Category: Privacy

Posted on

COVID-19 Updates And More Privacy Considerations

Welcome to this week’s Tip of the Hat, everyone.

It’s been a week for many of us as COVID-19 rapidly changed both work and personal lives. During the last newsletter, public events were still going on, schools and libraries were still open, and we were not in a pandemic. This newsletter is being composed in a completely different world in Seattle – closed schools and libraries, canceled events, and the realization that COVID-19 is much more widespread than previously thought.

This week, many libraries are closed to the public, while other libraries that are still open are being pressured to close to protect the health of their staff. This means staff might be working from home for the first time, or are trying to move in-person library instruction online. The Library Freedom Project provides a good list of privacy considerations for online instruction. Academic and school libraries should also be aware of the updated guide on FERPA and COVID-19 and how student privacy is impacted by the COVID-19 pandemic. In the general world, healthcare professionals, as well as employers, are struggling to find a balance between personal privacy and disclosure in the context of HIPAA regulations.

The rapid developments of last week also presented a challenge – how do you protect privacy while at the same time keeping up with changes at work? Many work from home arrangements were hastily put together with less than 24 hours’ notice, leaving IT departments scrambling to figure out if VPN or other remote access to staff systems can handle the increased user traffic, but at the same time might not realize that the remote access method has a vulnerability, such as an unknown open port, or even providing access to internal applications without special logins or IP restrictions. IT staff should ensure that only staff can access work systems and network drives, including requiring VPN use to access these places as well as additional authentication and user access rules. In short, IT staff have their work cut out for them in the next few weeks. Nonetheless, there have been many guides published in the last week, like this one from NC Department of Information Technology, for people working from home and what they can do to protect their digital privacy and security.

On the public services side, online communications between staff might take a variety of forms, from an increased number of emails to online web conferencing. If the organization doesn’t offer an online group collaboration platform, like Microsoft Teams, staff might take to free third party applications, such as Slack, Discord, or your tried and true suite of Google products. Patron privacy might be compromised if patron data is shared on unsecured applications, as well as places that are subject to a public records disclosure request. Therefore, it’s a good time to remind everyone to keep patron privacy in mind in working from home, including limiting storing and communicating patron data to secure communication channels controlled by the organization.

It’s impossible to keep track of every COVID-19 development, and libraries have struggled to respond to these changes. With more libraries closing and trying to keep staff busy, we cannot forget that the choices we make during the COVID-19 pandemic will have long-lasting consequences on data privacy for some time to come. It’s hard to step back and take a breath to reassess where everything stands on patron privacy, but it’s worth the effort to take a few moments to go through the library’s response so far and ask how each response might put patron privacy at risk.

Posted on

COVID-19: Resources and Privacy Considerations

Welcome to this week’s Tip of the Hat!

Some of you might already know that LDH is based out of Seattle. Seattle has been in the news with the recent COVID-19 cases and deaths in the area. We at LDH are staying relatively healthy (outside of it being allergy season in town). Nonetheless, some of you have also been impacted by COVID-19, including institutional travel restrictions, dusting off the disaster policy and procedures, and fielding questions from both staff and patrons about what will happen when there’s an outbreak of COVID-19 in your area.

There’s a lot of information out there regarding COVID-19 and what you should do to help slow the spread of the infection. Some sources include:

The most important things to keep in mind during this time:

  • WASH YOUR HANDS WITH SOAP AND WATER. It doesn’t matter if it’s hot or cold water. There are several memes out there with lists of songs you can sing for about 20 seconds, be it Happy Birthday, the opening trumpet solo in Mahler’s 5th, or the chorus to this song.
    Hand sanitizer (store-bought, not homemade) is also an option, but not as effective as washing your hands with soap and water. [1]
  • Cover coughs and sneezes using your elbow or tissue (then throwing the tissue away).
  • If you are able, stay home if you are sick. This is not an option for those who do not have paid sick time, or if there’s a lack of coverage at work. If you do have the privilege to stay home, do so.
  • Extra cleaning of any hard surfaces as well as public or shared areas, such as open offices and break rooms.

COVID-19 has also brought up some good reminders and discussions surrounding privacy in a time of a possible pandemic:

Here are a few more articles surrounding the COVID-19 and the possible long-term implications to privacy regulations and public discourse:

Stay safe and healthy in the coming weeks!

[1] You would be surprised by the number of people who do not wash their hands regularly; this is something you should be doing anyway in normal circumstances. Hence, the shouting. Forever shouting about the washing of hands.

Posted on

That Little Driver’s License Card…

Welcome to this week’s Tip of the Hat!

A driver’s license card is the first document many people use to prove their identity, be it at work, or the bank, or the airport. The card has key information needed for organizations and institutions: name, date of birth, address, photo, and the illustrious driver’s license number. Driver’s license cards can be a convenient form of identification, but it can also be a convenient way for your patrons’ identities to be stolen if your library is not careful in its handling of the card’s information.

As part of the library card registration process, many public libraries require some form of identification with a current address to confirm the patron’s home address. These libraries almost always accept driver’s license cards as one form of identification. But what do libraries do with the information on the card? Some record the driver’s license number in the patron record, while others take a photocopy scan of the card (yes, this has happened!). Several libraries use specially programmed barcode scanners to automatically populate the fields in the patron record from the information provided from the driver’s license barcode.

Each method carries its level of risk to the library patron’s privacy. Storing driver’s license numbers in the patron record or other places can open the patron up to identify theft if the library’s systems or physical spaces are compromised. There are various ways to compromise a physical or electronic space. We are familiar with the story of a person breaking into the system to steal information, but sometimes it is a staff person who steals the information. We also can’t forget that a leak is as damaging as a breach – sometimes staff leave the patron record up on the screen at public service desks, or a report printout is left on a desk for anyone to see or take.

Overall, the best way to mitigate the risk of a breach or leak of driver’s license numbers is to not collect or store driver’s license numbers. In the collection stage of the patron data lifecycle, we decide what data to collect. The data you collect should be tied to a specific, demonstrated business need at the point of collection. If you are collecting driver’s license numbers as a way to verify patrons and addresses, what are the business needs for collecting and storing that number in the patron record? You can achieve the same business need by other means, including creating a process of validating the patron record information with the identification without recording additional personal information in the record. Another consideration is that while driver’s license cards are a convenient form of identification, the card might have a name that the patron no longer uses and might have other outdated or incorrect information, including address information if the state does not mail a new card when there is an address change. Finally, not all patrons have driver’s license cards, and your patron registration policies and procedures need to accommodate this reality.

Even if you don’t collect or store the driver’s license number, there are still ways in which the library might inadvertently collect more patron information than they need from the card. Scanning driver’s license barcodes to auto-populate patron registration forms and records can save time in data entry, but be aware that these barcodes carry much more information than what is presented on the card, including gender and even Social Security Numbers. The software that you use to scan the barcodes should only record the information needed for the patron form and not store the additional information in the barcode. Your software vendor should have information about how they treat this extra data; if they do not, then the vendor product is a potential security risk for the library and the patrons which needs to be addressed with the vendor.

No matter how your library handles driver’s license cards, your library should be actively reviewing privacy practices on a regular basis. In 2019, the Contra Costa County Library System decided to stop collecting driver’s license numbers and purged existing numbers from their patron records. This decision came just at the right moment – the library system suffered a ransomware attack at the beginning of 2020. While recent reports state that no personal data was compromised, the risk of identity theft to library patrons would have been much greater if the driver’s license numbers were still stored at the library. In short, it’s never too late to review policies and procedures around patron address verification at your library!

Posted on

Hat Tip: Latanya Sweeney, Ph.D.

Welcome to this week’s Tip of the Hat!

Many of you might be preparing the last public displays for Black History Month or setting up the first set of Women’s History Month displays. If you need to add one more person to feature in either or both displays, or if you wish to know more important black women in STEM, you’re in luck! Today’s newsletter is a quick introduction to one of the major players in the data privacy field, Latanya Sweeney, Ph.D.

Latanya Sweeney is a Professor of Government and Technology in Residence at Harvard University and the founding director of Harvard’s Data Privacy Lab. She is also the first African American woman to receive a Computer Science Ph.D. from MIT. Sweeney made many major contributions to the technology field, but the most well-known contribution for privacy professionals is Sweeney’s work on k-anonymity. Her work on the re-identification of individuals through data has prompted a shift in many in the privacy field in reassessing the concept of anonymization. For example, in a study published in 2000, Sweeney found that 87% of the US population can be identified based on zip code, gender, and date of birth. Health data is also an area in which Sweeney has shown again and again how easy it can be to re-identify data that used certain anonymization methods.

Other parts of Professor Sweeney’s work delves into how data can be used to discriminate, including her work on the discrimination found in online ad delivery. The projects page for the Data Privacy Lab and the various tools on the home page shows the vast array of research areas under the guidance of Sweeney’s direction of the Lab.

Did we also mention that she was also the Chief Technologist at the FTC in 2014?

Some recent talks and panels include:

We leave you with an excerpt from a 2007 interview from Scientific American where many can appreciate Sweeney’s approach to privacy:

[Walter] Why is privacy versus security becoming such a problem? Why should we even care?

[Sweeney](Laughs) Well, one issue is we need privacy. I don’t mean political issues. We literally can’t live in a society without it. Even in nature animals have to have some kind of secrecy to operate…. There’s a primal need for secrecy so we can achieve our goals.

Privacy also allows an individual the opportunity to grow and make mistakes and really develop in a way you can’t do in the absence of privacy, where there’s no forgiving and everyone knows what everyone else is doing… With today’s technology, though, you basically get a record from birth to grave and there’s no forgiveness. And so as a result we need technology that will preserve our privacy.

Posted on

A New Privacy Framework For You

Welcome to this week’s Tip of the Hat!

The National Institute of Standards and Technology recently published version 1.0 of their Privacy Framework. The purpose of the framework is to create a holistic approach to manage privacy risks in an organization. The Framework is different from other standards in such that the goal is not full compliance with the Framework. Instead, the Framework encourages organizations to design a privacy program that best meets the current realities and needs of the organization and key stakeholders, such as customers.

The Framework structure is split into three parts:

  • The Core is the activities and outcomes for protecting privacy in an organization. These are broken down by Function, Category, and Subcategory. For example:
    • Identify-P (the P is there to differentiate from NIST’s Cybersecurity Framework) is a Function in which the organization is developing an organizational awareness of privacy risks in their data processing practices.
    • A Category of the Identify-P Function is Inventory and Mapping, which is taking stock of various systems and processes.
    • The Subcategories of the Category are what you would expect from a data inventory: what data is being collected where, when, how, by who, and why.
  • The Profile plays two roles – it can represent the current privacy practices of an organization, as well as a target set of practices for which the organization can aim for. A Current Profile lists the current Functions, Categories, and Subcategories the organization is currently doing to manage privacy risks. The Target Profile helps businesses figure out what Functions, Categories, and Subcategories should be in place to best protect privacy and to mitigate privacy risk.
  • The Implementation Tiers are a measurement of how the organization is doing in terms of managing privacy risk. There are four Tiers in total, ranging from minimal to proactive privacy risk management. Organizations can use their Current Profile to determine which Tier describes their current operations. Target Profiles can be developed with the desired Tier in mind.

Why should libraries care about this framework? Libraries, like other organizations, have a variety of risks to manage as part of their daily operations. Privacy risks come in a variety of shapes and sizes, from collecting more data than operationally necessary and not restricting sharing of patron data with vendors to lack of clear communications with staff about privacy-related policies and procedures. Some organizations deal with privacy risks through privacy risk assessments (or privacy impact assessments). The drawback is that the assessments are best suited for focusing on specific parts of an organization and not the organization itself.

The Privacy Framework provides a way for organizations to manage privacy risks on an organizational level. The Framework takes the same approach to privacy as Privacy by Design (PbD) by making privacy a part of the entire process or project. The Framework can be integrated into existing organizations, which is by design – one of the criticisms of PbD is the complications of trying to implement it in existing projects and processes. The flexibility of the Framework can mean that different types of libraries – school, academic, public, and special – can create Profiles that both address the realities of their organization as well as creating Target Profiles that incorporate standards and regulations specific for their library. School libraries can address the risks and needs surrounding student library data as presented in FERPA, while public libraries can identify and mitigate privacy risks facing different patron groups in their community. The Framework also allows for the creation of Subcategories to cover any gaps specific to an industry or organization not covered by the existing Framework, which gives libraries added flexibility to address library industry-specific needs and risks.

The flexibility of the Framework is a strength for organizations looking for a customized approach to organizational privacy risk management. This same flexibility can also be a drawback for libraries looking for a more structured approach. The Framework incorporates other NIST standards and frameworks, which can help ease apprehension of those looking for more structure. Nonetheless, libraries that want to explore risk management and incorporate privacy into their organization should give NIST Privacy Framework some consideration.

Posted on

Data Discounts

Welcome to this week’s Tip of the Hat!

At LDH we have been known to have a sweet tooth – there are always four to five different types of sweets within reach of the office desk. Therefore, it shouldn’t come to a surprise to our newsletter readers that when presented with the option to get a free cup of Heart Eyes (red velvet cookie dough, white chocolate chips, and heart sprinkles) from a local edible cookie dough vendor, LDH took full advantage of the opportunity to indulge.

The free cup of dough came with a catch, though. The free dough was part of a grand opening celebration for a co-working space. To receive the free dough, you had to give your email address to the co-working space company. Here we have a dilemma – what are the privacy tradeoffs that I’m willing to make for cookie dough?

Multiple times a day we find ourselves asking similar questions – what are the privacy tradeoffs that we’re willing to make for discounts at our favorite store, or a particular brand, or other business? What are the privacy tradeoffs you’re willing to make for everyday items or essential services? A recent opinion piece in The New York Times illustrates this tradeoff with a fictionalized company that finds its inspirations from many different sources, from grocery store loyalty cards to checking in at a store location or posting a brand marketing hashtag on social media. The story also touches on how surveillance and tracking disproportionally affect vulnerable populations, such as those who can’t afford basic services without giving up their data to receive a discount. A real-life example of this happened to LDH. We received an offer from our health insurance company to sign up for a discounted Amazon Prime account that was only available to those receiving insurance through the state health insurance marketplace (we declined the offer).

You can choose to not trade your data for discounted goods and services, though it is getting harder to avoid this data transaction when paying for goods and services, or if you interacted with a business through their website or social media. Even going to a physical store location can involve a data transaction if the business is using beacons to seek out your mobile phone WiFi or Bluetooth signal or using facial recognition technology at their store. If the only way that you can afford health or car insurance is to install a tracking device in your car or to provide data from your health app, then your data is paying for that cash discount.

Currently, you have limited options to protect your privacy when dealing with health and car insurance companies. For other businesses, though, there are some ways you can limit how much data you give to them:

Using one or more of these strategies can limit the amount of personal data collected on you by the business while still receiving the financial incentives provided by the company.

Going back to our “free” cookie dough situation, the co-working space company did get an email address (used for promotions) from us, but nothing more, even though the email form included fields for name, address, and phone number. We got our cookie dough, the company got an email address that will promptly toss their promotional emails into a filtered folder, followed by an unsubscribe request. The things that we will do for free cookie dough…

NISO Cybersecurity webinar, February 12th

Come join LDH and others on Wednesday, February 12th, for a webinar discussion on cybersecurity!

NFAIS Forethought: Cybersecurity: Protecting Your Internal Systems
Every organization, as a standard course of action, should be implementing protection policies and updating protective measures surrounding their confidential data and internal systems. Phishing and malware are a constant threat. As a response, reliable cybersecurity requires an integrated approach in ensuring the safety of networks, devices, and data. How should enterprises and institutions be thinking about their cybersecurity needs? What basic requirements should be in place? What guidelines or best practices exist? What are the best resources? This roundtable discussion will bring together experts active in the field to address these and other questions.

Confirmed participants in this roundtable discussion include: Daniel Ayala, Founder, CISO/Chief Privacy Officer, Secratic; Blake Carver, Senior Systems Administrator, LYRASIS, Becky Yoose, Principal, LDH Consulting Services; Hong Ma, Head, Library Systems, Loyola University of Chicago; Wayne Strickland, Acting Associate Director at Department of Commerce, National Technical Information Service; Christian Kohl, Principal, Kohl Consulting.

NISO members can attend the webinar for free; non-members can also register for the webinar at https://www.niso.org/events/2020/02/nfais-forethought-cybersecurity-protecting-your-internal-systems. We hope to see you there!

Posted on

Privacy Film Party

Welcome to this week’s Tip of the Hat!

Even if the groundhog in your area didn’t see their shadow yesterday, we in the Northern Hemisphere still have a long winter ahead of us. How will you spend the long winter nights for the next few months? Might we suggest that you stay inside where it’s warm and watch a film? Better yet, make that film about privacy! Here are some privacy film recommendations depending on what you’re looking for:

For library programming about data and privacyScreening Surveillance [Content warning – suicide, mental health illness] is a grant-funded project to raise awareness around big data and surveillance. The project produced three short films – 10 minutes in length each – approaching specific issues of data sharing, data ownership, and sensor and facial recognition software. These three short films come with facilitation guides that help audiences process and discuss the specific issues raised in each film.

For a succinct introduction into general privacy concepts Privacy International’s Privacy 101 is a series of short animated videos introducing viewers to the concept of privacy as well as various topics in privacy, including metadata, big data, and data protection. These videos are a good way to acquaint someone with privacy concepts, in short, bite-sized portions. These videos are short enough that you can use these videos in staff training or discussions around privacy, as well as any public programming around data security and privacy.

For when the college instructor gives you the entire class session to teach their class about privacyThe Power of Privacy by The Guardian is a 30 minute documentary about the major challenges to privacy in the digital age. The film provides a balance between the historical “how did we get here?” and the present and near-future realities of data privacy. Library workers have choices in using this film to teach privacy, either by choosing to show segments to focus on specific topics, like phishing or IoT, or show the entire film for a holistic view of the current issues around data privacy.

For the library worker who is trying to navigate student privacy – Student privacy is governed by additional regulations, such as FERPA, which makes protecting student patron privacy more complex in academic and school libraries than in other libraries. The School Safety and Privacy video series from Future of Privacy Forum delve into this complex topic, including approaching the creation of policies, digital equity, facial recognition in schools, and how to talk to administrators and leadership about privacy matters.

BONUS! If you want more videos on student privacy, The Student Privacy Resource Center has a playlist to meet your additional student privacy video needs.

Finally, an artistic philosophical video for your night offPhilosophy Tube’s video on Data [NSFW – language, adult topics] gets into data, surveillance, algorithms, machine learning, structural inequality, targeted advertising, monetization of data, consent, notice, data rights, and how technology shapes society and how society shapes technology (phew!). All of this takes place in a 30-minute discussion-turned-machine-learning-simulation between a bouncer and a person in front of a nightclub.

There are plenty of other videos and films on privacy not covered here, but these recommendations are just a start. If you have a privacy-related film or video that you like, reply to this email and we’ll provide a list of subscriber-recommended videos in a future newsletter.

Posted on

Who Knows, Who Decides, and Who Decides Who Decides

Welcome to this week’s Tip of the Hat!

Shoshana Zuboff’s book The Age of Surveillance Capitalism provides a comprehensive overview of the commodification of personal information in the digital age. Surveillance capitalism is a specific form of capitalism that focuses on using personal data to predict and control user behavior. Zuboff’s analysis of surveillance capitalism centers around three questions:

  • Who knows?
  • Who decides?
  • Who decides who decides?

In the book, Zuboff provides some context to the questions:

The first question is “Who knows?” This is a question about the distribution of knowledge and whether one is included or excluded from the opportunity to learn. The second question is “Who decides?” This is a question about authority: which people, institutions, or processes determine who is included in learning, what they are able to learn, and how they are able to act on their knowledge. What is the legitimate basis of that authority? The third question is “Who decides who decides?” This is a question about power. What is the source of power that undergirds the authority to share or withhold knowledge?

Zuboff offers answers to these three questions in her book: “As things currently stand, it is the surveillance capitalist corporations that know. It is the market form that decides. It is the competitive struggle among surveillance capitalists that decides who decides.” While the current prognosis is grim according to Zuboff’s analysis, the three questions are a powerful tool in which one can discover the underlying power structures of a particular organization or culture.

An interesting thought exercise involves applying these three questions to the library. On a lower level, the data lifecycle provides some answers to “Who knows?” concerning access to patron data as well as the publication and disclosure of data in reports, data sets, and so on to third parties. The “Who decides?” question goes beyond the data lifecycle and ventures into the realm of data governance, where decisions as to who decides the data practices of the library are made. However, the answer goes beyond data governance. Library use of third-party tools and services in collecting or processing patron data bring these third parties into the realm of “Who knows?” as well as “Who decides?” The third-party can adjust their tools or products according to what best serves their bottom line, as well as providing a tool or product that they can market to libraries. Third parties decide what products to put out to the market, and libraries decide which products meet their needs. Both parties share authority, which leads this thought experiment closer to Zuboff’s analysis of the market as the decider.

That brings us to the third question, “Who decides who decides?” Again, our thought experiment starts to blend in with Zuboff’s answer to the same question. There is indeed a struggle between vendors competing in a niche market that has limited funds. We would be remiss, though, if we just left our analysis pointing to competition between third parties in the market. Part of what is driving the marketplace and the tools and services offered within are libraries themselves. Libraries are pressured to provide data for assessment and outcomes to those who directly influence budgets and resources. Libraries also see themselves as direct competitors to Google, Amazon, and other commercial companies that openly engage in surveillance capitalism. Instead of rejecting the methods used by these companies, libraries have to some extent adopted the practices of these perceived market competitors to keep patron using library services. A library on this path could find themselves upholding surveillance capitalism’s grasp in patrons’ lives.

Fitting this thought experiment into one newsletter does not give the questions the full attention they deserve, but this gives us a place to start thinking about how the library shares some of the same traits and qualities found in surveillance capitalism. Data from patron activities can provide valuable insight into patron behaviors, creating personalized library services where yet more data can be collected and analyzed for marketing purposes. It’s no surprise that data analytics and customer relationship management systems have taken off in the library market in recent years – libraries believe that there is a power that comes with these tools that otherwise wouldn’t be accessible through other means. Nonetheless, that belief is influenced by surveillance capitalists.

Decided for yourself – give Zuboff’s book a read (or listen for the audiobook) and use the three questions as a starting point for when you investigate your library’s role in the data economy.

Posted on

Privacy Tech Toolkit: Tor

Welcome to this week’s Tip of the Hat!

A new year brings New Year resolutions. If you resolved to adopt better privacy practices and tools, you’re in luck! This week’s newsletter continues our exploration of the Privacy Tech Toolkit with the Tor browser and network.

Tor Basics

Tor enables users to anonymously browse and communicate online through two main parts. The first part is the Tor network, a worldwide network of servers. These servers serve as relays, sending encrypted information to randomly selected relays, masking the location of the user of the network. “Tor” stands for “the onion network” because this relay process resembles layers of an onion – each relay decrypts one layer of encryption and sends the rest off to the next relay for the next round of decryption. This routing masks both the source and destination locations of the online traffic. This is similar to a VPN in such that you can hide your actual location. The Electronic Freedom Foundation illustrates how the Tor network works with the following illustrations:

Three diagrams showing how Tor works. The first diagran shows the initial request to the tor directory server. The second diagram shows the random path through the tor relays to transmit the information. The third diagram shows a different relay path when the requester comes back to request the same information at a different time.

End-users can access the Tor network with the Tor browser. The browser is based on Firefox and comes with the NoScript plugin already installed. You can install the Tor Browser on all major operating systems as well as install the browser on a USB stick or SD card for when you are traveling or won’t have access to your computer.

Tor Considerations

Instead of accessing the internet through a single private network in the case of a VPN, Tor uses a distributed relay network that shifts your “location” every time you connect to the network. Tor is open source and is free to the public, but there are some considerations when choosing to use Tor for online browsing and communications:

  • Speed – the Tor network has more users than relays, as well as high user demand, which means slower browsing speeds on Tor than on other networks.
  • The Good and Bad of Blocking and Tor
    • Bad – some websites block the IP addresses of Tor exit relays (the last server in the relay chain). Those sites will need to be accessed outside of Tor. To add insult to injury, some sites block both Tor AND VPN access, making it near impossible to use those sites without having your location and activity wide open to those sites.
    • Good – because of the Tor network’s ability to route traffic through several relays worldwide, Tor can bypass government or other types of geo-blocks on certain websites, making Tor a necessity for those living in areas of the world that restrict access to the web.
  • Onion addresses – some websites, on the other hand, have onion addresses that can be accessed through the Tor browser. For example, you can access the BBC News website at https://www.bbcnewsv2vjtpsuy.onion/.
  • Anonymity – Tor provides an additional level of anonymity for online communications and browsing with the distributed relay network and browser; however, your actions can still give your location and identity away to third parties. If you log into a service that is connected to your real-world identity through Tor, then the site knows that it’s (most likely) you. Some users use Tor for specific purposes to avoid being identified while on Tor, staying away from logging into services connected to real-world identities. You can use Tor to search online without those searches being tied back to any accounts that are open in other browsers outside of Tor.

Tor @ Your Library

Some libraries include the Tor browser as part of the public computer image, while other libraries allow for patrons to install the Tor browser on the public computer (which then is wiped after the user session). Several libraries also advertise the option to run the Tor browser off of a USB stick to patrons who want to use Tor on public computers.

Several libraries are going beyond offering Tor access to public computers by becoming a relay, increasing the Tor network’s capacity to meet user demand. The Kilton Public Library in New Hampshire was the first public library in the US to host a Tor relay as part of the Library Freedom Project’s Tor Exit Relay Project. The project was not without controversy, but in the end, the public library was allowed to keep the relay.

Tor And Other Privacy Tools And Practices

If you need an anonymous way to browse the internet, Tor is one of your best bets. While some people opt to use both Tor and a VPN at the same time for additional security and privacy, most use one or the other when they need to have a private and secure way to browse and communicate online. Again, each tool has its strengths and weaknesses in protecting your privacy and choosing which one to use depends on your situation. Tor and VPNs are widely known tools, but there are many other tools to cover in our Privacy Tech Toolkit – stay tuned!

Thanks to subscriber Kristin Briney for the topic suggestion!

Posted on

Give The Gift of Privacy

Welcome to this week’s Tip of the Hat! This is our last newsletter of the year – the Executive Assistant is on Holiday Break. We’ll be back on January 6th with the first newsletter of 2020.

Before we head out for the year, give the gift of privacy this holiday season:

Happy holidays from all of us at LDH, and we’ll catch you in 2020!

A black cat with a brown hat sticker placed on her side.