A "travel mode" for social media - after all, you don't take all your other stuff with you on the road


#1

Originally published at: http://boingboing.net/2017/02/23/ulysses-pacts-vs-cbp.html


#2

Now that is pretty heavy duty security. Don’t even bother checking, just assume your device is compromised and kill it with prejudice.


#3

I have 2 Facebook accounts. One where I post my opinion and the main one where I communicate with older relatives who spend their days posting cute cat pictures. Will remove all reference to one account when traveling out of the country.


#4

I’ve never had a Facebook account, but I’m currently (and with great reluctance and trepidation) considering signing up. There are other services I’d like to use that only allow you to sign up using Facebook, and apparently you can’t escape its privacy-invading clutches even if you’re not a member, but the stuff going on at the border in re: social media accounts is what’s really convinced me. I can easily forsee a day in the near future where not having a Facebook account to give up to an agent will be cause for suspicion at the border.

So while this “travel mode” idea is something I hope is instituted ASAP as a complement to my own pain-in-the-arse opsec, I’m wondering if anyone can point me to a Web site that has a constantly updated list of Facebook’s ever-changing privacy and security settings so I can limit access to the account as much as possible. Thanks in advance.


#5

What about a “burner” phone you just use as a…phone while on vacation?


#6

It would be irrevocable, so you couldn’t be ordered to disable it during a border crossing.

I don’t get it. It can’t permanently disable your account. Is there a password to unlock - which border guards could demand? If it’s a time-lock all they have to do is lock you up until it expires. Think they won’t? Even if you can only unlock it when your metadata says you’re home, that can be spoofed, can’t it?


#7

I’d assume there’s multi-factor. Metadata can be fairly hard to spoof, and companies don’t necessarily have to comply with gov requests to let them pass the spoofing. I mean, you’ve got GPS data, IP and routing data (sure, IP might match your work computer, but the route it’s taking looks nothing like the normal route, so someone’s playing silly buggers with routing)

Could also have other people verify that the person is back home. You have to call your mom and tell them you’re home and she can click something saying that you’re not traveling (or similar). There are good reasons to believe that this is resistant to customs officers (at least in the US), as it’d be compelled speech for them to have someone say you’re done traveling, and generally the government can compel silence, but not someone to say something.


#8

These stories keep reminding me of the Black Mirror episode, “The Entire History of You.” In it, people have implants that record what they’re experiencing, so they always revise past events and never forget anything. But in the story, in some incidental scenes, we see the implant’s contents being reviewed by a security agent at the airport and as part of a work review…

In the real world, the DIY Raspberry PI phone is looking like a really attractive option for traveling. They wouldn’t know what to do with it, if nothing else.


#9

Yeah that’s fine and dandy if you’re a US citizens.

CBP: "Oh you activated Travel Mode? Entry Denied. Kthxbye"
Mr. Business/SyrianRefugee: “…”

So we should trust US companies to protect us from the US government? Don’t think so. They already betrayed us once (Prism) … and if they don’t help voluntarily like the last time the US gov will force them with one of their secret star chambers.


#10

The whole encryption thing isn’t worth dick, if they can just demand your passwords.


#11

Well at least you KNOW that your data is being accessed and under what authority.


#12

That was my immediate thought as well. Any signs of hiding or withholding personal data will be seen as a red flag.


#13

Since we’re going this route: if they have a travel mode, why would they advertise that they are in travel mode? Part of travel mode would be defining the conditions that you can come out of it, and if the conditions are such that you couldn’t, why would they even show it?


#14

CBP: “Please show me the preferences. Oh you activated Travel Mode? Entry Denied. Kthxbye”


#15

FTFY.

(Post must be at least 6 characters; evidently quotes don’t count. Who knew?)


#16

How about not coming up with another circumventable technical solution and fixing the law instead?

Just a thought.

Frank Rieger wrote in 2005 “We’ve lost the war” and dated this to Sept. 10th 2001. But a lost war is not the end.

The challenge ist to bring change without ending up in a totalitarian system with extremely polarised groups fighting each other. Democracy needs to find an answer how, without ending up in populist bullshit, everyone can participate. It will be still important to delegate difficult and important decisions to representatives who are answerable to their conscience and who follow ethics rather than money. Freedom, and law upholding and limiting the individuals freedoms is the basis for this.

So, to change policy rather than introducing a “travel mode” is the challenge. For Google. For @doctorow. For you. For me.


#17

Again, why would it show this?

Because politicians like the power this gives them. Fixing the law permanently is tough. Unless you make the law redundant. In which case it’s a lot easier.


#18

One very important consideration when setting up your account: photos and such can only be tagged with your name if your name is registered with the site. So for example, one of my daughters has had a FB account since her early teens, which as you’ve noted is necessary – in her case, quite a lot of official college stuff works through FB now, which I find weird – but because her account is under a pseudonym her actual name is not attached to anything on the site.

If you have to use your legal name on the account for work reasons, use some variant that isn’t as identifiable. Your first initial only plus your surname, for example.


#19

How about a password app on your phone that unlocks your normal apps when you enter in your normal password, but that only shows innocuous default apps when you unlock it with your special alternate password? Then, when the border patrol asks you to unlock your phone, they can’t see anything damning or personal?


#20

Great tip. The face tagging was one thing I was concerned about. A pseudonym containing my initials should do the trick.