On Thursday 7th August I attended a talk about Online Privacy by Alison Macrina and Eoin O’Dell, organised by the Academic and Special Libraries Section of the LAI. I don’t currently work directly with library patrons, but I went along as an internet user, believer in free speech, and the go-to person for social media queries amongst my friends and family. It is my belief that anyone who goes online should be aware of where data is being gathered about them and how they can achieve higher levels of privacy – regardless of whether they have anything to hide.
Laura Rooney Ferris introduced the speakers and the topic, highlighting that the UN prioritises the need for public access to information about online privacy.
In opening, Alison noted that you can’t have freedom of expression without protection of privacy, and this is the basis for her passion for online privacy.
Eoin pointed out that in Ireland the conversations about privacy are happening around litigation and journalism, and between celebrities and other high profile figures. Debates are focused on wrong elements of privacy.
Alison outlined recent events that indicate that governments are becoming more secretive about surveillance – eroding public privacy, but increasing government privacy. Eoin added that this is legislated for in the USA. In the UK there have been investigations into surveillance that have found programmes are contrary to human rights legislation. It is worrying that the current UK government is seeking to remove Human Rights Act. Legislation in Ireland allows for surveillance in a very broad number of cases.
Given the neutral or community-serving position that libraries have often been credited with, Alison states that they could and should become the entity that people associate with privacy. Libraries and librarians should be empowering people with knowledge and tools to protect privacy and freedom of speech.
To conclude the evening, Alison then shared some of the tools that we could use and share with library patrons to improve online privacy. Many of these are Open Source, so the code is likely to have been reviewed for surveillance capabilities. If you are techy enough you could look under the hood and review this yourself, otherwise you are trusting the wisdom of the crowd, rather than the wisdom of the proprietor. Proprietary software could potentially have a surveillance hole hidden as the code is not open to the user – this is not as sci-fi as it sounds!
Some of the recommendations that Alison gave are summarised here:
- Tor browser. This obscures the user’s IP address, allows for application level privacy, and each tab has a different IP.
- Disconnect is a search engine in Tor. Doesn’t store searches or pass on your data!
- Strong encryption is the best defence against spyware.
- Run your updates! They usually contain protections against security weaknesses. Once weaknesses are public they are more likely to be exploited.
- KeyPassX – an open source password keeper that is only stored on your computer. (More on passphrases)
- Riseup email service. Meant for activists. Librarians passionate about privacy for the bill.
- HTTPS – the S means your information is secure, only shared between you and that site.
Alison pointed out that most libraries don’t encrypt their websites. Encryption and using HTTPS should be maintained to keep catalogue searches private. A new way of making websites secure is in beta testing now: Let’s Encrypt. Alison shared that they are looking for testers, if any librarians out there are looking for a way to upgrade their site’s security.
Check out Alison’s website, the Library Freedom Project for further tips, tools, a toolkit for teaching about online privacy, and other updates.
And read Tom Maher’s reflection over on libfocus