security

Libraries for Privacy – Digital Security Workshop review

Posted by

3

Venue: Glasgow Women’s Library
Date: 8 July 2016

This excellent (and somewhat terrifying) half-day workshop was organised by Scottish PEN to help libraries support users in strengthening their online privacy. The workshop was presented by Alison Macrina of the Library Freedom Project, and supported by CILIPS.

Information for the workshop has been made available via Dropbox

The man from Scottish PEN spoke very rapidly at the start so I didn’t catch either his name or that of the man who followed him. However, I did get that the 2nd man represented both CILIP and IFLA. He covered a number of points:

  • He recommended we take a look at the IFLA privacy policy
  • Privacy is a matter of library ethics and should be part of our operations
  • Privacy of users and citizens is increasingly being challenged, both by government bodies and commercial entities. For example, ebook publishers demand personal info before allowing use of their services
  • The upcoming CILIP conference will feature a debate on libraries’ roll in advocacy and teaching of privacy skills
  • CILIP is reviewing their code of ethics
  • Privacy is an issue for all librarians

A survey of authors showed the impact of surveillance – 2 thirds stated they would consider changing what they write if they perceived they were being surveilled.

The man from Scottish PEN then spoke about the current Investigatory Powers Bill:

  • It’s currently going through Westminster parliament
  • Government will have the power to gather information about the domains you visit although not the actual pages. In reality this is a minor distinction.
  • Although this data is meant to help with the detection and prevention of crime it will be fairly easily accessible by various public bodies e.g. the food standards agency!
  • bulk powers – equipment interference – basically hacking, e.g. the power to turn on the camera on your laptop
  • targeted powers – thematic warrants
  • interception – tapping your data. GCHQ have already tapped the undersea fibre optic cables from Bude to USA.
  • national security notices. technical security notices. They have the power to compel any ‘telecommunications officer’ to access personal data or devices. There is no definition of what this means – it could include library staff.
  • there’s been little talk about the cost of making data secure
  • Govt is using the Danish model – although it was thrown out by Denmark for being too expensive!
  • PEN are concerned with freedom of expression, access to information

The remainder of the workshop was run by the wonderful and knowledgable Alison from the Library Freedom Project.

“Facebook is the devil”

Beware aggregation of data – sites may only gather small pieces of data but together they can build up a detailed picture of you and your online activity.

Data is an asset. Terms of service can be changed without notification. Library data management systems are being handed over to 3rd party private companies – “you can trust us”.

TOR (The Onion Router) – network and browser. not recommended as default browser on public PCs. bounces traffic over worldwide network. zero knowledge network. libraries could be involved in hosting these relays. NSA tried to shut them down. They failed.

PGP/GPG encryptors are complex to use.

DEFINITIONS

metadata – data about data
content – body
most data collection is metadata. you don’t need content when you have metadata. metadata doesn’t lie. it’s hard to hide. the internet was designed to use metadata for routing.

FOSS – free and open source software
user is free to use, modify, view and distribute source code as they wish. If you can see the code scary govt backdoors can’t be hidden in it. version control. reproducible builds – if binaries match, nothing has been tampered with. don’t automatically trust any piece of software. Library ethics – we have shared values with the FOSS ideal: transparency, community, not being surveilled  🙂

Encryption
Only covers content. Encrypting metadata is pretty much impossible. Most people don’t encrypt.

“The Cloud”
Outsource the storage of data. Not fluffy and lovely (like a cloud). Your data is outside your control. some encrypt others don’t – iCloud mail is not encrypted. iCloud is on by default – insidious.

Decentralisation
Google – data collection and use is their business model. Use alternative services to spread your info around. If a service becomes malicious they already have all your info.

**********

Threat modelling
When considering your online privacy, first conduct a ‘threat model’. There are 4 elements to this:

  1. assets – who are you, what do you have to protect and to what lengths will you go to protect it?
  2. adversaries – who is after your data?
  3. capabilities – what powers do your adversaries have?
  4. consequences – what are the consequences of any privacy encroachment?

Threat models can change if circumstances change e.g. government, laws, etc

example – Journalist:

  • assets – computer, phone, hard drives, sources, other journalists
  • adversaries – intelligence agencies, law enforcement
  • capabilities – imagine your adversaries can do anything. Don’t underestimate them.
  • consequences – prison for source.

Recent iPhone case in USA – FBI already had lots of data. It was a cynical ploy to get them even more surveillance powers.

Privacy is like health, it’s a lifestyle choice. Perfect privacy doesn’t exist but don’t be discouraged. Beware of ‘snake oil’ technologies promising what they can’t deliver – e.g. there is currently no TOR browser for iOSdon’t be fooled by what’s available in the AppStore. Red flags: words like ‘unbreakable’ and ‘military grade’ encryption – there’s no such thing.

Laws – take a long time to change and update.

Libraries should reposition themselves as data protectors.

library-freedom-project11Contact:

@flexlibris
@libraryfreedom
alison@torproject.org

libraryfreedomproject.org/resources/privacytoolkit
https://lists.riseup.net/www/info/libraryfreedom

Talking points when trying to convince people of the benifits of protecting privacy in a library environment:

  • privacy technologies as a tool; value neutral; analogous to cash – handy to have.
  • criminals shouldn’t be the only ones with privacy. bad people will always have other means of securing their privacy
  • intellectual freedom arguments – LFP resources
  • high demand from library patrons
  • consumer rights issues – privacy encroachment affects everyone. targeted advertising

TOR browser
Obscures where you are and stops data leaking – www.torproject.org

  • obscures your real IP – via international relays
  • prevents cross-site correlation
  • blocks cookies, scripts
  • writes nothing to disc
  • bundled with extensions ‘NoScript’ and ‘HTTPS Everywhere’
  • DuckDuckGo search
  • Some usability barriers
  • Best practices

Creates fake user agent profile.

NoScript – blocks all scripts then you can ‘whitelist’ sites you want.

Extensions – not recommended to add more

Usability barriers – the web really wants to know where you are. e.g. Gmail

Not recommended as default browser on public PCs due to usability issues.

If you create accounts in TOR – and always use them there – websites will never know where you are.

Be cautious what you use TOR with – e.g PayPal really doesn’t like it and could lock you out.

Sites using location services may react oddly to TOR.

Running TOR, even when not using it, helps mask the location of other TOR users nearby.

Tor usage goes up when States enact surveillance laws.

What to do when Tor project is blocked:

  • Gettor robots – will email you a copy of Tor
  • bridges – if censor blocks public relays. Tor bridges are private relays. MEEK mimics adversaries
  • LFP letter to convince IT/city to unblock TOR
  • Tor will subvert library computer filters!
  • Tor browser all run from a flash drive

If you can’t get Tor your network is worse than Iran!

Behavioural analytics

  • cookies, high entropy cookies. Tor will block cookies
  • analytics – e.g. Google

Web browser safety

Using alternative browsers is more disruptive than you might think. However, even using alternatives occasionally will decentralise your data to some extent.

  • DuckDuckGo search – Slightly ad supported – recommended
  • Other search engines:
    • ‘Disconnect’ search – allows you to use your favourite search engine – except Google!
    • ‘Startpage’ search – based in the Netherlands
  • Privacy Badger (Chrome or Firefox)
  • uBlock Origin (Chrome or Firefox)
  • remove Flash!!! (not installed on Tor)
  • use Chrome if not Tor browser – Google is really good at security. (use Chrome for security and Tor for privacy)

Privacy Badger
Shows which 3rd parties sites are sharing your info with. Monitors 3rd parties and will block them as necessary. It’s not recommended to adjust the sliders yourself.

HTTPS
Sites encrypt data so only they can see what you input. Data integrity – error messages will tell you if your connection is not secure.

URL contains ‘https’ as well a little green lock inside the address bar – if it’s elsewhere on the page it’s likely fake.

Encryption should be on the whole site not just at checkout.

example attacks:

  • Packet analysers – folk on the same wifi network can see everything you’ve searched for
  • Man in the middle attack – hijacks your session and sends you to a mirror site

Let’s encrypt initiative
HTTPS is easy with Certbot: https://certbot.eff.org/

Keep software up to date!  Updates will contain the latest security upgrades and bug fixes.

Password:

  • Probably the biggest vulnerability on the internet
  • master password: dice ware wordlist – use this to log into a password manager
  • password managers:
    • LastPass
    • 1Password
  • 2factor authentication – use whenever available.
  • security questions – recommended to make fake answers
  • mobil device passwords – not necessary to make such a complex code but PIN passcodes are no longer reliable. biometrics on iOS is only stored locally so that’s ok but use caution otherwise.

Mobile phones
You should have no expectation of privacy on your mobile. Because of the way they need to function, it’s really not possible to have any real privacy.

Phones have 2 operating systems:

  • applications processor
  • baseband processor – proprietary code. controls the phone. IMSI catchers!

Encrypted phones – metadata can be seen but not content. iOS has better privacy than Android since Android doesn’t get system updates. iOS has prioritised security.

https://libraryfreedomproject.org/mobileprivacytoolkit/

‘Signal’ app – encrypted text and calls. Ideal for lawyer/client communication.

email
Hard to encrypt. need GPG, desktop email client, Thunderbird.

Treat all email as if it’s not secure.

Gmail has prioritised security. Also, Proton mail has secure storage.

In USA law enforcement can subpoena emails stored on servers older than 108 days

Conclusions
It is possible to protect your online privacy but that may result in some loss of functionality. Perform Threat modelling to weigh up your options. Aim to decentralise your data as much as possible. This will make it harder for online adversaries to form an aggregate picture. Use technologies to protect your privacy but try to choose FOSS products and avoid the ‘snake oil’. Keep all software up-to-date.