Re: [tor-relays] Feedback wanted: letter to my university's library
Hi AJ, Thank you for supporting Tor! I think it's a great idea to try to work with your university library to run a relay. I run the Library Freedom Project which helps libraries understand and use privacy tools (libraryfreedomproject.org). I can give you some advice based on my experience. William Denton:
On 1 October 2017, AJ Jordan wrote:
However I've just started college at the University of Rochester, which obviously presents a great opportunity to set up a relay on a really great network. I'm planning to reach out to the library with the following email and would love some feedback:
Scott Bennett had excellent advice,
+1
Academic libraries can be very experimental in some of their work, but they are generally risk-averse. (This is good, because they're in the business of preserving knowledge and cultural artifacts for decades and centuries.) There is, I'm afraid, close to zero chance they would let a non-employee student run a server on their network---and running Tor, even a non-exit relay, makes the chances even lower.
However, don't give up. I suggest thinking about this as a long-term project that could get you involved with the library, faculty and campus IT. There must be people on campus interested in privacy issues, who know about Tor, and perhaps who have been thinking about running a relay. These people could be librarians or they could be professors or grad students in political science, communcations, journalism, computer science, privacy studies, etc. Find out who they are and approach them! Perhaps there is a student club interested in the same issues---if not, you could start one. Students and student groups advocating for a Tor relay or exit, while demonstrating the importance of Tor and how it fits in with the library's and university's mission, would very much help the project be successful.
William's advice is good. You definitely need to begin by building a relationship with the library. Don't be discouraged by the amount of work this may take; the payoff might end up being a cultural shift wherein the library, university IT, and CS departments all work on this as a project together! You'll want to approach the library by showing that Tor is an excellent way to uphold the values of librarianship, which are privacy, intellectual freedom, and access. Really, be explicit about it; don't assume that they'll just get why you think it matters. Here's something I wrote about intellectual freedom + Tor Browser a while ago and you can borrow the arguments I've made: https://www.scribd.com/document/272919852/Alison-Macrina-The-Tor-Browser-and... As William said, libraries are mostly risk-averse, so you also need to be ready to answer their questions about legal and technical concerns. LFP has collected some resources to help with all of that here: https://github.com/LibraryFreedom/tor-exit-package/blob/master/resources.md. Before you email the university librarian, I'd start by talking to some of the regular academic librarians about your ideas and gauge their responses. Ask them if they've heard of the Library Freedom Project and feel free to send them any of our resources. See if they think the administration would be receptive to you offering a presentation about Tor to library staff (even better if you can make it open to students and faculty, too, because that can get you more support). You are welcome to adapt these slides for that presentation: https://libraryfreedomproject.org/allabouttor/. Make sure to show them this academic library that has used their Tor relay as a teaching tool for students: https://boingboing.net/2016/03/16/first-ever-tor-node-in-a-canad.html. LFP is fairly well known and respected in libraries and so if it can be beneficial to involve me further, I'm happy to assist! Alison
Alison Macrina <alison@torproject.org> wrote:
Hi AJ,
Thank you for supporting Tor! I think it's a great idea to try to work with your university library to run a relay. I run the Library Freedom Project which helps libraries understand and use privacy tools (libraryfreedomproject.org). I can give you some advice based on my experience.
William Denton:
On 1 October 2017, AJ Jordan wrote:
However I've just started college at the University of Rochester, which obviously presents a great opportunity to set up a relay on a really great network. I'm planning to reach out to the library with the following email and would love some feedback:
Scott Bennett had excellent advice,
+1
Academic libraries can be very experimental in some of their work, but they are generally risk-averse. (This is good, because they're in the business of preserving knowledge and cultural artifacts for decades and centuries.) There is, I'm afraid, close to zero chance they would let a non-employee student run a server on their network---and running Tor, even a non-exit relay, makes the chances even lower.
However, don't give up. I suggest thinking about this as a long-term project that could get you involved with the library, faculty and campus IT. There must be people on campus interested in privacy issues, who know about Tor, and perhaps who have been thinking about running a relay. These people could be librarians or they could be professors or grad students in political science, communcations, journalism, computer science, privacy studies, etc. Find out who they are and approach them! Perhaps there is a student club interested in the same issues---if not, you could start one. Students and student groups advocating for a Tor relay or exit, while demonstrating the importance of Tor and how it fits in with the library's and university's mission, would very much help the project be successful.
William's advice is good. You definitely need to begin by building a relationship with the library. Don't be discouraged by the amount of work this may take; the payoff might end up being a cultural shift wherein the library, university IT, and CS departments all work on this as a project together!
You'll want to approach the library by showing that Tor is an excellent way to uphold the values of librarianship, which are privacy, intellectual freedom, and access. Really, be explicit about it; don't assume that they'll just get why you think it matters. Here's something I wrote about intellectual freedom + Tor Browser a while ago and you can borrow the arguments I've made: https://www.scribd.com/document/272919852/Alison-Macrina-The-Tor-Browser-and...
As William said, libraries are mostly risk-averse, so you also need to be ready to answer their questions about legal and technical concerns. LFP has collected some resources to help with all of that here: https://github.com/LibraryFreedom/tor-exit-package/blob/master/resources.md.
Before you email the university librarian, I'd start by talking to some of the regular academic librarians about your ideas and gauge their responses. Ask them if they've heard of the Library Freedom Project and feel free to send them any of our resources. See if they think the administration would be receptive to you offering a presentation about Tor to library staff (even better if you can make it open to students and faculty, too, because that can get you more support). You are welcome to adapt these slides for that presentation: https://libraryfreedomproject.org/allabouttor/. Make sure to show them this academic library that has used their Tor relay as a teaching tool for students: https://boingboing.net/2016/03/16/first-ever-tor-node-in-a-canad.html.
I second all of the above by both Bill and Allison, and I am grateful that they were able to express better and in far greater detail much of what I was trying to say, while adding their own ideas in similar detail. Reading Bill's and Allison's followups stimulated an idea of another, and possibly better, approach that I hope AJ will consider and that may even be more likely to be approved and have greater effect in the long run. If he discovers that neither his campus library nor the university as a whole is already officially running at least one relay, this may be a better way to teach them. If, rather than going for a relay, which is quite likely to scare them until they understand more and better about tor, AJ were instead to campaign to get the library to install the tor browser bundle onto its publicly available computers, that alone would be a terrific coup and might engender a great deal of student support for tor on campus over time. (The library would, of course, need to find a way to lock down the settings of the installed bundle, so that it couldn't be turned into a relay by users, but that should not be difficult to do.) If he succeeded in getting the tor browser bundle added to the library's most likely tightly limited list of applications available on its public machines, he could then wait a while to see what the staff members thought of it. If they decided after watching it in use for a while that it was a good thing to have made available to their users, you might then approach another department that operates a student computer lab to try to get TBB installed there. If the library employees liked it, they might give the prospective department a positive recommendation. If AJ played it right and it usually turned out well, he might eventually cover much of the campus with TBB installations. In any case, getting the TBB installed would educate far more people about anonymity and privacy issues than merely getting a relay installed that most people would never be aware of. Getting the student population behind tor could help in several ways. 1) They would tell their friends elsewhere about it. 2) Some of them might want to run relays themselves off campus. 3) Students might even initiate a push for the university to run an official relay, so *AJ* might not even need to do any convincing at that point to get the university to run one or more relays. Universities typically have unique, public IPv4 addresses for every machine on campus, so they can be good places for many relays to run that would be managed by different individuals/departments. Circuit paths would still be subject to the /16 rule, but that wouldn't stop any of those nodes from helping the worldwide tor user community. Although it has already been mentioned, a university will almost surely be concerned about resource consumption (electricity, CPU time, LAN congestion, WAN traffic volume, especially as a fraction of the total available to the university's net, staff time for training and for maintenace of the software, and always, always, and ultimately money). AJ should be prepared to deal with questions and arguments about resources when asking a university employee to expend university resources of something AJ wants. Universities, especially state universities, live on incomes that are set in concrete for at least a year at a time, although occasionally they may be told during the fiscal year that some of the money previously allocated to them has been rescinded, thus sending administrators scrambling to deal with lack of funds to meet commitments. This establishes a zero-sum environment, where a decision to spend resources on Thing A, means those resources are no longer available for use by Things B, C, D, etc. If they don't have unallocated resources available for tor, they can only run it if they can somehow shuffle and transfer resources around with other uses in order to get some unallocated resources, or they have to decide that they want to spend the resources on tor *more* than they want to spend them on the other things. If the library were to start running a relay that placed a sufficiently heavy load on the campus network that other campus users began to notice sluggish response times, I guarantee you that their complaints would cause some adjustments to be made to the tor node's allocated resources. One last thought is that, whatever AJ decides to do about tor at his university, he should prepare at least a cursory list of other universities that have already done/are doing what he wants his to do, so that he can show it to the people he needs to convince. Where possible, his list should include contact information for someone at each institution on his list who is knowledgeable about the institution's tor policy and history and preferably in a position with authority to deal with any problems the institution has encountered with having tor on its system(s). Such a list will demonstrate that doing what he wants his university to do is something that other universities are already doing, and it will make it easier for the person(s) he is trying to convince to find out more about it from those with relevant experience. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************
Scott Bennet> If he discovers that neither his campus library nor the university as a
whole is already officially running at least one relay, this may be a better way to teach them. If, rather than going for a relay, which is quite likely to scare them until they understand more and better about tor, AJ were instead to campaign to get the library to install the tor browser bundle onto its publicly available computers, that alone would be a terrific coup and might engender a great deal of student support for tor on campus over time. (The library would, of course, need to find a way to lock down the settings of the installed bundle, so that it couldn't be turned into a relay by users, but that should not be difficult to do.) If he succeeded in getting the tor browser bundle added to the library's most likely tightly limited list of applications available on its public machines, he could then wait a while to see what the staff members thought of it. If they decided after watching it in use for a while that it was a good thing to have made available to their users, you might then approach another department that operates a student computer lab to try to get TBB installed there. If the library employees liked it, they might give the prospective department a positive recommendation. If AJ played it right and it usually turned out well, he might eventually cover much of the campus with TBB installations. In any case, getting the TBB installed would educate far more people about anonymity and privacy issues than merely getting a relay installed that most people would never be aware of.
This is a great idea, and the slides I shared in my last email could help get this conversation started (the slides cover Tor Browser as well as relays and other Tor stuff). If AJ is interested I can connect him with other libraries I've worked with that have installed Tor Browser on all of their public computers. Alison
Alison Macrina <alison@torproject.org> wrote:
Scott Bennet> If he discovers that neither his campus library nor the university as a
whole is already officially running at least one relay, this may be a better way to teach them. If, rather than going for a relay, which is quite likely to scare them until they understand more and better about tor, AJ were instead to campaign to get the library to install the tor browser bundle onto its publicly available computers, that alone would be a terrific coup and might engender a great deal of student support for tor on campus over time. (The library would, of course, need to find a way to lock down the settings of the installed bundle, so that it couldn't be turned into a relay by users, but that should not be difficult to do.) If he succeeded in getting the tor browser bundle added to the library's most likely tightly limited list of applications available on its public machines, he could then wait a while to see what the staff members thought of it. If they decided after watching it in use for a while that it was a good thing to have made available to their users, you might then approach another department that operates a student computer lab to try to get TBB installed there. If the library employees liked it, they might give the prospective department a positive recommendation. If AJ played it right and it usually turned out well, he might eventually cover much of the campus with TBB installations. In any case, getting the TBB installed would educate far more people about anonymity and privacy issues than merely getting a relay installed that most people would never be aware of.
This is a great idea, and the slides I shared in my last email could help get this conversation started (the slides cover Tor Browser as well as relays and other Tor stuff). If AJ is interested I can connect him with other libraries I've worked with that have installed Tor Browser on all of their public computers.
I, for one, am very happy to know that Alison and her organization are making those materials available. They have the potential to assist many people like AJ in making the public more aware of the issues and of the tools available to help it protect/recover its privacy and anonymity. Alison, do you also have materials on using HTTPS where available instead of HTTP? The dangers inherent in allowing Java or JavaScript to be enabled in one's web browser? Cookies? Tools like the HTTPSeverywhere and NoScript plug-ins for Firefox? The reasons for avoiding the use of telnet clients and which tools to use instead for remote logins? If not, they would make great additions, particularly pages that explain how to convince librarians about these matters? Let me give an example. I have for at least ten years asked my local public library to provide a) a secure shell client, b) a secure web browser for ordinary use where anonymity is not a concern, c) a secure FTP client, and d) the TBB for use by those who desire anonymity. They have always refused to budge. They run an unsecurable OS on their public computers. They provide only Internet Explorer for web access. I'm unsure whether they still allow any FTP access at all. As you can imagine, they have severely limited the usefulness of their computers to the library patrons they claim to serve. I could not, for example, submit my on-line application to renew my flight instructor certificate via the library's computers. They have refused to let me speak with those making the decisions about what is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results? I am at a loss as to how to get the library to emerge from the stone age into the age of the Cheka, much less that of the NSA, FSB, search engine profilers, botnets, packet sniffers, spyware, etc. Disclaimer: I confess that I have no idea how prevalent my public library's attitudes and policies are among public libraries in the U.S. today, so I can't make any claims about widespread need for the sort of materials I'm asking about. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************
On 4 October 2017, Scott Bennett wrote:
Let me give an example. I have for at least ten years asked my local public library to provide a) a secure shell client, b) a secure web browser for ordinary use where anonymity is not a concern, c) a secure FTP client, and d) the TBB for use by those who desire anonymity. They have always refused to budge. They run an unsecurable OS on their public computers. They provide only Internet Explorer for web access. I'm unsure whether they still allow any FTP access at all. As you can imagine, they have severely limited the usefulness of their computers to the library patrons they claim to serve. I could not, for example, submit my on-line application to renew my flight instructor certificate via the library's computers. They have refused to let me speak with those making the decisions about what is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results?
I fear there is nothing you can do. If they're like that, it's not going to change until there's a new chief librarian or head of library IT. Public libraries can be terrible for problems like this. When the right person is in the right job, they can move fast and experiment, but that's rare. When a library thinks offering only IE is the right thing to do, Tor must terrify them. But if you can't speak to the public library board there's a problem much bigger than what they run on their computers! That is just not right. Public libraries have to be responsible to their public. Could your city councillor help? The local newspaper? Good luck! It's a shame your local library is ignoring someone with your expertise. Bill -- William Denton :: Toronto, Canada --- Listening to Art: https://listeningtoart.org/ https://www.miskatonic.org/ --- GHG.EARTH: http://ghg.earth/ Caveat lector. --- STAPLR: http://staplr.org/
William Denton <wtd@pobox.com> wrote:
On 4 October 2017, Scott Bennett wrote:
Let me give an example. I have for at least ten years asked my local public library to provide a) a secure shell client, b) a secure web browser for ordinary use where anonymity is not a concern, c) a secure FTP client, and d) the TBB for use by those who desire anonymity. They have always refused to budge. They run an unsecurable OS on their public computers. They provide only Internet Explorer for web access. I'm unsure whether they still allow any FTP access at all. As you can imagine, they have severely limited the usefulness of their computers to the library patrons they claim to serve. I could not, for example, submit my on-line application to renew my flight instructor certificate via the library's computers.
* I missed a beat here. The procedure for renewing a flight instructor certificate on-line includes an FAA requirement to "digitally sign" the web- based application for renewal. The procedure is a farce that bears no resemblance to what the security community understands to be a digital signature. That also means that the FAA may *not* be in compliance with the federal government's own standard http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf) The fact that the FAA's system is not in compliance with the above referenced federal standard means that the FAA may possibly be in violation of the Computer Security Act of 1987 and/or the Information Technology Reform Act of 1996. But it was recommended to me by [identity withheld] that I *not* contact the FAA to point out this problem to them in hopes of getting them to correct it because they *allegedly* might revoke my instructor certificate for not "properly" representing the FAA's view of things. IOW, representing the NIST's [correct] view of things could get me punished by the FAA. I stress here that I do not know whether that recommendation was accurate in its claim, but I think it clearly illuminates the climate of fear and distrust that exists toward all levels of government in the USA these days. If simply posting this here gets my CFI revoked, I will (attempt to) let you know. (Actually, I'm not terribly worried, but I have to admit to the possibility.)
They have refused to let me speak with those making the decisions about what is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results?
I fear there is nothing you can do. If they're like that, it's not going to change until there's a new chief librarian or head of library IT. Public libraries can be terrible for problems like this. When the right person is in the right job, they can move fast and experiment, but that's rare. When a library thinks offering only IE is the right thing to do, Tor must terrify them.
I was afraid that would be the response a presumably honest, IT-aware librarian might give, but I didn't know until now. Sigh. Thanks for the clear answer. :-( FWIW, my guess is that the board is way too clueless to be terrified, but rather that they simply are so hostile to any change, especially when proposed by someone not a library employee, that they simply cannot permit it, regardless of any other considerations. That's, again, only my guess, but I'm somewhat attached to it by experience. :->
But if you can't speak to the public library board there's a problem much bigger than what they run on their computers! That is just not right. Public
My thoughts exactly.
libraries have to be responsible to their public. Could your city councillor
This is Illinois. "Governmental bodies" and "responsible to their public" are incompatible sentencemates here. Please try your luck again. (Hint: land (,re}development deals are often viewed favorably.) This is the state that requires budgets to be balanced, but where lack of *any* budget for nearly three fiscal years was not considered a breach of the state constitution.
help? The local newspaper?
My city councilcritter has generally been unreceptive to my suggestions on all issues I have ever discussed with him. The local newspaper was bought up long ago by one of the media oligarchs. It is marginally useful for local news only, but not at all worth its price. Most people don't bother with it, so even if the handful of local reporting staff and editor were agreeable, it would likely matter not a whit. Much there has changed unrecognizably since the days before it was bought out.
Good luck! It's a shame your local library is ignoring someone with your expertise.
Thanks, Bill. Perhaps talking these things up with local social activists with more energy than I have these days might be worthwhile. This *is* a university town, after all. :-} I'll have to look into that angle a bit more, I guess. My apologies to the list for straying so radically far off topic. To those offended by my cynicism, I recommend you wise up on your own initiative lest you learn the hard way. Okay. I'll shut up. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************
On 10/05/2017 02:30 AM, Scott Bennett wrote:
William Denton <wtd@pobox.com> wrote:
Thanks, Bill. Perhaps talking these things up with local social activists with more energy than I have these days might be worthwhile. This *is* a university town, after all. :-} I'll have to look into that angle a bit more, I guess.
4."Make the enemy live up to its own book of rules." If the rule is that every letter gets a reply, send 30,000 letters. You can kill them with this because no one can possibly obey all of their own rules. https://en.wikipedia.org/wiki/Rules_for_Radicals Keep Tor and other privacy-enhancing instrumentalities on the agenda; patron privacy is a part of their mandate whether they like it or not. A local librarian has told me that even running a Tor browser is problematic for institutional reasons, but you have to start somewhere. Parenthetically, even setting up a https://littlefreelibrary.org at my condominium complex has been met with incomprehension and fear...
Parenthetically, even setting up a https://littlefreelibrary.org at my condominium complex has been met with incomprehension and fear...
Easier for them to do that than realize the many $thousands they paid for their education which could have been free. Indoctrination withdrawal syndrome is a mean bitch that most can't beat. In this case, they'd rather burn the free books, stay paying on closed source OS, nannyfilter patron access, etc. Open a hackerspace right next door complete with bookshelves, see who has more patrons under an open nonprofit board charter, perhaps the old neighbor will groan and annex itself to the new.
Scott Bennett:
Alison Macrina <alison@torproject.org> wrote:
Scott Bennet> If he discovers that neither his campus library nor the university as a
whole is already officially running at least one relay, this may be a better way to teach them. If, rather than going for a relay, which is quite likely to scare them until they understand more and better about tor, AJ were instead to campaign to get the library to install the tor browser bundle onto its publicly available computers, that alone would be a terrific coup and might engender a great deal of student support for tor on campus over time. (The library would, of course, need to find a way to lock down the settings of the installed bundle, so that it couldn't be turned into a relay by users, but that should not be difficult to do.) If he succeeded in getting the tor browser bundle added to the library's most likely tightly limited list of applications available on its public machines, he could then wait a while to see what the staff members thought of it. If they decided after watching it in use for a while that it was a good thing to have made available to their users, you might then approach another department that operates a student computer lab to try to get TBB installed there. If the library employees liked it, they might give the prospective department a positive recommendation. If AJ played it right and it usually turned out well, he might eventually cover much of the campus with TBB installations. In any case, getting the TBB installed would educate far more people about anonymity and privacy issues than merely getting a relay installed that most people would never be aware of.
This is a great idea, and the slides I shared in my last email could help get this conversation started (the slides cover Tor Browser as well as relays and other Tor stuff). If AJ is interested I can connect him with other libraries I've worked with that have installed Tor Browser on all of their public computers.
I, for one, am very happy to know that Alison and her organization are making those materials available. They have the potential to assist many people like AJ in making the public more aware of the issues and of the tools available to help it protect/recover its privacy and anonymity.
Thanks!
Alison, do you also have materials on using HTTPS where available instead of HTTP? The dangers inherent in allowing Java or JavaScript to be enabled in one's web browser? Cookies? Tools like the HTTPSeverywhere and NoScript plug-ins for Firefox?
Yes, I do a basic training which includes HTTPS, cookies, software updates, passwords, and the like. It's both to educate the librarians into better practices and to help them teach classes to their patrons.
The reasons for avoiding the use of telnet clients and which tools to use instead for remote logins? If not, they would make great additions, particularly pages that explain how to convince librarians about these matters?
Typically I don't cover remote login security because it's not something that most librarians have a direct need for, and there's so much else to cover.
Let me give an example. I have for at least ten years asked my local public library to provide a) a secure shell client, b) a secure web browser for ordinary use where anonymity is not a concern, c) a secure FTP client, and d) the TBB for use by those who desire anonymity. They have always refused to budge. They run an unsecurable OS on their public computers. They provide only Internet Explorer for web access. I'm unsure whether they still allow any FTP access at all. As you can imagine, they have severely limited the usefulness of their computers to the library patrons they claim to serve. I could not, for example, submit my on-line application to renew my flight instructor certificate via the library's computers.
Sadly, the situation you describe is fairly common in libraries. I have had a lot of success helping many libraries make significant changes, but it takes a lot of work building the relationship and convincing their stakeholders that these things are important. I am a former librarian too, and so I think they are more likely to listen to me. That said, my organization has trained thousands of librarians on privacy and security issues, and thanks to our work you'll now find Tor discussed at major (and minor) library conferences, Tor Browser on public computers, libraries teaching privacy classes to their patrons, and the like. So I think things are improving.
They have refused to let me speak with those making the decisions about what is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results? I am at a loss as to how to get the library to emerge from the stone age into the age of the Cheka, much less that of the NSA, FSB, search engine profilers, botnets, packet sniffers, spyware, etc.
Public library board meetings are required to be open for public comment. You should go to the board meeting and give them a presentation about the abysmal state of their computers. Feel free to give them an introduction to Library Freedom Project: https://libraryfreedomproject.org/wp-content/uploads/2015/03/join-LFP.pdf
Disclaimer: I confess that I have no idea how prevalent my public library's attitudes and policies are among public libraries in the U.S. today, so I can't make any claims about widespread need for the sort of materials I'm asking about.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * ********************************************************************** _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----Original Message----- From: alison@torproject.org
Yes, I do a basic training which includes HTTPS, cookies, software updates, passwords, and the like. It's both to educate the librarians into better practices and to help them teach classes to their patrons. That said, my organization has trained thousands of librarians on privacy and security issues, and thanks to our work you'll now find Tor discussed at major (and minor) library conferences, Tor Browser on public computers, libraries teaching privacy classes to their patrons, and the like. So I think things are improving.
Really good, Alison.
On 10/03/2017 11:31 PM, Scott Bennett wrote:
They have refused to let me speak with those making the decisions about what is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results? I am at a loss as to how to get the library to emerge from the stone age into the age of the Cheka, much less that of the NSA, FSB, search engine profilers, botnets, packet sniffers, spyware, etc.
One might think that providing the Tor browser would be a no-brainer, but that's not the case in the Boise Public Library system. The bureaucratic inertia is a very real thing, so good luck getting them to install relays and exits too! First things first.
Kenneth Freeman <kencf0618@riseup.net> wrote:
On 10/03/2017 11:31 PM, Scott Bennett wrote:
They have refused to let me speak with those making the decisions about what is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results? I am at a loss as to how to get the library to emerge from the stone age into the age of the Cheka, much less that of the NSA, FSB, search engine profilers, botnets, packet sniffers, spyware, etc.
One might think that providing the Tor browser would be a no-brainer, but that's not the case in the Boise Public Library system. The
Here, assuming that they have living brains may be unwarranted.
bureaucratic inertia is a very real thing, so good luck getting them to install relays and exits too! First things first.
I have never asked them to do any such thing. All I've asked for was the clients. The answer has simply been "No" with no explanation whatsoever provided. Sorry to hear that the Boise library is also in the Dark Ages. :--( Be careful not to get burned at the stake. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************
participants (6)
-
Alison Macrina -
grarpamp -
I -
Kenneth Freeman -
Scott Bennett -
William Denton