Black Lives Matter

Hello everyone,

Black Lives Matter.

If your library or archive is thinking about collecting photographs, videos, or other materials from the protests around George Floyd’s death caused by Minneapolis police, what are you doing to protect the privacy of the protesters? Black Lives Matter protestors and organizers, as well as many protesters and organizers in other activist circles, face ongoing harassment due to their involvement. Some have died. Recently Vice reported on a website created by white supremacists to dox interracial couples, illustrating how easy it is to identify and publish personal information with the intent to harm people. This isn’t the first website to do so, and it won’t be the last.

Going back to our question – if your response to the protests this weekend is to archive photos, videos, and other materials that personally identifiable information about living persons, what are you doing to protect the privacy and security of those people? There was a call made this weekend on social media to archive everything into the Internet Archive, but this call ignores the reality that these materials will be used to harass protesters and organizers. Here is what you should be considering:

  • Scrubbing metadata and blurring faces of protesters – a recently created tool is available to do this work for you: https://twitter.com/everestpipkin/status/1266936398055170048
  • Reading and incorporating the resources at https://library.witness.org/product-tag/protests/ into your processes and workflows
  • Working with organizations and groups such as Documenting The Now
    A tweet that summarizes some of the risks that you bring onto protestors if you collect protest materials: https://twitter.com/documentnow/status/1266765585024552960

You should also consider if archiving is the most appropriate action to take right now. Dr. Rachel Mattson lists how archives and libraries can do to contribute right now – https://twitter.com/captain_maybe/status/1267182535584419842

Archives, like libraries, are not neutral institutions. The materials archivists collect can put people at risk if the archives do not adopt a duty of care in their work in acquiring and curating their collections. This includes protecting the privacy of any living person included in these materials. Again, if your archive’s response is to archive materials that identify living people at these protests, how are you going to ensure that these materials are not used to harm these people?

Black Lives Matter.

#dataspringcleaning, Home Office Edition

Welcome to this week’s Tip of the Hat!

The trees outside the LDH office are now covered in leaves, the tulips and daffodils are blooming, and the grass has started growing again. All of which means one thing – allergy season Spring Cleaning Season! Or, as we at LDH like to call it, #dataspringcleaning season.

We covered the basics of #dataspringcleaning in a previous newsletter; however, determining if your data sparks joy might be a challenge this year given the state of current affairs. For this year’s #dataspringcleaning season, here’s a short cleaning list for your newly minted home office to help you in your data cleaning efforts.

Paper documents

Shred! If you don’t have a shredder at home, you have a couple of options:

  • Store documents for shredding at the office in a secured place in your home away from housemates.
  • Buy a shredder for your home. Look for a shredder that can shred at or above Level P-4. Having a shredder at home not only helps you protect patron privacy but also your privacy now that you have a convenient way to shred your personal documents and files.

Shredded paper should not go into your recycling bin – it’s most likely that your recycling center cannot accept shredded paper. In King County (where LDH is located) residents are instructed to use shredded paper for composting. You can also take a few handfuls of shredded paper to top off any garbage cans before closing up the garbage bag when you take the garbage out. Check with your local solid waste and recycling departments in your local area for more guidance about disposing of shredded paper.

Electronic equipment

  • Store patron data on work storage or equipment when necessary. Do not use personal hard drives, flash drives, or other personal storage devices to store patron data.
  • Do a quick data inventory of any personal cloud storage services you use, such as Google Drive or Evernote.
    • What patron data do you have stored in those services?
    • Can you migrate that data to work storage?
    • What data do you need to keep, and what data can be deleted?
  • If you have your work computer at home, now would also be a good time to do a data inventory of what’s stored on the local drive.
  • Remember, deleting a file doesn’t mean that the file is deleted! There are many programs available to help you permanently delete files.
  • If you do end up having to retire a physical disk or drive that held patron data, what tools do you have in your home toolbox? You most likely have a hammer, but you can also get creative depending on what’s available… we’ve mentioned power drills before, but perhaps you might want to try out the nail gun. Remember – safety first!

#dataspringcleaning at home is a good way to spend the time between meetings or to begin or end your workdays at home. A little bit of cleaning each day adds up to help protect patron privacy 🙂 Happy cleaning!

The Obligatory Password Manager Newsletter

We regularly get asked at LDH about password managers: what they are, if people should use them, and which ones to use. While there is some consensus in the information security world about password managers, there is still some debate – if you ask three security experts about password managers, you will get at least five answers. Today we’ll add to the mix and answer the most frequently asked questions about password managers.

What is a password manager?

At its core, a password manager is a software application that generates, stores, and retrieves passwords and other login information for various accounts. These passwords are accessible through the manager via a master password or passphrase. Think of a password manager as a vault – the vault has your passwords and you gain access to the vault through a combination that you and only you know.

Should I use a password manager?

Yes! Password managers are a great way to help you secure your online accounts. Password managers do the remembering of (almost) all the passwords for you, so you can break the bad habits of reusing passwords for multiple accounts or using weaker passwords that you can remember from memory – both habits put you at higher risk of having your account compromised. Some password managers can automatically change your passwords for you, as well as the ability to generate stronger passwords for each of your accounts. Another benefit of password managers is that you can securely share passwords for family accounts with others in your family (as long as they too use a password manager).

The one password that you have to remember is the master password to get into your manager. To create a strong password that you are likely going to remember, I recommend creating a passphrase. You can generate a strong passphrase through Diceware.

Are they safe?

Safety usually comes up when someone asks about password managers, and for good reason. This is a software application that could potentially have information for your financial accounts, your social media accounts, your shopping accounts, your medical accounts, and so on, and if that application has a data breach or leak, you are at high risk for identity theft at best. There is the fact that some password managers have had breaches in the past, the most prominent one being LastPass. You might also have read news stories about how other password managers might be vulnerable to breaches.

Nonetheless, for most folks, the risks associated with the use of a password manager are far less than using weaker passwords or reusing passwords. This gets into your threat model – what are the most realistic risks in terms of who wants your data, why they want your data, and how they’ll get your data. This is a risk assessment where you not only need to consider the severity of if the risk is realized but also the likelihood that a risk will be realized. Yes, a password manager might be breached, but the likelihood of a well-known password manager being breached is lower than a breach of an account that uses a weaker password or a password that was used by another account that was part of another breach or leak.

[A gentle reminder that using a weak password or reusing a password for your master password for the password manager also puts you at the same level of risk as not using a password manager at all!]

If you’re still wary of using a password manager, there are a couple of strategies I’ve encountered from my discussions with others that can mitigate some risks, including using multiple password managers to store different types of passwords and other sensitive information, or only use their password manager to manage passwords, and not store any other information, like security question answers and payment information.

Which password manager do you recommend?

It depends on your needs.

Some people use their browsers to manage their passwords, but that limits users to the browser that they are using. To get the full benefit, I recommend using a password manager separate from an individual browser’s password vault.
In general, you want to use a password manager that:

  • Uses strong encryption to store and to sync data in and between clients and apps
  • Offers secure cross-platform compatibility (desktop, mobile device) for all the platforms that you use in your daily life
  • Has an established reputation in the password manager world

The question of paid versus free accounts sometimes comes into the conversation. Several password managers have a free plan, while other password managers are free open source software. It depends on your needs and your comfort level when it comes to if you want to stick with a free plan/manager or move to a paid plan.
With all that said, here are some password managers to check out:

Are there alternative ways to store passwords outside a password manager?

There’s always this. ;c)

Special thanks to newsletter subscriber Chris Reimers and the folks in the ALA LITA/OIF webinar last week for the newsletter topic suggestion!

Recording now available for remote work and data privacy

If you missed last week’s “A Crash Course in Protecting Library Data While Working From Home”, don’t worry – we recorded the session! You can access the recording and transcript of of last week’s webinar in Google Drive. Resources and handouts for the webinar can be access at https://is.gd/LDH_RemotePrivacy.

More Zoom Updates and Free Webinar About Remote Work and Data Privacy

Welcome to this week’s Tip of the Hat!

Zoom has had one of those weeks. Since we last wrote about Zoom’s privacy issues last week, the number of additional privacy issues has skyrocketed. It’s gotten to the point where there are news articles just trying to keep track of all these updates. Even those articles are struggling to keep up. On March 31, TechCrunch published an article that listed the known privacy issues at that time, including the misleading advertising of true end-to-end encryption for voice chats, but the article came out a day before an article about zero-day bugs found by an ex-NSA hacker that could allow access to passwords and webcam/mic control if someone had physical access to the computer. Then the next day we learned that Zoom leaked LinkedIn data to other users. Additional reports suggest that Zoom is a very good target for intelligence gathering and interceptions for various governments.

Like we said – it’s hard to keep up with all the updates! Security expert Bruce Schneier’s writeup on Zoom is the most up to date list at the time of this writing.

The best option, in this case, is not to use Zoom, right? Unfortunately, it’s not that clear cut. A conversation on Twitter about Zoom brought up the point that Zoom fairs better than other web conferencing software in terms of screen reader access. While Zoom might be a hot mess when it comes to privacy, it still provides access to those who otherwise wouldn’t have it with other options. Workplaces complying with privacy and accessibility regulations find themselves in a tightrope act with trying to protect employee and patron privacy while at the same time provide tools that their staff can use. Zoom announced that they are addressing the privacy and security issues, which if the company follows through on their promise would solve the issue in the short term. The longer-term issue remains, however, with web conferencing software that have better privacy practices are not accessible for users, including for library workers.

For now, the best you can do is to lock down your Zoom meetings as much as possible and to review user and administration settings to ensure that all privacy and security settings are enabled. Some universities have created publicly accessible guides to more secure Zoom meetings, such as this guide from the University of Washington, as well as FAQs on privacy and security, that can help you formulate messaging to library staff about using Zoom.

Webinar on remote work and data privacy, April 9th

LDH Consulting Services is proud to sponsor this week’s LITA webinar “A Crash Course in Protecting Library Data While Working From Home”. This free webinar will provide strategies and actions in protecting patron privacy for library workers working from home, as well as some of the longer-term implications to patron privacy with libraries moving all essential operations and patron services online for the foreseeable future. Attendees will have the opportunity to share what they are doing to protect data privacy while working from home. Register today!

Zoom and Privacy at the Library

Welcome to this week’s Tip of the Hat!

The amount that you spent web conferencing has most likely increased exponentially in the last few weeks. Library workers working from home now rely on web conferencing software for daily operations, including meetings and check-ins with other colleagues. With this shift to web conferencing, though, comes a shift in the level of risk to patron privacy.

Most libraries rely on third party web conferencing software which, like any other third-party vendor, brings its own set of risks to patron privacy. However, when you fundamentally change library operations to embed a third-party application into almost all parts of core operations, the existing privacy risks of that application change dramatically. You also introduce new risks into the mix! It’s already hard to keep up with all the risks to patron privacy in normal operations, and a rapidly changing work landscape compounds matters.

Let’s take Zoom, for example. Many libraries and library vendors use Zoom as their primary web conferencing application before the COVID-19 outbreak. That number only increased as many workplaces went remote, with many workers relying on their institutional Zoom accounts for both professional and personal online meetings. Other workers took advantage of Zoom’s generous free plan. What was once a tool used for webinar presentations and professional organizational group meetings, Zoom has become a lifeline for many remote library workers to stay connected to the library world for the foreseeable future.

With the increased use of Zoom came increased scrutiny of the application from the increasing number of remote workers in several industries. Soon after the shift to remote work started in earnest across the US, news media started reporting on privacy and security concerns with Zoom. One of the earlier news reports described Zoom’s “attention tracking” function, where an administrator can keep track of meeting participants who clicked away from the Zoom window. This level of tracking by the meeting organizer does not reach the level of other tracking software used by businesses to monitor employee productivity, but this tracking can still encroach on employee privacy. “Zoombombing” – the act of gatecrashing a public Zoom meeting and bombarding it with inappropriate material or attacks – is also on the rise, compromising the security of business and other meetings held by users who are newer to the platform.

Zoom’s data privacy practices have received increased scrutiny in the last week with the mass movement to remote work. In the same article about “attention tracking”, the reporter also touched on Zoom’s privacy policy’s vague language around selling personal data. The privacy policy has since been updated to remove the first sentence which caused the most concern, but the vague last sentence in the paragraph remains – “So in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood.” – which is still a privacy concern. In addition, Zoom’s iOS App was sending user information to Facebook, which again wasn’t made explicitly clear in the privacy policy. Zoom released a statement that they will change the app to no longer send this information, but Zoom’s overall privacy practices and policies remain unchanged as described in this Twitter thread.

Your library might be using Zoom for business meetings, or it might be using Zoom for library programs, such as delivering online programs (like storytime or classes) or research/reference services. In both cases, Zoom might be collecting and processing patron data for their business purposes, increasing the risk of a privacy breach. You can take some actions to mitigate the new risks to patron privacy from using Zoom:

  • Use Zoom’s end-to-end encrypted chat feature [Update – the E2EE feature turned out to be false advertising.]
  • Limit the amount of patron data disclosed in Zoom, including text chats
  • Do not record video, voice, or text chats that involve patron data, including services to patrons conducted over Zoom
  • Do not share files with patron data over Zoom’s filesharing feature
  • Review privacy and security settings on the administrator, organizer, and user levels
  • Follow best practihttps://lifehacker.com/how-to-prevent-jerks-from-ruining-your-zoom-meetings-1842453487ces to prevent Zoombombing, including enabling the waiting room feature, limiting screen-sharing and voice controls (muting participants by default when they join), and locking the session when all attendees have arrived.

Limiting patron data disclosure on third-party applications is a challenge for a remote workforce. Choosing third-party applications with strong privacy and security practices is one of the best ways to mitigate privacy risks. Taking the time to assess privacy and security during a major global health crisis, nonetheless, doesn’t come naturally if you are not used to making critical privacy decisions under pressure. Settling into the new normal provides the opportunity to reassess data privacy and security practices in the workplace, including mitigating expanded or new risks to patron privacy. In the case of Zoom, limiting the amount of patron data transmitted through the application as well as making full use of privacy and security settings can help mitigate these privacy risks.

Doxing: How to Protect Yourself and Patrons

Welcome to this week’s Tip of the Hat!

The Executive Assistant has her paws full this week with rescheduling and shifting various project timelines around thanks to recent events. She was batting objects off of ledges redoing Gantt charts when she came across a small list of privacy-related things to do on a rainy day and promptly knocked the list off the pile and onto the floor. While this is not a rainy day, a few of us could use a distraction, so what can be a better distraction than protecting your privacy?

Today we’ll explore doxing: what it is, how it can harm you and your patrons, and what you can do to protect yourself and patrons from being doxed.

Doxing and You

Doxing is the act of publishing private or otherwise identifying information about a person to the public. This can include your home address, phone number, private email address, or bank account details, but it can also involve publishing private information about those close to you, like family members, along with your private information. Most times doxing is used as a tactic to intimidate or to harm a person or their loved ones – an infamous example of doxing in action is Gamergate, where online harassers doxed several games journalists, researchers, and others in the gaming industry.

Being doxed can mean a stranger showing up at your home or otherwise harassing you as you try to go about your daily life, but it can also mean that your identity can be stolen. With just a few pieces of private personal information, you can social engineer your way through customer service staff and help desk representatives to get access to critical accounts, potentially destroying the financial and reputational aspects of a person’s life in the process.

How to Dox Yourself (@ the Library)

The scary part about doxing is that anyone with little time and effort you can get access to private information. The New York Times recently published a guide on how to dox yourself, describing the various places where you can find information that you thought was not available to the public. Search engines, social media, and data brokers are all potential sources for doxers looking for your private information. Take some time to study their resource guide and perform some searches on your favorite search engine. You might be (un)pleasantly surprised as to what you can find about yourself.

Libraries are not exempt from being potential targets for doxers to gain information about a person. Library patrons routinely contact library staff with requests or questions about their patron account or another person’s patron account. What can be in the patron record that can potentially be used to dox someone? Legal name, home address, and birth date are three pieces of patron data that come to mind. Chances are, though, that your patron record includes much more, including telephone numbers, email addresses, and even government or organization-issued identification numbers, such as driver’s license numbers or student or employee id numbers.

Library workers also face the possibility of being doxed and harassed. An article by American Libraries recounted the experiences of two library school professors who were doxed for their research on racial microaggressions in academic libraries. Library workers are subject to the same harassment and doxing that their patrons face in daily life, as documented in the article. Any private information of both patrons and library workers is fair game to a doxer, even at the library.

Dox Defenses

How can you protect yourself and others from doxing?
On the personal front:

On the library front, review policies and procedures surrounding patron data confidentiality, particularly surrounding requests to disclose patron information:

  • Do you have a procedure in place to verify the patron’s identity if they request access to information in their patron record? What are the procedures regarding identity verification in-person versus over the phone versus online?
  • What information is used in the verification process?
  • What information do you disclose in the patron record in person? Over the phone? Online?
  • What is the procedure when the patron doesn’t have this information for verification?
  • What is the procedure if the patron requests access to another patron’s record?

Employee information also needs protection; however, a different set of regulations, policies, and procedures apply. Check with your human resources staff as well as legal counsel to determine what information is private, what is public, and when employers are allowed to disclose employee information to others.

Doxing is scary and can lead to harassment and other dangerous situations. The best personal defense against doxing is to be proactive in limiting the amount of private information a random person off the street can access through a data broker, your online presence, or other places where private information can be accessed by someone with a little bit of time and resources. The best library defense is making sure that there are policies and procedures in place for verification of the patron’s identity before disclosing patron information in certain situations, as well as protecting the privacy of library worker information, be it from not publishing private information such as home addresses to protecting the data from unauthorized access.

COVID-19 Updates And More Privacy Considerations

Welcome to this week’s Tip of the Hat, everyone.

It’s been a week for many of us as COVID-19 rapidly changed both work and personal lives. During the last newsletter, public events were still going on, schools and libraries were still open, and we were not in a pandemic. This newsletter is being composed in a completely different world in Seattle – closed schools and libraries, canceled events, and the realization that COVID-19 is much more widespread than previously thought.

This week, many libraries are closed to the public, while other libraries that are still open are being pressured to close to protect the health of their staff. This means staff might be working from home for the first time, or are trying to move in-person library instruction online. The Library Freedom Project provides a good list of privacy considerations for online instruction. Academic and school libraries should also be aware of the updated guide on FERPA and COVID-19 and how student privacy is impacted by the COVID-19 pandemic. In the general world, healthcare professionals, as well as employers, are struggling to find a balance between personal privacy and disclosure in the context of HIPAA regulations.

The rapid developments of last week also presented a challenge – how do you protect privacy while at the same time keeping up with changes at work? Many work from home arrangements were hastily put together with less than 24 hours’ notice, leaving IT departments scrambling to figure out if VPN or other remote access to staff systems can handle the increased user traffic, but at the same time might not realize that the remote access method has a vulnerability, such as an unknown open port, or even providing access to internal applications without special logins or IP restrictions. IT staff should ensure that only staff can access work systems and network drives, including requiring VPN use to access these places as well as additional authentication and user access rules. In short, IT staff have their work cut out for them in the next few weeks. Nonetheless, there have been many guides published in the last week, like this one from NC Department of Information Technology, for people working from home and what they can do to protect their digital privacy and security.

On the public services side, online communications between staff might take a variety of forms, from an increased number of emails to online web conferencing. If the organization doesn’t offer an online group collaboration platform, like Microsoft Teams, staff might take to free third party applications, such as Slack, Discord, or your tried and true suite of Google products. Patron privacy might be compromised if patron data is shared on unsecured applications, as well as places that are subject to a public records disclosure request. Therefore, it’s a good time to remind everyone to keep patron privacy in mind in working from home, including limiting storing and communicating patron data to secure communication channels controlled by the organization.

It’s impossible to keep track of every COVID-19 development, and libraries have struggled to respond to these changes. With more libraries closing and trying to keep staff busy, we cannot forget that the choices we make during the COVID-19 pandemic will have long-lasting consequences on data privacy for some time to come. It’s hard to step back and take a breath to reassess where everything stands on patron privacy, but it’s worth the effort to take a few moments to go through the library’s response so far and ask how each response might put patron privacy at risk.

COVID-19: Resources and Privacy Considerations

Welcome to this week’s Tip of the Hat!

Some of you might already know that LDH is based out of Seattle. Seattle has been in the news with the recent COVID-19 cases and deaths in the area. We at LDH are staying relatively healthy (outside of it being allergy season in town). Nonetheless, some of you have also been impacted by COVID-19, including institutional travel restrictions, dusting off the disaster policy and procedures, and fielding questions from both staff and patrons about what will happen when there’s an outbreak of COVID-19 in your area.

There’s a lot of information out there regarding COVID-19 and what you should do to help slow the spread of the infection. Some sources include:

The most important things to keep in mind during this time:

  • WASH YOUR HANDS WITH SOAP AND WATER. It doesn’t matter if it’s hot or cold water. There are several memes out there with lists of songs you can sing for about 20 seconds, be it Happy Birthday, the opening trumpet solo in Mahler’s 5th, or the chorus to this song.
    Hand sanitizer (store-bought, not homemade) is also an option, but not as effective as washing your hands with soap and water. [1]
  • Cover coughs and sneezes using your elbow or tissue (then throwing the tissue away).
  • If you are able, stay home if you are sick. This is not an option for those who do not have paid sick time, or if there’s a lack of coverage at work. If you do have the privilege to stay home, do so.
  • Extra cleaning of any hard surfaces as well as public or shared areas, such as open offices and break rooms.

COVID-19 has also brought up some good reminders and discussions surrounding privacy in a time of a possible pandemic:

Here are a few more articles surrounding the COVID-19 and the possible long-term implications to privacy regulations and public discourse:

Stay safe and healthy in the coming weeks!

[1] You would be surprised by the number of people who do not wash their hands regularly; this is something you should be doing anyway in normal circumstances. Hence, the shouting. Forever shouting about the washing of hands.

That Little Driver’s License Card…

Welcome to this week’s Tip of the Hat!

A driver’s license card is the first document many people use to prove their identity, be it at work, or the bank, or the airport. The card has key information needed for organizations and institutions: name, date of birth, address, photo, and the illustrious driver’s license number. Driver’s license cards can be a convenient form of identification, but it can also be a convenient way for your patrons’ identities to be stolen if your library is not careful in its handling of the card’s information.

As part of the library card registration process, many public libraries require some form of identification with a current address to confirm the patron’s home address. These libraries almost always accept driver’s license cards as one form of identification. But what do libraries do with the information on the card? Some record the driver’s license number in the patron record, while others take a photocopy scan of the card (yes, this has happened!). Several libraries use specially programmed barcode scanners to automatically populate the fields in the patron record from the information provided from the driver’s license barcode.

Each method carries its level of risk to the library patron’s privacy. Storing driver’s license numbers in the patron record or other places can open the patron up to identify theft if the library’s systems or physical spaces are compromised. There are various ways to compromise a physical or electronic space. We are familiar with the story of a person breaking into the system to steal information, but sometimes it is a staff person who steals the information. We also can’t forget that a leak is as damaging as a breach – sometimes staff leave the patron record up on the screen at public service desks, or a report printout is left on a desk for anyone to see or take.

Overall, the best way to mitigate the risk of a breach or leak of driver’s license numbers is to not collect or store driver’s license numbers. In the collection stage of the patron data lifecycle, we decide what data to collect. The data you collect should be tied to a specific, demonstrated business need at the point of collection. If you are collecting driver’s license numbers as a way to verify patrons and addresses, what are the business needs for collecting and storing that number in the patron record? You can achieve the same business need by other means, including creating a process of validating the patron record information with the identification without recording additional personal information in the record. Another consideration is that while driver’s license cards are a convenient form of identification, the card might have a name that the patron no longer uses and might have other outdated or incorrect information, including address information if the state does not mail a new card when there is an address change. Finally, not all patrons have driver’s license cards, and your patron registration policies and procedures need to accommodate this reality.

Even if you don’t collect or store the driver’s license number, there are still ways in which the library might inadvertently collect more patron information than they need from the card. Scanning driver’s license barcodes to auto-populate patron registration forms and records can save time in data entry, but be aware that these barcodes carry much more information than what is presented on the card, including gender and even Social Security Numbers. The software that you use to scan the barcodes should only record the information needed for the patron form and not store the additional information in the barcode. Your software vendor should have information about how they treat this extra data; if they do not, then the vendor product is a potential security risk for the library and the patrons which needs to be addressed with the vendor.

No matter how your library handles driver’s license cards, your library should be actively reviewing privacy practices on a regular basis. In 2019, the Contra Costa County Library System decided to stop collecting driver’s license numbers and purged existing numbers from their patron records. This decision came just at the right moment – the library system suffered a ransomware attack at the beginning of 2020. While recent reports state that no personal data was compromised, the risk of identity theft to library patrons would have been much greater if the driver’s license numbers were still stored at the library. In short, it’s never too late to review policies and procedures around patron address verification at your library!

Privacy Tech Toolkit: Tor

Welcome to this week’s Tip of the Hat!

A new year brings New Year resolutions. If you resolved to adopt better privacy practices and tools, you’re in luck! This week’s newsletter continues our exploration of the Privacy Tech Toolkit with the Tor browser and network.

Tor Basics

Tor enables users to anonymously browse and communicate online through two main parts. The first part is the Tor network, a worldwide network of servers. These servers serve as relays, sending encrypted information to randomly selected relays, masking the location of the user of the network. “Tor” stands for “the onion network” because this relay process resembles layers of an onion – each relay decrypts one layer of encryption and sends the rest off to the next relay for the next round of decryption. This routing masks both the source and destination locations of the online traffic. This is similar to a VPN in such that you can hide your actual location. The Electronic Freedom Foundation illustrates how the Tor network works with the following illustrations:

Three diagrams showing how Tor works. The first diagran shows the initial request to the tor directory server. The second diagram shows the random path through the tor relays to transmit the information. The third diagram shows a different relay path when the requester comes back to request the same information at a different time.

End-users can access the Tor network with the Tor browser. The browser is based on Firefox and comes with the NoScript plugin already installed. You can install the Tor Browser on all major operating systems as well as install the browser on a USB stick or SD card for when you are traveling or won’t have access to your computer.

Tor Considerations

Instead of accessing the internet through a single private network in the case of a VPN, Tor uses a distributed relay network that shifts your “location” every time you connect to the network. Tor is open source and is free to the public, but there are some considerations when choosing to use Tor for online browsing and communications:

  • Speed – the Tor network has more users than relays, as well as high user demand, which means slower browsing speeds on Tor than on other networks.
  • The Good and Bad of Blocking and Tor
    • Bad – some websites block the IP addresses of Tor exit relays (the last server in the relay chain). Those sites will need to be accessed outside of Tor. To add insult to injury, some sites block both Tor AND VPN access, making it near impossible to use those sites without having your location and activity wide open to those sites.
    • Good – because of the Tor network’s ability to route traffic through several relays worldwide, Tor can bypass government or other types of geo-blocks on certain websites, making Tor a necessity for those living in areas of the world that restrict access to the web.
  • Onion addresses – some websites, on the other hand, have onion addresses that can be accessed through the Tor browser. For example, you can access the BBC News website at https://www.bbcnewsv2vjtpsuy.onion/.
  • Anonymity – Tor provides an additional level of anonymity for online communications and browsing with the distributed relay network and browser; however, your actions can still give your location and identity away to third parties. If you log into a service that is connected to your real-world identity through Tor, then the site knows that it’s (most likely) you. Some users use Tor for specific purposes to avoid being identified while on Tor, staying away from logging into services connected to real-world identities. You can use Tor to search online without those searches being tied back to any accounts that are open in other browsers outside of Tor.

Tor @ Your Library

Some libraries include the Tor browser as part of the public computer image, while other libraries allow for patrons to install the Tor browser on the public computer (which then is wiped after the user session). Several libraries also advertise the option to run the Tor browser off of a USB stick to patrons who want to use Tor on public computers.

Several libraries are going beyond offering Tor access to public computers by becoming a relay, increasing the Tor network’s capacity to meet user demand. The Kilton Public Library in New Hampshire was the first public library in the US to host a Tor relay as part of the Library Freedom Project’s Tor Exit Relay Project. The project was not without controversy, but in the end, the public library was allowed to keep the relay.

Tor And Other Privacy Tools And Practices

If you need an anonymous way to browse the internet, Tor is one of your best bets. While some people opt to use both Tor and a VPN at the same time for additional security and privacy, most use one or the other when they need to have a private and secure way to browse and communicate online. Again, each tool has its strengths and weaknesses in protecting your privacy and choosing which one to use depends on your situation. Tor and VPNs are widely known tools, but there are many other tools to cover in our Privacy Tech Toolkit – stay tuned!

Thanks to subscriber Kristin Briney for the topic suggestion!