'Social Media Needs A Travel Mode' (idlewords.com) 144
Maciej CegÅowski, a Polish-American web developer, entrepreneur, and social critic, writes on a blog post: We need a 'trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers. Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home. Both Facebook and Google make lofty claims about user safety, but they've done little to show they take the darkening political climate around the world seriously. A 'trip mode' would be a chance for them to demonstrate their commitment to user safety beyond press releases and anodyne letters of support. What's required is a small amount of engineering, a good marketing effort, and the conviction that any company that makes its fortune hoarding user data has a moral responsibility to protect its users. To work effectively, a trip mode feature would need to be easy to turn on, configurable (so you can choose how long you want the protection turned on for) and irrevocable for an amount of time chosen by the user once it's set. There's no sense in having a 'trip mode' if the person demanding your password can simply switch it off, or coerce you into switching it off.
mode complexity (Score:3, Insightful)
A sprawling generalization, but that's what I've got
Re:mode complexity (Score:5, Insightful)
Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.
Re: (Score:1)
As such, the *laws* need fixing, not the technology.
I'll assume you are familiar with the procedure. Always best to start at the beginning.
Re:mode complexity (Score:5, Insightful)
Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.
They don't need fixing, they need repealing.
Re: (Score:2)
Curious sig. Do you live in a swing state?
Michigan.
Re: (Score:2)
Curious sig. Do you live in a swing state?
Michigan.
Still can't blame you, unless you voted 10,000 times.
Re: (Score:3)
A voice in a crowd can sway many men.
Re: (Score:1)
It isn't technology nor laws. It is pure and simple ROI, as viewed by social media companies. To them:
Security has no ROI.
Privacy has no ROI.
If it were in their interest to have security, we would be seeing social networks supporting client certs, reduced functionality modes, duress passwords, and many other types of security architectures, as opposed to just nothing like what we have now.
Re: (Score:3)
It isn't technology nor laws. It is pure and simple ROI, as viewed by social media companies. To them:
Security has no ROI.
Privacy has no ROI.
If it were in their interest to have security, we would be seeing social networks supporting client certs, reduced functionality modes, duress passwords, and many other types of security architectures, as opposed to just nothing like what we have now.
So ROI does not fix the problem? So we need laws then?
The market doesn't fix everything - that's why we have law.
Re: (Score:2)
If there was a demand for security, then companies would offer it.
The problem is that if you are not paying for the service, then YOU are the product being sold. Social networking companies sell access to their users, who are generally NOT paying for the service. The users are the PRODUCT being sold, and good security would decrease advertiser access (and remember, the advertisers ARE paying...) to the users.
Re: (Score:2)
Technology can fix those laws.
Re: (Score:3)
No it can't.. at least not beyond the most mundane interpretations such as "the new law could be typed up in a word processor."
Technology needs to be implemented by somebody, and if it runs afoul of laws, the cops and lawyers will simply go after the implementer. Sure that may be impractical if you write your own encrypted messenger client that you and your 3 friends use but when we're talking companies on the scale of Google and Apple and Microsoft, their choice to run afoul of the law could affect millio
Re: (Score:1)
So there's currently nothing to fix in the sense that these companies could freely implement such technologies and just choose not to.
There is a technology fix to this problem -- and almost all the others, large and small. If I could code I'd already be writing it. https://medium.com/@arthurfont... [medium.com]
Re: (Score:2)
First of all, why the fuck should I give a fuck about your country's laws?
Second, your country blocks my download page? Welcome to VPN.
Third, your law enforcement tries to ferret out the use? It's trivial to disguise traffic like something benign.
Re: (Score:3)
As such, the *laws* need fixing, not the technology.
Yes, true, but given that it won't happen soon, technology that renders those laws useless is the only step forward we can make now.
Re:mode complexity (Score:5, Insightful)
No amount of technology can keep public information private. And no amount of "privacy controls" will make public information private. (See a pattern?).
In fact, "social networks" and "privacy" are an oxymoron. There is no such thing as "privacy controls". "Privacy Controls" are marketspeak for "encouraging marks to over-share". Yes, Facebook and everyone has done their research - people will share more if they get the illusion their data is protected.
In the end, everything you post on a third party website, is public. Thanks to people screen shotting, re-posting, etc, anything you post is public. Even if it's a party for selected individuals, the people you didn't invite will find out anyways.
The only "technology" to keep our data private is to ... keep it private.
Not that I agree with the border proection asking for passwords. But that's a legal issue that can really only be dealt with legally.
Re: (Score:2)
In the strictest sense you are of course correct, but I don't really see why you're making a distinction between analogue technologies where we have an expectation of privacy, and digital ones where for some reason there is none. By your logic every phonecall you make can be public because it goes through the phone companies' equipment. Every letter you send could potentially be opened and read.
But we don't have it work like that, there are systems & laws set up to keep those things private and a huge f
Re: (Score:1)
Why doesn't the digital world follow the same model as the analog world, where you are the center of your life, in the sense that you hold the panoptic view of everything that happens to you, and everyone else has theirs? Because we've been hijacked by these massive context-based honeypots that effectively (and often legally, through the terms of service nobody reads), seize ownership of big chunks of your digital identity, and locks them in silos away from every other chunk. You get split up into
Re: (Score:2)
Stop throwing in the towel just because it's easier to look down on people who use social networks. It is within possibility to fix this in law.
Possible? Yes. Profitable, to Facebook or Twitter or Google? No, because the users aren't paying for the service; they ARE the service that ADVERTISERS are paying for. As long as social media companies are advertiser-supported, the social media companies will NEVER implement reasonable security measures, because the social media companies would go bankrupt. Zuckerberg et. al. will never offer good security, because they would go broke.
Re: (Score:3)
Because Travel Mode is an indicator that you've got something to hide, and thus, must be using social media to send encoded terrorist messages.
Sometimes I think terrorists are just nature's way of weeding out the violent and stupid- especially suicide bombers.
Re: (Score:3)
Because Travel Mode is an indicator that you've got something to hide, and thus, must be using social media to send encoded terrorist messages.
Sometimes I think terrorists are just nature's way of weeding out the violent and stupid- especially suicide bombers.
For one thing, there has to be something for them to see, so they don't see a blank slate and, on that basis, assume you have something to hide and probe you ever more deeply.
Clearly if there were going to be a 'Travel Mode' it would have to be very very well hidden.
When I'm travelling I wipe the phone, factory reset it, and then set it up with my work account instead of personal. That way there are contacts and emails etc but its only work related. My work isn't sensitive so I don't care. But it looks like
Re: (Score:2)
It must be really fun going through life with such constant paranoia. Taking such drastic and inconvenient measures means they (the terr'rists or the gov'mint, take your pick) have already won.
I don't travel that often. When I do travel this is really not an inconvenience, you are totally exaggerating.
Re: (Score:2)
> just nature's way of weeding out the violent and stupid
Yeah but its also society that is to blame for their existence in the first place. We have already invented and enabled massive mechanisms (such as religion and governments) that systemically hide the real truth, suppress free speech and use education/media as brainwashing mechanisms expressly in order to keep us "little people" ignorant and distracted with crap like social media or with fighting each other, and therefore completely controllable.
Re: (Score:2)
Because Travel Mode is an indicator that you've got something to hide, and thus, must be using social media to send encoded terrorist messages.
Maybe, but most likely they'll just see you as another nuisance maker trying to make their job difficult. And in their opinion it's important, valuable, patriotic and you're either non-American or one of the wusses they defend. I'm sure the TSA system has some informal way to shitlist a person so he'll get picked for extra security screenings, luggage checks, extended questioning, "problems" processing forms etc. so any kind of solution that lets the TSA know you're trying to obstruct or evade them is kinda
Re: (Score:2)
Maybe, but most likely they'll just see you as another nuisance maker trying to make their job difficult. And in their opinion it's important, valuable, patriotic and you're either non-American or one of the wusses they defend. I'm sure the TSA system has some informal way to shitlist a person so he'll get picked for extra security screenings, luggage checks, extended questioning, "problems" processing forms etc. so any kind of solution that lets the TSA know you're trying to obstruct or evade them is kinda a non-starter.
They're only going to care if you're wrapped head to toe in a Burka or tin foil. And then only maybe.
You do realize that the VAST majority of TSA employees are just trying to get through the day. That includes middle and upper level management. Yes, they realize that most of what they do is security theater - at best - but they still have to do it. Showing up with a blank computer / no social site logins / stupid T shirt or bizarre attitude isn't going to faze them nor will it put you on some magical shi
Re: (Score:2)
"Traveling around the world" means more and more "Traveling all around, but also you go around the USA if you at all can."
"We"? (Score:2, Informative)
"We need a 'trip mode' for social media sites..."
Speak for yourself...my devices aren't polluted with social media apps that leak my info and make me a target for hackers and Border Patrol fascists.
Devices are a red herring. (Score:4, Insightful)
Border guards can ask for your account passwords.
You don't have to provide them, of course.
But if you're not a citizen, you don't have to be admitted, either.
There are little or no practical appeals.
Not responding truthfully to a border guard is a very serious crime; it's not an option, although refusing can be, with consequences.
It will be interesting to watch the economic impact of this over time - I suspect there will be none, as people have adapted in the past, and this will just become the norm.
Re: (Score:2)
I don't think there's much of a choice for non-citizens. Look at what open borders get you, tourism numbers in France are way, way down. No one wants to deal with frequent terror attacks and rioting.
Re: (Score:3)
As AC said below, "How do I provide that which doesn't exist? What then?"
I don't have a Facebook account, nor Instagram, Pinterest, LinkedIn, etc etc etc. Facebook *might* have a page that *they* started on me, but it's not mine.
You can Google my name all day long and not find squat, I'm just not there. They're welcome to search for me but it'll be a wash with no relevant results.
So how do I give them what doesn't exist?
Re: (Score:2)
Create it, and then it will exist.
Re: (Score:3)
Create it, and then it will exist.
Nooooooooooo. No no no.
Re: (Score:2)
A photo will have some use for facial recognition. Friends will be found, friends of friends.
Party? Conference photo? Work? Hobby? A person who shows up in a very interesting nation? Friends of friends online?
A person might not have social media but everyone at their work might
Who are they friends with? Who or what do people ate work or fr
Re: (Score:2)
You're just assumed to be socially inept and therefore possibly unstable and a risk.
Employers have been doing it for years. The government just had to figure out a way to write it up so it didn't sound so discriminating..^W^W^W^W^W^W
Sorry I mean had to wait for a president that believes mass discrimination is the solution to all problems.
Re: (Score:2)
You're just assumed to be socially inept and therefore possibly unstable and a risk.
And they'd be right! Trust me, my wife will swear to all three of those things without even being prompted.
Possible issue with this logic (Score:2)
Re: (Score:2)
Why not add a duress password, perhaps? That, and hide the fact that trip mode is on, don't show a timer. Another way to deal with trip mode is to allow for non-trip-mode access only through a user settable range of IP addresses. Leave that range, the functionality set gets reduced. This way, if one is in Lower Elbonia, there is little to nothing the local goons can do to get full access to someone's profile, especially if the user uses 2FA.
Re: (Score:2)
Good intention, but what's to prevent a border patrol agent from a rogue state from just detaining people until the trip mode timer expires?
Set a "home" location. Require the mobile device to be physically located within a certain distance of that area (determined via GPS) in order for trip mode to be deactivated.
Re: (Score:2)
Yeah, users won't constantly stumble over that trying to figure out if they've properly turned travel mode is on or off.
Uninstall? (Score:2)
Re: (Score:3)
You hand vital information about yourself to a device you don't own?
First mistake.
Re: (Score:2)
What do you consider "vital information?" Most people probably don't have a text file with their SSN and credit card info just sitting there on the phone's desktop.
But location history? You don't really get to control that. Browsing history? Better remember to clear it every single time you surf the web (can you trust that its actually gone?) Contacts in your dialer.. the type of apps you use.. etc etc etc.
There's boatloads of information that your device knows about you that you didn't have to directl
Re: (Score:2)
2 accounts? (Score:2)
Re:2 accounts? (Score:4, Insightful)
That would violate the "real name" policies of services like Facebook and Quora [quora.com] — you can lose that "important" account if you do that...
Of course, you can another account with your real name — for example, there are over a dozen Facebook accounts with my own fairly rare Firstname Lastname combination already. None of them mine...
But that has its own difficulties — most client-applications remember your username-string, even if you tell them to not record the password. So, you will be seen overwriting your username with the fake one... And, even if you aren't, whoever forces you will see, you last logged-in a year ago — and become suspicious. No, what you want is a "Duress Password" [slashdot.org], which unlocks the same account but hides the things you want hidden.
Re: (Score:2)
Re: (Score:2)
Don't attack the messenger — as I suggested above, I don't have a Facebook account at all.
By "important" I meant the account, that a user would consider worth protecting by hiding under a different name as you suggested.
Since you have nothing to say but argue about terminology (semantics), I believe, we are done here.
Re: (Score:2)
I do half of that. My FB account is full of boring stuff that would put any border cop to sleep (Heck, it puts me to sleep and I wrote it). The good stuff, like my plans for world domination, aren't on FB in any of my identities.
Re: (Score:3)
You can powerwash a chromebook? Cool. I'm going to have to look into one of those.
Re: (Score:2)
A face that finds past use with facial recognition would re build any past social media use.
Politics, parties, friends of friends, funding, support, groups, leaders, other nations, work, holidays.
All a more secure mode hints at is a person knows they will be questioned and tried to quickly hide their digital pasts.
If they are a citizen, expect questions and every d
Re: (Score:3)
2). Travel under the name Joe/Jane Smith and claim you never use social media. Ever. For anything!
Smart move. Where do I get a passport that says I'm Joe Smith?
4). Boot into a fake, but plausibly real looking environment, with nothing interesting on it. Load it to the gills with internet cat videos and nothing more;
I'd load it with gross but legal porn. Give them something to vomit over. Lemonparty or Tubgirl... gee, if I only could decide...
Re: (Score:2)
With the US gov paying, that software is easy to buy and fast to scan any device for can encryption or hidden accounts or a mode setting.
The encryption will hold but the use of such efforts will be found.
If your a citizen the question will be what files are been hidden? Decrypt and its all good...
The use of a flight mode will then be a chat down about hiding digital photos using cryptography. Still feel the need t
The concept is "Duress Password" (Score:5, Interesting)
A "mode" will be detectable — looking at your screen whoever compels you to show it (a criminal or an officer or both-in-one) will be able to tell, you are in "travel mode" and demand to see the real deal.
The concept you want is Duress Password [wikipedia.org] — which ostensibly unlocks "everything", but hides the things you previously marked for hiding whenever the "duress" password is entered instead of real one.
And you may wish to use it not only to fool overzealous border-guards, but, for example, to hide certain materials from bystanders at Internet-cafes.
There is a "duress" PAM-module [github.com] in the works for folks compelled to login to their Unix-laptop and a move to add the feature to Cyrus IMAP-server [github.com].
But, to reiterate, it is of utmost importance, that your usage of such functionality can not be not only proven, but even suspected. Whoever is in a position to compel you to login, is also in a position to punish you for fooling him...
Re: (Score:2)
No, they would not — the concept is in wide usage by security and alarm-monitoring companies for example.
Without access to the remote server, it can be made impossible to detect, whether or not the user used the special password or the real one.
Re: (Score:2)
If you cannot tell whether the device is in "duress" mode, how would you find out?
Re: (Score:2)
Given their current abuses of power, they would think it perfectly fine to detain someone who they thought might be using a duress password until that person coughs up their "real" password. Whether or not they would know for sure wouldn't be important to them.
That's why even though these technical solutions are nice, the only way to solve the real problem is to stop these abuses of power.
Re: (Score:2)
Logging-in with a duress code to your laptop should trigger removal of whatever it is you want to protect (whether it is encrypted/hidden or not).
It is a reasonably fast operation and, after it is over, the diskspace will match... The only way to prevent it would be for the compelling party to confiscate the laptop and attempt to unlock it themselves. That method is way too tedious to be used in a dragnet, however...
Re: (Score:2)
Yes, a large portion of that hard drive is not partitioned yet. Didn't need it yet, it's probably filled with random stuff from the last wipe.
Re: (Score:3)
AFAIK, they don't ask for password. They ask you to "please, enter your password"...
Re: (Score:3)
What second password are you talking about? There is none.
Part of having a good duress password is not having to have one to make whatever you're using work in the first place...
Irrevocable .... (Score:2)
for an amount of time chosen by the user
Which, coincidentally, will be the amount of time you are held in detention until your phone unlocks.
Re: (Score:2)
Maybe, it would have if it actually helped. But it is so trivial for anyone to bypass the entire problem — such as by resetting their phone when the plane is landing and restoring from the cloud after checking-in to their hotel — that no terrorist will be thwarted by this.
If any, the safety gain will be temporarily while the lost liberty — substantial. Do the words I just used remind you of a quote by one of t
What do you mean by travel mode? (Score:2)
If that means it needs a feature to send it to or preferably past the end of the world, then I agree.
How about traveling without? (Score:4)
Re: (Score:2)
Really, traveling without social media is a very pleasant option in most cases. My most memorable vacations are the ones I took where I was not worried about WiFi or 3G service. Your vacation should get you away from what consumes you during the rest of your existence; if you are worrying about that crap while you are away I'm going to tell you that your doing your vacation wrong.
*this is not a goddamn solution*.
Yes, you can, especially if you're only vaguely on social networks. But we shouldn't have to jump through hoops like this - when you're visiting friends and whatever while travelling, guess what, social networks are very useful in that case. Do you think it stops at social networks? Should you leave your phone completely? Social networks today, your phone call history tomorrow? Is that OK?
You can do this at the moment. Then tomorrow when they start doing automatic searches b
Re: (Score:2)
Yes, you can, especially if you're only vaguely on social networks. But we shouldn't have to jump through hoops like this
If you are so married to your online existence that you consider leaving your laptop behind to be "jumping through hoops" then you probably couldn't be helped by any amount of anything here. Fortunately for you people who are at that level of dependency seldom notice when they are more than 10 miles from their home - as they almost never look away
Re: (Score:2)
Do you think it stops at social networks? Should you leave your phone completely?
Do you really think the two are equivalent in levels of importance?
You don't? Why are they different? Quite a few people communicate almost exclusively by text, by chat mediums with the people that they know. Some people don't like phonecalls. For an increasing number of people they are absolutely the same importance.
Social networks today, your phone call history tomorrow? Is that OK?
There are nations that for years have checked visitors' phones at customs. In case you didn't know this before, US laws don't travel with you when you enter another country - you enter another country and you are now expected to adhere to their laws. If you
Re: (Score:2)
As a citizen a person can invoke their nations laws, ask for a lawyer, articulate legal protections during the friendly chat down.
Federal, state, city, public/private partnership, charity, NGO efforts to collect and index all social media over the years will then get a facial recognition request.
Past hours, days, weeks, months could be recovered and presented during a chat down or held back to see how a
Or just (Score:2)
don't bring any devices with you, and if someone asks for your Facebook password reply with "Whats a face book?"
Re: (Score:2)
In the end, the internet is a messy place for sensitive secrets. We have reached the point where it is best not to document anything provocative (or potentially twisted by a warped mind wearing jack boots into appearing provocative) on the internet. Big brother is in full force. Love him, or else.
This is not a technological problem (Score:3)
It is a political one. If you travel to a country where they can demand your passwords, they can do equally bad things to you if you have a "travel-mode" configured. The problem is that they can demand your passwords. In a country that respects personal freedoms, that will not happen. Unfortunately, the citizens of most democratic countries are too unaware of history today to understand the value of those freedoms and how hard it was to get them and are not defending them. If you go to such a country, having them look at all your social media stuff from the inside may be the only option. Whether you want to go to a country run by honor-less and decency-less "authorities" that do these things with the general consent of the citizens there is another question.
Incidentally, doing a "travel mode" is easy: Create long random password that you cannot remember, write it down, set it as your account-password and leave the piece of paper it is on at home. Done.
How would you implement this? (Score:2)
Great so you set "travel mode." And then what? Lock it with a different password? The TLA involved will just ask you for the credentials to turn off travel mode.
Or do you set a time period with no way to turn it back off if you make a mistake? That doesn't sound like a very good idea.
The only way to avoid exposure is to not have social media accounts, or have shell accounts that you log your phone into when you travel. That's your travel mode.
Re: (Score:2)
There already is a mode that works (Score:2)
Travel Mode Won't Help (Score:2)
The problem isn't just that the ask for passwords. The problem is also that they save them for later use.
http://www.dailyxtra.com/canad... [dailyxtra.com]
A month later, André attempted to fly to New Orleans again. This time, he brought what he thought was ample proof that he was not a sex worker: letters from his employer, pay stubs, bank statements, a lease agreement and phone contracts to prove he intended to return to Canada.
When he went through secondary inspection at Vancouver airport, US Customs officers didn’t even need to ask for his passwords — they were saved in their own system. But André had wiped his phone of sex apps, browser history and messages, thinking that would dispel any suggestion he was looking for sex work. Instead, the border officers took that as suspicious.
All the "travel mode" protections we can think of will be useless, unless it also forces a password change. And we all know how often that happens.
As so many other commenters have pointed out, technology is not the problem here. The laws allowing it (or the lack of laws prohibiting it) are the problem.
You appear to be advocating... (Score:2)
You appear to be advocating for a technical solution for fascism. The problem is, the fascists have better rubber hoses. Also, if it can't be turned off, then it can be used to grief people; if you can get them to turn it on, whether by owning their account or by tricking them, and they can't turn it off, that's beyond inconvenient.
Foolproof solution (Score:2)
Don't use that crap. It's nothing more than candy to lure you into the paedophile's van.
So you say you can't live without your beloved Facebook, Twitter, Instagram, etc? Well, some people think they can't live without heroin, cocaine or oxycontin. That's your fucking problem and I have no sympathy.
Really? (Score:2)
If they can force you to give them your password, they can just as easily force you to deactivate any kind of "trip mode." This is just silly.
Inherent Safety (Score:2)
Take a vacation from your social media (Score:3)
Log out, remove it from your device and actually be fully present for your trip. The world's a fascinating place, experiencing it through a four inch screen really doesn't do it justice.
Mail your devices home? (Score:2)
I was thinking as a work around to this how about just overnighting your electronics to the house? Mostly just as an FU.
Paperz!! (Score:1)
I was tempted to say that you need new laws which protect your right to privacy but maybe technical solutions to government nosiness are the way to go.
Multiple accounts? (Score:2)
The idea of duress passwords sounds right, but requires some changes to the device/software.
If we simply keep another account of the same type that authenticates with the device and syncs to a different set of contacts, map history, browser history, then it should be as plausible as what the security guy finds on the account for someone who is not a very regular user of the "smart" part of their phone.
I think I got dumber reading that... (Score:2)
Let's break it down...
"We need a 'trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers."
If you don't want things in public, don't put them on social media.
"Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home."
No it wouldn't. The oligarchs who want the data will just ge
Re: (Score:2)
Why we would vote for people that want to make it easy for terrorists to enter the country?
Re: (Score:2)
We're Americans, they're not. That's the point. If we choose to admit others, that's our choice, but nothing compels us to do so. We certainly shouldn't do so when it's a threat to national security. Attitudes like yours are why people are getting molested by the TSA for exercising their right to travel. That is a violation of the Bill of Rights, you fuckstick.
Travel mode, AKA... (Score:2)
My phone has a global "travel mode", AKA "Airplane mode."
IOW, I just disconnect when traveling. Also when sleeping. And working.
The Internet in all its various forms and guises serves me. Not the other way around. If it's not that way for you, you need to stop selling death-sticks, go home, and rethink your life. Go on. Go.