Patron privacy: is the Tor Browser right for library use?
[This student submission was written in response to a group assignment for the introduction to the information profession course at Wayne State University--the first course in the school's M.L.I.S. program. The students chose to investigate the Tor browser due to their concerns about online privacy in library settings.--Ed.]
Tor (aka The Onion Router) is essentially a proxy service that hides the history of sites visited online.
Libraries nationwide are dedicated to providing a number of services and upholding a series of values to protect and serve patrons of the library community. Among these core values are intellectual freedom and privacy. These two, in many ways, go hand in hand. Often, the individuals who come to the library for books and other information are among a population of the community that frequently faces unnecessary surveillance and persecution, including groups such as racial and religious minorities, the queer community, journalists attempting to protect their sources, and political activists. Libraries have fought against withholding resources, and they have also fought against government programs, such as the USA PATRIOT Act, that attempt to compromise patron information and privacy. Libraries are service-minded, in that they serve to help the members of the community who need it most. The Tor browser is an excellent option for libraries to help them, although it does not come without its own disadvantages.
With the revelation of Edward Snowden's leaks regarding NSA surveillance, many feel more vulnerable than ever when it comes to their privacy. As libraries strive to be safe places for research-minded members of the community, library-focused organizations are springing up with the mission to uphold intellectual freedom and privacy for all those who enter their doors. One organization, the Library Freedom Project (LFP), describes itself as such:
Library Freedom Project is a partnership among librarians, technologists, attorneys, and privacy advocates which aims to address the problems of surveillance by making real the promise of intellectual freedom in libraries. By teaching librarians about surveillance threats, privacy rights and responsibilities, and digital tools to stop surveillance, we hope to create a privacy-centric paradigm shift in libraries and the communities they serve, (n.d.)
In 2015, the LFP organized the Library Digital Privacy Pledge. The third article of the American Library Association's Code of Ethics states, "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted" (2016). Libraries across the nation can sign the LFP's Privacy Pledge, and the organization will assist them in setting up methods for digital privacy.
One system that the LFP is using to maintain intellectual freedom is Tor browsing and exit relays. On the podcast show Lost in the Stacks, the hosts interviewed the founder and director of the LFP, Alison Macrina. She explains how implementing stronger encryption of websites and using HTTPS can protect browsing in libraries and protect from being observed (Oct. 30, 2015). Tor is an anonymity network that strives to be anonymous and free from ISP censorship, in which personal information can be hidden from the web, owners, and other users. Tor exit relays work by taking user traffic and bouncing it across a network of relays (computers). By moving this traffic across multiple relays, the ISP address of the user who is searching can be protected. The LFP takes a special interest in libraries, not only because the founder is a former librarian and political activist, but also because libraries are a good place to set up these relays that make Tor browsing faster and more secure.
One library that the LFP has worked with is the Kilton Library in West Lebanon, N.H. The LFP installed a Tor exit relay in the library to support the Tor project. However, as Macrina notes in her interview, local police briefly halted the project after the Department of Homeland Security (DHS) contacted them. Macrina cites fear-mongering among one of the tactics that DHS attempted to use to stop the initiative (Oct. 30,2015). The project in West Lebanon had so much community and public support that the LFP was able to proceed and set up Tor exit relays after all. In Meredith Farkas' article, "More Important Than Ever: Privacy in the Internet Age," she writes, "At a time when high-profile attacks of personal information are becoming popular tabloid fodder, we can either laugh at the misfortunes of those exposed, or fight for a future in which privacy is better understood and protected" (October, 2015). In a changing digital age, it is more important than ever that librarians make it a priority to uphold core values, so that patrons might not only have free access to information, but privacy in their search.
One of the reasons why some are so hesitant about using and trusting Tor is because they do not know enough about it. So what exactly is it? "Tor is a powerful tool that gives users anonymity in an age of total online surveillance" (Macrina, 2015). Originally designed by the U.S. Naval Research Laboratory to guard military information transmissions, this now open source web browser, run by a nonprofit organization, is used by governments, journalists, corporations, and the general public to search the internet and conduct business online while maintaining anonymity (Bhargav, 2013). Tor (aka The Onion Router) is essentially a proxy service that hides the history of sites visited online. The name comes from the numerous levels of encryption (similar to the layers of an onion) that information travels through as it moves from relay to relay. Each relay is connected to other relays in user groups all over the world using encrypted connections (Beckstrom, 2015). Tor gives "ordinary citizens a fighting chance against criminals who steal identities and bandwidth to commit a crime" (Misata, 2013).
Tor's user group consists of various types of people who share a similar idea: Privacy is vital, and being anonymous in web interactions holds a necessary place in daily life. The user group depends on the thousands of volunteers across the world who run the relays. The relay operators oversee a continuous stream of internet traffic daily (Misata, 2013). "If you browse the internet through a Tor client, then your traffic is routed through these relays, after being encrypted multiple times. At each relay, the data is decrypted one layer at a time, passing the remaining encrypted data to the next relay, and the final relay in the chain sends it to the desired server" (Bhargav, 2013). It would be challenging for another operator on the internet to see where information from another user is coming from or going to because of the encoded environment in the Tor browser. Also, while doing internet searches in the Tor browser, the computer the user is searching from will not keep a search history or store files that are downloaded. "When you close the Tor browser, there are no traces left of where your browser went" (Beckstrom, 2015).
Tor, it would seem, is the perfect browser to install on public library computers to ensure patrons' internet privacy. "Tor [...] continues to be on the front lines helping people across scientific, charitable, civic, government, and educational sectors stay safe and communicate freely" (Misata, 2013). As privacy and intellectual freedom are two of the many tenets that librarians live and work by, it seems natural that the Tor browser would be a good fit for public library computers. Online surveillance or lack of privacy on the internet are issues that librarians feel strongly about. "There are few things librarians care more about than intellectual freedom, and Tor can help our local communities protect that freedom" (Macrina, 2015). The users of Tor expect that the browser will offer privacy and protection and enable them to manage personal business and searches by keeping internet exploration free from monitoring (Bhargav, 2013).
However, the very fact that Tor helps maintain people's privacy and anonymity makes it a tool of controversy. While this can be helpful for people who need protection--victims of abuse in particular--there are always going to be people who abuse the system. In this case, there are three major culprits who use the Tor browser for nefarious reasons. The first are people looking to make illegal transactions. With the Tor browser obscuring user identities, they are able to communicate more easily to sell drugs or illegal pornography. There is a large concern with child pornography becoming more easily accessible in particular. With no way to track these criminals, they are able to widen their sales scope and become bolder in their actions. The most infamous example of this would be the website Silk Road. It sells drugs and other illegal content and is only capable of operating because of the Tor browser.
The second concern regards people who create viruses. Specifically, Steve Mansfield-Devine discusses the Kaspersky Lab findings in his article, 'Tor Under Attack." The lab discovered ransomware called "Onion" that encrypts people's files and denies them access unless they pay within 72 hours; the problem is that the people who create this ransomware are using Tor for complex forms of communication that make it more difficult for anti-malware software to catch the perpetrators even when the ransomware has been detected (Mansfield-Devine 2014). While the use of Tor brings up both challenges as well as opportunities for the library community as far as user privacy, it has also led to some other concerns about security.
Security issues are not disconnected with the use of Tor, especially as it relates to Tor exit nodes. In an article, "Torinj: Automated Exploitation Malware Targeting Tor Users," the authors state that "attackers can easily eavesdrop traffic on a Tor exit node" (2012). Tor exit nodes can leave browsers open to both passive and active attacks. In passive attacks, data can provide some information about the users via the exit nodes. In active attacks, attackers can use a "man-in-the-middle" attack and use either static or dynamic tag injection to gain user information (Wagener, Dulaunoy, and State, 2012). So while the user may believe that he or she is browsing anonymously, if someone wants to, he or she can still find a way to exploit user data.
The third concern is government agencies. This concern isn't necessarily with how they will use Tor, but how they may find ways to use it against the public. People using Tor have a sense of security because of their anonymity, but government agencies--including the NSA and the Russian government--are trying to crack the code in order to track people. While this might be good for tracking the criminals, this could be dangerous for the people who use Tor for legitimate reasons. Tor is often used by activists, whistleblowers, and victims--and these are the people who would face the most danger from being exposed.
The question is, do the risks outweigh the benefits? The Tor browser can be dangerous because it hides the identity of criminals, allowing them to work more freely through the internet since they can't be tracked. But the Tor browser can also help people by protecting their personal information, which can be useful in situations in which the person is concerned about cyberstalking or is trying to avoid an abusive person from his or her past (Macrina, 2015). Ultimately, some of the main concerns for librarians are how they can protect the personal information of their patrons, as well as how they can assist their patron's right to free access of information. Therefore, in order to sufficiently satisfy these con cerns, the Tor browser can help librarians not only protect the information of their patrons, but it can also allow patrons to access information without fear. The Tor browser should be a part of the librarian's web toolbox, but it must be used with a full awareness of its limitations and dangers, as well as its benefits.
Beckstrom, M. (2015). Windows Settings and Applications. Protecting Patron Privacy: Safe Practices for Public Computers (55-82). Santa Barbara, Calif., U.S: Libraries Unlimited. Retrieved from ebrary.com.proxy.lib.wayne.edu.
Bhargav, R (2013). "Anonymously Browse, Post Through Tor to Protect Your Privacy." Money Life, General OneFile. Retrieved Nov. 15, 2016, from go.galegroup.com/ps/i.do?p=IT0F&sw=w&u = lom_waynesu&v=2.1&id=GALE%7CA331476141&it=r&asid=26cld95af37fla46d06282459426e38f.
Code of Ethics of the American Library Association. (2016). Retrieved Nov. 19, 2016, from ala.org' advocacy/proethics/codeofethics/codeethics.
Farkas, M. (November 2015). "More Important Than Ever: Privacy in the Internet Age." American Libraries, 31.
Library Freedom Project (audio blog interview with Alison Macrina). (Oct. 30, 2015). Retrieved Nov. 19, 2016, from wrek.org/2015/10/playlist-for-lost-in-the-stacks-from-october-30th2015-the-library-freedom- project-episode-277.
Library Freedom Project, (n.d.). Retrieved Nov. 19, 2016, from libraryfreedomproject.org.
Macrina, A. (September 2015). "The Tor Browser and Intellectual Freedom in the Digital Age." Reference & User Services Quarterly, 54(4), 17-20.
Mansfield-Devine, S. (Aug. 8, 2014). "Tor Under Attack." Computer Fraud & Security, Elsevier. DOI: 10.1016/S1361-3723(14) 70523-8.
Misata, K. (2013). "The Tor Project: An Inside View." XRDS: Crossroads, 20(1), 45-47.
Sturges, R (2016). "Intellectual Freedom, Libraries and Democracy." Libri, 66(3), 167-177. D0l:10.1515/libri-2016-0040.
Wagener, G., Dulaunoy, A., and State, R. (2012). "Torinj: Automated Exploitation Malware Targeting Tor Users."
Emma Bayle, Stevyn Compoe, Rebecca Ehrick, Deanne Hubbell, Brooke Lowe, and Jennifer Ridge are graduate students at Wayne State University.
Caption: Searches cannot be observed, and they leave no trace.
Caption: Tor protects users who may have a good reason to want to stay anonymous.
Caption: Tor permits users to browse the web with anonymity.
|Printer friendly Cite/link Email Feedback|
|Author:||Bayle, Emma; Compoe, Stevyn; Ehrick, Rebecca; Hubbell, Deanne; Lowe, Brooke; Ridge, Jennifer|
|Publication:||Computers in Libraries|
|Date:||Jul 1, 2017|
|Previous Article:||Laptops anytime: meeting students' needs for equipment loans through self-serve kiosks.|
|Next Article:||Today's knowledge workers need 'knowledge hedges'.|