July 27, 2017

As facilitators of access to information, librarians have a long-standing commitment and ethical obligation to protect patron privacy. Librarians recognize that privacy is essential to exercising free thought and free speech, and they work to “protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted[i]."

But the library is just one organization through which personal information flows. Every time we use the Internet or send a text message, we leave a trail of data – a trail that hackers, government agencies and online companies can use to track an online user’s search history, to create customer profiles or to steal credit card or banking information. The implications of ignoring online privacy are vast, but solutions can be intimidating for tech novices.

“Stated in purely technical terms, personal privacy and information security issues can very quickly begin to sound daunting,” said Tim Siftar, Liaison Librarian for Education, Computing & Informatics, Global Studies and Modern Languages at Drexel University. “Just watch a person’s eyes glaze over when you talk about ‘cookies’ and ‘key-loggers.’ Yet this is the world in which we live, and ignoring personal security because it seems too complicated is no solution. Enter librarians, with their knack for meeting patrons where they are, with just enough information to get to the next step.”  

For example, the concept of “threat modeling” can help Internet users evaluate their own privacy profile and determine the lengths to which they should invest in their own security, an idea that was discussed during a recent webinar on privacy and library patron outreach from Alison Macrina, a Drexel alumna (‘09) and founder of The Library Freedom Project. During the online session, which was organized by Drexel’s Library & Information Science Graduate Student Group, Macrina explained that each person is likely to have her own risk/reward balance based on their answers to four key questions:

1. What information assets do I have? (passwords, personal info, intellectual property)
2. Who are my adversaries who might want those assets? (corporate trackers, hackers, government agencies, cyber bullies)
3. What are the capabilities of these adversaries? (harassing, doxxing)
4. What are the consequences of a successful attack? (harm to your reputation, trouble with your employer, physical harm)

Along with sessions from privacy advocates like Macrina, the Drexel Libraries offers other resources to help members of the Drexel University community make informed decisions about their online activity. Currently, the Libraries maintains a library guide with tips and information about online privacy, and it has offered webinars for Libraries staff to help them become more familiar with the various privacy protection tools so they can respond to patron questions.

Looking to the future, the Libraries is exploring new ways to partner with student organizations, faculty and other administrative offices at Drexel that share concerns about privacy. New programming ideas include short “Protect your privacy in 5 minutes” workshops and a peer-counseling model that follows the Electronic Freedom Foundation’s Surveillance Self-Defense Course playlists.

“In keeping with librarians’ professional tradition of promoting critical thinking and intellectual freedom, the Drexel Libraries is working to increase awareness of the fact that the technology on which we so often rely is not a neutral platform and requires prudent measures to assure personal privacy and security,” said Siftar. “In the end, this is a critical thinking exercise aimed at asking questions, empowering critical relationships and encouraging new digital literacies. Who better to teach these than librarians?”

For more information about privacy in the digital age, check out the tips and resources below or visit the Libraries’ privacy library guide.

Privacy Tips

1.  Use a password manager like LastPass. Password managers protect you from identify theft by generating and storing a different, secure password for each of your online accounts. Try LastPass, one of the most popular (and free!) browser-based password managers.
2. Use Signal, the secure messaging app. Signal gives you encrypted text messages, as well as voice and video calls over WiFi, which means no one but you and the person you’re messaging can read the messages you send. Note that Signal is only secure if both people sending and receiving messages have the app.
3. Set DuckDuckGo as your default search engine to avoid having your searches tracked. DuckDuckGo doesn’t track or profile its users, and it doesn’t store or share your personal information.
4. Download Malwarebytes. Malwarebytes protects you against malware, ransomware and other online threats. There are plenty of options out there, but Malwarebytes is the only one that is effective. 
5. Apply software updates as soon as they become available. Out-of-date software provides the best "attack surface" from which malicious agents can breach your security. Always apply updates promptly.
6. Search online using the Tor Browser, a sophisticated tool for secure browsing. Tor protects against traffic analysis, a form of network surveillance, so that websites don’t know anything about you or your location unless you login. Take note that Tor takes some getting used to, and some websites do not display complete details. Read the About page before you jump in.
7. Use a Riseup email address with Mozilla’s Thunderbird email application. Did you know that every time you log into Gmail or Facebook, a copy of your contacts and friends list is left behind when you log out? Use an email client like Thunderbird from a USB drive to make sure you’re not leaving any information behind.

[i] American Library Association Code of Ethics. 22 Jan. 2008, http://www.ala.org/tools/ethics Accessed 24 July 2017.