Wrapping up our Tor exits pilot, and what’s next for this initiative

The following post is by Chuck McAndrew of Lebanon Public Libraries, and Alison Macrina of Library Freedom Project. Each section is labeled with its author.

Completing the Tor exits pilot at Lebanon Public Library – Chuck and Alison

On Friday, November 6th, we turned the Lebanon Public Library’s Tor non-exit relay into an exit — thus marking the completion of a project that started small, but grew to international prominence late this summer after a now infamous failed attempt at intervention by the Department of Homeland Security. After the community responded overwhelmingly in favor of the relay, and the excitement died down, those of us from Lebanon Public Library and Library Freedom Project were left with the more mundane work of completing the pilot. Turning the middle relay into an exit was an entirely unremarkable process — just a simple edit to a configuration file, and then a reload of the Tor service. What’s remarkable, however, is the symbolic significance of this pilot: it marks the first time that a public library has ever hosted a Tor exit relay. And it’s means that Library Freedom Project’s Tor relay initiative pilot phase is officially a success. The path to achieving this milestone has certainly been an interesting one, and Lebanon Public Libraries has been honored to participate and lead the way for other libraries. Now, Library Freedom Project encourages other libraries to join this initiative, and so Chuck (of Lebanon Public Library) and Alison (of LFP) co-wrote this blog post about our pilot experience in the hopes that other libraries will be inspired to do the same.

Why a Tor exit relay? – Chuck and Alison
Libraries have long been guardians of privacy and intellectual freedom for their communities; these values have been in the American Library Association’s Code of Ethics since 1939, and library patron privacy is codified into many state laws, including Lebanon Public Library’s home state of New Hampshire. Today, the freedom to read means more than just providing access to books; it means protecting people’s right to freely access information — in both physical and digital spaces. The Tor network provides strong protections for online anonymity and privacy, allowing people to read, write, and research without the chilling effects of surveillance. By participating as one of many volunteer relay operators in the Tor network, Lebanon Public Library continues the library tradition of protecting people’s privacy while helping make Tor strong. For more on why we started the Tor relay initiative, read our original announcement post. Lebanon Library’s Tor exit relay is only the beginning of their privacy protections for patrons: they’re offering GNU/Linux computers with Tor Browser, Firefox with privacy-protecting extensions, classes on increasing online privacy, and more.

How did we make this happen? – Chuck
From the start of this pilot program, the Library Freedom Project has been outstanding at providing us with support. On the technical side of things, Nima Fatemi (Library Freedom Project technologist and core member of The Tor Project) has been an amazing resource. He has guided us on the setup of the relay, provided security suggestions, and helped with our network setup. Much of what we ended up doing was at Nima’s suggestion, and it has worked out extremely well for us.

Nima and Alison traveled up to New Hampshire to help us setup our relay. We initially set it up on an old desktop computer that I had. It worked perfectly fine on that, but I was bothered by having an old desktop sitting in my LAN room. In the end, I decided to change it over to a virtual machine. It has been sitting on my server chugging away ever since. I am a huge fan of virtualization whenever possible and it has worked out very well. Anyone with the knowledge to set up a virtual machine shouldn’t have much trouble making this work. However, it doesn’t take a real server to run a Tor relay.  Most desktop computers are perfectly capable of doing so.

One of the big concerns that we had going into this project was that it not impact our current level of service to our patrons. Our main worries were making sure that the relay didn’t take bandwidth away from our patrons and that nothing about the Tor network impacted our patron’s ability to surf the internet. Some websites do not like Tor traffic and will block any IP address that is associated with a Tor exit relay. Before we converted our relay to an exit relay, we wanted to make sure that Tor traffic went out on a different IP address than our public internet to avoid any possible problems, and Nima was helpful in ensuring that this all happened smoothly.

Happily for us, setting up this relay coincided with some changes to our network which we had been planning for other reasons. In the end, taking Nima’s suggestions and working with local open source advocate Bill McGonigle from BFC Computing, we were able to significantly improve our network and lower our operating costs. Initially, we had two lines coming in to our library. One was for the public internet and the other for the staff. We were able to drop one of those lines by introducing a pfSense firewall. This allowed us to safely firewall off the Tor relay and send Tor traffic out its own IP address (our account already had a 5 IP bundle). This also helped alleviate our second concern. The pfSense firewall allowed us to monitor how much bandwidth was being used by each interface. This helped us to donate as much bandwidth as we could while ensuring that our patron’s web browsing was unaffected. Having the data provided by pfSense was a great help to us.

Although there was a cost involved with bringing Bill in to help us change our network setup, it was offset by the cost savings of being able to cancel one line. I now feel very confident that we have a secure, easily managed network that provides me with lots of information about what is going on on our network. Setting up your network to securely accommodate a Tor relay is potentially the most expensive part of this project.  How costly (or if there is any cost at all) will depend on the library’s current network setup and level of in-house IT knowledge.  Other libraries participating in this project can rely on the expertise of LFP staff to ensure that your relay won’t impact current services.

Lessons learned – Chuck

This project has been a success in many ways. We are strengthening the Tor network by hosting an exit relay. We are benefiting people all over the world who need privacy and anonymity. We are living up to the core values of librarianship.  We also have once again proven the relevance of public libraries in the digital age.  We have started a conversation about privacy in our community and used that to educate our patrons about many of these important issues.  That is all to the good, but we did learn many lessons along the way. If we were starting over, there are some things that I would do differently and some lessons that I am glad to have learned.

Lesson 1: Engage the community from the start.

When our library received push back from law enforcement it was largely due to our amazing community support that we were able to proceed.  We are extremely thankful that they came out and let it be known that these were important issues to them. However, it would have been better if we had engaged our community prior to starting this project.  If we had been able to point to the strong community support we had, we could have avoided a lot of uncertainty during this project.  We started this project because we felt it was important and felt that it would be important to our community.  In the end, we were validated, but it would have been very nice to know for sure before hand.

Lesson 2: People care about privacy.

It is a common narrative that privacy is dead and/or most people don’t care about privacy. This is wrong. People do care about privacy and intellectual freedom. People often feel powerless in the face of pervasive surveillance by huge corporations and national governments.  If you have no realistic way to defend yourself, the sane thing to do is to accept the situation.  However, a very different picture emerges when people start to learn about tools which are easy to use and that give them the power to enforce their privacy. All of a sudden you have people from all walks of life who are very interested in these issues.  The problem isn’t that people don’t care, it is that they are being told over and over that there is nothing that they can do about it. Projects such as this one show people that there is hope. People find that extremely empowering. No one is saying that people shouldn’t be able to share whatever they want online.  With social media, people share all kinds of information about themselves.  What we are saying is that people should be the ones who get to control what information is shared about them.  This message is very powerful, especially when combined with education about how to achieve it.

Lesson 3: You can have an impact.

Technology is a powerful tool. It can be intimidating, and even overwhelming, but it can also let you do amazing things. Compared to many libraries across the country, the Lebanon Public Libraries are a small system. If you would have told us two years ago that we would be involved in an international conversation about privacy and intellectual freedom, I am sure that many people here would have laughed. But, thanks to the support of our community, we are. You don’t have to wait for someone bigger, or better funded, or more important to do something. Everyone has the ability to make an impact.

What’s next for the LFP Tor relay initiative? – Alison

After all of the excitement after DHS and the local police tried to intervene in the pilot project, we ended up with more attention to this project than we initially anticipated, which created a bottleneck for LFP staff. We’ve finally emerged on the other side and have been planning out our next steps, including creating a resource packet of ideological, legal, and technical resources for our interested libraries. We’ve heard from libraries across the US who are interested in participating, and our network of free software technologists and advocates all over the world are busy setting up their own relay initiatives with local libraries — in places from Sweden to Australia. Very soon, we’ll be making a big announcement with some good news about the relay initiative and its future, but in the meantime, interested libraries can contact us for more information by emailing exits (at) libraryfreedomproject (dot) org. Thanks to everyone for all of their support for Lebanon Public Library, Library Freedom Project, and our Tor exits initiative. Our success is due in part to our amazing community.

My library blocks torproject.org!

Oh no! Please feel free to share the below letter with them, either in the original or with modifications (please honor our CC-BY-SA 4.0 license).

We noticed that you don’t allow access to ‘torproject.org’, which prevents users at this library from downloading the Tor Browser. We’re writing to kindly ask if you’ll reconsider this position. The Tor Browser is software that allows users to browse the internet without being tracked by companies or spied on by government agencies. It also helps people stay safe and secure from any malicious persons who might be observing their network traffic or trying to determine their location.

Tor Browser is made by the The Tor Project, a nonprofit organization, and its software is free for downloading by anyone. Tor is used by human rights activists, diplomats, journalists, and others who value privacy. Journalists in repressive countries use it to publish their work without fear of government surveillance, censorship or persecution. Domestic violence survivors use it so that they cannot be tracked by their abusers. People in African countries like Zimbabwe and South Africa use it to report poaching of endangered animals without fear of retribution. Tor is a powerful tool for unfettered intellectual inquiry, one that the United Nation’s Special Rapporteur on the right to freedom of opinion and expression recently stated should be “protected and promoted” [1]. Human Rights Watch recommends Tor for human rights advocates in their report about censorship in China [2]. Reporters Without Borders suggests that journalists and bloggers all over the world should use Tor to keep themselves and their sources safe.

The Tor network has also found support in high places in the US government. The anonymizing technology Tor provides is based upon research designs originally developed by the US Navy and
others. The Tor Project receives funding from the US State Department to develop, maintain, and promote this democracy-enhancing technology [3].

Libraries have always protected democratic ideals like intellectual freedom and privacy, and fought against censorship. Tor is a vital service to a more democratic digital age. We ask that you please consider the many people who benefit from access to Tor Browser, and please allow your users to access ‘torproject.org’.

Thank you for your consideration,

Library Freedom Project

[1] https://www.documentcloud.org/documents/2089684%C2%ADun%C2%ADencryption%C2%ADreport%C2%ADspecial%C2%ADrapporteur%C2%ADon.html
Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye
[2] https://www.hrw.org/reports/2006/china0806/ Race to the Bottom: Corporate Complicity in Chinese Internet Censorship
[3] https://www.torproject.org/about/torusers.html.en Who uses Tor?
[4] https://www.torproject.org/about/sponsors.html.en Tor Project’s sponsors

New resource: mobile privacy toolkit!

Hey there campers! We’ve just added a new mobile privacy toolkit to our resource list. At that link you’ll find slides and links to all the tools discussed. Eventually, we hope to have a teacher’s guide along with those slides, but for now, the best way to understand the tools is to download and use them yourself! These materials, like everything else we share, are licensed under the Creative Commons CC-BY-SA 4.0 International License. You can use it as is, or fork it to teach your own privacy class. Enjoy!

Juice Rap News: The Internet

Over here at Library Freedom Project we’re HUGE fans of Juice Rap News, the Australian rapping news show that’s taken on issues from police brutality to climate collapse. The most recent Rap News is our favorite one yet: THE INTERNET. Enjoy!

Guest post: Radical Librarians Collective CryptoParty

Editor’s note: We’re pleased to continue our series of guest posts with one from our good friends of the UK Radical Librarians Collective. RLC’s incredible work organizing librarians across the UK and Ireland is a great inspiration to us at LFP, and so we’re especially excited to share their experience of running a local CryptoParty and implementing some FLOSS technologies in their work. We hope it will encourage other librarians and affinity groups to do the same.

In 2013, the public learned of extensive programs of corporate and state surveillance operating through the web and internet technologies that have become embedded in our lives. Data about citizens and consumers is routinely harvested, retained, traded, and examined without the informed consent of the public. Thanks to the leaks of Edward Snowden, subsequent revelations about the UK’s TEMPORA Project, the UK Government’s proposed ‘Snooper’s Charter’, and the more recent “extremism clampdown” in UK Higher Education, surveillance is known to be a widespread embedded practice that restricts our freedom in a variety of ways. The more aware we are of this, the more we can defend ourselves.

Continue Reading…

Guest post: Privacy — who needs it?

Continuing our guest blogger series is Zak Rogoff, campaigner at the Free Software Foundation, who also blogs over on his personal site. Zak is a friend of LFP and a rad tech activist, and we’re jazzed that he agreed to write the following post about why all of us need privacy, example threat models that can help us understand this need, and strategies we can use to fight back.

Privacy — who needs it?

By Zak Rogoff

@zakkai

The benefits of online privacy can seem intangible. So what if someone on the Internet knows what someone else is doing on the Internet? But for many people (potentially including you or people you know), privacy tools are a shield from very real and immediate threats. Let’s meet seven of them:

Continue Reading…

The Library Digital Privacy Pledge

We’re excited to announce a new Library Freedom Project initiative, the Library Digital Privacy Pledge. Together with Eric Hellman (of Gluejar/Free Ebook Foundation/GITenberg/general notoriety in the library world), we’re asking libraries and vendors to help protect reader privacy by moving their services to HTTPS. I’ve written about why this matters, and EFF’s Jacob Hoffman-Andrews has done an even better job making the case. For even more info on the what, why, and how of this pledge, check out our FAQ. We’ve already got some amazing charter libraries and vendors signed on, and we’re hoping that many more will follow suit. Join us in protecting patron privacy by emailing pledge(at)libraryfreedomproject(dot)org!

Libraries, Tor, freedom, and resistance

It’s been an exciting couple of days at Library Freedom Project. ProPublica broke the story of the Department of Homeland Security and the local police in New Hampshire intervening to try to shut down our Tor relay pilot at Kilton Library. We responded to this law enforcement harassment with a public letter of support for the library, signed by a broad coalition of organizations and individuals, and linked to it in an even bigger petition on EFF’s website. That petition has received over 1700 signatures in 24 hours, and media attention continues to increase (we’ve gotten coverage on EFF’s blog, Motherboard, and the Concord Monitor, just to name a few). Kilton Library has received dozens of supportive emails and calls, and the conversation on social media has been popping off — this incident has engendered a robust discussion around libraries and free expression, how we can publicly commit to those ideals, and how hard we should fight back when challenged. It’s also catalyzed a number of libraries to get in touch with us about participating in the exit relay project — talk about the Streisand Effect!

We’re amazed at how this has resonated with our broader community, and how much support we’ve received — librarians, privacy advocates, technologists, and more — and things are only just getting started. Nima and Alison, along with Devon Chaffee of the ACLU of New Hampshire, will attend Lebanon Libraries board meeting on Tuesday, September 15th, at 7 pm at Lebanon Library (the other branch of Lebanon Libraries). We hope to see members of the local community come out to that meeting and show their support for Tor, free speech, and free libraries. Supporters should also sign our petition to show the library that they have global support. For updates, keep an eye to Twitter: Alison is @flexlibris, Nima is @mrphs, and we are all at @libraryfreedom. After Tuesday’s meeting, we’ll update our community with the results of the board’s vote. Thank you all for your support, and for helping us fight the good fight. Resistance is possible when we all join together.

Guest post: How I set up GNU/Linux at my library

We’re really excited to share another post in our ongoing series of privacy success stories from librarians across the country. Today’s post is from Chuck McAndrew, IT Librarian at the Lebanon Libraries in Lebanon, New Hampshire. You might remember Chuck as the librarian with whom we worked to set up our Tor exit relay pilot just a few weeks ago. During our visit to Lebanon, we checked out Chuck’s fantastic GNU/Linux PC environment, and begged him to write up a why-and-how-to guide for this blog. We’re thrilled that he was gracious enough to oblige.

One quick editor’s note: at LFP, we try to make use of Free/Libre and Open Source Software (FLOSS) whenever possible. The GNU/Linux distribution that Chuck uses is not totally “free”, hence his use of “open source” and not “FLOSS”, and some proprietary drivers and things like that were necessary to preserve the user experience. But we’re in agreement with what Chuck writes below: stepping away from completely proprietary software is a huge step for a library — especially considering how many libraries are dependent on restrictive Windows environments — and ideological purity around perfectly “free” software ignores the usability issues that sometimes come with free software. Chuck’s helping his patrons use software that’s more free than anything most libraries are using, and we think that’s pretty impressive.

We hope Chuck’s success and his helpful how-to guide will inspire other librarians to introduce GNU/Linux into their libraries. Got your own success story to share? We’d love to hear it.

Open Source Patron Computing

How I set up GNU/Linux computers for patrons in my library

Why open source?
Providing internet access to the public has come to be an important service that libraries provide, but it can be quite a challenge to do so in a secure, cost-effective way. Maintaining patron privacy on a shared, public computer is one of the problems that librarians face every day.

When I came to my current job, we had Windows computers with expensive, proprietary software to roll back any changes that patrons made. This software had many problems from my point of view. Not only was the cost a problem, but it actually allowed monitoring of what our patrons were doing online at any time. This is a huge privacy problem.

Additionally, the software was set up in such a way that it undid any updates except for Windows updates. This created major security risks as it forced our patrons to use old and vulnerable versions of Flash, Java, Chrome, Firefox, and more. My solution to all of these problems was to switch to an open source platform for our patron computing.

I have been an open source enthusiast for many years now in my personal life, but this was the first time that I had the opportunity to bring it into my professional life. It was exciting to be able to prove many of the arguments that I had been using to advocate for switching to open source software.

Continue Reading…