Too Much Information by Firefox and HitRecord


Inquiry into fake news: the CILIP ILG response

The CILIP Information Literacy Group’s response to UK government inquiry into fake news:

In January 2017, the House of Commons Select Committee on Culture, Media and Sport launched an inquiry into fake news. As is usual with such inquiries, the Committee invited submissions from interested parties, prior to compiling a report – which we hope will be published later in the year.

CILIP Information Literacy GroupThe CILIP Information Literacy Group, in collaboration with InformAll, submitted a response in March. Not only is this inquiry timely, but it is directly relevant to information literacy. Indeed, one of the questions posed by the Committee in its call for submissions was ‘How can we educate people in how to assess and use different sources of news?’.InformAll

In April, the Committee published our response (the list of the nearly eighty submissions made by a range of other bodies and individuals is also available here. Amongst the other respondents are Google, Facebook, the Guardian, the BBC, Research Libraries UK and the Open University).

These are the highlights of some of the key points that we raised in our submission:

  • Much of the current debate in this area is articulated around what Google, Facebook and others do to limit the spread of fake news, for instance through changes in their algorithms.  But although these often technological approaches are undoubtedly important, they fail to address the place and responsibility of users as consumers, creators and sharers of information. So the question we are posing is how people’s fundamental beliefs and commitments have an impact on the way that they relate to information and news; and what might be done to help them become more judicious in their approach to information and mis-information. This is where information literacy comes in.
  • In confronting fake news and misinformation, the search for evidence – founded on enquiry, questioning and research – is more relevant than the notion of truth. Truth is a subjective concept, and is not a helpful term when trying to address the challenge of fake news; it follows that the expression ‘post-truth’ is equally unhelpful.
  • A major part of any solution is a greater emphasis on the teaching of critical thinking, associated with information and digital literacy, in secondary schools – something that does not currently feature prominently in the curriculum. School students’ attitudes and practices towards information are often sorely lacking, but there is evidence to suggest a more discerning mindset can be fostered, given the right sort of interventions.
  • By and large, public policy in the UK does not properly address information literacy, and the recently-published UK Digital Strategy, in spite of its thinking on digital skills, conspicuously fails to touch on how to foster more critical and questioning approaches to online information.
  • Psychology can go a long way to explaining people’s propensity to believe fake news, and people’s powerful attachments to what they believe to be true can breed attitudes that are very resistant to evidence and facts. Cognitive factors are important in determining attitudes to information.

We recommend keeping an eye on the Select Committee’s webpages to monitor progress with their inquiry.

Source: Inquiry into fake news: the CILIP ILG response

Total number of female MPs ever elected finally matches current male number

The total number of female MPs ever elected finally matches the current male number –  and it only took 97 years! (not counting all the years women couldn’t even stand!!!). Let’s hope it doesn’t take that long again before achieving full parity.

SWOP Forum

191 women were elected as MPs in 2015 bringing the total to 455 female MPs since 1918. The same as the current number of male MPs.

Click the link below for the full article.

View original post

Better World Books Literacy Grants for Non-profits 2016



When you purchase books from Better World Books, a portion of the funds from the sale benefit various literacy programs including Better World Books Literacy Grants. Each year Better World Books invites libraries and nonprofit organizations to apply for funds to support their efforts to further literacy in their communities. The Better World Books Literacy Council reviews the submitted projects and selects library winners and nonprofit finalists. Nonprofit finalists are then put to a public vote. Three nonprofit grant winners will be selected by vote and two will be selected by the Better World Books Literacy Council. As a Founding B Corporation, Better World Books has raised over £18 million to date for literacy causes worldwide.

The vote is open to the public at from now through Sept. 16, 2016 at 5 p.m. BST. Voters may vote once every 24 hours.

Opinion of the Advocate General of the Court of Justice of the European Union on e-lending

From the EBLIDA Newsletter  July/August 2016 (the emphases are my own):

On 16 June, CJEU issued a Press Release of the Advocate General’s Opinion in Case C-174/15 Vereniging Openbare Bibliotheken v Stichting Leenrecht on the question about whether the lending of e-book could apply under the lending directive of 2006.   The press release highlights that “(…) Advocate General Maciej Szpunar takes the view that the making available to the public, for a limited period of time, of electronic books by public libraries may indeed come within the scope of the directive on rental and lending rights.” Read more

A little more about online privacy

I’ve been reading a UKeiG white paper – ‘The Internet of Things’ by Martin De Saulles – and, in light of the privacy workshop I recently attended, the following paragraphs jumped out at me somewhat…

Google’s success is built on the aggregation of billions of data points about our search habits which it sells on to advertisers. Google’s parent company, Alphabet, on the 8 April 2016 had a stock market valuation of $522 billion. Approximately 90% of the company’s revenues are derived from advertising showing how the “data exhaust” of something as innocuous as web searching can be monetized when it is collected at scale.

The importance of scale as a value-adding factor for data sets can also be seen with another Google product, Google Maps. At a basic level, Google Maps operates like any other satellite navigation system by linking map data with the GPS coordinates of the user. However, by combining internet connectivity with the movements of the more than 1.5 billion users of its mobile operating system, Android has added a new layer of value. By tracking the movements of Android phones users, Google is able to provide real-time traffic updates to its Map’s users showing where delays are on the roads ahead and offering re-routing advice to optimize journey times

The move into building data services alongside more traditional product ranges is exemplified by the US sportswear company, Under Armour. In 2015, Under Armour bought two fitness tracking app companies, MyFitnessPal and Endomondo for more than $500 million . These acquisitions gave the company access to the health and fitness data of approximately 120 million users across Europe and the US. While the user bases of these apps provide obvious marketing opportunities for a sportswear company it is the aggregation of the data which monitors the health status of millions of amateur athletes along with their dietary habits which may offer the real value.

Et tu, MyFitnessPal?

The full paper can be viewed here

Libraries for Privacy – Digital Security Workshop review

Venue: Glasgow Women’s Library
Date: 8 July 2016

This excellent (and somewhat terrifying) half-day workshop was organised by Scottish PEN to help libraries support users in strengthening their online privacy. The workshop was presented by Alison Macrina of the Library Freedom Project, and supported by CILIPS.

Information for the workshop has been made available via Dropbox

The man from Scottish PEN spoke very rapidly at the start so I didn’t catch either his name or that of the man who followed him. However, I did get that the 2nd man represented both CILIP and IFLA. He covered a number of points:

  • He recommended we take a look at the IFLA privacy policy
  • Privacy is a matter of library ethics and should be part of our operations
  • Privacy of users and citizens is increasingly being challenged, both by government bodies and commercial entities. For example, ebook publishers demand personal info before allowing use of their services
  • The upcoming CILIP conference will feature a debate on libraries’ roll in advocacy and teaching of privacy skills
  • CILIP is reviewing their code of ethics
  • Privacy is an issue for all librarians

A survey of authors showed the impact of surveillance – 2 thirds stated they would consider changing what they write if they perceived they were being surveilled.

The man from Scottish PEN then spoke about the current Investigatory Powers Bill:

  • It’s currently going through Westminster parliament
  • Government will have the power to gather information about the domains you visit although not the actual pages. In reality this is a minor distinction.
  • Although this data is meant to help with the detection and prevention of crime it will be fairly easily accessible by various public bodies e.g. the food standards agency!
  • bulk powers – equipment interference – basically hacking, e.g. the power to turn on the camera on your laptop
  • targeted powers – thematic warrants
  • interception – tapping your data. GCHQ have already tapped the undersea fibre optic cables from Bude to USA.
  • national security notices. technical security notices. They have the power to compel any ‘telecommunications officer’ to access personal data or devices. There is no definition of what this means – it could include library staff.
  • there’s been little talk about the cost of making data secure
  • Govt is using the Danish model – although it was thrown out by Denmark for being too expensive!
  • PEN are concerned with freedom of expression, access to information

The remainder of the workshop was run by the wonderful and knowledgable Alison from the Library Freedom Project.

“Facebook is the devil”

Beware aggregation of data – sites may only gather small pieces of data but together they can build up a detailed picture of you and your online activity.

Data is an asset. Terms of service can be changed without notification. Library data management systems are being handed over to 3rd party private companies – “you can trust us”.

TOR (The Onion Router) – network and browser. not recommended as default browser on public PCs. bounces traffic over worldwide network. zero knowledge network. libraries could be involved in hosting these relays. NSA tried to shut them down. They failed.

PGP/GPG encryptors are complex to use.


metadata – data about data
content – body
most data collection is metadata. you don’t need content when you have metadata. metadata doesn’t lie. it’s hard to hide. the internet was designed to use metadata for routing.

FOSS – free and open source software
user is free to use, modify, view and distribute source code as they wish. If you can see the code scary govt backdoors can’t be hidden in it. version control. reproducible builds – if binaries match, nothing has been tampered with. don’t automatically trust any piece of software. Library ethics – we have shared values with the FOSS ideal: transparency, community, not being surveilled  🙂

Only covers content. Encrypting metadata is pretty much impossible. Most people don’t encrypt.

“The Cloud”
Outsource the storage of data. Not fluffy and lovely (like a cloud). Your data is outside your control. some encrypt others don’t – iCloud mail is not encrypted. iCloud is on by default – insidious.

Google – data collection and use is their business model. Use alternative services to spread your info around. If a service becomes malicious they already have all your info.


Threat modelling
When considering your online privacy, first conduct a ‘threat model’. There are 4 elements to this:

  1. assets – who are you, what do you have to protect and to what lengths will you go to protect it?
  2. adversaries – who is after your data?
  3. capabilities – what powers do your adversaries have?
  4. consequences – what are the consequences of any privacy encroachment?

Threat models can change if circumstances change e.g. government, laws, etc

example – Journalist:

  • assets – computer, phone, hard drives, sources, other journalists
  • adversaries – intelligence agencies, law enforcement
  • capabilities – imagine your adversaries can do anything. Don’t underestimate them.
  • consequences – prison for source.

Recent iPhone case in USA – FBI already had lots of data. It was a cynical ploy to get them even more surveillance powers.

Privacy is like health, it’s a lifestyle choice. Perfect privacy doesn’t exist but don’t be discouraged. Beware of ‘snake oil’ technologies promising what they can’t deliver – e.g. there is currently no TOR browser for iOSdon’t be fooled by what’s available in the AppStore. Red flags: words like ‘unbreakable’ and ‘military grade’ encryption – there’s no such thing.

Laws – take a long time to change and update.

Libraries should reposition themselves as data protectors.



Talking points when trying to convince people of the benifits of protecting privacy in a library environment:

  • privacy technologies as a tool; value neutral; analogous to cash – handy to have.
  • criminals shouldn’t be the only ones with privacy. bad people will always have other means of securing their privacy
  • intellectual freedom arguments – LFP resources
  • high demand from library patrons
  • consumer rights issues – privacy encroachment affects everyone. targeted advertising

TOR browser
Obscures where you are and stops data leaking –

  • obscures your real IP – via international relays
  • prevents cross-site correlation
  • blocks cookies, scripts
  • writes nothing to disc
  • bundled with extensions ‘NoScript’ and ‘HTTPS Everywhere’
  • DuckDuckGo search
  • Some usability barriers
  • Best practices

Creates fake user agent profile.

NoScript – blocks all scripts then you can ‘whitelist’ sites you want.

Extensions – not recommended to add more

Usability barriers – the web really wants to know where you are. e.g. Gmail

Not recommended as default browser on public PCs due to usability issues.

If you create accounts in TOR – and always use them there – websites will never know where you are.

Be cautious what you use TOR with – e.g PayPal really doesn’t like it and could lock you out.

Sites using location services may react oddly to TOR.

Running TOR, even when not using it, helps mask the location of other TOR users nearby.

Tor usage goes up when States enact surveillance laws.

What to do when Tor project is blocked:

  • Gettor robots – will email you a copy of Tor
  • bridges – if censor blocks public relays. Tor bridges are private relays. MEEK mimics adversaries
  • LFP letter to convince IT/city to unblock TOR
  • Tor will subvert library computer filters!
  • Tor browser all run from a flash drive

If you can’t get Tor your network is worse than Iran!

Behavioural analytics

  • cookies, high entropy cookies. Tor will block cookies
  • analytics – e.g. Google

Web browser safety

Using alternative browsers is more disruptive than you might think. However, even using alternatives occasionally will decentralise your data to some extent.

  • DuckDuckGo search – Slightly ad supported – recommended
  • Other search engines:
    • ‘Disconnect’ search – allows you to use your favourite search engine – except Google!
    • ‘Startpage’ search – based in the Netherlands
  • Privacy Badger (Chrome or Firefox)
  • uBlock Origin (Chrome or Firefox)
  • remove Flash!!! (not installed on Tor)
  • use Chrome if not Tor browser – Google is really good at security. (use Chrome for security and Tor for privacy)

Privacy Badger
Shows which 3rd parties sites are sharing your info with. Monitors 3rd parties and will block them as necessary. It’s not recommended to adjust the sliders yourself.

Sites encrypt data so only they can see what you input. Data integrity – error messages will tell you if your connection is not secure.

URL contains ‘https’ as well a little green lock inside the address bar – if it’s elsewhere on the page it’s likely fake.

Encryption should be on the whole site not just at checkout.

example attacks:

  • Packet analysers – folk on the same wifi network can see everything you’ve searched for
  • Man in the middle attack – hijacks your session and sends you to a mirror site

Let’s encrypt initiative
HTTPS is easy with Certbot:

Keep software up to date!  Updates will contain the latest security upgrades and bug fixes.


  • Probably the biggest vulnerability on the internet
  • master password: dice ware wordlist – use this to log into a password manager
  • password managers:
    • LastPass
    • 1Password
  • 2factor authentication – use whenever available.
  • security questions – recommended to make fake answers
  • mobil device passwords – not necessary to make such a complex code but PIN passcodes are no longer reliable. biometrics on iOS is only stored locally so that’s ok but use caution otherwise.

Mobile phones
You should have no expectation of privacy on your mobile. Because of the way they need to function, it’s really not possible to have any real privacy.

Phones have 2 operating systems:

  • applications processor
  • baseband processor – proprietary code. controls the phone. IMSI catchers!

Encrypted phones – metadata can be seen but not content. iOS has better privacy than Android since Android doesn’t get system updates. iOS has prioritised security.

‘Signal’ app – encrypted text and calls. Ideal for lawyer/client communication.

Hard to encrypt. need GPG, desktop email client, Thunderbird.

Treat all email as if it’s not secure.

Gmail has prioritised security. Also, Proton mail has secure storage.

In USA law enforcement can subpoena emails stored on servers older than 108 days

It is possible to protect your online privacy but that may result in some loss of functionality. Perform Threat modelling to way up your options. Aim to decentralise your data as much as possible. This will make it harder for online adversaries to form an aggregate picture. Use technologies to protect your privacy but try to choose FOSS products and avoid the ‘snake oil’. Keep all software up-to-date.