1Password's new travel mode locks you out of your accounts while you're travelling and crossing borders


#1

Originally published at: http://boingboing.net/2017/05/23/logins-all-the-way-down.html


#2

I am wondering how it plays out when a typical border guard asks you to enter your password and you have to tell them (possibly in the absence of a shared language) that you literally can’t. If the local law says you have to give your password, this seems like chaining yourself to a courthouse – you might decide to do it, but it’s a whole different level to, like, writing to your representative.

I mean, 1Password is the kind of software my mother might theoretically use and I would be slightly concerned if she had this setting turned on.

(ETA: oh, it actually says you can turn it off by entering your password. Though I’m not sure what the point is in that case)


#3

I wonder if they could just set it to uninstall/reinstall at preselected intervals? Or based on location.


#4

I wonder if they’ll still be in business when the Trumpocalypse comes? Right now, nobody is demanding my passwords.


#5


#6

The horror… the horror…


#7

We started working on this feature after reading Basecamp’s International Travel Guide: https://github.com/basecamp/handbook/blob/master/international-travel-guide.md

The idea is to remove the data that does not belong to you – company admin passwords, SSH keys for remote servers, code signing certificates, etc. Until now, many teams had to suspend their team members or even completely remove them from the 1Password team until they cross the border. Travel mode makes it a bit easier and also allows you to keep access to less sensitive information with “Safe for Travel” vaults.

The travel mode has to be activated through the web admin interface. There is no way to access it (or see the current status) in the apps.

Roustem
Founder of AgileBits and 1Password
Toronto, Canada


#8

And so the crypto cat and mouse game continues. I still like the idea of Paranoid Linux.

I’d love to have a false account on my phone and computer where they log into a dummy account if I enter a different password, but once that starts to get publicized, the 4th Amendment violators will just copy the whole thing and crack it at their leisure.

What’s the next conceptual step? Steganographic accounts where you log into a random discussion forum but it’s actually a secret email account interface?

It all feels silly to a certain degree (a la https://xkcd.com/538/), but all it takes is a few newsworthy violations on YouTube and Reddit to spark more interest in pushing back against the Panopticons.


#9

“his methods have…become unsound.”


#10

The next conceptual step I think is to go offensive. Giving them codes which fulfil one’s “obligation”, but which they are informed will get them attacked if ever used. So it gets catalogued as data which becomes effectively useless, and disincentivizes its further collection.

The key is to give those who abuse the power of their office real direct consequences, rather than simply complaining about how unfair it all seems.


#11

I love the smell of laundered rubles in the morning… It smells like treason!


#12

Might be able to defeat this with VPN also, if the other end of the VPN is an IP address in an approved country.


#13

Shit, I just use keepass with a keyfile on an external usb stick (keepass has the option of using a master password, a keyfile, or both - needless to say I use both), and full-disk encryption with another keyfile on the same external usb stick (I use linux, so full disk encryption is via luks, which has the option of external keyfiles as well as passwords). So you need the external usb stick to both boot your own laptop and log in to any social media or whatever on any computer.

Exiting the US doesn’t seem to involve having your shit searched yet, so I leave the US with a usb stick with a copy of the keyfiles, and delete it and/or toss the usb stick before re-entering the US. ie I never enter the US with any keyfiles with me, so can’t be compelled to give them up without a subpoena.

If I was worried about a non-US country trying to do the same bullshit, or the US starting to search on exit, I might try something like mailing the usb stick with the keyfiles encrypted using one time pads or something, but I haven’t had that concern yet so haven’t really thought it through.


#14

deep pending should include iCloud not vulnerable ethics to re-install software antics

…in other history docs …I once asked them if they would be here in 25 years on


#15

Thanks, Roustem! I figured (and wrote) that you implemented this based on Maciej’s writing, and to be clear, I’m really glad to see tech companies working on this.

I take your point about only being able to unlock Travel Mode from a browser and not from the app, but I wonder about your threat-modeling here – is the thinking that a border guard won’t demand that a 1Password user login to the service using their mobile device’s browser to re-activate those passwords?

Generally, I think that border data privacy measures have to operate from the presumption that users make full and truthful disclosures to border guards (so if they ask, “Is there any other way you can get into these accounts for me?” you would tell them the truth about, for example, the browser-based re-activation) because the penalties for lying (or glossing the truth) to border guards are very severe – including trouble crossing all borders, potentially forever.


#16

Seems like it would help to have it with a combination of time and location based locking. “Don’t allow access even by me until X date and time and within a range of GPS coordinates a certain maximum distance from the hotel/office/home I am traveling to.”


#17

Thank you, Cory!

You were right about Maciej’s post, I do remember reading it a while ago and we even use the “Travel Mode” name! I am guessing Maciej planted the seed and it took time and help from others to get this project going.

The Travel Mode in 1Password is a convenience feature. Everything it does, you are able to perform manually and people already do that when crossing the border — they delete emails, photos, confidential documents, sign out of iCloud and Dropbox, etc. I recently attended DockerCon in Austin, TX. I had to remove all AgileBits passwords, SSH keys, and codesigning keys from my laptop and then add it all back. I have full admin access to many of our services and a lot of damage could be done if admin passwords get into the wrong hands. It took at least an hour to configure my laptop and iPhone.

There are many suggestions about refusing search completely or providing a fake account. However, dealing with people who have so much power over you is stressful and intimidating and open confrontation is not an option for everyone. The Travel Mode makes it easier to comply with the search request and limit the damage. For example, I have both personal and company information in 1Password and while I do not mind giving access to my Facebook account, the company information does not belong to me. If asked, I will admit that Travel Mode is enabled but I won’t be able to comply with the request to disable it. It is also important that if my devices are confiscated or cloned, the company information won’t be there.


#18

This topic was automatically closed after 5 days. New replies are no longer allowed.