resources - Library Freedom Project

My library blocks torproject.org!

Oh no! Please feel free to share the below letter with them, either in the original or with modifications (please honor our CC-BY-SA 4.0 license).

We noticed that you don’t allow access to ‘torproject.org’, which prevents users at this library from downloading the Tor Browser. We’re writing to kindly ask if you’ll reconsider this position. The Tor Browser is software that allows users to browse the internet without being tracked by companies or spied on by government agencies. It also helps people stay safe and secure from any malicious persons who might be observing their network traffic or trying to determine their location.

Tor Browser is made by the The Tor Project, a nonprofit organization, and its software is free for downloading by anyone. Tor is used by human rights activists, diplomats, journalists, and others who value privacy. Journalists in repressive countries use it to publish their work without fear of government surveillance, censorship or persecution. Domestic violence survivors use it so that they cannot be tracked by their abusers. People in African countries like Zimbabwe and South Africa use it to report poaching of endangered animals without fear of retribution. Tor is a powerful tool for unfettered intellectual inquiry, one that the United Nation’s Special Rapporteur on the right to freedom of opinion and expression recently stated should be “protected and promoted” [1]. Human Rights Watch recommends Tor for human rights advocates in their report about censorship in China [2]. Reporters Without Borders suggests that journalists and bloggers all over the world should use Tor to keep themselves and their sources safe.

The Tor network has also found support in high places in the US government. The anonymizing technology Tor provides is based upon research designs originally developed by the US Navy and
others. The Tor Project receives funding from the US State Department to develop, maintain, and promote this democracy-enhancing technology [3].

Libraries have always protected democratic ideals like intellectual freedom and privacy, and fought against censorship. Tor is a vital service to a more democratic digital age. We ask that you please consider the many people who benefit from access to Tor Browser, and please allow your users to access ‘torproject.org’.

Thank you for your consideration,

Library Freedom Project

[1] https://www.documentcloud.org/documents/2089684%C2%ADun%C2%ADencryption%C2%ADreport%C2%ADspecial%C2%ADrapporteur%C2%ADon.html
Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye
[2] https://www.hrw.org/reports/2006/china0806/ Race to the Bottom: Corporate Complicity in Chinese Internet Censorship
[3] https://www.torproject.org/about/torusers.html.en Who uses Tor?
[4] https://www.torproject.org/about/sponsors.html.en Tor Project’s sponsors

New resource: mobile privacy toolkit!

Hey there campers! We’ve just added a new mobile privacy toolkit to our resource list. At that link you’ll find slides and links to all the tools discussed. Eventually, we hope to have a teacher’s guide along with those slides, but for now, the best way to understand the tools is to download and use them yourself! These materials, like everything else we share, are licensed under the Creative Commons CC-BY-SA 4.0 International License. You can use it as is, or fork it to teach your own privacy class. Enjoy!

Guest post: Privacy — who needs it?

Continuing our guest blogger series is Zak Rogoff, campaigner at the Free Software Foundation, who also blogs over on his personal site. Zak is a friend of LFP and a rad tech activist, and we’re jazzed that he agreed to write the following post about why all of us need privacy, example threat models that can help us understand this need, and strategies we can use to fight back.

Privacy — who needs it?

By Zak Rogoff

@zakkai

The benefits of online privacy can seem intangible. So what if someone on the Internet knows what someone else is doing on the Internet? But for many people (potentially including you or people you know), privacy tools are a shield from very real and immediate threats. Let’s meet seven of them:

Guest post: How I set up GNU/Linux at my library

We’re really excited to share another post in our ongoing series of privacy success stories from librarians across the country. Today’s post is from Chuck McAndrew, IT Librarian at the Lebanon Libraries in Lebanon, New Hampshire. You might remember Chuck as the librarian with whom we worked to set up our Tor exit relay pilot just a few weeks ago. During our visit to Lebanon, we checked out Chuck’s fantastic GNU/Linux PC environment, and begged him to write up a why-and-how-to guide for this blog. We’re thrilled that he was gracious enough to oblige.

One quick editor’s note: at LFP, we try to make use of Free/Libre and Open Source Software (FLOSS) whenever possible. The GNU/Linux distribution that Chuck uses is not totally “free”, hence his use of “open source” and not “FLOSS”, and some proprietary drivers and things like that were necessary to preserve the user experience. But we’re in agreement with what Chuck writes below: stepping away from completely proprietary software is a huge step for a library — especially considering how many libraries are dependent on restrictive Windows environments — and ideological purity around perfectly “free” software ignores the usability issues that sometimes come with free software. Chuck’s helping his patrons use software that’s more free than anything most libraries are using, and we think that’s pretty impressive.

We hope Chuck’s success and his helpful how-to guide will inspire other librarians to introduce GNU/Linux into their libraries. Got your own success story to share? We’d love to hear it.

Open Source Patron Computing

How I set up GNU/Linux computers for patrons in my library

Why open source?
Providing internet access to the public has come to be an important service that libraries provide, but it can be quite a challenge to do so in a secure, cost-effective way. Maintaining patron privacy on a shared, public computer is one of the problems that librarians face every day.

When I came to my current job, we had Windows computers with expensive, proprietary software to roll back any changes that patrons made. This software had many problems from my point of view. Not only was the cost a problem, but it actually allowed monitoring of what our patrons were doing online at any time. This is a huge privacy problem.

Additionally, the software was set up in such a way that it undid any updates except for Windows updates. This created major security risks as it forced our patrons to use old and vulnerable versions of Flash, Java, Chrome, Firefox, and more. My solution to all of these problems was to switch to an open source platform for our patron computing.

I have been an open source enthusiast for many years now in my personal life, but this was the first time that I had the opportunity to bring it into my professional life. It was exciting to be able to prove many of the arguments that I had been using to advocate for switching to open source software.

Strong passphrases for privacy and security

Crossposted from Choose Privacy Week

I’m sorry to be the one to tell you this, but your password sucks. I know you use the same one for everything, and it probably contains some personally identifiable information – your dad’s birthday, your pet’s name, the year of your anniversary. Even if you think you’ve got a good password strategy, if it contains any kind of pattern – a famous quote, a song lyric – it can very easily be cracked. Consider how much access that password — the one you’re using for everything – gives to your private life. Whether you’re worried about exploits from criminal hackers or rogue government intelligence agencies, weak passwords put your private data at risk.

How to PGP-sign a message

So today I’m doing my monthly warrant canary update, which simply states that I’ve not received any government requests for information about people who have attended my workshops or visited my website (that last part would be especially difficult for the feds to demand — I don’t collect IP addresses or other personally identifying information about my site visitors). You’ll notice that my warrant canary message is wrapped in a PGP signature, which means that only someone in possession of my PGP secret key could have written it. PGP signatures are a useful way to show that the message was written by the intended author, and not tampered with or forged by an attacker. If someone were to gain access to my website and alter the message, the PGP output would read as invalid. I’m getting ahead of myself a bit though — I’ll show you what I mean by that in a moment. You can use a PGP signature to add a measure of security and verifiability to any message — it’s not just for warrant canaries — and I’m going to show you a simple way to do this in your console.