Digital Privacy in Public Libraries
This is a guide on how librarians can protect their patrons’ digital privacies.
Public libraries have always respected the privacy of their patrons. The increasingly digital aspect of today’s world requires an updated commitment to protecting digital privacy. This page explores some tools that librarians can use to improve patron privacy online. In addition to implementing these tools, librarians can also educate and provide outreach about digital privacy.
HTTPS Everywhere
HTTPS Everywhere is a browser extension that makes your browser use
https instead of
http whenever it’s available. This replacement encrypts communication between the web user and the server, which generally makes browsing more private and secure. It’s easy to install, and browsing the web with HTTPS looks exactly the same to the user as it does with regular HTTP.
Here’s how it works:
HTTPS is a protocol for secure communication just like regular HTTP, except it does three things (via an additional protocol called TLS/SSL) that make communication between the web user and the server secure.
– The additional protocol reviews a security certificate that ensures that the website which the user is trying to visit is actually the desired website — not another entity disguised as it.
– All the data sent between the web user and the server hosting the website is encrypted, or coded in such a way that only the user and server can understand the data being sent. This protects both user and server against instances of eavesdropping by third parties; the data simply looks like nonsense to them.
– Lastly, TLS/SSL checks the integrity of the transmitted data with an algorithm. This prevents the data from being changed at all, so no one can sneakily insert any malicious code while it’s in transit. These three elements comprise HTTPS, which makes data secure in this transmission.
One limitation of HTTPS is that it only works on supported sites. This means that if a website doesn’t support HTTPS, it will only load in HTTP. So HTTPS can activate security features latent in the site, but it can’t create security features if they don’t already exist.
Here are three examples of how HTTPS is becoming more commonplace today:
– Google, Facebook and Twitter all now support HTTPS by default.
– The White House issued a
directive last year that requires all publicly-accessible federal websites must use secure HTTPS connections by the end of 2016.
– Influential librarian/blogger Jessamyn West has called 2016 “
the year of HTTPS.”
HTTPS is one of the more well-known projects from the Electronic Freedom Foundation. For more info:
https://www.eff.org/HTTPS-everywhere
DuckDuckGo
DuckDuckGo is a search engine that doesn’t collect or share any personal information that users enter into it (unlike Google, which saves data for 18 months). Making DuckDuckGo the default search engine for the browser is very easy; it even comes as a pre-installed search option in Firefox. DuckDuckGo looks like Google and is intuitive to use — patrons may not even notice they they’re using it.
One limitation of DuckDuckGo is that it’s not always as convenient as Google. Because Google tracks what you’ve searched in the past, and uses something called semantic search, it can predict with greater accuracy the user’s intent. For example, if you’ve been recently searching in Google how to erase your hard drive (aka “scrubbing”) in a Windows operating system, a search for “windows scrubbing” will more likely give you the result you want. However, with the same search in DuckDuckGo, you might get results for how to properly clean your apartment windows instead, since they don’t track your search history and preferences.
For more info:
https://duckduckgo.com
Linux Operating Systems
Microsoft has participated in the NSA’s PRISM surveillance program in the past. This means that unknown amounts of Windows users’ data was likely submitted to the government without users’ knowledge. Linux distributions don’t have this association. They’re also free, open-source, and sufficient for patron needs (including internet, word processing, image editing, playing media, etc.)
Here’s a video of Jessamyn West installing
Ubuntu (a popular Linux operating system) on a public library computer.
Tor
One of the most effective tools for achieving anonymity online is the Tor browser. It’s essentially a modified Firefox browser that gives the user better encryption while browsing the web. It uses series of computers around the world to anonymize users’ traffic. You can think of it as private browsing without any caveats about how your employer or internet service provider can still see which websites you visit.
Tor is good for some things and not for other things. For example, it’s not ideal to use Tor for checking your email or social media because once you sign into such a service, you identify yourself to the website, and are no longer truly anonymous.
Librarians may able to work with their library’s IT department to set up an exit relay, as the Kilton Library in Lebanon, NH did
last year. What’s an exit relay? When a Tor user opens the browser and visits a website, the data is passed through a series of relays, which adds layers of encryption to their data, thus making user’s IP address invisible. So more Tor users means more possible relays and more levels of encryption, security, and anonymity. The final relay, or exit relay, is the last point in the series that interacts with the public internet.
Public libraries are well-suited to running Tor exit relays. This is because they are protected from inquiries made by law enforcement officials and notices from the Digital Millennium Copyright Act via safe harbor provisions. In other words, police would be more likely to show up at John Doe’s address to ask about certain Internet activity than they would be to show up at a public library. Therefore, public libraries should use this advantage to maximize their potentials as democratic public spaces that provide their patrons true freedom of access.
For more info:
https://www.torproject.org/projects/torbrowser.html.en
Providing Outreach and Context
Most of these tools fall into the set-and-forget category: people can use them without knowing that they’re even using them at all. However, it won’t help much if they go home and use computers in ways that undermine every privacy measure that their library has set up. Therefore, educating people about how they can protect their privacy (inside and outside of the library building) is a very important step: learning why digital privacy matters and the things you can do to preserve it can be very empowering.
Outreach can manifest in various forms. One can be simply hanging up signs near public computers that briefly explain what these tools are. Librarians can also stress the importance of digital privacy in computer literacy classes they may teach. From there, the next logical step may be to facilitate complementary workshops on how to strengthen and improve your own privacy online, where patrons can bring in their phones and computers and learn how to do so first-hand.
Complete and consistent digital anonymity should not be the ultimate end-goal here. Nor should people blindly use these tools in isolated contexts. However, librarians can help patrons make informed decisions about how to conduct their activity online, and wield better control over their digital privacy as a result.