Re: [tor-relays] Feedback wanted: letter to my university's library
> Parenthetically, even setting up a https://littlefreelibrary.org at my > condominium complex has been met with incomprehension and fear... Easier for them to do that than realize the many $thousands they paid for their education which could have been free. Indoctrination withdrawal syndrome is a mean bitch that most can't beat. In this case, they'd rather burn the free books, stay paying on closed source OS, nannyfilter patron access, etc. Open a hackerspace right next door complete with bookshelves, see who has more patrons under an open nonprofit board charter, perhaps the old neighbor will groan and annex itself to the new. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
Kenneth Freemanwrote: > > > On 10/03/2017 11:31 PM, Scott Bennett wrote: > > > They have refused to let me speak with those making the decisions about > > what is provided on their public computers, much less to make an organized > > presentation to them. I was told that the decisions about software on the > > computers are made by the library board, not even by the IT staff. What is > > a good approach to get better results? I am at a loss as to how to get the > > library to emerge from the stone age into the age of the Cheka, much less > > that of the NSA, FSB, search engine profilers, botnets, packet sniffers, > > spyware, etc. > > One might think that providing the Tor browser would be a no-brainer, > but that's not the case in the Boise Public Library system. The Here, assuming that they have living brains may be unwarranted. > bureaucratic inertia is a very real thing, so good luck getting them to > install relays and exits too! First things first. > I have never asked them to do any such thing. All I've asked for was the clients. The answer has simply been "No" with no explanation whatsoever provided. Sorry to hear that the Boise library is also in the Dark Ages. :--( Be careful not to get burned at the stake. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
William Dentonwrote: > On 4 October 2017, Scott Bennett wrote: > > > Let me give an example. I have for at least ten years asked my local > > public library to provide a) a secure shell client, b) a secure web browser > > for ordinary use where anonymity is not a concern, c) a secure FTP client, > > and d) the TBB for use by those who desire anonymity. They have always > > refused to budge. They run an unsecurable OS on their public computers. > > They > > provide only Internet Explorer for web access. I'm unsure whether they > > still > > allow any FTP access at all. As you can imagine, they have severely limited > > the usefulness of their computers to the library patrons they claim to > > serve. > > I could not, for example, submit my on-line application to renew my flight > > instructor certificate via the library's computers. * I missed a beat here. The procedure for renewing a flight instructor certificate on-line includes an FAA requirement to "digitally sign" the web- based application for renewal. The procedure is a farce that bears no resemblance to what the security community understands to be a digital signature. That also means that the FAA may *not* be in compliance with the federal government's own standard http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf) The fact that the FAA's system is not in compliance with the above referenced federal standard means that the FAA may possibly be in violation of the Computer Security Act of 1987 and/or the Information Technology Reform Act of 1996. But it was recommended to me by [identity withheld] that I *not* contact the FAA to point out this problem to them in hopes of getting them to correct it because they *allegedly* might revoke my instructor certificate for not "properly" representing the FAA's view of things. IOW, representing the NIST's [correct] view of things could get me punished by the FAA. I stress here that I do not know whether that recommendation was accurate in its claim, but I think it clearly illuminates the climate of fear and distrust that exists toward all levels of government in the USA these days. If simply posting this here gets my CFI revoked, I will (attempt to) let you know. (Actually, I'm not terribly worried, but I have to admit to the possibility.) > > They have refused to let me speak with those making the decisions about > > what is provided on their public computers, much less to make an organized > > presentation to them. I was told that the decisions about software on the > > computers are made by the library board, not even by the IT staff. What is > > a good approach to get better results? > > I fear there is nothing you can do. If they're like that, it's not going to > change until there's a new chief librarian or head of library IT. Public > libraries can be terrible for problems like this. When the right person is > in > the right job, they can move fast and experiment, but that's rare. When a > library thinks offering only IE is the right thing to do, Tor must terrify > them. I was afraid that would be the response a presumably honest, IT-aware librarian might give, but I didn't know until now. Sigh. Thanks for the clear answer. :-( FWIW, my guess is that the board is way too clueless to be terrified, but rather that they simply are so hostile to any change, especially when proposed by someone not a library employee, that they simply cannot permit it, regardless of any other considerations. That's, again, only my guess, but I'm somewhat attached to it by experience. :-> > > But if you can't speak to the public library board there's a problem much > bigger > than what they run on their computers! That is just not right. Public My thoughts exactly. > libraries have to be responsible to their public. Could your city councillor This is Illinois. "Governmental bodies" and "responsible to their public" are incompatible sentencemates here. Please try your luck again. (Hint: land (,re}development deals are often viewed favorably.) This is the state that requires budgets to be balanced, but where lack of *any* budget for nearly three fiscal years was not considered a breach of the state constitution. > help? The local newspaper? My city councilcritter has generally been unreceptive to my suggestions on all issues I have ever discussed with him. The local newspaper was bought up long ago by one of the media oligarchs. It is marginally useful for local news only, but not at all worth its price. Most people don't bother with it, so even if the handful of local reporting staff and editor were agreeable, it would likely matter not a whit. Much there has changed unrecognizably since the days before it was bought out. > > Good luck! It's a shame your local library is ignoring someone with your > expertise. > Thanks, Bill. Perhaps talking these things up with local social activists with more energy than I
Re: [tor-relays] Feedback wanted: letter to my university's library
On 10/03/2017 11:31 PM, Scott Bennett wrote: > They have refused to let me speak with those making the decisions about > what is provided on their public computers, much less to make an organized > presentation to them. I was told that the decisions about software on the > computers are made by the library board, not even by the IT staff. What is > a good approach to get better results? I am at a loss as to how to get the > library to emerge from the stone age into the age of the Cheka, much less > that of the NSA, FSB, search engine profilers, botnets, packet sniffers, > spyware, etc. One might think that providing the Tor browser would be a no-brainer, but that's not the case in the Boise Public Library system. The bureaucratic inertia is a very real thing, so good luck getting them to install relays and exits too! First things first. 0xDD79757F.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
> -Original Message- > From: ali...@torproject.org > Yes, I do a basic training which includes HTTPS, cookies, software > updates, passwords, and the like. It's both to educate the librarians > into better practices and to help them teach classes to their patrons. > That said, my organization has trained thousands of librarians on > privacy and security issues, and thanks to our work you'll now find Tor > discussed at major (and minor) library conferences, Tor Browser on > public computers, libraries teaching privacy classes to their patrons, > and the like. So I think things are improving. Really good, Alison. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
Scott Bennett: > Alison Macrinawrote: > >> Scott Bennet> If he discovers that neither his campus library nor the >> university as a >>> whole is already officially running at least one relay, this may be a better >>> way to teach them. If, rather than going for a relay, which is quite likely >>> to scare them until they understand more and better about tor, AJ were >>> instead to campaign to get the library to install the tor browser bundle >>> onto its publicly available computers, that alone would be a terrific >>> coup and might engender a great deal of student support for tor on campus >>> over time. (The library would, of course, need to find a way to lock down >>> the settings of the installed bundle, so that it couldn't be turned into >>> a relay by users, but that should not be difficult to do.) If he succeeded >>> in getting the tor browser bundle added to the library's most likely tightly >>> limited list of applications available on its public machines, he could then >>> wait a while to see what the staff members thought of it. If they decided >>> after watching it in use for a while that it was a good thing to have made >>> available to their users, you might then approach another department that >>> operates a student computer lab to try to get TBB installed there. If the >>> library employees liked it, they might give the prospective department a >>> positive recommendation. If AJ played it right and it usually turned out >>> well, he might eventually cover much of the campus with TBB installations. >>> In any case, getting the TBB installed would educate far more people about >>> anonymity and privacy issues than merely getting a relay installed that most >>> people would never be aware of. >> >> This is a great idea, and the slides I shared in my last email could >> help get this conversation started (the slides cover Tor Browser as well >> as relays and other Tor stuff). If AJ is interested I can connect him >> with other libraries I've worked with that have installed Tor Browser on >> all of their public computers. >> > I, for one, am very happy to know that Alison and her organization are > making those materials available. They have the potential to assist many > people like AJ in making the public more aware of the issues and of the tools > available to help it protect/recover its privacy and anonymity. Thanks! > Alison, do you also have materials on using HTTPS where available > instead of HTTP? The dangers inherent in allowing Java or JavaScript to be > enabled in one's web browser? Cookies? Tools like the HTTPSeverywhere and > NoScript plug-ins for Firefox? Yes, I do a basic training which includes HTTPS, cookies, software updates, passwords, and the like. It's both to educate the librarians into better practices and to help them teach classes to their patrons. > The reasons for avoiding the use of telnet > clients and which tools to use instead for remote logins? If not, they would > make great additions, particularly pages that explain how to convince > librarians about these matters? Typically I don't cover remote login security because it's not something that most librarians have a direct need for, and there's so much else to cover. > Let me give an example. I have for at least ten years asked my local > public library to provide a) a secure shell client, b) a secure web browser > for ordinary use where anonymity is not a concern, c) a secure FTP client, > and d) the TBB for use by those who desire anonymity. They have always > refused to budge. They run an unsecurable OS on their public computers. They > provide only Internet Explorer for web access. I'm unsure whether they still > allow any FTP access at all. As you can imagine, they have severely limited > the usefulness of their computers to the library patrons they claim to serve. > I could not, for example, submit my on-line application to renew my flight > instructor certificate via the library's computers. Sadly, the situation you describe is fairly common in libraries. I have had a lot of success helping many libraries make significant changes, but it takes a lot of work building the relationship and convincing their stakeholders that these things are important. I am a former librarian too, and so I think they are more likely to listen to me. That said, my organization has trained thousands of librarians on privacy and security issues, and thanks to our work you'll now find Tor discussed at major (and minor) library conferences, Tor Browser on public computers, libraries teaching privacy classes to their patrons, and the like. So I think things are improving. > They have refused to let me speak with those making the decisions about > what is provided on their public computers, much less to make an organized > presentation to them. I was told that the decisions about software on the > computers are made by the library board, not even by the IT
Re: [tor-relays] Feedback wanted: letter to my university's library
On 4 October 2017, Scott Bennett wrote: Let me give an example. I have for at least ten years asked my local public library to provide a) a secure shell client, b) a secure web browser for ordinary use where anonymity is not a concern, c) a secure FTP client, and d) the TBB for use by those who desire anonymity. They have always refused to budge. They run an unsecurable OS on their public computers. They provide only Internet Explorer for web access. I'm unsure whether they still allow any FTP access at all. As you can imagine, they have severely limited the usefulness of their computers to the library patrons they claim to serve. I could not, for example, submit my on-line application to renew my flight instructor certificate via the library's computers. They have refused to let me speak with those making the decisions about what is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results? I fear there is nothing you can do. If they're like that, it's not going to change until there's a new chief librarian or head of library IT. Public libraries can be terrible for problems like this. When the right person is in the right job, they can move fast and experiment, but that's rare. When a library thinks offering only IE is the right thing to do, Tor must terrify them. But if you can't speak to the public library board there's a problem much bigger than what they run on their computers! That is just not right. Public libraries have to be responsible to their public. Could your city councillor help? The local newspaper? Good luck! It's a shame your local library is ignoring someone with your expertise. Bill -- William Denton :: Toronto, Canada --- Listening to Art: https://listeningtoart.org/ https://www.miskatonic.org/ --- GHG.EARTH: http://ghg.earth/ Caveat lector. --- STAPLR: http://staplr.org/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
Alison Macrinawrote: > Scott Bennet> If he discovers that neither his campus library nor the > university as a > > whole is already officially running at least one relay, this may be a better > > way to teach them. If, rather than going for a relay, which is quite likely > > to scare them until they understand more and better about tor, AJ were > > instead to campaign to get the library to install the tor browser bundle > > onto its publicly available computers, that alone would be a terrific > > coup and might engender a great deal of student support for tor on campus > > over time. (The library would, of course, need to find a way to lock down > > the settings of the installed bundle, so that it couldn't be turned into > > a relay by users, but that should not be difficult to do.) If he succeeded > > in getting the tor browser bundle added to the library's most likely tightly > > limited list of applications available on its public machines, he could then > > wait a while to see what the staff members thought of it. If they decided > > after watching it in use for a while that it was a good thing to have made > > available to their users, you might then approach another department that > > operates a student computer lab to try to get TBB installed there. If the > > library employees liked it, they might give the prospective department a > > positive recommendation. If AJ played it right and it usually turned out > > well, he might eventually cover much of the campus with TBB installations. > > In any case, getting the TBB installed would educate far more people about > > anonymity and privacy issues than merely getting a relay installed that most > > people would never be aware of. > > This is a great idea, and the slides I shared in my last email could > help get this conversation started (the slides cover Tor Browser as well > as relays and other Tor stuff). If AJ is interested I can connect him > with other libraries I've worked with that have installed Tor Browser on > all of their public computers. > I, for one, am very happy to know that Alison and her organization are making those materials available. They have the potential to assist many people like AJ in making the public more aware of the issues and of the tools available to help it protect/recover its privacy and anonymity. Alison, do you also have materials on using HTTPS where available instead of HTTP? The dangers inherent in allowing Java or JavaScript to be enabled in one's web browser? Cookies? Tools like the HTTPSeverywhere and NoScript plug-ins for Firefox? The reasons for avoiding the use of telnet clients and which tools to use instead for remote logins? If not, they would make great additions, particularly pages that explain how to convince librarians about these matters? Let me give an example. I have for at least ten years asked my local public library to provide a) a secure shell client, b) a secure web browser for ordinary use where anonymity is not a concern, c) a secure FTP client, and d) the TBB for use by those who desire anonymity. They have always refused to budge. They run an unsecurable OS on their public computers. They provide only Internet Explorer for web access. I'm unsure whether they still allow any FTP access at all. As you can imagine, they have severely limited the usefulness of their computers to the library patrons they claim to serve. I could not, for example, submit my on-line application to renew my flight instructor certificate via the library's computers. They have refused to let me speak with those making the decisions about what is provided on their public computers, much less to make an organized presentation to them. I was told that the decisions about software on the computers are made by the library board, not even by the IT staff. What is a good approach to get better results? I am at a loss as to how to get the library to emerge from the stone age into the age of the Cheka, much less that of the NSA, FSB, search engine profilers, botnets, packet sniffers, spyware, etc. Disclaimer: I confess that I have no idea how prevalent my public library's attitudes and policies are among public libraries in the U.S. today, so I can't make any claims about widespread need for the sort of materials I'm asking about. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 *
Re: [tor-relays] Feedback wanted: letter to my university's library
Scott Bennet> If he discovers that neither his campus library nor the university as a > whole is already officially running at least one relay, this may be a better > way to teach them. If, rather than going for a relay, which is quite likely > to scare them until they understand more and better about tor, AJ were > instead to campaign to get the library to install the tor browser bundle > onto its publicly available computers, that alone would be a terrific > coup and might engender a great deal of student support for tor on campus > over time. (The library would, of course, need to find a way to lock down > the settings of the installed bundle, so that it couldn't be turned into > a relay by users, but that should not be difficult to do.) If he succeeded > in getting the tor browser bundle added to the library's most likely tightly > limited list of applications available on its public machines, he could then > wait a while to see what the staff members thought of it. If they decided > after watching it in use for a while that it was a good thing to have made > available to their users, you might then approach another department that > operates a student computer lab to try to get TBB installed there. If the > library employees liked it, they might give the prospective department a > positive recommendation. If AJ played it right and it usually turned out > well, he might eventually cover much of the campus with TBB installations. > In any case, getting the TBB installed would educate far more people about > anonymity and privacy issues than merely getting a relay installed that most > people would never be aware of. This is a great idea, and the slides I shared in my last email could help get this conversation started (the slides cover Tor Browser as well as relays and other Tor stuff). If AJ is interested I can connect him with other libraries I've worked with that have installed Tor Browser on all of their public computers. Alison ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
Alison Macrinawrote: > Hi AJ, > > Thank you for supporting Tor! I think it's a great idea to try to work > with your university library to run a relay. I run the Library Freedom > Project which helps libraries understand and use privacy tools > (libraryfreedomproject.org). I can give you some advice based on my > experience. > > William Denton: > > On 1 October 2017, AJ Jordan wrote: > > > >> However I've just started college at the University of Rochester, > >> which obviously presents a great opportunity to set up a relay on a > >> really great network. I'm planning to reach out to the library with > >> the following email and would love some feedback: > > > > Scott Bennett had excellent advice, > > +1 > > > Academic libraries can be very experimental in some of their work, but > > they are generally risk-averse. (This is good, because they're in the > > business of preserving knowledge and cultural artifacts for decades and > > centuries.) There is, I'm afraid, close to zero chance they would let a > > non-employee student run a server on their network---and running Tor, > > even a non-exit relay, makes the chances even lower. > > > > However, don't give up. I suggest thinking about this as a long-term > > project that could get you involved with the library, faculty and campus > > IT. There must be people on campus interested in privacy issues, who > > know about Tor, and perhaps who have been thinking about running a > > relay. These people could be librarians or they could be professors or > > grad students in political science, communcations, journalism, computer > > science, privacy studies, etc. Find out who they are and approach > > them! Perhaps there is a student club interested in the same > > issues---if not, you could start one. Students and student groups > > advocating for a Tor relay or exit, while demonstrating the importance > > of Tor and how it fits in with the library's and university's mission, > > would very much help the project be successful. > > William's advice is good. You definitely need to begin by building a > relationship with the library. Don't be discouraged by the amount of > work this may take; the payoff might end up being a cultural shift > wherein the library, university IT, and CS departments all work on this > as a project together! > > You'll want to approach the library by showing that Tor is an excellent > way to uphold the values of librarianship, which are privacy, > intellectual freedom, and access. Really, be explicit about it; don't > assume that they'll just get why you think it matters. Here's something > I wrote about intellectual freedom + Tor Browser a while ago and you can > borrow the arguments I've made: > https://www.scribd.com/document/272919852/Alison-Macrina-The-Tor-Browser-and-Intellectual-Freedom-in-the-Digital-Age > > As William said, libraries are mostly risk-averse, so you also need to > be ready to answer their questions about legal and technical concerns. > LFP has collected some resources to help with all of that here: > https://github.com/LibraryFreedom/tor-exit-package/blob/master/resources.md. > > Before you email the university librarian, I'd start by talking to some > of the regular academic librarians about your ideas and gauge their > responses. Ask them if they've heard of the Library Freedom Project and > feel free to send them any of our resources. See if they think the > administration would be receptive to you offering a presentation about > Tor to library staff (even better if you can make it open to students > and faculty, too, because that can get you more support). You are > welcome to adapt these slides for that presentation: > https://libraryfreedomproject.org/allabouttor/. Make sure to show them > this academic library that has used their Tor relay as a teaching tool > for students: > https://boingboing.net/2016/03/16/first-ever-tor-node-in-a-canad.html. > I second all of the above by both Bill and Allison, and I am grateful that they were able to express better and in far greater detail much of what I was trying to say, while adding their own ideas in similar detail. Reading Bill's and Allison's followups stimulated an idea of another, and possibly better, approach that I hope AJ will consider and that may even be more likely to be approved and have greater effect in the long run. If he discovers that neither his campus library nor the university as a whole is already officially running at least one relay, this may be a better way to teach them. If, rather than going for a relay, which is quite likely to scare them until they understand more and better about tor, AJ were instead to campaign to get the library to install the tor browser bundle onto its publicly available computers, that alone would be a terrific coup and might engender a great deal of student support for tor on campus over time. (The library would, of course, need to find a way to lock down the settings
Re: [tor-relays] Feedback wanted: letter to my university's library
If for library regarding preserving knowledge, and other sales tactics You might be able to present for supporting an anonymous encrypted storage platform... such as Tahoe-LAFS, MaidSafe, IPFS, Bitcoin full nodes, Zensystem.io, a Wiki, NNTP, there are many more such "store of data / knowledge" things out there to choose from... all over Tor or I2P or CJDNS. For anti-correlation reasons you're not supposed to run some services on the same box as a relay (or even anywhere administratively, logically, or physically near the box), especially if the service running on top does not itself fully encrypt and distribute the data out of reach thus making seizure moot. Depending on that analysis, you could present to also run the relay [on another box] to help supply the 7x bandwidth and cpu impact the onion service has on the relay network. Anonymity overlay networks are nothing in themselves, it's the applications and usage people run over them that makes them useful. If the overlay network itself isn't interesting enough to attract funding / approval / internet / hardware from somewhere, maybe the applications riding on top can be. You could also further tie it into doing some form of research, education, outreach, overview, tech in operation presentations... all "sponsored by: ". Many entities will bend over backwards for a free name drop. Or just sell it like a used car dealer... $1000 runs great! Good luck ;) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
Hi AJ, Thank you for supporting Tor! I think it's a great idea to try to work with your university library to run a relay. I run the Library Freedom Project which helps libraries understand and use privacy tools (libraryfreedomproject.org). I can give you some advice based on my experience. William Denton: > On 1 October 2017, AJ Jordan wrote: > >> However I've just started college at the University of Rochester, >> which obviously presents a great opportunity to set up a relay on a >> really great network. I'm planning to reach out to the library with >> the following email and would love some feedback: > > Scott Bennett had excellent advice, +1 > Academic libraries can be very experimental in some of their work, but > they are generally risk-averse. (This is good, because they're in the > business of preserving knowledge and cultural artifacts for decades and > centuries.) There is, I'm afraid, close to zero chance they would let a > non-employee student run a server on their network---and running Tor, > even a non-exit relay, makes the chances even lower. > > However, don't give up. I suggest thinking about this as a long-term > project that could get you involved with the library, faculty and campus > IT. There must be people on campus interested in privacy issues, who > know about Tor, and perhaps who have been thinking about running a > relay. These people could be librarians or they could be professors or > grad students in political science, communcations, journalism, computer > science, privacy studies, etc. Find out who they are and approach > them! Perhaps there is a student club interested in the same > issues---if not, you could start one. Students and student groups > advocating for a Tor relay or exit, while demonstrating the importance > of Tor and how it fits in with the library's and university's mission, > would very much help the project be successful. William's advice is good. You definitely need to begin by building a relationship with the library. Don't be discouraged by the amount of work this may take; the payoff might end up being a cultural shift wherein the library, university IT, and CS departments all work on this as a project together! You'll want to approach the library by showing that Tor is an excellent way to uphold the values of librarianship, which are privacy, intellectual freedom, and access. Really, be explicit about it; don't assume that they'll just get why you think it matters. Here's something I wrote about intellectual freedom + Tor Browser a while ago and you can borrow the arguments I've made: https://www.scribd.com/document/272919852/Alison-Macrina-The-Tor-Browser-and-Intellectual-Freedom-in-the-Digital-Age As William said, libraries are mostly risk-averse, so you also need to be ready to answer their questions about legal and technical concerns. LFP has collected some resources to help with all of that here: https://github.com/LibraryFreedom/tor-exit-package/blob/master/resources.md. Before you email the university librarian, I'd start by talking to some of the regular academic librarians about your ideas and gauge their responses. Ask them if they've heard of the Library Freedom Project and feel free to send them any of our resources. See if they think the administration would be receptive to you offering a presentation about Tor to library staff (even better if you can make it open to students and faculty, too, because that can get you more support). You are welcome to adapt these slides for that presentation: https://libraryfreedomproject.org/allabouttor/. Make sure to show them this academic library that has used their Tor relay as a teaching tool for students: https://boingboing.net/2016/03/16/first-ever-tor-node-in-a-canad.html. LFP is fairly well known and respected in libraries and so if it can be beneficial to involve me further, I'm happy to assist! Alison ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
Hi AJ, not sure if anyone's brought this up, but you may want to look at: https://libraryfreedomproject.org/ " Library Freedom Project is a partnership among librarians, technologists, attorneys, and privacy advocates which aims to address the problems of surveillance by making real the promise of intellectual freedom in libraries. By teaching librarians about surveillance threats, privacy rights and responsibilities, and digital tools to stop surveillance, we hope to create a privacy-centric paradigm shift in libraries and the communities they serve." In practice as I understand it this in large part involves Libraries running Tor exits to facilitate their privacy and education goals. -Jon On Mon, Oct 02, 2017 at 11:51:42AM -0400, teor wrote: :On 2 Oct 2017, at 01:18, AJ Jordanwrote: : :>> find out what the rules around Internet usage :>> are, and just set one up. :> :> The problem is that logistically I can't without help, :> unfortunately. I don't have a spare machine to run it on and more :> importantly, I don't have access to a good wired connection. The only :> Ethernet jack I know of is in my dorm room and I can't imagine it's :> very good compared to a datacenter connection. So there's two things :> I'd need from IT. : :You might be surprised. : :When I was at university, the Ethernet in my room was one hop from :the campus fibre mesh network, so it was pretty good. :(Of course, it was in Australia, so it would never have sent much tor :traffic.) : :*If* it falls within your dorm's acceptable use policies, setting up a :relay with a low RelayBandwidthRate would be a good way to see :how well tor works on campus. : :But you need to make a judgement call, because having a dorm relay :shut down might affect the library's willingness to run one. : :Tim :___ :tor-relays mailing list :tor-relays@lists.torproject.org :https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
On 2 Oct 2017, at 01:18, AJ Jordanwrote: >> find out what the rules around Internet usage >> are, and just set one up. > > The problem is that logistically I can't without help, > unfortunately. I don't have a spare machine to run it on and more > importantly, I don't have access to a good wired connection. The only > Ethernet jack I know of is in my dorm room and I can't imagine it's > very good compared to a datacenter connection. So there's two things > I'd need from IT. You might be surprised. When I was at university, the Ethernet in my room was one hop from the campus fibre mesh network, so it was pretty good. (Of course, it was in Australia, so it would never have sent much tor traffic.) *If* it falls within your dorm's acceptable use policies, setting up a relay with a low RelayBandwidthRate would be a good way to see how well tor works on campus. But you need to make a judgement call, because having a dorm relay shut down might affect the library's willingness to run one. Tim ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
On 1 October 2017, AJ Jordan wrote: However I've just started college at the University of Rochester, which obviously presents a great opportunity to set up a relay on a really great network. I'm planning to reach out to the library with the following email and would love some feedback: Scott Bennett had excellent advice, and I have a few suggestions along the same lines. (I work in a unversity library.) Academic libraries can be very experimental in some of their work, but they are generally risk-averse. (This is good, because they're in the business of preserving knowledge and cultural artifacts for decades and centuries.) There is, I'm afraid, close to zero chance they would let a non-employee student run a server on their network---and running Tor, even a non-exit relay, makes the chances even lower. However, don't give up. I suggest thinking about this as a long-term project that could get you involved with the library, faculty and campus IT. There must be people on campus interested in privacy issues, who know about Tor, and perhaps who have been thinking about running a relay. These people could be librarians or they could be professors or grad students in political science, communcations, journalism, computer science, privacy studies, etc. Find out who they are and approach them! Perhaps there is a student club interested in the same issues---if not, you could start one. Students and student groups advocating for a Tor relay or exit, while demonstrating the importance of Tor and how it fits in with the library's and university's mission, would very much help the project be successful. In other words, your goal is achievable, but I think you'll need different methods. For a long-term Tor relay to run on a library or university server, they will need to be the ones running it, but a student could be the one to help convince them to do it. Connecting Tor to ongoing or potential research would also be a big help. If someone's going to run a server, they'll want to do more than just run it as a service. Along the way, you might get a part-time job out of it, which is always a bonus. If they do workshops on privacy and online security you could help with them, or do peer workshops, etc. (It's a lot easier to tell people about Tor, and show them how to use it, than to run a server, so it's a good first step.) As for where to start, I suggest dropping by the Digital Scholarship Lab. The digital humanities librarian looks like a good person to chat with. http://humanities.lib.rochester.edu/ Good luck! Bill -- William Denton :: Toronto, Canada --- Listening to Art: https://listeningtoart.org/ https://www.miskatonic.org/ --- GHG.EARTH: http://ghg.earth/ Caveat lector. --- STAPLR: http://staplr.org/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
"Tor Node Admin @ SechsNullDrei.org"wrote: > Hi AJ, > > First, thank you for supporting Tor! > > Second, you're smart to contact the library, as IT would immediately shut > down the idea as they don't want to receive more abuse emails than they > already do (I know we did when I worked in academia). An additional > resource you may wish to research is the https://libraryfreedomproject.org/ > by Alison Mecrina. The resources available on this site speak directly to > librarians on such issues. Good luck! > AJ and any others in similar situations, I would add a few comments, beginning with the style of communications with your university library. When you wish to ask for some special consideration, find out whom you need to talk with about your request, and then make an appointment to visit his/her office in person. Sending an email message out of the blue and beginning it with "Heya!" is utterly inappropriate and is not at all likely to get you anywhere. You must act--and write--like an adult, and formality in your initial written communications is essential. They are not going to let someone acting like an ill-mannered adolescent run a server on their department's equipment. If you come across as a responsible adult who makes a good impression and provides a good case for satisfying the request, a case that looks good from the university's point of view, which is to say, convincing them that it would benefit the university in some way, then you may get somewhere with them. If you convince them, however, be prepared to find out that the staff has decided to run the relay itself. The department may well have to run it past the university's legal department. Because you are not acting as a university employee, either or both departments may not be willing to make the university liable for possible consequences of a non-employee's actions. I know that, as a systems programmer at the university here, I would never have let anyone out of our group, much less outside of our department, do anything like running a relay on a machine under my responsibility. I wouldn't have risked having to clean up someone else's mess, and my boss would have been apoplectic at the idea. The security issues would have overwhelmed everything. OTOH, you might still get lucky. It would definitely be worth your time to find out whether the university (e.g., through its computer center or library) or some other individual, department, or college office is already running one or more relays. Faculty members at some universities have been known to get special arrangements to run tor relays, even exits, on university- owned equipment. At some schools, faculty members would not likely even be questioned about it. Note, for example, that many individual faculty members and sometimes even (paid) graduate assistants run web servers to publicize their research and results. Note that any networking staff will want to know how much of the available network capacity your networking program (in this case, tor) would require if the decision were to allow it. Asking to run an exit is almost certain to subject your request to legal department scrutiny, so you might consider running a middle/entry node first for some time, say six or twelve months, before asking to upgrade your relay to an exit relay. That would give time to establish your skill at managing a relay, responding well and quickly when problems occur, to become personally known to the staff, and so forth. Once you've established a good reputation with them, they are more likely to oblige you. In any case, best wishes for your attempt. Please let us know whether you pull it off and, if so, what you did that succeeded. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
Hi AJ, First, thank you for supporting Tor! Second, you're smart to contact the library, as IT would immediately shut down the idea as they don't want to receive more abuse emails than they already do (I know we did when I worked in academia). An additional resource you may wish to research is the https://libraryfreedomproject.org/ by Alison Mecrina. The resources available on this site speak directly to librarians on such issues. Good luck! Thank you for your email, Isaac, t...@sechsnulldrei.org -Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of AJ Jordan Sent: Sunday, October 01, 2017 3:20 PM To: tor-relays@lists.torproject.org Subject: [tor-relays] Feedback wanted: letter to my university's library Hey, all! I'm AJ; I've been lurking on this list for many years but have never had cause to post. I've run a Tor relay (`strugees`) on AWS for a number of years now, but haven't been able to dedicate all that much bandwidth to it due to cost concerns. However I've just started college at the University of Rochester, which obviously presents a great opportunity to set up a relay on a really great network. I'm planning to reach out to the library with the following email and would love some feedback: > Heya! > > I'm a new first-year student and I'm active in the technology activism > community. One of the things I'm very interested in is the Tor Project > (https://torproject.org), whose mission is to make it possible to > freely and anonymously use the internet, without fear of surveillance > or censorship. Tor is used by a wide variety of people > - activists, journalists, corporations, law enforcement, and > individuals - to gain free access to information and speak their mind. > Tor is able to provide this free expression by utilizing a worldwide > network of relays run by volunteers. A relay can make a big difference > on the Tor network if it's run on a connection which is fast and has > lots of bandwidth - like the University's connection. > > I think it would be really cool if UR would donate part of its > internet resources to the Tor network. I considered directly > contacting IT, but I thought it actually made sense to talk to the > library first since the core values are actually really similar - > libraries and the Tor project both know the value and power of > unrestricted access to information and are dedicated to making > information available to anyone who wants it. > > If this is something that sounds interesting, I would love to chat > about this in person. I would also be willing to invest the time > needed to administrate the relay - I have several years of experience > doing this already, but haven't had access to the resources the > University has. > > Thanks very much! > > AJ Jordan Does anyone who's done something like this before have any tips or suggestions? Am I going about this in the best way? Cheers! AJ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
On Mon, Oct 02, 2017 at 07:08:35AM +0200, Moritz Bartl wrote: > On 01.10.2017 22:52, teor wrote: > > AWS is an expensive way to run a relay, because they charge per GB. > > Capped providers can cost less, and you can use AccountingMax to > > limit your usage. > > > > Here's a list of providers that allow tor: > > https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs > > For non-exit relays, you actually don't have to limit yourself to ISPs > that "allow Tor". Be careful with "unmetered/unlimited" offers. I would > be honest up front in terms of data usage, and find out what kind of > "fair use policy" the ISP has. Often, the customer support can give you > an exact number, even if it's not stated anywhere on their website. Thanks (to both you and Tim); this is really good advice. I'll look into it... assuming I can find the time, of course :/ > I hope Alison can help you with the uni library. That's a really good > idea. Internet and policies can be hugely different between different > universities, so at least for non-exit relays, it should be pretty > straightforward: Here also, I would suggest to first (without making a > lot of noise about it) to find out what the rules around Internet usage > are, and just set one up. The problem is that logistically I can't without help, unfortunately. I don't have a spare machine to run it on and more importantly, I don't have access to a good wired connection. The only Ethernet jack I know of is in my dorm room and I can't imagine it's very good compared to a datacenter connection. So there's two things I'd need from IT. Cheers, AJ signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
On 01.10.2017 22:52, teor wrote: > AWS is an expensive way to run a relay, because they charge per GB. > Capped providers can cost less, and you can use AccountingMax to > limit your usage. > > Here's a list of providers that allow tor: > https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs For non-exit relays, you actually don't have to limit yourself to ISPs that "allow Tor". Be careful with "unmetered/unlimited" offers. I would be honest up front in terms of data usage, and find out what kind of "fair use policy" the ISP has. Often, the customer support can give you an exact number, even if it's not stated anywhere on their website. lowendbox.com is a good place to find cheap virtual machines, for example. Again, for non-exits (like the current "strugees"), I wouldn't tell the ISP that what you're doing is pushing encrypted traffic for some network. For exits, it's a bit more difficult. I hope Alison can help you with the uni library. That's a really good idea. Internet and policies can be hugely different between different universities, so at least for non-exit relays, it should be pretty straightforward: Here also, I would suggest to first (without making a lot of noise about it) to find out what the rules around Internet usage are, and just set one up. -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Feedback wanted: letter to my university's library
> On 2 Oct 2017, at 07:20, AJ Jordanwrote: > > Hey, all! > > I'm AJ; I've been lurking on this list for many years but have never > had cause to post. I've run a Tor relay (`strugees`) on AWS for a > number of years now, but haven't been able to dedicate all that much > bandwidth to it due to cost concerns. AWS is an expensive way to run a relay, because they charge per GB. Capped providers can cost less, and you can use AccountingMax to limit your usage. Here's a list of providers that allow tor: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs > However I've just started college at the University of Rochester, > which obviously presents a great opportunity to set up a relay on a > really great network. I'm planning to reach out to the library with > the following email and would love some feedback: > >> Heya! >> >> I'm a new first-year student and I'm active in the technology >> activism community. One of the things I'm very interested in is the >> Tor Project (https://torproject.org), whose mission is to make it >> possible to freely and anonymously use the internet, without fear of >> surveillance or censorship. Tor is used by a wide variety of people >> - activists, journalists, corporations, law enforcement, and >> individuals - to gain free access to information and speak their >> mind. Tor is able to provide this free expression by utilizing a >> worldwide network of relays run by volunteers. A relay can make a >> big difference on the Tor network if it's run on a connection which >> is fast and has lots of bandwidth - like the University's >> connection. >> >> I think it would be really cool if UR would donate part of its >> internet resources to the Tor network. I considered directly >> contacting IT, but I thought it actually made sense to talk to the >> library first since the core values are actually really similar - >> libraries and the Tor project both know the value and power of >> unrestricted access to information and are dedicated to making >> information available to anyone who wants it. >> >> If this is something that sounds interesting, I would love to chat >> about this in person. I would also be willing to invest the time >> needed to administrate the relay - I have several years of >> experience doing this already, but haven't had access to the >> resources the University has. >> >> Thanks very much! >> >> AJ Jordan > > Does anyone who's done something like this before have any tips or > suggestions? Am I going about this in the best way? I've CC'd Alison, who heads up the Library Freedom Project. She has a lot of experience working with libraries and tor relays. Tim___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays