'Social Media Needs A Travel Mode'

Maciej CegÅowski, a Polish-American web developer, entrepreneur, and social critic, writes on a blog post: We need a 'trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers. Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home. Both Facebook and Google make lofty claims about user safety, but they've done little to show they take the darkening political climate around the world seriously. A 'trip mode' would be a chance for them to demonstrate their commitment to user safety beyond press releases and anodyne letters of support. What's required is a small amount of engineering, a good marketing effort, and the conviction that any company that makes its fortune hoarding user data has a moral responsibility to protect its users. To work effectively, a trip mode feature would need to be easy to turn on, configurable (so you can choose how long you want the protection turned on for) and irrevocable for an amount of time chosen by the user once it's set. There's no sense in having a 'trip mode' if the person demanding your password can simply switch it off, or coerce you into switching it off.

mode complexity

[micahraleigh]

As a former C++ app engineer, I've found adding "modes" increases the source and test complexity and often end up not being used very much.

A sprawling generalization, but that's what I've got ...

Re:mode complexity

[Dutch+Gun]

Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.

Re:mode complexity

[fustakrakich]

As such, the *laws* need fixing, not the technology.

I'll assume you are familiar with the procedure. Always best to start at the beginning.

Re:mode complexity

[XxtraLarGe]

Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.

They don't need fixing, they need repealing.

Re:mode complexity

It isn't technology nor laws. It is pure and simple ROI, as viewed by social media companies. To them:

Security has no ROI.
Privacy has no ROI.

If it were in their interest to have security, we would be seeing social networks supporting client certs, reduced functionality modes, duress passwords, and many other types of security architectures, as opposed to just nothing like what we have now.

Re:mode complexity

[Opportunist]

Technology can fix those laws.

Re:mode complexity

[Austerity+Empowers]

As such, the *laws* need fixing, not the technology.

Yes, true, but given that it won't happen soon, technology that renders those laws useless is the only step forward we can make now.

Re:mode complexity

[tlhIngan]

Besides, we already have all the technology we need to keep our data private. It's just that current law won't *allow* us to keep it private. As such, the *laws* need fixing, not the technology.

No amount of technology can keep public information private. And no amount of "privacy controls" will make public information private. (See a pattern?).

In fact, "social networks" and "privacy" are an oxymoron. There is no such thing as "privacy controls". "Privacy Controls" are marketspeak for "encouraging marks to over-share". Yes, Facebook and everyone has done their research - people will share more if they get the illusion their data is protected.

In the end, everything you post on a third party website, is public. Thanks to people screen shotting, re-posting, etc, anything you post is public. Even if it's a party for selected individuals, the people you didn't invite will find out anyways.

The only "technology" to keep our data private is to ... keep it private.

Not that I agree with the border proection asking for passwords. But that's a legal issue that can really only be dealt with legally.

Re:mode complexity

[jareth-0205]

It isn't technology nor laws. It is pure and simple ROI, as viewed by social media companies. To them:

Security has no ROI.
Privacy has no ROI.

If it were in their interest to have security, we would be seeing social networks supporting client certs, reduced functionality modes, duress passwords, and many other types of security architectures, as opposed to just nothing like what we have now.

So ROI does not fix the problem? So we need laws then?

The market doesn't fix everything - that's why we have law.

Re:mode complexity

[jareth-0205]

In the strictest sense you are of course correct, but I don't really see why you're making a distinction between analogue technologies where we have an expectation of privacy, and digital ones where for some reason there is none. By your logic every phonecall you make can be public because it goes through the phone companies' equipment. Every letter you send could potentially be opened and read.

But we don't have it work like that, there are systems & laws set up to keep those things private and a huge fuss is made if those things are not private for some reason.

Stop throwing in the towel just because it's easier to look down on people who use social networks. It is within possibility to fix this in law.

Re:mode complexity

[XxtraLarGe]

Curious sig. Do you live in a swing state?

Michigan.

Re:mode complexity

[tsqr]

Curious sig. Do you live in a swing state?

Michigan.

Still can't blame you, unless you voted 10,000 times.

Re:mode complexity

[I'm+New+Around+Here]

A voice in a crowd can sway many men.

Re:mode complexity

[Altrag]

No it can't.. at least not beyond the most mundane interpretations such as "the new law could be typed up in a word processor."

Technology needs to be implemented by somebody, and if it runs afoul of laws, the cops and lawyers will simply go after the implementer. Sure that may be impractical if you write your own encrypted messenger client that you and your 3 friends use but when we're talking companies on the scale of Google and Apple and Microsoft, their choice to run afoul of the law could affect millions of users.

Think about the iPhone hack. One judge making one good decision is the only difference between Apple protecting its customers and Apple being forced to (effectively) open the flood gates for iPhone decryption -- which almost certainly would have been used as precedent if the next case featured an Android or Blackberry or whatever.

That said, using encrypted communications is not yet illegal as far as I know, or at least not in the US. I'm pretty sure master keys or similar aren't even required yet. So there's currently nothing to fix in the sense that these companies could freely implement such technologies and just choose not to.

Re:mode complexity

[Arthur+Fontaine]

So there's currently nothing to fix in the sense that these companies could freely implement such technologies and just choose not to.

There is a technology fix to this problem -- and almost all the others, large and small. If I could code I'd already be writing it. https://medium.com/@arthurfont...

Re:mode complexity

[Arthur+Fontaine]

^^THIS.^^

Why doesn't the digital world follow the same model as the analog world, where you are the center of your life, in the sense that you hold the panoptic view of everything that happens to you, and everyone else has theirs? Because we've been hijacked by these massive context-based honeypots that effectively (and often legally, through the terms of service nobody reads), seize ownership of big chunks of your digital identity, and locks them in silos away from every other chunk. You get split up into pieces for the profit of a few people and their VCs.

Re:mode complexity

[Opportunist]

First of all, why the fuck should I give a fuck about your country's laws?

Second, your country blocks my download page? Welcome to VPN.

Third, your law enforcement tries to ferret out the use? It's trivial to disguise traffic like something benign.

Re:mode complexity

[kenwd0elq]

If there was a demand for security, then companies would offer it.

The problem is that if you are not paying for the service, then YOU are the product being sold. Social networking companies sell access to their users, who are generally NOT paying for the service. The users are the PRODUCT being sold, and good security would decrease advertiser access (and remember, the advertisers ARE paying...) to the users.

Re:mode complexity

[kenwd0elq]

Stop throwing in the towel just because it's easier to look down on people who use social networks. It is within possibility to fix this in law.

Possible? Yes. Profitable, to Facebook or Twitter or Google? No, because the users aren't paying for the service; they ARE the service that ADVERTISERS are paying for. As long as social media companies are advertiser-supported, the social media companies will NEVER implement reasonable security measures, because the social media companies would go bankrupt. Zuckerberg et. al. will never offer good security, because they would go broke.

"We"?

[JustAnotherOldGuy]

"We need a 'trip mode' for social media sites..."

Speak for yourself...my devices aren't polluted with social media apps that leak my info and make me a target for hackers and Border Patrol fascists.

Possible issue with this logic

[spiritplumber]

Good intention, but what's to prevent a border patrol agent from a rogue state from just detaining people until the trip mode timer expires?

Re:Possible issue with this logic

[ctilsie242]

Why not add a duress password, perhaps? That, and hide the fact that trip mode is on, don't show a timer. Another way to deal with trip mode is to allow for non-trip-mode access only through a user settable range of IP addresses. Leave that range, the functionality set gets reduced. This way, if one is in Lower Elbonia, there is little to nothing the local goons can do to get full access to someone's profile, especially if the user uses 2FA.

Re:Possible issue with this logic

[vux984]

Yeah, users won't constantly stumble over that trying to figure out if they've properly turned travel mode is on or off.

Re:Possible issue with this logic

[eth1]

Good intention, but what's to prevent a border patrol agent from a rogue state from just detaining people until the trip mode timer expires?

Set a "home" location. Require the mobile device to be physically located within a certain distance of that area (determined via GPS) in order for trip mode to be deactivated.

Uninstall?

[Gilgaron]

Does Facebook keep much locally on the phone? It'd seem easier to just uninstall it, deny having an account at the border, and reinstall whenever. Same as backing up stuff to the cloud.

Re:Uninstall?

[Opportunist]

You hand vital information about yourself to a device you don't own?

First mistake.

Re:Uninstall?

[Gilgaron]

Do many phones come with Facebook preinstalled or something? In any case, surely even then you can disassociate the account with it.

Re:Uninstall?

[Altrag]

What do you consider "vital information?" Most people probably don't have a text file with their SSN and credit card info just sitting there on the phone's desktop.

But location history? You don't really get to control that. Browsing history? Better remember to clear it every single time you surf the web (can you trust that its actually gone?) Contacts in your dialer.. the type of apps you use.. etc etc etc.

There's boatloads of information that your device knows about you that you didn't have to directly type in. Simple day to day usage generates plenty of information with only assumed consent, and much of that is necessary for it to perform the tasks you want it to do -- you can't really use a navigation app if you disable location tracking for example.

For the super paranoid, you're welcome to get rid of your phone and your home internet connection and try to keep a car from 1982 on the road, cancel your credit cards (and move to a new place that you can somehow rent on a cash-only basis with no names exchanged and leave no forwarding address to ensure they don't have you still on file) and so on and so on to ensure that when they come for you, they'll have to do it the old fashioned way.

For the other 99.9999% of us, we don't really have a choice. Technology is what it is and unfortunately personal privacy hasn't been much of a design consideration (yet.. hopefully..)

And to really piss you off, doing all of that super paranoid stuff I mentioned above? That gets you flagged because they assume nobody in their right mind would go to that much trouble to avoid modern conveniences and well.. they'd probably be right.

Its a bit of an unjustified leap to go from "super weird" to "dangerous" but when we're talking about tourists entering the US these days where the government has basically flat out stated that non-US citizens have less rights than your average pet and even US citizens that dare to leave the country should be viewed with extreme caution when they return.

The "all" in "All men are created equal" has been given a very narrow and constantly shrinking interpretation in recent years.

2 accounts?

[Zemran]

Far better to have a cutsie account in your real name with only polite BS and a 2nd account in a different name where you can be honest. No politics or opinion on your real name and open an incognito browser before logging in to the real account where you say what you really think. A cut down account is far too dangerous as it would still be the person that the junta in Thailand are looking for for criticising the way they arrest, murder people or sell Rohinghya into slavery. It is not just the US who want to read your Facebook page. Better still, leave Facebook and meet your family.

Re:2 accounts?

[mi]

Far better to have a cutsie account in your real name with only polite BS and a 2nd account in a different name where you can be honest

That would violate the "real name" policies of services like Facebook and Quora — you can lose that "important" account if you do that...

Of course, you can another account with your real name — for example, there are over a dozen Facebook accounts with my own fairly rare Firstname Lastname combination already. None of them mine...

But that has its own difficulties — most client-applications remember your username-string, even if you tell them to not record the password. So, you will be seen overwriting your username with the fake one... And, even if you aren't, whoever forces you will see, you last logged-in a year ago — and become suspicious. No, what you want is a "Duress Password", which unlocks the same account but hides the things you want hidden.

Re:2 accounts?

[Cro+Magnon]

I do half of that. My FB account is full of boring stuff that would put any border cop to sleep (Heck, it puts me to sleep and I wrote it). The good stuff, like my plans for world domination, aren't on FB in any of my identities.

Re:2 accounts?

[Zemran]

"That would violate the "real name" policies of services like Facebook and Quora [quora.com] — you can lose that "important" account if you do that..." If you think that a Facebook account is "important" you have your priorities wrong in life. I would rather lose an account than publish personal information publicly.

Re:2 accounts?

[mi]

If you think that a Facebook account is "important" you have your priorities wrong in life

Don't attack the messenger — as I suggested above, I don't have a Facebook account at all.

By "important" I meant the account, that a user would consider worth protecting by hiding under a different name as you suggested.

Since you have nothing to say but argue about terminology (semantics), I believe, we are done here.

Devices are a red herring.

[xtal]

Border guards can ask for your account passwords.

You don't have to provide them, of course.

But if you're not a citizen, you don't have to be admitted, either.

There are little or no practical appeals.

Not responding truthfully to a border guard is a very serious crime; it's not an option, although refusing can be, with consequences.

It will be interesting to watch the economic impact of this over time - I suspect there will be none, as people have adapted in the past, and this will just become the norm.
 

Re:Devices are a red herring.

[OhPlz]

I don't think there's much of a choice for non-citizens. Look at what open borders get you, tourism numbers in France are way, way down. No one wants to deal with frequent terror attacks and rioting.

Re:Devices are a red herring.

[JustAnotherOldGuy]

As AC said below, "How do I provide that which doesn't exist? What then?"

I don't have a Facebook account, nor Instagram, Pinterest, LinkedIn, etc etc etc. Facebook *might* have a page that *they* started on me, but it's not mine.

You can Google my name all day long and not find squat, I'm just not there. They're welcome to search for me but it'll be a wash with no relevant results.

So how do I give them what doesn't exist?

Re:Devices are a red herring.

[Cajun+Hell]

So how do I give them what doesn't exist?

Create it, and then it will exist.

Re:Devices are a red herring.

[JustAnotherOldGuy]

So how do I give them what doesn't exist?

Create it, and then it will exist.

Nooooooooooo. No no no.

Re:Devices are a red herring.

[AHuxley]

Its fine not to have email, social media, just a phone. But if a person is wanting to enter another nation, expect most online activity to have been found.
A photo will have some use for facial recognition. Friends will be found, friends of friends.
Party? Conference photo? Work? Hobby? A person who shows up in a very interesting nation? Friends of friends online?
A person might not have social media but everyone at their work might :)
Who are they friends with? Who or what do people ate work or friends support on social media?
If you are entering on a visa, the application will often have an email option to track the approval or ask for more supporting documents. That account will then be requested if no social media exists.
Most nations are interested in the faces on social media, connections to other interesting people, groups.
Politics, support, funding of groups. Military background? Political party that funds interesting groups?
People often have such information all over their friends social media.

Re:Devices are a red herring.

[Altrag]

You're just assumed to be socially inept and therefore possibly unstable and a risk.

Employers have been doing it for years. The government just had to figure out a way to write it up so it didn't sound so discriminating..^W^W^W^W^W^W

Sorry I mean had to wait for a president that believes mass discrimination is the solution to all problems.

Re:Devices are a red herring.

[JustAnotherOldGuy]

You're just assumed to be socially inept and therefore possibly unstable and a risk.

And they'd be right! Trust me, my wife will swear to all three of those things without even being prompted.

The concept is "Duress Password"

[mi]

A "mode" will be detectable — looking at your screen whoever compels you to show it (a criminal or an officer or both-in-one) will be able to tell, you are in "travel mode" and demand to see the real deal.

The concept you want is Duress Password — which ostensibly unlocks "everything", but hides the things you previously marked for hiding whenever the "duress" password is entered instead of real one.

And you may wish to use it not only to fool overzealous border-guards, but, for example, to hide certain materials from bystanders at Internet-cafes.

There is a "duress" PAM-module in the works for folks compelled to login to their Unix-laptop and a move to add the feature to Cyrus IMAP-server.

But, to reiterate, it is of utmost importance, that your usage of such functionality can not be not only proven, but even suspected. Whoever is in a position to compel you to login, is also in a position to punish you for fooling him...

Irrevocable ....

[PPH]

for an amount of time chosen by the user

Which, coincidentally, will be the amount of time you are held in detention until your phone unlocks.

Re:If you have "travel mode" on

[Marxist+Hacker+42]

Because Travel Mode is an indicator that you've got something to hide, and thus, must be using social media to send encoded terrorist messages.

Sometimes I think terrorists are just nature's way of weeding out the violent and stupid- especially suicide bombers.

Re:wow you are incredibly stupid

[mi]

Of course they will find out

No, they would not — the concept is in wide usage by security and alarm-monitoring companies for example.

Without access to the remote server, it can be made impossible to detect, whether or not the user used the special password or the real one.

What do you mean by travel mode?

[Opportunist]

If that means it needs a feature to send it to or preferably past the end of the world, then I agree.

Re:wow you are incredibly stupid

[Opportunist]

If you cannot tell whether the device is in "duress" mode, how would you find out?

How about traveling without?

[damn_registrars]

Really, traveling without social media is a very pleasant option in most cases. My most memorable vacations are the ones I took where I was not worried about WiFi or 3G service. Your vacation should get you away from what consumes you during the rest of your existence; if you are worrying about that crap while you are away I'm going to tell you that your doing your vacation wrong.

Re:How about traveling without?

[jareth-0205]

Really, traveling without social media is a very pleasant option in most cases. My most memorable vacations are the ones I took where I was not worried about WiFi or 3G service. Your vacation should get you away from what consumes you during the rest of your existence; if you are worrying about that crap while you are away I'm going to tell you that your doing your vacation wrong.

*this is not a goddamn solution*.

Yes, you can, especially if you're only vaguely on social networks. But we shouldn't have to jump through hoops like this - when you're visiting friends and whatever while travelling, guess what, social networks are very useful in that case. Do you think it stops at social networks? Should you leave your phone completely? Social networks today, your phone call history tomorrow? Is that OK?

You can do this at the moment. Then tomorrow when they start doing automatic searches based on your name, and show you an account they've found that looks like you and has your name, what then?

Re:How about traveling without?

[damn_registrars]

Your reply wandered so much that it's rather difficult to tell if you even had a plan for it. I'll take the most coherent parts of it and try to reply to them:

Yes, you can, especially if you're only vaguely on social networks. But we shouldn't have to jump through hoops like this

If you are so married to your online existence that you consider leaving your laptop behind to be "jumping through hoops" then you probably couldn't be helped by any amount of anything here. Fortunately for you people who are at that level of dependency seldom notice when they are more than 10 miles from their home - as they almost never look away from their screens anyways - so traveling doesn't really matter. As the majority of slashdot readers are far more than 10 miles from an international border, it is reasonable to expect that you wouldn't be a likely candidate to wander far.

when you're visiting friends and whatever while travelling, guess what, social networks are very useful in that case

First of all, if you are visiting other people, that should be your social network, right there. Why do you need to worry about other people at that time? You're taking your attention away from the people who actually cared enough about you to spend time with you in the real world.

Second, if you are visiting people who you interact with in your online social networks, you probably haven't gone some place where you need to worry about a travel mode for your devices; likely you haven't gone more than 10 miles from your home.

Do you think it stops at social networks? Should you leave your phone completely?

Do you really think the two are equivalent in levels of importance?

Social networks today, your phone call history tomorrow? Is that OK?

There are nations that for years have checked visitors' phones at customs. In case you didn't know this before, US laws don't travel with you when you enter another country - you enter another country and you are now expected to adhere to their laws. If you don't like their laws you should have traveled elsewhere.

You can do this at the moment. Then tomorrow when they start doing automatic searches based on your name, and show you an account they've found that looks like you and has your name, what then?

What are you talking about? This is quite a bit removed from the topic at hand. If you're worried that a foreign nation is going to ask you to log in to a social media account, then you've made yourself a slave to social media. I'm guessing you don't leave home often with that attitude, though so you're probably just fine with that.

Re:How about traveling without?

[jareth-0205]

Do you think it stops at social networks? Should you leave your phone completely?

Do you really think the two are equivalent in levels of importance?

You don't? Why are they different? Quite a few people communicate almost exclusively by text, by chat mediums with the people that they know. Some people don't like phonecalls. For an increasing number of people they are absolutely the same importance.

Social networks today, your phone call history tomorrow? Is that OK?

There are nations that for years have checked visitors' phones at customs. In case you didn't know this before, US laws don't travel with you when you enter another country - you enter another country and you are now expected to adhere to their laws. If you don't like their laws you should have traveled elsewhere.

That doesn't make the procedure good or right. Jobs and family often force travel. Anyone who has a distributed life doesn't get to smugly avoid it.

You can do this at the moment. Then tomorrow when they start doing automatic searches based on your name, and show you an account they've found that looks like you and has your name, what then?

What are you talking about? This is quite a bit removed from the topic at hand. If you're worried that a foreign nation is going to ask you to log in to a social media account, then you've made yourself a slave to social media. I'm guessing you don't leave home often with that attitude, though so you're probably just fine with that.

Amazingly naive.

"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged."

FYI (to correct your many assumptions) I'm British and have to travel to the US and other countries to see family. So yeah I'm very aware that I have no rights at the US border. If *you* don't care about rights at borders then I would say it's far more likely *you* are the one that doesn't travel.

Re:How about traveling without?

[AHuxley]

Any gov will have a passport photo. Travel without a phone, laptop and get asked, about social media?

As a citizen a person can invoke their nations laws, ask for a lawyer, articulate legal protections during the friendly chat down.
Federal, state, city, public/private partnership, charity, NGO efforts to collect and index all social media over the years will then get a facial recognition request.
Past hours, days, weeks, months could be recovered and presented during a chat down or held back to see how a person responds.
Facial recognition is fast so the interview will seem normal, with a short break, change of interview rooms, different staff needed, shift change.
All cover to sort what was found. Or wonder why nothing useful has been found...
If nothing is found is the person in a cult or member of some faith group? Often used as spies as they have no normal online past?
A citizen might walk free hours later but how interested are local/federal officials in that person now?
If a person is not a citizen, one lie and the paperwork is different. A flight back to their own nation.

Re:Dumb Idea, Seriously

[Opportunist]

2). Travel under the name Joe/Jane Smith and claim you never use social media. Ever. For anything!

Smart move. Where do I get a passport that says I'm Joe Smith?

4). Boot into a fake, but plausibly real looking environment, with nothing interesting on it. Load it to the gills with internet cat videos and nothing more;

I'd load it with gross but legal porn. Give them something to vomit over. Lemonparty or Tubgirl... gee, if I only could decide...

Or just

[The+Cisco+Kid]

don't bring any devices with you, and if someone asks for your Facebook password reply with "Whats a face book?"

Re:Or just

[Moof123]

In the end, the internet is a messy place for sensitive secrets. We have reached the point where it is best not to document anything provocative (or potentially twisted by a warped mind wearing jack boots into appearing provocative) on the internet. Big brother is in full force. Love him, or else.

Re:If you have "travel mode" on

[Opportunist]

"Traveling around the world" means more and more "Traveling all around, but also you go around the USA if you at all can."

Re:If you have "travel mode" on

[myowntrueself]

Because Travel Mode is an indicator that you've got something to hide, and thus, must be using social media to send encoded terrorist messages.

Sometimes I think terrorists are just nature's way of weeding out the violent and stupid- especially suicide bombers.

For one thing, there has to be something for them to see, so they don't see a blank slate and, on that basis, assume you have something to hide and probe you ever more deeply.

Clearly if there were going to be a 'Travel Mode' it would have to be very very well hidden.

When I'm travelling I wipe the phone, factory reset it, and then set it up with my work account instead of personal. That way there are contacts and emails etc but its only work related. My work isn't sensitive so I don't care. But it looks like it has stuff on it so it gives the security guys a nice satisfying experience.

This is not a technological problem

[gweihir]

It is a political one. If you travel to a country where they can demand your passwords, they can do equally bad things to you if you have a "travel-mode" configured. The problem is that they can demand your passwords. In a country that respects personal freedoms, that will not happen. Unfortunately, the citizens of most democratic countries are too unaware of history today to understand the value of those freedoms and how hard it was to get them and are not defending them. If you go to such a country, having them look at all your social media stuff from the inside may be the only option. Whether you want to go to a country run by honor-less and decency-less "authorities" that do these things with the general consent of the citizens there is another question.

Incidentally, doing a "travel mode" is easy: Create long random password that you cannot remember, write it down, set it as your account-password and leave the piece of paper it is on at home. Done.

Re:Visitors have no right to privacy post-911

[mi]

The safety and security of the homeland trumps your so called privacy every time

Maybe, it would have if it actually helped. But it is so trivial for anyone to bypass the entire problem — such as by resetting their phone when the plane is landing and restoring from the cloud after checking-in to their hotel — that no terrorist will be thwarted by this.

If any, the safety gain will be temporarily while the lost liberty — substantial. Do the words I just used remind you of a quote by one of the Founding Fathers? They better...

STAY HOME.

During Obama's last fiscal year, the practice quintupled — and is targeting not only foreigners, but US citizens as well. Surrendering your privacy to a random guard's unfounded suspicions or hunches shall not be a condition for returning home.

Re:If you have "travel mode" on

[JustNiz]

> just nature's way of weeding out the violent and stupid

Yeah but its also society that is to blame for their existence in the first place. We have already invented and enabled massive mechanisms (such as religion and governments) that systemically hide the real truth, suppress free speech and use education/media as brainwashing mechanisms expressly in order to keep us "little people" ignorant and distracted with crap like social media or with fighting each other, and therefore completely controllable.

Re:Dumb people have dumb ideas

[OhPlz]

Why we would vote for people that want to make it easy for terrorists to enter the country?

Re:If you have "travel mode" on

[Kjella]

Because Travel Mode is an indicator that you've got something to hide, and thus, must be using social media to send encoded terrorist messages.

Maybe, but most likely they'll just see you as another nuisance maker trying to make their job difficult. And in their opinion it's important, valuable, patriotic and you're either non-American or one of the wusses they defend. I'm sure the TSA system has some informal way to shitlist a person so he'll get picked for extra security screenings, luggage checks, extended questioning, "problems" processing forms etc. so any kind of solution that lets the TSA know you're trying to obstruct or evade them is kinda a non-starter.

Sometimes I think terrorists are just nature's way of weeding out the violent and stupid- especially suicide bombers.

I think we'd run of places to blow up before we'd run out of violent and stupid people. Also, most of them manage a pretty solid kill:death ratio so if 50 people of average intelligence dies and one nutjob the average doesn't move much at all.

Re:wow you are incredibly stupid

[mi]

notice that the free and used hard drive space doesn't match the total on the drive sticker

Logging-in with a duress code to your laptop should trigger removal of whatever it is you want to protect (whether it is encrypted/hidden or not).

It is a reasonably fast operation and, after it is over, the diskspace will match... The only way to prevent it would be for the compelling party to confiscate the laptop and attempt to unlock it themselves. That method is way too tedious to be used in a dragnet, however...

Re: wow you are incredibly stupid

[mi]

It wont be to hard for them to ask you for both passwords, you know

AFAIK, they don't ask for password. They ask you to "please, enter your password"...

How would you implement this?

[Torodung]

Great so you set "travel mode." And then what? Lock it with a different password? The TLA involved will just ask you for the credentials to turn off travel mode.

Or do you set a time period with no way to turn it back off if you make a mistake? That doesn't sound like a very good idea.

The only way to avoid exposure is to not have social media accounts, or have shell accounts that you log your phone into when you travel. That's your travel mode.

Re:How would you implement this?

[Ksevio]

You say "I'm traveling from the 14th to the 21st, travel mode should cover those days", then you click the "confirm" button and if you made a mistake, you have to wait a bit. That sounds easier than your option.

There already is a mode that works

[SoundGuyNoise]

It's called the "Logout" button. It's an amazing privacy feature.

Re:If you have "travel mode" on

[ColdWetDog]

Maybe, but most likely they'll just see you as another nuisance maker trying to make their job difficult. And in their opinion it's important, valuable, patriotic and you're either non-American or one of the wusses they defend. I'm sure the TSA system has some informal way to shitlist a person so he'll get picked for extra security screenings, luggage checks, extended questioning, "problems" processing forms etc. so any kind of solution that lets the TSA know you're trying to obstruct or evade them is kinda a non-starter.

They're only going to care if you're wrapped head to toe in a Burka or tin foil. And then only maybe.

You do realize that the VAST majority of TSA employees are just trying to get through the day. That includes middle and upper level management. Yes, they realize that most of what they do is security theater - at best - but they still have to do it. Showing up with a blank computer / no social site logins / stupid T shirt or bizarre attitude isn't going to faze them nor will it put you on some magical shit list.

You aren't a special snowflake. Just a random, generic one. And when you melt, no one will care. Get over it.

Re:Implying social media isn't already owned by CI

[ColdWetDog]

You can powerwash a chromebook? Cool. I'm going to have to look into one of those.

Travel Mode Won't Help

[Striek]

The problem isn't just that the ask for passwords. The problem is also that they save them for later use.

http://www.dailyxtra.com/canad...

A month later, André attempted to fly to New Orleans again. This time, he brought what he thought was ample proof that he was not a sex worker: letters from his employer, pay stubs, bank statements, a lease agreement and phone contracts to prove he intended to return to Canada.

When he went through secondary inspection at Vancouver airport, US Customs officers didn’t even need to ask for his passwords — they were saved in their own system. But André had wiped his phone of sex apps, browser history and messages, thinking that would dispel any suggestion he was looking for sex work. Instead, the border officers took that as suspicious.

All the "travel mode" protections we can think of will be useless, unless it also forces a password change. And we all know how often that happens.

As so many other commenters have pointed out, technology is not the problem here. The laws allowing it (or the lack of laws prohibiting it) are the problem.

Re:wow you are incredibly stupid

[Opportunist]

Yes, a large portion of that hard drive is not partitioned yet. Didn't need it yet, it's probably filled with random stuff from the last wipe.

Re: wow you are incredibly stupid

[Opportunist]

What second password are you talking about? There is none.

Part of having a good duress password is not having to have one to make whatever you're using work in the first place...

You appear to be advocating...

[drinkypoo]

You appear to be advocating for a technical solution for fascism. The problem is, the fascists have better rubber hoses. Also, if it can't be turned off, then it can be used to grief people; if you can get them to turn it on, whether by owning their account or by tricking them, and they can't turn it off, that's beyond inconvenient.

Foolproof solution

[ronmon]

Don't use that crap. It's nothing more than candy to lure you into the paedophile's van.

So you say you can't live without your beloved Facebook, Twitter, Instagram, etc? Well, some people think they can't live without heroin, cocaine or oxycontin. That's your fucking problem and I have no sympathy.

Really?

[hackel]

If they can force you to give them your password, they can just as easily force you to deactivate any kind of "trip mode." This is just silly.

Inherent Safety

[sdinfoserv]

How about stop putting private information on social media....AND when you're traveling, pay attention to the foreign place over the virtual one....

Take a vacation from your social media

[enjar]

Log out, remove it from your device and actually be fully present for your trip. The world's a fascinating place, experiencing it through a four inch screen really doesn't do it justice.

Travel mode, AKA...

[fyngyrz]

My phone has a global "travel mode", AKA "Airplane mode."

IOW, I just disconnect when traveling. Also when sleeping. And working.

The Internet in all its various forms and guises serves me. Not the other way around. If it's not that way for you, you need to stop selling death-sticks, go home, and rethink your life. Go on. Go.

Mail your devices home?

[Sheik+Yerbouti]

I was thinking as a work around to this how about just overnighting your electronics to the house? Mostly just as an FU.

Re:Implying social media isn't already owned by CI

[AHuxley]

US gov, federal police, city, state, public/private partnerships, private groups will have collected everything in real time over the years.
A face that finds past use with facial recognition would re build any past social media use.
Politics, parties, friends of friends, funding, support, groups, leaders, other nations, work, holidays.
All a more secure mode hints at is a person knows they will be questioned and tried to quickly hide their digital pasts.
If they are a citizen, expect questions and every device to be searched, cloned, copied, any deleted files on a camera card recovered, any encrypted files systems detected. A few different request for a password.
So a citizen will get to walk out after a few hours of repeated questions, requests for a password, but their need to hide would have been added to a few databases. Any interesting devices will be examined, returned over days or weeks.
What did that person do? Why is that person interesting? Images/gps from another nation they visited while on holiday but had no paperwork for? Why hide the account?
Not a citizen? The interviews go on until the first lie. Deport.

Re:Dumb Idea, Seriously

[AHuxley]

AC any use of encryption or a different OS mode, encrypted file system can be detected.
With the US gov paying, that software is easy to buy and fast to scan any device for can encryption or hidden accounts or a mode setting.
The encryption will hold but the use of such efforts will be found.
If your a citizen the question will be what files are been hidden? Decrypt and its all good...
The use of a flight mode will then be a chat down about hiding digital photos using cryptography. Still feel the need to hide the photos? Is it the gps and the location in an interesting nation? An interesting person is in one of the images? How many photos are been hidden in that device using that "travel" mode?
Need a lawyer? Time to talk to US law enforcement to start an investigation in the US? The US legal system is ready 24/7 with the needed paperwork. Send the device for more detailed examination to find what image files are been hidden?
The US citizen walks free, the device is returned days, weeks later.
Was an investigation opened? Home computer? ISP logs?
What do the ISP logs show? A lot of https searching for hours? Finally some http ...


If not a US citizen, thats a few lies, time to return to your own nation again.

Paperz!!

[easyTree]

I was tempted to say that you need new laws which protect your right to privacy but maybe technical solutions to government nosiness are the way to go.

Multiple accounts?

[bazorg]

The idea of duress passwords sounds right, but requires some changes to the device/software.
If we simply keep another account of the same type that authenticates with the device and syncs to a different set of contacts, map history, browser history, then it should be as plausible as what the security guy finds on the account for someone who is not a very regular user of the "smart" part of their phone.

Re:If you have "travel mode" on

[myowntrueself]

It must be really fun going through life with such constant paranoia. Taking such drastic and inconvenient measures means they (the terr'rists or the gov'mint, take your pick) have already won.

I don't travel that often. When I do travel this is really not an inconvenience, you are totally exaggerating.

I think I got dumber reading that...

[NateTech]

Let's break it down...

"We need a 'trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers."

If you don't want things in public, don't put them on social media.

"Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home."

No it wouldn't. The oligarchs who want the data will just get it via other means. "Giving passwords at the border" is a convenience for them, but not the only way to get the data. And what are these "additional threats to privacy"? That's just meaningless add-on to the sentence. You created the threat to your privacy when you posted the information in public.

"Both Facebook and Google make lofty claims about user safety, but they've done little to show they take the darkening political climate around the world seriously."

Facebook and Google never have and never will care as much about your privacy as you do. They MAKE MONEY off of mining your information! And another meaningless sentence add-on... "darkening political climate"... huh? When did governments stop wanting information on travelers, ever?

"A 'trip mode' would be a chance for them to demonstrate their commitment to user safety beyond press releases and anodyne letters of support."

And it would be a false sense of security. All it takes is a subpoena or a claim that you're a "terrorist" to get any social media company to quite-willingly hand over whatever law enforcement wants, without you even knowing about it.

"What's required is a small amount of engineering, a good marketing effort, and the conviction that any company that makes its fortune hoarding user data has a moral responsibility to protect its users."

Or just stop feeding them user data.

"To work effectively, a trip mode feature would need to be easy to turn on, configurable (so you can choose how long you want the protection turned on for) and irrevocable for an amount of time chosen by the user once it's set. There's no sense in having a 'trip mode' if the person demanding your password can simply switch it off, or coerce you into switching it off."

They can switch it off whenever they like... it's called a subpoena. You're fixing the wrong problem putting a "mode" in the user front-end. What's needed is encryption on the back end and even the company "hoarding" the data you willingly gave them NOT being able to read it at all, which... obviously isn't their business model...

The key thought here is, you do NOT need social media. No one NEEDS social media. Whatever you GIVE WILLINGLY to a company about yourself is easily accessed by anyone who can even hint that you are some sort of "threat" to anyone in society. No "mode" will fix that. Just STOP providing the information if you don't want it seen by everyone.

Re:wow you are incredibly stupid

[toddestan]

Given their current abuses of power, they would think it perfectly fine to detain someone who they thought might be using a duress password until that person coughs up their "real" password. Whether or not they would know for sure wouldn't be important to them.

That's why even though these technical solutions are nice, the only way to solve the real problem is to stop these abuses of power.

Re:Dumb people have dumb ideas

[OhPlz]

We're Americans, they're not. That's the point. If we choose to admit others, that's our choice, but nothing compels us to do so. We certainly shouldn't do so when it's a threat to national security. Attitudes like yours are why people are getting molested by the TSA for exercising their right to travel. That is a violation of the Bill of Rights, you fuckstick.