Alison Macrina, founder and director of the Library Freedom Project, was the star presenter at the June meeting of Minuteman Library Network’s (MLN) Teaching Technology Interest Group (TTIG). Alison’s presentation focused on a handful of tools that can be used in the library – on public computers, for example – as well as tools patrons (and librarians!) might want to use on their personal devices to increase their privacy from government and corporate surveillance.
The Library Freedom Project website has a “Privacy Toolkit for Librarians” section with dozens of additional tools. There are also slides available for the “Online Privacy Basics” class that Alison used to teach at the Watertown (MA) Free Library; these are under a Creative Commons BY-SA license (i.e. they can be used as long as proper attribution is given and any adaptations are available under the same license).
Here are the tools Alison highlighted at the TTIG meeting:
- Tor Browser: This alternative to Internet Explorer, Chrome, and Firefox offers true anonymity by using a number of relays throughout the world; your IP address may appear to be in France, Iceland, Germany, or anywhere else. Each tab that you open in the browser creates a new circuit. Websites can’t track you, and your browser isn’t tracking you either; it doesn’t remember your history (Alison calls this “ephemerality.”)
- DuckDuckGo: Unlike Google and Bing, this is “the search engine that doesn’t track you.” Google search keeps your data for at least 18 months, and Google, Yahoo!, Facebook, and other major internet companies have handed over information to the government before. DuckDuckGo offers private browsing and an escape from the “filter bubble” (watch author Eli Pariser’s TED Talk on the topic), so the results you get are as impartial as an algorithm can make them.
- Privacy Badger: Privacy Badger is a plugin for Firefox and Chrome created by the Electronic Frontier Foundation (EFF). Its purpose is to “block spying ads and invisible trackers.” You should also set your browser to “never use third-party cookies.”
- HTTPS Everywhere and Let’s Encrypt: HTTPS Everywhere is another browser extension from the EFF; it ensures that your connections to websites are secure (that’s the S in HTTPS) whenever possible. Let’s Encrypt is a new initiative – “free, automated, and open” – that will provide Certificate Authority (CA) for any website that wants it. It can be difficult to set up CA properly – one thing most people forget is to make HTTPS the default, which is what HTTPS Everywhere corrects – and Let’s Encrypt will ensure confidentiality, integrity, and authenticity (CIA). Alison recommends that all library websites, catalogs, and databases should be encrypted, and libraries should be among the first to sign up with Let’s Encrypt: “We care about privacy, we are tech-savvy, we don’t have the [resources] to do this on our own.”
- Open Whisper Systems (“Privacy that fits in your pocket”) has Edward Snowden’s endorsement; they make tools for Android and iOS phones that allow private text messaging and phone calls (Text Secure and Red Phone for Android, Signal for iOS). Individuals can install these tools on their mobile devices to encrypt the content of their calls and texts. “Your mobile device is [still] a tracking device,” said Alison, but these tools help.
- Password strength remains important for privacy and security, and most people don’t have strong passwords. Alison recommends the Randall Munroe method, as demonstrated in the xkcd comic “Password Strength” (although no one should use the example, “correct horse battery staple”). This method will help you choose passwords that are easy for humans to remember and hard for computers to guess, instead of the other way around. It’s important to choose four random words, which you can do using the Diceware list. Each word has a five-digit numerical code; roll a die five times to choose a word at random. Repeat three or four more times to get four or five random words to create a really strong password. (Bruce Schneier also has advice on choosing secure passwords; these are strong but more difficult to remember than passwords generated via the Randall Munroe/Diceware method.)
- Password managers: Password managers require one long, strong (complex) password, then manage all your other passwords (for e-mail, online banking, social media, etc.) for you. Many password managers, like LastPass, are cloud-based, but as Alison said, “There is no ‘the cloud’…that just means a computer you don’t control.” KeePass is a password manager stored locally on your computer; a little less convenient, but completely secure unless someone gains access to your physical computer (and knows your master password).
Those are just a few tools available that can help protect privacy. In the last few minutes of the TTIG meeting, we discussed how to get patrons interested in protecting their own privacy. Alison suggested making DuckDuckGo the default search engine on public computers in the library, and posting signs to raise awareness (e.g. “You might notice your search engine looks different. That’s because we care about your privacy”).
Librarians can also bring up privacy naturally in the context of other reference and technology questions. Our goal as librarians, said Alison, is to help people make informed decisions, not to get them to use particular tools (though she’s a strong supporter of free software).
Do you teach privacy classes in your library? What privacy tools do you use, personally and/or professionally?