What is the Library Freedom Project?

We live in an era of unprecedented surveillance. The technical capabilities of law enforcement and intelligence agencies are rapidly expanding, and even the best attempts at law reform can’t keep up with these new powers. Over and over again, we’ve seen these capabilities used against protected free speech activities, especially against the speech of marginalized people. Compounding the problem of government surveillance is that of corporate surveillance; we rely on a small handful of data-driven private companies for all of our computing needs, and many of these services are “free” because we are the product. These corporate entities regularly collude with law enforcement to share our private communications, searches, contacts, and more — quite often without our knowledge. By fighting against surveillance, we can reject an internet controlled by a handful of powerful corporate entities and intelligence agencies, and take back our rights in the digital sphere.

Library Freedom Project is a partnership among librarians, technologists, attorneys, and privacy advocates which aims to address the problems of surveillance by making real the promise of intellectual freedom in libraries. By teaching librarians about surveillance threats, privacy rights and responsibilities, and digital tools to stop surveillance, we hope to create a privacy-centric paradigm shift in libraries and the communities they serve.

Youth Online Safety Guide

The Hoaxes, Fake News and Misinformation We Saw on Election Day: http://www.nytimes.com/2016/11/09/us/politics/debunk-fake-news-election-day.html?partner=rss&emc=rss&_r=0

Digital Redlining After Trump: https://medium.com/@tressiemcphd/digital-redlining-after-trump-real-names-fake-news-on-facebook-af63bf00bf9e#.ipvp63c5l

National Lawyers’ Guide Know Your Rights guides (translated): https://www.nlg.org/category/publications/kyr/

ACLU of NJ’s Rights of Immigrants in New Jersey: https://www.aclu-nj.org/files/9513/1540/4576/121108immigrant.pdf

EFF’s Know Your Rights guide: https://www.eff.org/issues/know-your-rights

New Jersey Alliance for Immigrant Justice: http://www.njimmigrantjustice.org/

Student Immigrant Movement: http://www.simforus.com/home

FIERCE NYC: http://fiercenyc.org/

Download Tails (The Amnesiac Incognito Live System): https://tails.boum.org

Download Tor Browser for desktop: https://www.torproject.org/

Tor Browser manual for desktop: https://tb-manual.torproject.org/

Download Tor Browser for Android: https://play.google.com/store/apps/details?id=org.torproject.android

Download Signal for iOS: https://itunes.apple.com/us/app/signal-private-messenger/id874139669

Download Signal for Android: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms

Security Tips Every Signal User Should Know: https://theintercept.com/2016/07/02/security-tips-every-signal-user-should-know/

EFF Wordlist for Master Passwords: https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases

Download LastPass: https://www.lastpass.com/

Download 1Password: https://1password.com/

Download KeePassX: https://www.keepassx.org/

Download Private Internet Access: https://www.privateinternetaccess.com/

Download Mullvad: https://www.mullvad.net/

Download Bitmask: https://bitmask.net/

Some more possibly good VPNs: https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/

Surveillance Self-Defense from EFF: https://ssd.eff.org/

Cryptoparty: https://www.cryptoparty.in/

How to intervene in a racist [or any other kind of hateful] attack: http://qz.com/719779/how-to-intervene-in-a-racist-attack/

Post-election Talking Points on DACA (Deferred Action for Childhood Arrivals): https://www.ilrc.org/daca-talking-points

20 Organizations Endorse the Library Digital Privacy Pledge

20 Organizations- libraries, publishers, library vendors, and library organizations have endorsed the Library Freedom Project’s “Library Digital Privacy Pledge”. These organizations are improving privacy for library users by implementing secure protocols on their web services and asking partners to do likewise.

Websites that do not use secure protocols, such as HTTPS, expose their users to surveillance and intrusion in the network. A wifi or cellphone user who connects to an insecure library or publisher website makes every click visible to the wifi or cellphone provider, others connected to the same network. Content can be inspected and altered by every node participating in the user’s connection. The resulting lack of privacy and security can is incompatible with the ethics and values of libraries. In the past few years, while Google, Facebook, Amazon, and the United States federal government have worked to implement HTTPS on all their web sites; the Let’s Encrypt certificate authority has made secure infrastructure available to even the smallest web site.

“It isn’t always easy to assure privacy and security in a website. The efforts made by these 20 organizations are worthy of recognition, and I hope that more organizations will step up to the challenge.” said Eric Hellman, a Library Freedom Project volunteer and organizer of the Pledge.

“Libraries have been committed to intellectual freedom and privacy for decades.” said Alison Macrina, Founder and Director of the Library Freedom Project. “Libraries serve a diverse audience; some of these patrons are part of vulnerable groups, like domestic violence survivors, racial and ethnic minorities, and LGBTQ communities. They deserve the privacy and security afforded by HTTPS library connections”.

Endorsers of the Library Digital Privacy Pledge to date are:
Council on Library and Information Resources
Digital Library Federation
Digital Public Library of America
Metropolitan New York Library Council
New York Library Association
Lebanon Public Libraries
Millis Public Library
Ottawa Public Library | Bibliothèque publique d’Ottawa
San Rafael Public Library
Bielefeld University Library
University of California at Davis
Auto-Graphics, Inc
Directory of Open Access Journals
Equinox Software, Inc.
Internet Archive
Odilo, LLC
Open Library of Humanities
Total Boox

To add your organization to the list (published at https://libraryfreedomproject.org/ourwork/digitalprivacypledge/library-privacy-pledge-endorsements/ ) or get more information, email the Library Freedom Project at pledge(at)libraryfreedomproject(dot)org.

About the Library Freedom Project:

Library Freedom Project is a partnership among librarians, technologists, attorneys, and privacy advocates which aims to address the problems of surveillance by making real the promise of intellectual freedom in libraries. By teaching librarians about surveillance threats, privacy rights and responsibilities, and digital tools to stop surveillance, we hope to create a privacy-centric paradigm shift in libraries and the communities they serve.

The Library Freedom Project is made possible by generous grants from the Knight Foundation’s News Challenge on Libraries, the Rose Foundation Consumer Privacy Rights Fund, the Shuttleworth Foundation, the support of individual donors, and a sliding scale of fees for our lectures and trainings.

Wanna convince your library to run a relay? Use our resources!

We’ve been slowly putting together a resource packet of ideological, technical, and legal resources to help libraries who are considering running exit relays.

Today we added a new resource to that packet, a template letter to send to library stakeholders, introducing them to Tor and urging them to join the project. Special thanks to our awesome volunteer Raven Cooke, who kindly wrote this template letter for our whole community to use.

Let us know if you find this resource packet useful, or if there’s anything missing from it that you’d like to see.

Fighting the Global Arena panel at Logan Symposium

LFP Director Alison Macrina joined last week’s Logan Symposium panel “Fighting the Global Arena” with David Mirza Ahmad of Subgraph and Julian Assange, moderated by Jérémie Zimmerman. Watch the recording here.

Guest post: Research methodology and findings from MLIS students’ privacy study

Editor’s note: below is a guest post from Paige Sundstrom, an awesome MLIS student who worked with a group of other students at the University of Washington investigated privacy practices and needs in libraries, at both the individual and institutional level. We were impressed with the work of these students and asked Paige to write up a summary of the project in order to amplify the work of these students and encourage other MLIS students to build on this research. Are you a library science student focusing on privacy? Want to hear more about the research project these UW students conducted? Please get in touch!

Hi! I’m Paige — a first year MLIS student at the University of Washington’s iSchool. Last quarter I worked with three fantastic ladies (Alexa, Alexandra, and Stephanie <3 <3 <3) on a research project on Internet privacy and am excited to share my/our experience with all of you!

Continue Reading…

LFP wins Rose Foundation funding

We are thrilled to share some exciting news about the future of Library Freedom Project. Thanks to a grant from the Rose Foundation’s Consumer Privacy Rights Fund, Nima Fatemi will be joining Library Freedom Project as our chief technologist. Nima has been a dedicated volunteer with LFP for over a year, most notably helping create the highly successful Tor exit relay pilot project that we recently concluded in New Hampshire. With support from Rose Foundation, we’ll be able to continue the exits project at scale, with Nima traveling to libraries all over the country to implement relays. Nima will also conduct privacy trainings in libraries, taking them to a more advanced level, and help libraries set up privacy-protecting infrastructure.

Continue Reading…

Thank you, Representative Zoe Lofgren!

Yesterday, Representative Zoe Lofgren sent a letter to Department of Homeland Security secretary Jeh Johnson, expressing her concern with DHS actions against the library in Lebanon, New Hampshire, where we set up our Tor exit relay pilot. In this letter, Rep. Lofgren asks DHS to provide her with any other instances of the agency interfering with the public’s use of privacy-enhancing technologies.

We want to express our thanks to Rep. Lofgren for standing up for our right to use privacy tools like Tor, and we eagerly await the DHS response to her request.

Wrapping up our Tor exits pilot, and what’s next for this initiative

The following post is by Chuck McAndrew of Lebanon Public Libraries, and Alison Macrina of Library Freedom Project. Each section is labeled with its author.

Completing the Tor exits pilot at Lebanon Public Library – Chuck and Alison

On Friday, November 6th, we turned the Lebanon Public Library’s Tor non-exit relay into an exit — thus marking the completion of a project that started small, but grew to international prominence late this summer after a now infamous failed attempt at intervention by the Department of Homeland Security. After the community responded overwhelmingly in favor of the relay, and the excitement died down, those of us from Lebanon Public Library and Library Freedom Project were left with the more mundane work of completing the pilot. Turning the middle relay into an exit was an entirely unremarkable process — just a simple edit to a configuration file, and then a reload of the Tor service. What’s remarkable, however, is the symbolic significance of this pilot: it marks the first time that a public library has ever hosted a Tor exit relay. And it’s means that Library Freedom Project’s Tor relay initiative pilot phase is officially a success. The path to achieving this milestone has certainly been an interesting one, and Lebanon Public Libraries has been honored to participate and lead the way for other libraries. Now, Library Freedom Project encourages other libraries to join this initiative, and so Chuck (of Lebanon Public Library) and Alison (of LFP) co-wrote this blog post about our pilot experience in the hopes that other libraries will be inspired to do the same.

Why a Tor exit relay? – Chuck and Alison
Libraries have long been guardians of privacy and intellectual freedom for their communities; these values have been in the American Library Association’s Code of Ethics since 1939, and library patron privacy is codified into many state laws, including Lebanon Public Library’s home state of New Hampshire. Today, the freedom to read means more than just providing access to books; it means protecting people’s right to freely access information — in both physical and digital spaces. The Tor network provides strong protections for online anonymity and privacy, allowing people to read, write, and research without the chilling effects of surveillance. By participating as one of many volunteer relay operators in the Tor network, Lebanon Public Library continues the library tradition of protecting people’s privacy while helping make Tor strong. For more on why we started the Tor relay initiative, read our original announcement post. Lebanon Library’s Tor exit relay is only the beginning of their privacy protections for patrons: they’re offering GNU/Linux computers with Tor Browser, Firefox with privacy-protecting extensions, classes on increasing online privacy, and more.

How did we make this happen? – Chuck
From the start of this pilot program, the Library Freedom Project has been outstanding at providing us with support. On the technical side of things, Nima Fatemi (Library Freedom Project technologist and core member of The Tor Project) has been an amazing resource. He has guided us on the setup of the relay, provided security suggestions, and helped with our network setup. Much of what we ended up doing was at Nima’s suggestion, and it has worked out extremely well for us.

Nima and Alison traveled up to New Hampshire to help us setup our relay. We initially set it up on an old desktop computer that I had. It worked perfectly fine on that, but I was bothered by having an old desktop sitting in my LAN room. In the end, I decided to change it over to a virtual machine. It has been sitting on my server chugging away ever since. I am a huge fan of virtualization whenever possible and it has worked out very well. Anyone with the knowledge to set up a virtual machine shouldn’t have much trouble making this work. However, it doesn’t take a real server to run a Tor relay.  Most desktop computers are perfectly capable of doing so.

One of the big concerns that we had going into this project was that it not impact our current level of service to our patrons. Our main worries were making sure that the relay didn’t take bandwidth away from our patrons and that nothing about the Tor network impacted our patron’s ability to surf the internet. Some websites do not like Tor traffic and will block any IP address that is associated with a Tor exit relay. Before we converted our relay to an exit relay, we wanted to make sure that Tor traffic went out on a different IP address than our public internet to avoid any possible problems, and Nima was helpful in ensuring that this all happened smoothly.

Happily for us, setting up this relay coincided with some changes to our network which we had been planning for other reasons. In the end, taking Nima’s suggestions and working with local open source advocate Bill McGonigle from BFC Computing, we were able to significantly improve our network and lower our operating costs. Initially, we had two lines coming in to our library. One was for the public internet and the other for the staff. We were able to drop one of those lines by introducing a pfSense firewall. This allowed us to safely firewall off the Tor relay and send Tor traffic out its own IP address (our account already had a 5 IP bundle). This also helped alleviate our second concern. The pfSense firewall allowed us to monitor how much bandwidth was being used by each interface. This helped us to donate as much bandwidth as we could while ensuring that our patron’s web browsing was unaffected. Having the data provided by pfSense was a great help to us.

Although there was a cost involved with bringing Bill in to help us change our network setup, it was offset by the cost savings of being able to cancel one line. I now feel very confident that we have a secure, easily managed network that provides me with lots of information about what is going on on our network. Setting up your network to securely accommodate a Tor relay is potentially the most expensive part of this project.  How costly (or if there is any cost at all) will depend on the library’s current network setup and level of in-house IT knowledge.  Other libraries participating in this project can rely on the expertise of LFP staff to ensure that your relay won’t impact current services.

Lessons learned – Chuck

This project has been a success in many ways. We are strengthening the Tor network by hosting an exit relay. We are benefiting people all over the world who need privacy and anonymity. We are living up to the core values of librarianship.  We also have once again proven the relevance of public libraries in the digital age.  We have started a conversation about privacy in our community and used that to educate our patrons about many of these important issues.  That is all to the good, but we did learn many lessons along the way. If we were starting over, there are some things that I would do differently and some lessons that I am glad to have learned.

Lesson 1: Engage the community from the start.

When our library received push back from law enforcement it was largely due to our amazing community support that we were able to proceed.  We are extremely thankful that they came out and let it be known that these were important issues to them. However, it would have been better if we had engaged our community prior to starting this project.  If we had been able to point to the strong community support we had, we could have avoided a lot of uncertainty during this project.  We started this project because we felt it was important and felt that it would be important to our community.  In the end, we were validated, but it would have been very nice to know for sure before hand.

Lesson 2: People care about privacy.

It is a common narrative that privacy is dead and/or most people don’t care about privacy. This is wrong. People do care about privacy and intellectual freedom. People often feel powerless in the face of pervasive surveillance by huge corporations and national governments.  If you have no realistic way to defend yourself, the sane thing to do is to accept the situation.  However, a very different picture emerges when people start to learn about tools which are easy to use and that give them the power to enforce their privacy. All of a sudden you have people from all walks of life who are very interested in these issues.  The problem isn’t that people don’t care, it is that they are being told over and over that there is nothing that they can do about it. Projects such as this one show people that there is hope. People find that extremely empowering. No one is saying that people shouldn’t be able to share whatever they want online.  With social media, people share all kinds of information about themselves.  What we are saying is that people should be the ones who get to control what information is shared about them.  This message is very powerful, especially when combined with education about how to achieve it.

Lesson 3: You can have an impact.

Technology is a powerful tool. It can be intimidating, and even overwhelming, but it can also let you do amazing things. Compared to many libraries across the country, the Lebanon Public Libraries are a small system. If you would have told us two years ago that we would be involved in an international conversation about privacy and intellectual freedom, I am sure that many people here would have laughed. But, thanks to the support of our community, we are. You don’t have to wait for someone bigger, or better funded, or more important to do something. Everyone has the ability to make an impact.

What’s next for the LFP Tor relay initiative? – Alison

After all of the excitement after DHS and the local police tried to intervene in the pilot project, we ended up with more attention to this project than we initially anticipated, which created a bottleneck for LFP staff. We’ve finally emerged on the other side and have been planning out our next steps, including creating a resource packet of ideological, legal, and technical resources for our interested libraries. We’ve heard from libraries across the US who are interested in participating, and our network of free software technologists and advocates all over the world are busy setting up their own relay initiatives with local libraries — in places from Sweden to Australia. Very soon, we’ll be making a big announcement with some good news about the relay initiative and its future, but in the meantime, interested libraries can contact us for more information by emailing exits (at) libraryfreedomproject (dot) org. Thanks to everyone for all of their support for Lebanon Public Library, Library Freedom Project, and our Tor exits initiative. Our success is due in part to our amazing community.