The Kilton Public Library in the US town of West Lebanon, New Hampshire is only 5 years old, and its modern sensibilities show: for one thing, it brags about sustainable technologies such as ground source heat pumps and radiant floor slabs throughout.
It’s also a cutting-edge library in an entirely different sense: in July, it became the country’s first library to set up as a relay in the Tor network.
People who browse the web using the Tor browser route their traffic through collections of Tor relays, know as circuits, to cover their tracks and keep their location secret.
Tor is widely used by activists and dissidents to avoid surveillance, but has also become a safe(ish) haven for criminals.
Privacy fans hoped it would become the first of many exit nodes – specialist relays where the traffic ‘exits’ Tor and joins the regular unencrypted internet – set up in as many public institutions as possible.
It wasn’t to be.
An Ars Technica writeup of this story caught the Feds’ attention.
Sean Fleming, the library director of the Lebanon Public Libraries, told ProPublica that the Department of Homeland Security (DHS) within a few weeks let it be known to the state and local police that the library’s plan might not be a wise course of action.
Shortly thereafter, local police and city officials had a little chat with the library. In the discussion, they described how Tor could be exploited by criminals.
That was the end of that – at least for now.
The library caved and pulled the plug on the project, not having anticipated how much pressure the first library to set up a Tor relay would attract.
ProPublica quotes Fleming:
There are other libraries that I've heard that are interested in participating but nobody else wanted to be first. We’re lonesome right now.
Where the idea came from
The idea to install exit nodes in libraries was the result of a collaboration between the Tor Project and the Library Freedom Project (LFP).
The LFP itself is the work of Boston librarian Alison Macrina.
Its aim is to teach libraries how to “protect patrons’ rights to explore new ideas, no matter how controversial or subversive, unfettered by the pernicious effects of online surveillance.”
It’s funded by the Knight Foundation, which also provides funding to ProPublica.
Macrina had conducted a privacy training session at the Kilton library in May, at which time she talked to the librarian about also setting up a Tor relay.
And just what exactly is a Tor relay?
Tor (which stands for The Onion Router) uses layers of encryption to protect traffic from snooping. The encrypted traffic is bounced through a circuit of relays and each relay peels off a layer of encryption.
For regular web browsing, traffic enters a circuit through a relay known as an entry guard and leaves through a relay known an exit node.
Because the exit node is the final relay in the circuit, it appears to be the source for all the traffic that passes through it, which sets it up to potentially take the blame in cases of malicious or illegal activity.
That’s actually one of many things the LFP likes about the use of libraries as exit nodes: libraries can afford some of the legal exposure that comes with an exit, given that exit operators might face the occasional copyright takedown notice or inquiry from law enforcement about traffic on the node.
As the LFP says on its site, other things that make libraries attractive are their commitment to intellectual freedom and privacy; the fact that they’re education centers within their communities, offering classes on things including computer use; and that they serve a diverse audience, many of whom need private browsing but don’t know it exists, including domestic violence survivors, racial and ethnic minorities, and LGBTQ communities.
That all sounded good to Kilton Library
This particular library was the perfect pilot.
Chuck McAndrew, the IT librarian, has all the computers running on GNU/Linux distributions, instead of the typical library’s Microsoft Windows environment.
That was appealing, Macrina wrote, because of Microsoft’s participation in the NSA’s PRISM surveillance program.
By choosing GNU/Linux operating systems and installing some privacy-protecting browser extensions too, Chuck’s helping his staff and patrons opt-out of pervasive government and corporate surveillance. Pretty awesome.
After Macrina talked to the librarian about the exit node project in May, the library board of trustees unanimously approved the plan at its June meeting, and the relay was set up (preliminarily as a middle relay) in July.
And just how was that illegal?
DHS spokesman Shawn Neudauer told ProPublica that the agent who reached out to New Hampshire police was simply providing “visibility/situational awareness,” didn’t have any direct contact with the Lebanon police or library, and wasn’t out to charge anybody with anything.
...the protections that Tor offers can be attractive to criminal enterprises or actors and HSI [Homeland Security Investigations] will continue to pursue those individuals who seek to use the anonymizing technology to further their illicit activity.
DHS actions in this case aren’t surprising: we already know that the NSA really, really hates Tor.
It said as much in a top-secret NSA presentation leaked by Edward Snowden and titled “Tor Stinks”.
The fight has just begun
At any rate, this ain’t over yet, the encryption activists have vowed.
YOO @arstechnica DON’T BE DEFEATED, IT’S NOWHERE NEAR OVER!!!! https://t.co/CKiv2katf2
— Alison Macrina (@flexlibris) September 13, 2015
Fleming said that the library board of trustees will vote on whether to turn the service back on at its meeting on Tuesday, 15 September.
Macrina is urging supporters to show up at that meeting.
DHS’s actions actually might be “the best thing that could have happened,” Macrina tweeted, triggering an outpouring of support and interest in the library exit nodes project.
As of Monday morning, a letter of support for the library put up by the Electronic Frontier Foundation (EFF) had been signed by over 3,700 people.
LFP trainings have been set up in three Massachusetts towns and one town in Maine.
Nima Fatemi, the Tor Project member who’s working with the LFP, tweeted that librarians’ interest has been aroused:
More librarians are contacting us to run Tor exit relays in their libraries! This warms our hearts and gives us energy to move forward! <3
— Nima Fatemi (@mrphs) September 10, 2015
Some have suggested that DHS’s interference in the Tor library project proves that Tor works.
After all, why else would surveillance agencies be so eager to abort its widespread adoption if it didn’t actually do what it’s designed to do: i.e., help you maintain your anonymity while browsing?
Image of chopped onion courtesy of Shutterstock.
10 comments on “Public library shelves plans to become part of Tor”
Why do you feel that “racial and ethnic minorities” need private browsing more than any other person would? I could see the ethnic part of that, as it might relate to religious beliefs and thus possible persecution, but race?
And if you have a valid answer for my first question, here’s another one: Would that special need for private browsing then apply to “white folks” in parts of the world where they are in the minority?
I have been the network administrator for a public library in the US for 25 years and have seen many changes in library service regarding the Internet. Public libraries are required to have a filter under the Child Internet Protection Act if they want to receive federal funding for digital technology. Some libraries opt out and allow all content, some have a few computers that are unfiltered; the community I work in is rather conservative and we decided to use a filter on all our computers, which by the way can be circumvented by determined patrons (the public). No content filter is infallible. Most libraries use programs that reset the computer after a patron logs off, at which time the computer reboots. We use Deep Freeze for resetting the hard drive; there are other programs that do this as well. I have never really tested Deep Freeze to see how well it works (I usually have more important issues to deal with). I have wondered how much information could be retrieved from out public computers, but we have never had an incident where the government requested information. There is a data trail when patrons use the computers, to some extent; they use there name and patron number to log in, though we offer guest passes that require some form of ID. A few patrons know how to bypass the login process, but we are able to determine if the process has been bypassed. Patrons can be categorized in three tech knowledge groups: clueless, average and savvy. I have seen them do such dumb things, I’m appalled. They leave flash drives in the computers, leave personal accounts open without logging off. I often wonder when I will have to deal with some privacy related issue. We provide public wifi with the warning that it is NOT secure, as if that would stop them from sending personal information. One interesting point is that patrons tend to use the same specific computers everyday, and I often think that if someone wanted a particular person’s information they could insert a USB keylogger at the keyboard connection. If I think about it, the possibilities are nightmarish. One more point, I offer classes at the library in computer security and I’m lucky if one (1) person attends.
Well you could use FTK Imager to take an image of a hard drive at the end of the week, and then use EnCase to perform additional analysis of that hard drive to determine what kind of information can be recovered from several uses of Deep Freeze to make the determination of how well that product works for you.
EnCase isn’t cheap, but could be purchased via a grant.
I’d love to be able try that, but I have so many other priorities, and many libraries are notorious for their small technology budgets and understaffed IT departments. I usually have to use freeware for IT tasks, like Wire Shark, Nmap, and Spiceworks.
if you wanted to avoid all potential data issues, you could use a write protected bootable OS (CD), configured not to allow storage devices. I’m sure this would bother some people not being able to download files, but they can use free dropbox/google docs. This would also prevent key loggers and any forensics ever needing done locally. You can still require log ins, and allow printing. Live CDs do have great uses. (just remember to remove the HD, and password protect the BIOS after setting your boot option)
Once the you have a base image, management is very easy, and the financial savings are good too.
I use a (hardware) write protected USB drive for my forensics tool, and a non protected drive if I need to save files.
I’ve tried various configurations and changes to Group Policy, and I think it’s working pretty well right now. We’re actually moving closer to using Google Drive/Docs since the local school district has all the students on Google. I would actually like to go to a live CD boot to Linux, it really is the simplest way to fix some of the problems. And we have had to password the BIOS, some smarties try to make our computers their own. What forensic tool do you use?
One on topic comment: I did have someone ask me about Tor once, I told them that as far as I knew there is no guarantee of privacy and that it’s very slow.
When it comes to Tor, don’t confuse “Tor improves anonymity by bouncing packets around randomly” with “Tor adds privacy by using encryption where it wasn’t there before.” (The former is true; the latter is false.)
If you visit an unencrypted website via Tor, your traffic is unencrypted *from the exit node to that website*. Tor’s encryption doesn’t extend outside the Tor network.
In fact, your unencrypted Tor traffic will now emerge onto the “sniffable internet” in some other randomly chosen country. For all you know, that country could be one with weaker attitudes to privacy and more aggressive laws about surveillance than the one you’re in!
I switch up my tools regularly, I haven’t had time to play with Kali2 yet, I have used Barts disk, Kaspersky live CD, If Sophos has one try that ;), even a XP or W7 PE CD is good (W8 has a PE too, but ehh). My favs are Systernals tools when on an live OS. Really depends on what you are trying to do, save data, the OS, hacking forensics. Manually going though a registry, and looking for files that don’t fit in (by date, type) are still my best results tools.
“…the protections that [law enforcement jobs] offers can be attractive to criminal enterprises or actors and HSI [Homeland Security Investigations] will continue to [not] pursue those individuals who seek to use [law enforcement jobs] to further their illicit activity.”
There, I fixed it for you.
According to the news this morning (September 17), there was a Library Board of Directors meeting, at which both sides (law enforcement concerns vs. privacy and non-censorship) were presented, and the Board voted unanimously to resume the Tor node.