PRIVACY TOOLKIT FOR LIBRARIANS
libraryfreedomproject.org/resources/privacy-toolkit-for-librarians/
THREAT MODELING
● assets ● adversaries ● capabilities ● consequences how much trouble are you willing to go through in order to try to prevent those?
FREE SOFTWARE
FOSS: the freedom to run, copy, distribute, study, change and improve the software (gnu.org)
-vs. proprietary software -why does this matter for privacy? -most of these tools are free software
SAFER BROWSING
● who owns your browser?
● what is a browser extension?
● Firefox and Tor ● Firefox privacy settings ● Firefox extensions menu
ENCRYPTED WEBSITES ● what is encryption? 1. confidentiality 2. authenticity 3. integrity ● http vs https ● HTTPS Everywhere ● Let's Encrypt
THIRD PARTY TRACKING
● cookies ● widgets ● analytics ● beacons ● behavioral advertising ● Privacy Badger
This is a real image from an online marketing company.
SEARCH TRACKING
● Google, Bing, and Yahoo collect and store your searches ● DuckDuckGo does not. They even have an extension! ● alerting patrons: “You might notice that your search engine looks different” ● embedded Google searchbars: Google Sharing
TERMS OF SERVICE
Image credit: xkcd.com
E.U.L.A. = end user license agreement
Terms of Service; Didn't Read
WIFI SECURITY
● Open wifi access and plausible deniability ● Closed wifi encryption (authenticity – and integrity) ● Wired network snooping is possible but requires a physical connection
FILE DELETION
Clean system and protect privacy: trash, logs, recent places, cache, session data, etc
CCLeaner – Windows and Mac OSX, not FOSS *Windows users, do not ever use the registry cleaner! Bleachbit – Windows and Linux, FOSS
Deep Freeze/Clean Slate on patron PCs: very useful, easy to use, but not totally secure deletion.
ANONYMITY
● Tor Browser: anonymous and ephemeral ● Tor vs. Firefox ● Tor extensions: HTTPS Everywhere and NoScript ● Tor best practices ● more with Tor ● strengthening the Tor network
Tails: The Amnesiac Incognito Live System operating system for anonymity and leaving no trace requires: -Tails iso -CD-R (recommended) or 4GB USB stick -installation instructions -ability to boot from external device
VIRUSES AND MALWARE ● differences between viruses and malware ● relationship to privacy ● good practices
antivirus: ClamAV antimalware: MalwareBytes (free vs pro) for govt malware: Detekt
PASSWORDS ● Strong passwords -high entropy -NO PATTERNS ● xkcd method ● diceware list ● KeyPassX: -encrypted -FOSS ● Hardware tokens image credit: xkcd.com
MOBILE DEVICES
● your pocket tracking device and you ● location services, wifi, bluetooth = off even better = airplane mode ● cover cameras ● exif removal ● hardening Android: Replicant and Cyanogenmod ● device encryption ● high security situations
MOBILE APPS
The Guardian Project (Android)
Signal (iPhone)
Redphone/ Textsecure (Android)
SnoopSnitch (Android with root access)
who can read your email?
● your email service provider ● operators of intermediate network connections ● your intended recipient's email service provider ● anyone who accesses those servers ● worse if you're not using TLS connections
PGP email encryption ● email self-defense from FSF email providers ● pobox.com ● riseup.net ● mykolab ● alumni email ● a server you trust
VPNs
● what is a VPN? what to look for when choosing a VPN OpenVPN (FOSS, harder) commercial VPNs
MISCELLANY
● don't log patron data!! what's your data retention policy? keep software up to date Ninite (email me for how-to with Deep Freeze) guest passes for anonymity ● server-side security ● cover cameras on laptops and other devices
EXTRA CREDIT
● PRISM BREAK ● Surveillance Self-Defense from EFF ● Cryptoparty ● Library Freedom Project ● Digital Rights in Libraries
Patron class curricula! Tech help! Successes and failures! More ideas!
Attribution-ShareAlike 4.0 International www.creativecommons.org