discussion has been archived. No new comments can be posted.

'Social Media Needs A Travel Mode'

Comments Filter:
  • mode complexity (Score:3, Insightful)

    by micahraleigh ( 2600457 ) on Thursday February 23, 2017 @12:24PM (#53918425)
    As a former C++ app engineer, I've found adding "modes" increases the source and test complexity and often end up not being used very much.

    A sprawling generalization, but that's what I've got ...
    • Re:mode complexity (Score:5, Insightful)

      by Dutch Gun ( 899105 ) on Thursday February 23, 2017 @12:34PM (#53918507)

      Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.

      • As such, the *laws* need fixing, not the technology.

        I'll assume you are familiar with the procedure. Always best to start at the beginning.

      • Re:mode complexity (Score:5, Insightful)

        by XxtraLarGe ( 551297 ) on Thursday February 23, 2017 @12:57PM (#53918695) Journal

        Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.

        They don't need fixing, they need repealing.

      • by Anonymous Coward

        It isn't technology nor laws. It is pure and simple ROI, as viewed by social media companies. To them:

        Security has no ROI.
        Privacy has no ROI.

        If it were in their interest to have security, we would be seeing social networks supporting client certs, reduced functionality modes, duress passwords, and many other types of security architectures, as opposed to just nothing like what we have now.

        • It isn't technology nor laws. It is pure and simple ROI, as viewed by social media companies. To them:

          Security has no ROI.
          Privacy has no ROI.

          If it were in their interest to have security, we would be seeing social networks supporting client certs, reduced functionality modes, duress passwords, and many other types of security architectures, as opposed to just nothing like what we have now.

          So ROI does not fix the problem? So we need laws then?

          The market doesn't fix everything - that's why we have law.

          • If there was a demand for security, then companies would offer it.

            The problem is that if you are not paying for the service, then YOU are the product being sold. Social networking companies sell access to their users, who are generally NOT paying for the service. The users are the PRODUCT being sold, and good security would decrease advertiser access (and remember, the advertisers ARE paying...) to the users.

      • Technology can fix those laws.

        • by Altrag ( 195300 )

          No it can't.. at least not beyond the most mundane interpretations such as "the new law could be typed up in a word processor."

          Technology needs to be implemented by somebody, and if it runs afoul of laws, the cops and lawyers will simply go after the implementer. Sure that may be impractical if you write your own encrypted messenger client that you and your 3 friends use but when we're talking companies on the scale of Google and Apple and Microsoft, their choice to run afoul of the law could affect millio

          • So there's currently nothing to fix in the sense that these companies could freely implement such technologies and just choose not to.

            There is a technology fix to this problem -- and almost all the others, large and small. If I could code I'd already be writing it. https://medium.com/@arthurfont... [medium.com]

          • First of all, why the fuck should I give a fuck about your country's laws?

            Second, your country blocks my download page? Welcome to VPN.

            Third, your law enforcement tries to ferret out the use? It's trivial to disguise traffic like something benign.

      • As such, the *laws* need fixing, not the technology.

        Yes, true, but given that it won't happen soon, technology that renders those laws useless is the only step forward we can make now.

      • Re:mode complexity (Score:5, Insightful)

        by tlhIngan ( 30335 ) <slashdot&worf,net> on Thursday February 23, 2017 @01:48PM (#53919061)

        Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.

        No amount of technology can keep public information private. And no amount of "privacy controls" will make public information private. (See a pattern?).

        In fact, "social networks" and "privacy" are an oxymoron. There is no such thing as "privacy controls". "Privacy Controls" are marketspeak for "encouraging marks to over-share". Yes, Facebook and everyone has done their research - people will share more if they get the illusion their data is protected.

        In the end, everything you post on a third party website, is public. Thanks to people screen shotting, re-posting, etc, anything you post is public. Even if it's a party for selected individuals, the people you didn't invite will find out anyways.

        The only "technology" to keep our data private is to ... keep it private.

        Not that I agree with the border proection asking for passwords. But that's a legal issue that can really only be dealt with legally.

        • In the strictest sense you are of course correct, but I don't really see why you're making a distinction between analogue technologies where we have an expectation of privacy, and digital ones where for some reason there is none. By your logic every phonecall you make can be public because it goes through the phone companies' equipment. Every letter you send could potentially be opened and read.

          But we don't have it work like that, there are systems & laws set up to keep those things private and a huge f

          • ^^THIS.^^

            Why doesn't the digital world follow the same model as the analog world, where you are the center of your life, in the sense that you hold the panoptic view of everything that happens to you, and everyone else has theirs? Because we've been hijacked by these massive context-based honeypots that effectively (and often legally, through the terms of service nobody reads), seize ownership of big chunks of your digital identity, and locks them in silos away from every other chunk. You get split up into

          • Stop throwing in the towel just because it's easier to look down on people who use social networks. It is within possibility to fix this in law.

            Possible? Yes. Profitable, to Facebook or Twitter or Google? No, because the users aren't paying for the service; they ARE the service that ADVERTISERS are paying for. As long as social media companies are advertiser-supported, the social media companies will NEVER implement reasonable security measures, because the social media companies would go bankrupt. Zuckerberg et. al. will never offer good security, because they would go broke.

  • "We"? (Score:2, Informative)

    "We need a 'trip mode' for social media sites..."

    Speak for yourself...my devices aren't polluted with social media apps that leak my info and make me a target for hackers and Border Patrol fascists.

    • by xtal ( 49134 ) on Thursday February 23, 2017 @12:39PM (#53918539)

      Border guards can ask for your account passwords.

      You don't have to provide them, of course.

      But if you're not a citizen, you don't have to be admitted, either.

      There are little or no practical appeals.

      Not responding truthfully to a border guard is a very serious crime; it's not an option, although refusing can be, with consequences.

      It will be interesting to watch the economic impact of this over time - I suspect there will be none, as people have adapted in the past, and this will just become the norm.
       

      • by OhPlz ( 168413 )

        I don't think there's much of a choice for non-citizens. Look at what open borders get you, tourism numbers in France are way, way down. No one wants to deal with frequent terror attacks and rioting.

      • As AC said below, "How do I provide that which doesn't exist? What then?"

        I don't have a Facebook account, nor Instagram, Pinterest, LinkedIn, etc etc etc. Facebook *might* have a page that *they* started on me, but it's not mine.

        You can Google my name all day long and not find squat, I'm just not there. They're welcome to search for me but it'll be a wash with no relevant results.

        So how do I give them what doesn't exist?

        • So how do I give them what doesn't exist?

          Create it, and then it will exist.

        • by AHuxley ( 892839 )
          Its fine not to have email, social media, just a phone. But if a person is wanting to enter another nation, expect most online activity to have been found.
          A photo will have some use for facial recognition. Friends will be found, friends of friends.
          Party? Conference photo? Work? Hobby? A person who shows up in a very interesting nation? Friends of friends online?
          A person might not have social media but everyone at their work might :)
          Who are they friends with? Who or what do people ate work or fr
        • by Altrag ( 195300 )

          You're just assumed to be socially inept and therefore possibly unstable and a risk.

          Employers have been doing it for years. The government just had to figure out a way to write it up so it didn't sound so discriminating..^W^W^W^W^W^W

          Sorry I mean had to wait for a president that believes mass discrimination is the solution to all problems.

          • You're just assumed to be socially inept and therefore possibly unstable and a risk.

            And they'd be right! Trust me, my wife will swear to all three of those things without even being prompted.

  • Good intention, but what's to prevent a border patrol agent from a rogue state from just detaining people until the trip mode timer expires?
    • Why not add a duress password, perhaps? That, and hide the fact that trip mode is on, don't show a timer. Another way to deal with trip mode is to allow for non-trip-mode access only through a user settable range of IP addresses. Leave that range, the functionality set gets reduced. This way, if one is in Lower Elbonia, there is little to nothing the local goons can do to get full access to someone's profile, especially if the user uses 2FA.

    • by eth1 ( 94901 )

      Good intention, but what's to prevent a border patrol agent from a rogue state from just detaining people until the trip mode timer expires?

      Set a "home" location. Require the mobile device to be physically located within a certain distance of that area (determined via GPS) in order for trip mode to be deactivated.

  • Does Facebook keep much locally on the phone? It'd seem easier to just uninstall it, deny having an account at the border, and reinstall whenever. Same as backing up stuff to the cloud.
  • Far better to have a cutsie account in your real name with only polite BS and a 2nd account in a different name where you can be honest. No politics or opinion on your real name and open an incognito browser before logging in to the real account where you say what you really think. A cut down account is far too dangerous as it would still be the person that the junta in Thailand are looking for for criticising the way they arrest, murder people or sell Rohinghya into slavery. It is not just the US who wa
    • Re:2 accounts? (Score:4, Insightful)

      by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Thursday February 23, 2017 @12:49PM (#53918629) Homepage Journal

      Far better to have a cutsie account in your real name with only polite BS and a 2nd account in a different name where you can be honest

      That would violate the "real name" policies of services like Facebook and Quora [quora.com] — you can lose that "important" account if you do that...

      Of course, you can another account with your real name — for example, there are over a dozen Facebook accounts with my own fairly rare Firstname Lastname combination already. None of them mine...

      But that has its own difficulties — most client-applications remember your username-string, even if you tell them to not record the password. So, you will be seen overwriting your username with the fake one... And, even if you aren't, whoever forces you will see, you last logged-in a year ago — and become suspicious. No, what you want is a "Duress Password" [slashdot.org], which unlocks the same account but hides the things you want hidden.

      • by Zemran ( 3101 )
        "That would violate the "real name" policies of services like Facebook and Quora [quora.com] — you can lose that "important" account if you do that..." If you think that a Facebook account is "important" you have your priorities wrong in life. I would rather lose an account than publish personal information publicly.
        • by mi ( 197448 )

          If you think that a Facebook account is "important" you have your priorities wrong in life

          Don't attack the messenger — as I suggested above, I don't have a Facebook account at all.

          By "important" I meant the account, that a user would consider worth protecting by hiding under a different name as you suggested.

          Since you have nothing to say but argue about terminology (semantics), I believe, we are done here.

    • I do half of that. My FB account is full of boring stuff that would put any border cop to sleep (Heck, it puts me to sleep and I wrote it). The good stuff, like my plans for world domination, aren't on FB in any of my identities.

  • by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Thursday February 23, 2017 @12:42PM (#53918569) Homepage Journal

    A "mode" will be detectable — looking at your screen whoever compels you to show it (a criminal or an officer or both-in-one) will be able to tell, you are in "travel mode" and demand to see the real deal.

    The concept you want is Duress Password [wikipedia.org] — which ostensibly unlocks "everything", but hides the things you previously marked for hiding whenever the "duress" password is entered instead of real one.

    And you may wish to use it not only to fool overzealous border-guards, but, for example, to hide certain materials from bystanders at Internet-cafes.

    There is a "duress" PAM-module [github.com] in the works for folks compelled to login to their Unix-laptop and a move to add the feature to Cyrus IMAP-server [github.com].

    But, to reiterate, it is of utmost importance, that your usage of such functionality can not be not only proven, but even suspected. Whoever is in a position to compel you to login, is also in a position to punish you for fooling him...

  • for an amount of time chosen by the user

    Which, coincidentally, will be the amount of time you are held in detention until your phone unlocks.

  • If that means it needs a feature to send it to or preferably past the end of the world, then I agree.

  • Really, traveling without social media is a very pleasant option in most cases. My most memorable vacations are the ones I took where I was not worried about WiFi or 3G service. Your vacation should get you away from what consumes you during the rest of your existence; if you are worrying about that crap while you are away I'm going to tell you that your doing your vacation wrong.
    • Really, traveling without social media is a very pleasant option in most cases. My most memorable vacations are the ones I took where I was not worried about WiFi or 3G service. Your vacation should get you away from what consumes you during the rest of your existence; if you are worrying about that crap while you are away I'm going to tell you that your doing your vacation wrong.

      *this is not a goddamn solution*.

      Yes, you can, especially if you're only vaguely on social networks. But we shouldn't have to jump through hoops like this - when you're visiting friends and whatever while travelling, guess what, social networks are very useful in that case. Do you think it stops at social networks? Should you leave your phone completely? Social networks today, your phone call history tomorrow? Is that OK?

      You can do this at the moment. Then tomorrow when they start doing automatic searches b

      • Your reply wandered so much that it's rather difficult to tell if you even had a plan for it. I'll take the most coherent parts of it and try to reply to them:

        Yes, you can, especially if you're only vaguely on social networks. But we shouldn't have to jump through hoops like this

        If you are so married to your online existence that you consider leaving your laptop behind to be "jumping through hoops" then you probably couldn't be helped by any amount of anything here. Fortunately for you people who are at that level of dependency seldom notice when they are more than 10 miles from their home - as they almost never look away

        • Do you think it stops at social networks? Should you leave your phone completely?

          Do you really think the two are equivalent in levels of importance?

          You don't? Why are they different? Quite a few people communicate almost exclusively by text, by chat mediums with the people that they know. Some people don't like phonecalls. For an increasing number of people they are absolutely the same importance.

          Social networks today, your phone call history tomorrow? Is that OK?

          There are nations that for years have checked visitors' phones at customs. In case you didn't know this before, US laws don't travel with you when you enter another country - you enter another country and you are now expected to adhere to their laws. If you

    • by AHuxley ( 892839 )
      Any gov will have a passport photo. Travel without a phone, laptop and get asked, about social media?

      As a citizen a person can invoke their nations laws, ask for a lawyer, articulate legal protections during the friendly chat down.
      Federal, state, city, public/private partnership, charity, NGO efforts to collect and index all social media over the years will then get a facial recognition request.
      Past hours, days, weeks, months could be recovered and presented during a chat down or held back to see how a
  • don't bring any devices with you, and if someone asks for your Facebook password reply with "Whats a face book?"

    • In the end, the internet is a messy place for sensitive secrets. We have reached the point where it is best not to document anything provocative (or potentially twisted by a warped mind wearing jack boots into appearing provocative) on the internet. Big brother is in full force. Love him, or else.

  • by gweihir ( 88907 ) on Thursday February 23, 2017 @01:09PM (#53918789)

    It is a political one. If you travel to a country where they can demand your passwords, they can do equally bad things to you if you have a "travel-mode" configured. The problem is that they can demand your passwords. In a country that respects personal freedoms, that will not happen. Unfortunately, the citizens of most democratic countries are too unaware of history today to understand the value of those freedoms and how hard it was to get them and are not defending them. If you go to such a country, having them look at all your social media stuff from the inside may be the only option. Whether you want to go to a country run by honor-less and decency-less "authorities" that do these things with the general consent of the citizens there is another question.

    Incidentally, doing a "travel mode" is easy: Create long random password that you cannot remember, write it down, set it as your account-password and leave the piece of paper it is on at home. Done.

  • Great so you set "travel mode." And then what? Lock it with a different password? The TLA involved will just ask you for the credentials to turn off travel mode.

    Or do you set a time period with no way to turn it back off if you make a mistake? That doesn't sound like a very good idea.

    The only way to avoid exposure is to not have social media accounts, or have shell accounts that you log your phone into when you travel. That's your travel mode.

    • by Ksevio ( 865461 )
      You say "I'm traveling from the 14th to the 21st, travel mode should cover those days", then you click the "confirm" button and if you made a mistake, you have to wait a bit. That sounds easier than your option.
  • It's called the "Logout" button. It's an amazing privacy feature.
  • The problem isn't just that the ask for passwords. The problem is also that they save them for later use.

    http://www.dailyxtra.com/canad... [dailyxtra.com]

    A month later, André attempted to fly to New Orleans again. This time, he brought what he thought was ample proof that he was not a sex worker: letters from his employer, pay stubs, bank statements, a lease agreement and phone contracts to prove he intended to return to Canada.

    When he went through secondary inspection at Vancouver airport, US Customs officers didn’t even need to ask for his passwords — they were saved in their own system. But André had wiped his phone of sex apps, browser history and messages, thinking that would dispel any suggestion he was looking for sex work. Instead, the border officers took that as suspicious.

    All the "travel mode" protections we can think of will be useless, unless it also forces a password change. And we all know how often that happens.

    As so many other commenters have pointed out, technology is not the problem here. The laws allowing it (or the lack of laws prohibiting it) are the problem.

  • You appear to be advocating for a technical solution for fascism. The problem is, the fascists have better rubber hoses. Also, if it can't be turned off, then it can be used to grief people; if you can get them to turn it on, whether by owning their account or by tricking them, and they can't turn it off, that's beyond inconvenient.

  • Don't use that crap. It's nothing more than candy to lure you into the paedophile's van.

    So you say you can't live without your beloved Facebook, Twitter, Instagram, etc? Well, some people think they can't live without heroin, cocaine or oxycontin. That's your fucking problem and I have no sympathy.

  • If they can force you to give them your password, they can just as easily force you to deactivate any kind of "trip mode." This is just silly.

  • How about stop putting private information on social media....AND when you're traveling, pay attention to the foreign place over the virtual one....
  • by enjar ( 249223 ) on Thursday February 23, 2017 @04:40PM (#53920399) Homepage

    Log out, remove it from your device and actually be fully present for your trip. The world's a fascinating place, experiencing it through a four inch screen really doesn't do it justice.

  • I was thinking as a work around to this how about just overnighting your electronics to the house? Mostly just as an FU.

  • I was tempted to say that you need new laws which protect your right to privacy but maybe technical solutions to government nosiness are the way to go.

  • The idea of duress passwords sounds right, but requires some changes to the device/software.
    If we simply keep another account of the same type that authenticates with the device and syncs to a different set of contacts, map history, browser history, then it should be as plausible as what the security guy finds on the account for someone who is not a very regular user of the "smart" part of their phone.

  • Let's break it down...

    "We need a 'trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers."

    If you don't want things in public, don't put them on social media.

    "Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home."

    No it wouldn't. The oligarchs who want the data will just ge

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...