PRIVACY TOOLKIT FOR LIBRARIANS [email protected] libraryfreedomproject.org/resources/privacy-toolkit-for-librarians/ THREAT MODELING ● assets ● adversaries ● capabilities ● consequences how much trouble are you willing to go through in order to try to prevent those? FREE SOFTWARE FOSS: the freedom to run, copy, distribute, study, change and improve the software (gnu.org) -vs. proprietary software -why does this matter for privacy? -most of these tools are free software SAFER BROWSING ● who owns your browser? ● what is a browser extension? ● Firefox and Tor ● Firefox privacy settings ● Firefox extensions menu ENCRYPTED WEBSITES ● what is encryption? 1. confidentiality 2. authenticity 3. integrity ● http vs https ● HTTPS Everywhere ● Let's Encrypt THIRD PARTY TRACKING ● cookies ● widgets ● analytics ● beacons ● behavioral advertising ● Privacy Badger This is a real image from an online marketing company. SEARCH TRACKING ● Google, Bing, and Yahoo collect and store your searches ● DuckDuckGo does not. They even have an extension! ● alerting patrons: “You might notice that your search engine looks different” ● embedded Google searchbars: Google Sharing TERMS OF SERVICE Image credit: xkcd.com E.U.L.A. = end user license agreement Terms of Service; Didn't Read WIFI SECURITY ● Open wifi access and plausible deniability ● Closed wifi encryption (authenticity – and integrity) ● Wired network snooping is possible but requires a physical connection FILE DELETION Clean system and protect privacy: trash, logs, recent places, cache, session data, etc CCLeaner – Windows and Mac OSX, not FOSS *Windows users, do not ever use the registry cleaner! Bleachbit – Windows and Linux, FOSS Deep Freeze/Clean Slate on patron PCs: very useful, easy to use, but not totally secure deletion. ANONYMITY ● Tor Browser: anonymous and ephemeral ● Tor vs. Firefox ● Tor extensions: HTTPS Everywhere and NoScript ● Tor best practices ● more with Tor ● strengthening the Tor network Tails: The Amnesiac Incognito Live System operating system for anonymity and leaving no trace requires: -Tails iso -CD-R (recommended) or 4GB USB stick -installation instructions -ability to boot from external device VIRUSES AND MALWARE ● differences between viruses and malware ● relationship to privacy ● good practices antivirus: ClamAV antimalware: MalwareBytes (free vs pro) for govt malware: Detekt PASSWORDS ● Strong passwords -high entropy -NO PATTERNS ● xkcd method ● diceware list ● KeyPassX: -encrypted -FOSS ● Hardware tokens image credit: xkcd.com MOBILE DEVICES ● your pocket tracking device and you ● location services, wifi, bluetooth = off even better = airplane mode ● cover cameras ● exif removal ● hardening Android: Replicant and Cyanogenmod ● device encryption ● high security situations MOBILE APPS The Guardian Project (Android) Signal (iPhone) Redphone/ Textsecure (Android) SnoopSnitch (Android with root access) EMAIL who can read your email? ● your email service provider ● operators of intermediate network connections ● your intended recipient's email service provider ● anyone who accesses those servers ● worse if you're not using TLS connections PGP email encryption ● email self-defense from FSF email providers ● pobox.com ● riseup.net ● mykolab ● alumni email ● a server you trust VPNs ● what is a VPN? what to look for when choosing a VPN OpenVPN (FOSS, harder) commercial VPNs MISCELLANY ● don't log patron data!! what's your data retention policy? keep software up to date Ninite (email me for how-to with Deep Freeze) guest passes for anonymity ● server-side security ● cover cameras on laptops and other devices EXTRA CREDIT ● PRISM BREAK ● Surveillance Self-Defense from EFF ● Cryptoparty ● Library Freedom Project ● Digital Rights in Libraries [email protected] Patron class curricula! Tech help! Successes and failures! More ideas! Attribution-ShareAlike 4.0 International www.creativecommons.org .