[tor-relays] Feedback wanted: letter to my university's library

Alison Macrina alison at torproject.org
Wed Oct 4 19:48:00 UTC 2017 

Scott Bennett:
> Alison Macrina <alison at torproject.org> wrote:
> 
>> Scott Bennet> If he discovers that neither his campus library nor the
>> university as a
>>> whole is already officially running at least one relay, this may be a better
>>> way to teach them.  If, rather than going for a relay, which is quite likely
>>> to scare them until they understand more and better about tor, AJ were
>>> instead to campaign to get the library to install the tor browser bundle
>>> onto its publicly available computers, that alone would be a terrific
>>> coup and might engender a great deal of student support for tor on campus
>>> over time.  (The library would, of course, need to find a way to lock down
>>> the settings of the installed bundle, so that it couldn't be turned into
>>> a relay by users, but that should not be difficult to do.)  If he succeeded
>>> in getting the tor browser bundle added to the library's most likely tightly
>>> limited list of applications available on its public machines, he could then
>>> wait a while to see what the staff members thought of it.  If they decided
>>> after watching it in use for a while that it was a good thing to have made
>>> available to their users, you might then approach another department that
>>> operates a student computer lab to try to get TBB installed there.  If the
>>> library employees liked it, they might give the prospective department a
>>> positive recommendation.  If AJ played it right and it usually turned out
>>> well, he might eventually cover much of the campus with TBB installations.
>>> In any case, getting the TBB installed would educate far more people about
>>> anonymity and privacy issues than merely getting a relay installed that most
>>> people would never be aware of.
>>
>> This is a great idea, and the slides I shared in my last email could
>> help get this conversation started (the slides cover Tor Browser as well
>> as relays and other Tor stuff). If AJ is interested I can connect him
>> with other libraries I've worked with that have installed Tor Browser on
>> all of their public computers.
>>
>      I, for one, am very happy to know that Alison and her organization are
> making those materials available.  They have the potential to assist many
> people like AJ in making the public more aware of the issues and of the tools
> available to help it protect/recover its privacy and anonymity.

Thanks!

>      Alison, do you also have materials on using HTTPS where available
> instead of HTTP?  The dangers inherent in allowing Java or JavaScript to be
> enabled in one's web browser?  Cookies?  Tools like the HTTPSeverywhere and
> NoScript plug-ins for Firefox?  

Yes, I do a basic training which includes HTTPS, cookies, software
updates, passwords, and the like. It's both to educate the librarians
into better practices and to help them teach classes to their patrons.

> The reasons for avoiding the use of telnet
> clients and which tools to use instead for remote logins?  If not, they would
> make great additions, particularly pages that explain how to convince
> librarians about these matters?

Typically I don't cover remote login security because it's not something
that most librarians have a direct need for, and there's so much else to
cover.

>      Let me give an example.  I have for at least ten years asked my local
> public library to provide a) a secure shell client, b) a secure web browser
> for ordinary use where anonymity is not a concern, c) a secure FTP client,
> and d) the TBB for use by those who desire anonymity.  They have always
> refused to budge.  They run an unsecurable OS on their public computers.  They
> provide only Internet Explorer for web access.  I'm unsure whether they still
> allow any FTP access at all.  As you can imagine, they have severely limited
> the usefulness of their computers to the library patrons they claim to serve.
> I could not, for example, submit my on-line application to renew my flight
> instructor certificate via the library's computers.

Sadly, the situation you describe is fairly common in libraries. I have
had a lot of success helping many libraries make significant changes,
but it takes a lot of work building the relationship and convincing
their stakeholders that these things are important. I am a former
librarian too, and so I think they are more likely to listen to me.

That said, my organization has trained thousands of librarians on
privacy and security issues, and thanks to our work you'll now find Tor
discussed at major (and minor) library conferences, Tor Browser on
public computers, libraries teaching privacy classes to their patrons,
and the like. So I think things are improving.

>      They have refused to let me speak with those making the decisions about
> what is provided on their public computers, much less to make an organized
> presentation to them.  I was told that the decisions about software on the
> computers are made by the library board, not even by the IT staff.  What is
> a good approach to get better results?  I am at a loss as to how to get the
> library to emerge from the stone age into the age of the Cheka, much less
> that of the NSA, FSB, search engine profilers, botnets, packet sniffers,
> spyware, etc.

Public library board meetings are required to be open for public
comment. You should go to the board meeting and give them a presentation
about the abysmal state of their computers. Feel free to give them an
introduction to Library Freedom Project:
https://libraryfreedomproject.org/wp-content/uploads/2015/03/join-LFP.pdf

>      Disclaimer:  I confess that I have no idea how prevalent my public
> library's attitudes and policies are among public libraries in the U.S. today,
> so I can't make any claims about widespread need for the sort of materials
> I'm asking about.
> 
> 
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list