Privacy for Libraries

PRIVACY
FOR
LIBRARIES

ArLA / SELA
2019

Bryan NeIl Jones
bryan.n.jones@nashvIlle.gov
NashvIlle PublIc LIbrary
LIbrary Freedom Project

EVERYDAY
PRIVACY

ArLA / SELA
2019

Bryan NeIl Jones
NPL / LFP

PRIVACY
FOR YOU
AND ME

ArLA / SELA
2019

Bryan NeIl Jones
NPL / LFP

IT'S ABOUT
PRIVACY,
STUPID.

(DON'T USE THIS ONE)

PRIVACY
FOR
LIBRARIES

ArLA / SELA
2019

Bryan NeIl Jones
NPL / LFP

ETHICS

Ethics
need to be
considered
upon
ideation

UN DeclaratIon
of Human RIghts

9) Code of Ethics for Librarians and Other Information Professionals, Item 3: Librarians and other information workers respect personal privacy, and the protection of personal data, necessarily shared between individuals and institutions.The relationship between the library and the user is one of confidentiality and librarians and other information workers will take appropriate measures to ensure that user data is not shared beyond the original transaction. Librarians and other information workers support and participate in transparency so that the workings of government, administration and business are opened to the scrutiny of the general public. They also recognize that it is in the public interest that misconduct, corruption and crime be exposed by what constitute breaches of confidentiality by so-called ‘whistleblowers’.

IFLA Code
of EthIcs
for LIbrarIans &
Other InformatIon
Workers

US ConstItutIon

Amendment #1

US ConstItutIon

Amendment #4

ALA Code of EthIcs

Article #3

ALA BIll of RIghts

Article #7

ArLA PolIcy
Manual

Intellectual Freedom
Committee Charter

ETHICS

& THE LAW

warrant

no warrant

WHAT!

subpoena

natIonal
securIty
letter

WHAT!

Remember two thIngs:

more prIvacy
= more work

consIder the source

FLOSS

Free / LIbre
Open Source
Software

Free as In Freedom:

Run

EdIt

ContrIbute

What does
this have to do
with libraries?

wIzard
decency
levers
popcorn
each
shut

prIvacy
&
securIty

POLP!

prIncIple
of least
prIvIlege

PII

Personally
IdentIfIable InformatIon

AnonymIze
It!

ENCRYPTION

HTTPS://

VPNs
VIrtual PrIvate Networks

yr pw Is bd

"dIceware"

KeePassXC

LastPass, etc

Is thIs okay?

Two Factor AuthentIcation
2FA

FreeOTP

YubIkey, etc.

THREAT MODELS

PRIVACY IS DEAD

Can i have your password?

The

Privacy

PARADOX

HOW DID WE
GET HERE?

dark patterns

55) Phones are fundamentally insecure. If you are using a phone your phone company knows your general location at all times. And we know now the sell this info. The text function in your phone is unencrypted unless you use a special app. We know on Android many apps collect data even without you knowing. Apple isn't open source so it is harder to study. A lot of apps have remote microphone access. The phone knows when you sleep, when you poop, who your friends are, who you work with, that what you think about, what music and tv shows you like, what porn you like, what church you feel guilty about not going to, and if you wear a fitness tracker it knows when you dream, it knows a lot more. No one has more info about you than your phone. Not your doctor, not your mom, not your spouse. Well, maybe Google if your phone was made by Google. DMCA makes it illegal for you to root your phone. You are only allowed to root your phone and change its software because of a special exception to DMCA determined by Librarian of Congress as recommended by the Register of Copyrights.

Phones are a dumpster fire.

What is bad
about it?

malware / phishing / doxing

What does
this have to do
with libraries?

crappy vendor contracts

public internet

public nets

I'll just leave
this here.

What can we
do about it?

DuckDuckGo

Tor Browser

Wipe'em!
Wipe'em good!

gnarly vendor contracts

Google Analytics

Turn off 'Display Features'

Turn off 'Remarketing'

Turn off 'Advertising Reporting'

Anonymize IP settings

Set the data retention
to the shortest period

Make opting-out
as easy as possible

THE SEQUEL

What you collect & why

Who you share it with

How you protect it

Make "opt-in" the default

Make "opt-out" easy

"Privacy policies are legal statements to get us out
of our ethical obligations."

Ethics
need to be
considered
upon
ideation

78) Communities trust libraries. If we don't protect patrons' privacy we violate that trust. Not only in digital spaces. The physical space of the library should be a non-surveilled space. You might hear that privacy is dead. This ship has sailed. Well, can I have your password? Climate change is bad, does that mean we are going to stop? A few high profile men have brought to justice for sex crimes, does that mean we've solved the problem of sexual violence? Grand juries rarely recommend charges against the police. Does that mean were going stop fighting for justice in our communities? We're libraries. We fight. I love and respect my mom. She's a senior citizen with a high school education. She uses an Android tablet that no longer gets security updates. She doesn't deserve annoying, misleading ads. She does not deserve her 4th amendment rights violated for ads. She does not deserve malware, identity theft, fakes news or a loan with criminally bad terms. More importantly she has a human right not be surveilled.

I love and
respect my mom.

i don't know where
to put this slide.

Choose prIvacy everyday!

bryan.n.jones@nashvIlle.gov

YOUR PRIVACY
IS PRECIOUS

BONUS DISC

Operating
Systems

Linux

Apple

Settings > Privacy

Settings > Privacy

Phones,
Oh, Phones

Purism Librem5

Lineage OS

F-Droid

Know your settings

Android

iOS

PASSWORDS
AGAIN

"diceware"

KeePassXC

LastPass, etc

Two Factor Authentication
2FA

FreeOTP

Yubikey

MORE
ENCRYPTION

HTTPS://

VPNs
Virtual Private Networks

Disk Encryption

LUKS
Linux Unified Key Setup

FileVault
(OSX)

BitLocker
(Windows)

Veracrypt

iOS

Android

desktop BROWSERS

Tor Browser

Know your settings

Firefox

Privacy Badger

HTTPS Everywhere

uBlock Origin

Multi-Account Containers

Brave

PHONES

Signal

Orbot
(Android)

Tor Browser
(Android)

Onion Browser
(iOS)

ArLA / SELA 2019

EVERYDAY PRIVACY

ArLA / SELA 2019

PRIVACY FOR YOU AND ME

ArLA / SELA 2019

IT'S ABOUT PRIVACY, STUPID.

(DON'T USE THIS ONE)

PRIVACY FOR LIBRARIES

ArLA / SELA 2019

ETHICS

Ethics need to be considered uponideation

UN DeclaratIon of Human RIghts

IFLA Code of EthIcs for LIbrarIans & Other InformatIon Workers

US ConstItutIon

US ConstItutIon

ALA Code of EthIcs

ALA BIll of RIghts

ArLA PolIcy Manual

ETHICS

& THE LAW

warrant

no warrant

subpoena

natIonal securIty letter

Remember two thIngs:

more prIvacy = more work

consIder the source

FLOSS

FLOSS

Free / LIbre Open Source Software

Free as In Freedom:

Run

EdIt

ContrIbute

Share

What does this have to do with libraries?

wIzard decency levers popcorn each shut

prIvacy & securIty

POLP!

prIncIple of least prIvIlege

PII

Personally IdentIfIable InformatIon

AnonymIze It!

ENCRYPTION

yr pw Is bd

"dIceware"

KeePassXC

LastPass, etc

Is thIs okay?

Two Factor AuthentIcation 2FA

FreeOTP

YubIkey, etc.

THREAT MODELS

PRIVACY IS DEAD

The

Privacy

PARADOX

HOW DID WE GET HERE?

dark patterns

Phones are a dumpster fire.

What is bad about it?

malware / phishing / doxing

What does this have to do with libraries?

crappy vendor contracts

public internet

public nets

I'll just leave this here.

What can we do about it?

DuckDuckGo

Tor Browser

Wipe'em! Wipe'em good!

Google Analytics

Turn off 'Display Features'

Turn off 'Remarketing'

Turn off 'Advertising Reporting'

Anonymize IP settings

Set the data retention to the shortest period

Make opting-out as easy as possible

THE SEQUEL

PRIVACY
FOR
LIBRARIES

ArLA / SELA
2019

EVERYDAY
PRIVACY

ArLA / SELA
2019

PRIVACY
FOR YOU
AND ME

ArLA / SELA
2019

IT'S ABOUT
PRIVACY,
STUPID.

PRIVACY
FOR
LIBRARIES

ArLA / SELA
2019

Ethics
need to be
considered
upon
ideation

UN DeclaratIon
of Human RIghts

IFLA Code
of EthIcs
for LIbrarIans &
Other InformatIon
Workers

ArLA PolIcy
Manual

natIonal
securIty
letter

more prIvacy
= more work

Free / LIbre
Open Source
Software

What does
this have to do
with libraries?

wIzard
decency
levers
popcorn
each
shut

prIvacy
&
securIty

prIncIple
of least
prIvIlege

Personally
IdentIfIable InformatIon

AnonymIze
It!

Two Factor AuthentIcation
2FA

HOW DID WE
GET HERE?

What is bad
about it?

What does
this have to do
with libraries?

I'll just leave
this here.

What can we
do about it?

Wipe'em!
Wipe'em good!

Set the data retention
to the shortest period

Make opting-out
as easy as possible

Ethics
need to be
considered
upon
ideation

I love and
respect my mom.

i don't know where
to put this slide.

YOUR PRIVACY
IS PRECIOUS

Operating
Systems

Phones,
Oh, Phones

PASSWORDS
AGAIN

MORE
ENCRYPTION