Privacy toolkit for
librarians
alison@libraryfreedomproject.org
watertownlib.org/privacy-tools





All of the tools I'm demonstrating today could be
implemented in a library environment or taught in
computer classes
Most are free (noted if otherwise)
Most are easy to set up and require little maintenance
(noted if otherwise)
These tools offer some protection against corporate
surveillance, government surveillance, and petty
criminal hacking
Remember: privacy is like an onion, and these are just
some of the tools available
What we'll cover today

Changing expectations and behavior

Safer browsing

Anonymity options

Viruses and malware

Passwords and password storage

General tips

Going further

Within each of these, we'll examine concepts in digital
privacy (encryption, FOSS, proxies, etc)
Safer browsing
Browsers and FOSS





Browser privacy depends on who owns and maintains the
source code
Who owns the most popular browsers? Firefox, Chrome,
Internet Explorer, Safari
Free software: anyone can use, copy, study, and change
the software in any way, libre not gratis
Open source: source code is openly shared so that people
are encouraged to voluntarily improve the design of the
software. Firefox is the only FOSS browser listed above
Proprietary software: restrictive copyright, source code
hidden from users
Advertising and privacy

Behavioral advertising: advertising related to your
online activity

Adblock Plus

Blocks banners, pop-ups, and video ads by default



You won't see ads nor will you be tracked by many of
the advertisers
Will protect against some ad-based malware
Review the settings – lock them down against all ads,
not just the “obtrusive” ones
Third party web tracking


Cookies, widgets, analytics, beacons: how are they
tracking us?
Privacy Badger: a browser add-on that stops
advertisers and other third-party trackers from secretly
tracking where you go and what pages you look at on
the web

How is this different from Adblock Plus?

How does this work on popular websites?
Temp files and tracking

Cache – images and data from sites you've visited

Browser history – list of all visited sites

Third party cookies



Internet breadcrumbs: complete picture of your online
behavior and can be surveillance beacons
CCleaner: a tool for secure temp file deletion
Deep Freeze/Clean Slate on patron PCs (costs $,
harder to set up and maintain, plus not totally secure
deletion)
Encrypted browsing





Hyper Text Transfer Protocol Secure (HTTPS):
secures data via Transport Layer Security (TLS)
How does encryption work?
How does HTTPS support data integrity and
authentication?
HTTPS Everywhere: a browser plugin that makes
HTTPS work by default on compatible websites
Some instructions for securing your website and
catalog with TLS are in the list of links, but this is worth
paying someone to do for you
Search tracking




Google, Bing, and Yahoo all collect and store
information about your online searches
DuckDuckGo does not. They even have a handy
plugin!
Alerting patrons: “You might notice that your search
engine looks different”
For Google searches and Google search bars within
websites: Google Sharing plugin
Terms of service and privacy


When was the last time you actually read a ToS before
clicking “yes”?
Terms of Service; Didn't Read (ToS;DR): a browser
plugin that evaluates website terms and privacy
policies and rates them from A to E.

What are you agreeing to when using [x] service?

What does this look like on sites with ToS?
Wifi security
Open wifi = access and
plausible deniability
(EFF Open Wireless
Movement)

Closed wifi =
encryption (authenticity
and integrity)

Consider offering
two networks

Wired network snooping is
possible but requires a
physical connection

Anonymity
Anonymous browsing





Tor Browser Bundle: the only web browser for
anonymity
Anonymizes your location and deletes browsing
history after your session
TBB includes: Tor Browser and NoScript and HTTPS
Everywhere plugins
Limitations: Difficult for ordinary users, can be slow,
may not work well with some sites, should not be used
with identifying accounts
Instructions and best practices on the Tor Project's
website
Strengthening the Tor network





Tor anonymizes your location through the use of relays
and relies on a network of volunteers to run these relays
all over the world
Middle relays, exit relays, and bridges
It is fairly difficult to set up a Tor relay, but requires almost
no maintenance after set up
Instructions from Tor Project and from me are on the list of
privacy links
In brief: you will need one workstation capable of running
a server and some wired bandwidth (at least 100/kb each
way)
TAILS





TAILS: The Amnesiac Incognito Live System
TAILS is a complete operating system(Linux Debian) that
allows you to use the internet anonymously (Tor network),
encrypt all messaging and files, and leave no trace
TAILS includes a web browser, instant messaging client,
email, office suite, image/sound editor, etc
You will need: TAILS iso, CD-R (recommended) or 4GB
USB stick, installation instructions, ability to boot from
external device
TAILS best practices
Viruses and malware




Viruses and malware can easily compromise privacy
Avast (bundle has Firefox plug-in!) - protects from the
"classic" threats like viruses, worms, and trojans
MalwareBytes- protects against malware but not
viruses and worms (Windows only)
Malware checks are built into OS X. See privacy links
for detailed info.
Passwords and password
storage



Password problems: weakness and entropy (fun tool:
howsecureismypassword.net)
Should be more than 8 characters, mix of letters,
numbers, and symbols, and should not relate to any
personal data. Use a whole sentence!
Schneier Method: TPoWSBn1N
(this password once was secure but now is not)

Password managers: pros and cons

KeyPassX: encrypted and FOSS
...some general tips


Don't log patron data!! What's your library's data retention
policy?
Places to check for patron logs:
-routers, firewalls, switches, computer authentication
software


Keep your software up to date
Ninite: great for public PC environments (Windows only),
pro version = $ (email me for how-to with Deep Freeze)

Offer guest passes for anonymity

Cover cameras on laptops and other devices
Going further





PRISM BREAK: privacy and anonymity resources for
browsers, operating systems, smartphones, social media,
and more
The Guardian Project: tools just for Android smartphones
Email Self-Defense from FSF: step by step guide to
setting up PGP encryption for email from the Free
Software Foundation
Surveillance Self-Defense from EFF: a little of everything
from the Electronic Frontier Foundation
Cryptoparty: resources for teaching basic cryptography
tools
email: alison@libraryfreedomproject.org
xmpp/IM: amacrina@jabber.org
Patron class curricula! Tech help! Successes and
failures! More ideas!
CC-BY-NC-SA
(Attribution-NonCommercial-ShareAlike 4.0
International) www.creativecommons.org