Re: [tor-relays] Feedback wanted: letter to my university's library

[grarpamp]

> Parenthetically, even setting up a https://littlefreelibrary.org at my
> condominium complex has been met with incomprehension and fear...

Easier for them to do that than realize the many $thousands
they paid for their education which could have been free.
Indoctrination withdrawal syndrome is a mean bitch that most
can't beat. In this case, they'd rather burn the free books,
stay paying on closed source OS, nannyfilter patron access, etc.

Open a hackerspace right next door complete with bookshelves,
see who has more patrons under an open nonprofit board charter,
perhaps the old neighbor will groan and annex itself to the new.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Scott Bennett]

Kenneth Freeman  wrote:

>
>
> On 10/03/2017 11:31 PM, Scott Bennett wrote:
>
> >  They have refused to let me speak with those making the decisions about
> > what is provided on their public computers, much less to make an organized
> > presentation to them.  I was told that the decisions about software on the
> > computers are made by the library board, not even by the IT staff.  What is
> > a good approach to get better results?  I am at a loss as to how to get the
> > library to emerge from the stone age into the age of the Cheka, much less
> > that of the NSA, FSB, search engine profilers, botnets, packet sniffers,
> > spyware, etc.
>
> One might think that providing the Tor browser would be a no-brainer,
> but that's not the case in the Boise Public Library system. The

 Here, assuming that they have living brains may be unwarranted.

> bureaucratic inertia is a very real thing, so good luck getting them to
> install relays and exits too! First things first.
>
 I have never asked them to do any such thing.  All I've asked for was
the clients.  The answer has simply been "No" with no explanation whatsoever
provided.
 Sorry to hear that the Boise library is also in the Dark Ages. :--(  Be
careful not to get burned at the stake.


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Scott Bennett]

William Denton  wrote:

> On 4 October 2017, Scott Bennett wrote:
>
> > Let me give an example.  I have for at least ten years asked my local
> > public library to provide a) a secure shell client, b) a secure web browser
> > for ordinary use where anonymity is not a concern, c) a secure FTP client,
> > and d) the TBB for use by those who desire anonymity.  They have always
> > refused to budge.  They run an unsecurable OS on their public computers.  
> > They
> > provide only Internet Explorer for web access.  I'm unsure whether they 
> > still
> > allow any FTP access at all.  As you can imagine, they have severely limited
> > the usefulness of their computers to the library patrons they claim to 
> > serve.
> > I could not, for example, submit my on-line application to renew my flight
> > instructor certificate via the library's computers.

* I missed a beat here.  The procedure for renewing a flight instructor
certificate on-line includes an FAA requirement to "digitally sign" the web-
based application for renewal.  The procedure is a farce that bears no
resemblance to what the security community understands to be a digital
signature.  That also means that the FAA may *not* be in compliance with the
federal government's own standard

http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf)

The fact that the FAA's system is not in compliance with the above referenced
federal standard means that the FAA may possibly be in violation of the
Computer Security Act of 1987 and/or the Information Technology Reform Act of
1996.  But it was recommended to me by [identity withheld] that I *not*
contact the FAA to point out this problem to them in hopes of getting them to
correct it because they *allegedly* might revoke my instructor certificate for
not "properly" representing the FAA's view of things.  IOW, representing the
NIST's [correct] view of things could get me punished by the FAA.  I stress
here that I do not know whether that recommendation was accurate in its claim,
but I think it clearly illuminates the climate of fear and distrust that
exists toward all levels of government in the USA these days.  If simply
posting this here gets my CFI revoked, I will (attempt to) let you know.
(Actually, I'm not terribly worried, but I have to admit to the possibility.)

> > They have refused to let me speak with those making the decisions about
> > what is provided on their public computers, much less to make an organized
> > presentation to them.  I was told that the decisions about software on the
> > computers are made by the library board, not even by the IT staff.  What is
> > a good approach to get better results?
>
> I fear there is nothing you can do.  If they're like that, it's not going to 
> change until there's a new chief librarian or head of library IT.  Public 
> libraries can be terrible for problems like this.  When the right person is 
> in 
> the right job, they can move fast and experiment, but that's rare.  When a 
> library thinks offering only IE is the right thing to do, Tor must terrify 
> them.

 I was afraid that would be the response a presumably honest, IT-aware
librarian might give, but I didn't know until now.  Sigh.  Thanks for the
clear answer. :-(  FWIW, my guess is that the board is way too clueless to
be terrified, but rather that they simply are so hostile to any change,
especially when proposed by someone not a library employee, that they simply
cannot permit it, regardless of any other considerations.  That's, again, only
my guess, but I'm somewhat attached to it by experience. :->
>
> But if you can't speak to the public library board there's a problem much 
> bigger 
> than what they run on their computers!  That is just not right.  Public 

 My thoughts exactly.

> libraries have to be responsible to their public.  Could your city councillor 

 This is Illinois.  "Governmental bodies" and "responsible to their
public" are incompatible sentencemates here.  Please try your luck again.
(Hint:  land (,re}development deals are often viewed favorably.)  This is
the state that requires budgets to be balanced, but where lack of *any*
budget for nearly three fiscal years was not considered a breach of the
state constitution.

> help?  The local newspaper?

 My city councilcritter has generally been unreceptive to my suggestions
on all issues I have ever discussed with him.  The local newspaper was bought
up long ago by one of the media oligarchs.  It is marginally useful for local
news only, but not at all worth its price.  Most people don't bother with it,
so even if the handful of local reporting staff and editor were agreeable, it
would likely matter not a whit.  Much there has changed unrecognizably since
the days before it was bought out.
>
> Good luck!  It's a shame your local library is ignoring someone with your 
> expertise.
>
 Thanks, Bill.  Perhaps talking these things up with local social activists
with more energy than I 

Re: [tor-relays] Feedback wanted: letter to my university's library

[Kenneth Freeman]

On 10/03/2017 11:31 PM, Scott Bennett wrote:

>  They have refused to let me speak with those making the decisions about
> what is provided on their public computers, much less to make an organized
> presentation to them.  I was told that the decisions about software on the
> computers are made by the library board, not even by the IT staff.  What is
> a good approach to get better results?  I am at a loss as to how to get the
> library to emerge from the stone age into the age of the Cheka, much less
> that of the NSA, FSB, search engine profilers, botnets, packet sniffers,
> spyware, etc.

One might think that providing the Tor browser would be a no-brainer,
but that's not the case in the Boise Public Library system. The
bureaucratic inertia is a very real thing, so good luck getting them to
install relays and exits too! First things first.



0xDD79757F.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[I]

> -Original Message-
> From: ali...@torproject.org

> Yes, I do a basic training which includes HTTPS, cookies, software
> updates, passwords, and the like. It's both to educate the librarians
> into better practices and to help them teach classes to their patrons.
> That said, my organization has trained thousands of librarians on
> privacy and security issues, and thanks to our work you'll now find Tor
> discussed at major (and minor) library conferences, Tor Browser on
> public computers, libraries teaching privacy classes to their patrons,
> and the like. So I think things are improving.

Really good, Alison.




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Alison Macrina]

Scott Bennett:
> Alison Macrina  wrote:
> 
>> Scott Bennet> If he discovers that neither his campus library nor the
>> university as a
>>> whole is already officially running at least one relay, this may be a better
>>> way to teach them.  If, rather than going for a relay, which is quite likely
>>> to scare them until they understand more and better about tor, AJ were
>>> instead to campaign to get the library to install the tor browser bundle
>>> onto its publicly available computers, that alone would be a terrific
>>> coup and might engender a great deal of student support for tor on campus
>>> over time.  (The library would, of course, need to find a way to lock down
>>> the settings of the installed bundle, so that it couldn't be turned into
>>> a relay by users, but that should not be difficult to do.)  If he succeeded
>>> in getting the tor browser bundle added to the library's most likely tightly
>>> limited list of applications available on its public machines, he could then
>>> wait a while to see what the staff members thought of it.  If they decided
>>> after watching it in use for a while that it was a good thing to have made
>>> available to their users, you might then approach another department that
>>> operates a student computer lab to try to get TBB installed there.  If the
>>> library employees liked it, they might give the prospective department a
>>> positive recommendation.  If AJ played it right and it usually turned out
>>> well, he might eventually cover much of the campus with TBB installations.
>>> In any case, getting the TBB installed would educate far more people about
>>> anonymity and privacy issues than merely getting a relay installed that most
>>> people would never be aware of.
>>
>> This is a great idea, and the slides I shared in my last email could
>> help get this conversation started (the slides cover Tor Browser as well
>> as relays and other Tor stuff). If AJ is interested I can connect him
>> with other libraries I've worked with that have installed Tor Browser on
>> all of their public computers.
>>
>  I, for one, am very happy to know that Alison and her organization are
> making those materials available.  They have the potential to assist many
> people like AJ in making the public more aware of the issues and of the tools
> available to help it protect/recover its privacy and anonymity.

Thanks!

>  Alison, do you also have materials on using HTTPS where available
> instead of HTTP?  The dangers inherent in allowing Java or JavaScript to be
> enabled in one's web browser?  Cookies?  Tools like the HTTPSeverywhere and
> NoScript plug-ins for Firefox?  

Yes, I do a basic training which includes HTTPS, cookies, software
updates, passwords, and the like. It's both to educate the librarians
into better practices and to help them teach classes to their patrons.

> The reasons for avoiding the use of telnet
> clients and which tools to use instead for remote logins?  If not, they would
> make great additions, particularly pages that explain how to convince
> librarians about these matters?

Typically I don't cover remote login security because it's not something
that most librarians have a direct need for, and there's so much else to
cover.

>  Let me give an example.  I have for at least ten years asked my local
> public library to provide a) a secure shell client, b) a secure web browser
> for ordinary use where anonymity is not a concern, c) a secure FTP client,
> and d) the TBB for use by those who desire anonymity.  They have always
> refused to budge.  They run an unsecurable OS on their public computers.  They
> provide only Internet Explorer for web access.  I'm unsure whether they still
> allow any FTP access at all.  As you can imagine, they have severely limited
> the usefulness of their computers to the library patrons they claim to serve.
> I could not, for example, submit my on-line application to renew my flight
> instructor certificate via the library's computers.

Sadly, the situation you describe is fairly common in libraries. I have
had a lot of success helping many libraries make significant changes,
but it takes a lot of work building the relationship and convincing
their stakeholders that these things are important. I am a former
librarian too, and so I think they are more likely to listen to me.

That said, my organization has trained thousands of librarians on
privacy and security issues, and thanks to our work you'll now find Tor
discussed at major (and minor) library conferences, Tor Browser on
public computers, libraries teaching privacy classes to their patrons,
and the like. So I think things are improving.

>  They have refused to let me speak with those making the decisions about
> what is provided on their public computers, much less to make an organized
> presentation to them.  I was told that the decisions about software on the
> computers are made by the library board, not even by the IT 

Re: [tor-relays] Feedback wanted: letter to my university's library

[William Denton]

On 4 October 2017, Scott Bennett wrote:


Let me give an example.  I have for at least ten years asked my local
public library to provide a) a secure shell client, b) a secure web browser
for ordinary use where anonymity is not a concern, c) a secure FTP client,
and d) the TBB for use by those who desire anonymity.  They have always
refused to budge.  They run an unsecurable OS on their public computers.  They
provide only Internet Explorer for web access.  I'm unsure whether they still
allow any FTP access at all.  As you can imagine, they have severely limited
the usefulness of their computers to the library patrons they claim to serve.
I could not, for example, submit my on-line application to renew my flight
instructor certificate via the library's computers.
They have refused to let me speak with those making the decisions about
what is provided on their public computers, much less to make an organized
presentation to them.  I was told that the decisions about software on the
computers are made by the library board, not even by the IT staff.  What is
a good approach to get better results?


I fear there is nothing you can do.  If they're like that, it's not going to 
change until there's a new chief librarian or head of library IT.  Public 
libraries can be terrible for problems like this.  When the right person is in 
the right job, they can move fast and experiment, but that's rare.  When a 
library thinks offering only IE is the right thing to do, Tor must terrify them.


But if you can't speak to the public library board there's a problem much bigger 
than what they run on their computers!  That is just not right.  Public 
libraries have to be responsible to their public.  Could your city councillor 
help?  The local newspaper?


Good luck!  It's a shame your local library is ignoring someone with your 
expertise.


Bill
--
William Denton :: Toronto, Canada   ---   Listening to Art: 
https://listeningtoart.org/
https://www.miskatonic.org/ ---   GHG.EARTH: http://ghg.earth/
Caveat lector.  ---   STAPLR: http://staplr.org/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Scott Bennett]

Alison Macrina  wrote:

> Scott Bennet> If he discovers that neither his campus library nor the
> university as a
> > whole is already officially running at least one relay, this may be a better
> > way to teach them.  If, rather than going for a relay, which is quite likely
> > to scare them until they understand more and better about tor, AJ were
> > instead to campaign to get the library to install the tor browser bundle
> > onto its publicly available computers, that alone would be a terrific
> > coup and might engender a great deal of student support for tor on campus
> > over time.  (The library would, of course, need to find a way to lock down
> > the settings of the installed bundle, so that it couldn't be turned into
> > a relay by users, but that should not be difficult to do.)  If he succeeded
> > in getting the tor browser bundle added to the library's most likely tightly
> > limited list of applications available on its public machines, he could then
> > wait a while to see what the staff members thought of it.  If they decided
> > after watching it in use for a while that it was a good thing to have made
> > available to their users, you might then approach another department that
> > operates a student computer lab to try to get TBB installed there.  If the
> > library employees liked it, they might give the prospective department a
> > positive recommendation.  If AJ played it right and it usually turned out
> > well, he might eventually cover much of the campus with TBB installations.
> > In any case, getting the TBB installed would educate far more people about
> > anonymity and privacy issues than merely getting a relay installed that most
> > people would never be aware of.
>
> This is a great idea, and the slides I shared in my last email could
> help get this conversation started (the slides cover Tor Browser as well
> as relays and other Tor stuff). If AJ is interested I can connect him
> with other libraries I've worked with that have installed Tor Browser on
> all of their public computers.
>
 I, for one, am very happy to know that Alison and her organization are
making those materials available.  They have the potential to assist many
people like AJ in making the public more aware of the issues and of the tools
available to help it protect/recover its privacy and anonymity.
 Alison, do you also have materials on using HTTPS where available
instead of HTTP?  The dangers inherent in allowing Java or JavaScript to be
enabled in one's web browser?  Cookies?  Tools like the HTTPSeverywhere and
NoScript plug-ins for Firefox?  The reasons for avoiding the use of telnet
clients and which tools to use instead for remote logins?  If not, they would
make great additions, particularly pages that explain how to convince
librarians about these matters?
 Let me give an example.  I have for at least ten years asked my local
public library to provide a) a secure shell client, b) a secure web browser
for ordinary use where anonymity is not a concern, c) a secure FTP client,
and d) the TBB for use by those who desire anonymity.  They have always
refused to budge.  They run an unsecurable OS on their public computers.  They
provide only Internet Explorer for web access.  I'm unsure whether they still
allow any FTP access at all.  As you can imagine, they have severely limited
the usefulness of their computers to the library patrons they claim to serve.
I could not, for example, submit my on-line application to renew my flight
instructor certificate via the library's computers.
 They have refused to let me speak with those making the decisions about
what is provided on their public computers, much less to make an organized
presentation to them.  I was told that the decisions about software on the
computers are made by the library board, not even by the IT staff.  What is
a good approach to get better results?  I am at a loss as to how to get the
library to emerge from the stone age into the age of the Cheka, much less
that of the NSA, FSB, search engine profilers, botnets, packet sniffers,
spyware, etc.
 Disclaimer:  I confess that I have no idea how prevalent my public
library's attitudes and policies are among public libraries in the U.S. today,
so I can't make any claims about widespread need for the sort of materials
I'm asking about.


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *

Re: [tor-relays] Feedback wanted: letter to my university's library

[Alison Macrina]

Scott Bennet> If he discovers that neither his campus library nor the
university as a
> whole is already officially running at least one relay, this may be a better
> way to teach them.  If, rather than going for a relay, which is quite likely
> to scare them until they understand more and better about tor, AJ were
> instead to campaign to get the library to install the tor browser bundle
> onto its publicly available computers, that alone would be a terrific
> coup and might engender a great deal of student support for tor on campus
> over time.  (The library would, of course, need to find a way to lock down
> the settings of the installed bundle, so that it couldn't be turned into
> a relay by users, but that should not be difficult to do.)  If he succeeded
> in getting the tor browser bundle added to the library's most likely tightly
> limited list of applications available on its public machines, he could then
> wait a while to see what the staff members thought of it.  If they decided
> after watching it in use for a while that it was a good thing to have made
> available to their users, you might then approach another department that
> operates a student computer lab to try to get TBB installed there.  If the
> library employees liked it, they might give the prospective department a
> positive recommendation.  If AJ played it right and it usually turned out
> well, he might eventually cover much of the campus with TBB installations.
> In any case, getting the TBB installed would educate far more people about
> anonymity and privacy issues than merely getting a relay installed that most
> people would never be aware of.

This is a great idea, and the slides I shared in my last email could
help get this conversation started (the slides cover Tor Browser as well
as relays and other Tor stuff). If AJ is interested I can connect him
with other libraries I've worked with that have installed Tor Browser on
all of their public computers.

Alison
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Scott Bennett]

Alison Macrina  wrote:

> Hi AJ,
>
> Thank you for supporting Tor! I think it's a great idea to try to work
> with your university library to run a relay. I run the Library Freedom
> Project which helps libraries understand and use privacy tools
> (libraryfreedomproject.org). I can give you some advice based on my
> experience.
>
> William Denton:
> > On 1 October 2017, AJ Jordan wrote:
> >
> >> However I've just started college at the University of Rochester,
> >> which obviously presents a great opportunity to set up a relay on a
> >> really great network. I'm planning to reach out to the library with
> >> the following email and would love some feedback:
> >
> > Scott Bennett had excellent advice,
>
> +1
>
> > Academic libraries can be very experimental in some of their work, but
> > they are generally risk-averse.  (This is good, because they're in the
> > business of preserving knowledge and cultural artifacts for decades and
> > centuries.)  There is, I'm afraid, close to zero chance they would let a
> > non-employee student run a server on their network---and running Tor,
> > even a non-exit relay, makes the chances even lower.
> >
> > However, don't give up.  I suggest thinking about this as a long-term
> > project that could get you involved with the library, faculty and campus
> > IT.  There must be people on campus interested in privacy issues, who
> > know about Tor, and perhaps who have been thinking about running a
> > relay.  These people could be librarians or they could be professors or
> > grad students in political science, communcations, journalism, computer
> > science, privacy studies, etc.  Find out who they are and approach
> > them!  Perhaps there is a student club interested in the same
> > issues---if not, you could start one.  Students and student groups
> > advocating for a Tor relay or exit, while demonstrating the importance
> > of Tor and how it fits in with the library's and university's mission,
> > would very much help the project be successful.
>
> William's advice is good. You definitely need to begin by building a
> relationship with the library. Don't be discouraged by the amount of
> work this may take; the payoff might end up being a cultural shift
> wherein the library, university IT, and CS departments all work on this
> as a project together!
>
> You'll want to approach the library by showing that Tor is an excellent
> way to uphold the values of librarianship, which are privacy,
> intellectual freedom, and access. Really, be explicit about it; don't
> assume that they'll just get why you think it matters. Here's something
> I wrote about intellectual freedom + Tor Browser a while ago and you can
> borrow the arguments I've made:
> https://www.scribd.com/document/272919852/Alison-Macrina-The-Tor-Browser-and-Intellectual-Freedom-in-the-Digital-Age
>
> As William said, libraries are mostly risk-averse, so you also need to
> be ready to answer their questions about legal and technical concerns.
> LFP has collected some resources to help with all of that here:
> https://github.com/LibraryFreedom/tor-exit-package/blob/master/resources.md.
>
> Before you email the university librarian, I'd start by talking to some
> of the regular academic librarians about your ideas and gauge their
> responses. Ask them if they've heard of the Library Freedom Project and
> feel free to send them any of our resources. See if they think the
> administration would be receptive to you offering a presentation about
> Tor to library staff (even better if you can make it open to students
> and faculty, too, because that can get you more support). You are
> welcome to adapt these slides for that presentation:
> https://libraryfreedomproject.org/allabouttor/. Make sure to show them
> this academic library that has used their Tor relay as a teaching tool
> for students:
> https://boingboing.net/2016/03/16/first-ever-tor-node-in-a-canad.html.
>
 I second all of the above by both Bill and Allison, and I am grateful
that they were able to express better and in far greater detail much of
what I was trying to say, while adding their own ideas in similar detail.
 Reading Bill's and Allison's followups stimulated an idea of another,
and possibly better, approach that I hope AJ will consider and that may
even be more likely to be approved and have greater effect in the long run.
If he discovers that neither his campus library nor the university as a
whole is already officially running at least one relay, this may be a better
way to teach them.  If, rather than going for a relay, which is quite likely
to scare them until they understand more and better about tor, AJ were
instead to campaign to get the library to install the tor browser bundle
onto its publicly available computers, that alone would be a terrific
coup and might engender a great deal of student support for tor on campus
over time.  (The library would, of course, need to find a way to lock down
the settings 

Re: [tor-relays] Feedback wanted: letter to my university's library

[grarpamp]

If for library regarding preserving knowledge,
and other sales tactics

You might be able to present for supporting an anonymous
encrypted storage platform... such as Tahoe-LAFS, MaidSafe,
IPFS, Bitcoin full nodes, Zensystem.io, a Wiki, NNTP, there
are many more such "store of data / knowledge" things out there
to choose from... all over Tor or I2P or CJDNS.

For anti-correlation reasons you're not supposed to run some services
on the same box as a relay (or even anywhere administratively,
logically, or physically near the box), especially if the service
running on top does not itself fully encrypt and distribute the data
out of reach thus making seizure moot. Depending on that analysis,
you could present to also run the relay [on another box] to help
supply the 7x bandwidth and cpu impact the onion service has on
the relay network.

Anonymity overlay networks are nothing in themselves,
it's the applications and usage people run over them that
makes them useful. If the overlay network itself isn't interesting
enough to attract funding / approval / internet / hardware
from somewhere, maybe the applications riding on top can be.

You could also further tie it into doing some form of research,
education, outreach, overview, tech in operation presentations...
all "sponsored by: ". Many entities will bend over
backwards for a free name drop.

Or just sell it like a used car dealer... $1000 runs great!
Good luck ;)
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Alison Macrina]

Hi AJ,

Thank you for supporting Tor! I think it's a great idea to try to work
with your university library to run a relay. I run the Library Freedom
Project which helps libraries understand and use privacy tools
(libraryfreedomproject.org). I can give you some advice based on my
experience.

William Denton:
> On 1 October 2017, AJ Jordan wrote:
>
>> However I've just started college at the University of Rochester,
>> which obviously presents a great opportunity to set up a relay on a
>> really great network. I'm planning to reach out to the library with
>> the following email and would love some feedback:
>
> Scott Bennett had excellent advice,

+1

> Academic libraries can be very experimental in some of their work, but
> they are generally risk-averse.  (This is good, because they're in the
> business of preserving knowledge and cultural artifacts for decades and
> centuries.)  There is, I'm afraid, close to zero chance they would let a
> non-employee student run a server on their network---and running Tor,
> even a non-exit relay, makes the chances even lower.
>
> However, don't give up.  I suggest thinking about this as a long-term
> project that could get you involved with the library, faculty and campus
> IT.  There must be people on campus interested in privacy issues, who
> know about Tor, and perhaps who have been thinking about running a
> relay.  These people could be librarians or they could be professors or
> grad students in political science, communcations, journalism, computer
> science, privacy studies, etc.  Find out who they are and approach
> them!  Perhaps there is a student club interested in the same
> issues---if not, you could start one.  Students and student groups
> advocating for a Tor relay or exit, while demonstrating the importance
> of Tor and how it fits in with the library's and university's mission,
> would very much help the project be successful.

William's advice is good. You definitely need to begin by building a
relationship with the library. Don't be discouraged by the amount of
work this may take; the payoff might end up being a cultural shift
wherein the library, university IT, and CS departments all work on this
as a project together!

You'll want to approach the library by showing that Tor is an excellent
way to uphold the values of librarianship, which are privacy,
intellectual freedom, and access. Really, be explicit about it; don't
assume that they'll just get why you think it matters. Here's something
I wrote about intellectual freedom + Tor Browser a while ago and you can
borrow the arguments I've made:
https://www.scribd.com/document/272919852/Alison-Macrina-The-Tor-Browser-and-Intellectual-Freedom-in-the-Digital-Age

As William said, libraries are mostly risk-averse, so you also need to
be ready to answer their questions about legal and technical concerns.
LFP has collected some resources to help with all of that here:
https://github.com/LibraryFreedom/tor-exit-package/blob/master/resources.md.

Before you email the university librarian, I'd start by talking to some
of the regular academic librarians about your ideas and gauge their
responses. Ask them if they've heard of the Library Freedom Project and
feel free to send them any of our resources. See if they think the
administration would be receptive to you offering a presentation about
Tor to library staff (even better if you can make it open to students
and faculty, too, because that can get you more support). You are
welcome to adapt these slides for that presentation:
https://libraryfreedomproject.org/allabouttor/. Make sure to show them
this academic library that has used their Tor relay as a teaching tool
for students:
https://boingboing.net/2016/03/16/first-ever-tor-node-in-a-canad.html.


LFP is fairly well known and respected in libraries and so if it can be
beneficial to involve me further, I'm happy to assist!

Alison
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Jonathan Proulx]

Hi AJ,

not sure if anyone's brought this up, but you may want to look at:

https://libraryfreedomproject.org/

"
Library Freedom Project is a partnership among librarians,
technologists, attorneys, and privacy advocates which aims to address
the problems of surveillance by making real the promise of
intellectual freedom in libraries. By teaching librarians about
surveillance threats, privacy rights and responsibilities, and digital
tools to stop surveillance, we hope to create a privacy-centric
paradigm shift in libraries and the communities they serve."

In practice as I understand it this in large part involves Libraries
running Tor exits to facilitate their privacy and education goals.

-Jon

On Mon, Oct 02, 2017 at 11:51:42AM -0400, teor wrote:
:On 2 Oct 2017, at 01:18, AJ Jordan  wrote:
:
:>> find out what the rules around Internet usage
:>> are, and just set one up.
:> 
:> The problem is that logistically I can't without help,
:> unfortunately. I don't have a spare machine to run it on and more
:> importantly, I don't have access to a good wired connection. The only
:> Ethernet jack I know of is in my dorm room and I can't imagine it's
:> very good compared to a datacenter connection. So there's two things
:> I'd need from IT.
:
:You might be surprised.
:
:When I was at university, the Ethernet in my room was one hop from
:the campus fibre mesh network, so it was pretty good.
:(Of course, it was in Australia, so it would never have sent much tor
:traffic.)
:
:*If* it falls within your dorm's acceptable use policies, setting up a
:relay with a low RelayBandwidthRate would be a good way to see
:how well tor works on campus.
:
:But you need to make a judgement call, because having a dorm relay
:shut down might affect the library's willingness to run one.
:
:Tim
:___
:tor-relays mailing list
:tor-relays@lists.torproject.org
:https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[teor]

On 2 Oct 2017, at 01:18, AJ Jordan  wrote:

>> find out what the rules around Internet usage
>> are, and just set one up.
> 
> The problem is that logistically I can't without help,
> unfortunately. I don't have a spare machine to run it on and more
> importantly, I don't have access to a good wired connection. The only
> Ethernet jack I know of is in my dorm room and I can't imagine it's
> very good compared to a datacenter connection. So there's two things
> I'd need from IT.

You might be surprised.

When I was at university, the Ethernet in my room was one hop from
the campus fibre mesh network, so it was pretty good.
(Of course, it was in Australia, so it would never have sent much tor
traffic.)

*If* it falls within your dorm's acceptable use policies, setting up a
relay with a low RelayBandwidthRate would be a good way to see
how well tor works on campus.

But you need to make a judgement call, because having a dorm relay
shut down might affect the library's willingness to run one.

Tim
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[William Denton]

On 1 October 2017, AJ Jordan wrote:


However I've just started college at the University of Rochester,
which obviously presents a great opportunity to set up a relay on a
really great network. I'm planning to reach out to the library with
the following email and would love some feedback:


Scott Bennett had excellent advice, and I have a few suggestions along the same 
lines.  (I work in a unversity library.)


Academic libraries can be very experimental in some of their work, but they are 
generally risk-averse.  (This is good, because they're in the business of 
preserving knowledge and cultural artifacts for decades and centuries.)  There 
is, I'm afraid, close to zero chance they would let a non-employee student run a 
server on their network---and running Tor, even a non-exit relay, makes the 
chances even lower.


However, don't give up.  I suggest thinking about this as a long-term project 
that could get you involved with the library, faculty and campus IT.  There must 
be people on campus interested in privacy issues, who know about Tor, and 
perhaps who have been thinking about running a relay.  These people could be 
librarians or they could be professors or grad students in political science, 
communcations, journalism, computer science, privacy studies, etc.  Find out who 
they are and approach them!  Perhaps there is a student club interested in the 
same issues---if not, you could start one.  Students and student groups 
advocating for a Tor relay or exit, while demonstrating the importance of Tor 
and how it fits in with the library's and university's mission, would very much 
help the project be successful.


In other words, your goal is achievable, but I think you'll need different 
methods.  For a long-term Tor relay to run on a library or university server, 
they will need to be the ones running it, but a student could be the one to help 
convince them to do it.


Connecting Tor to ongoing or potential research would also be a big help.  If 
someone's going to run a server, they'll want to do more than just run it as a 
service.


Along the way, you might get a part-time job out of it, which is always a bonus. 
If they do workshops on privacy and online security you could help with them, or 
do peer workshops, etc.  (It's a lot easier to tell people about Tor, and show 
them how to use it, than to run a server, so it's a good first step.)


As for where to start, I suggest dropping by the Digital Scholarship Lab.  The 
digital humanities librarian looks like a good person to chat with.


http://humanities.lib.rochester.edu/

Good luck!

Bill
--
William Denton :: Toronto, Canada   ---   Listening to Art: 
https://listeningtoart.org/
https://www.miskatonic.org/ ---   GHG.EARTH: http://ghg.earth/
Caveat lector.  ---   STAPLR: http://staplr.org/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Scott Bennett]

"Tor Node Admin @ SechsNullDrei.org"  wrote:

> Hi AJ,
>
> First, thank you for supporting Tor!
>
> Second, you're smart to contact the library, as IT would immediately shut
> down the idea as they don't want to receive more abuse emails than they
> already do (I know we did when I worked in academia).  An additional
> resource you may wish to research is the https://libraryfreedomproject.org/
> by Alison Mecrina.  The resources available on this site speak directly to
> librarians on such issues.  Good luck!
>
AJ and any others in similar situations,
 I would add a few comments, beginning with the style of communications
with your university library.  When you wish to ask for some special
consideration, find out whom you need to talk with about your request, and
then make an appointment to visit his/her office in person.  Sending an email
message out of the blue and beginning it with "Heya!" is utterly inappropriate
and is not at all likely to get you anywhere.  You must act--and write--like
an adult, and formality in your initial written communications is essential.
They are not going to let someone acting like an ill-mannered adolescent run
a server on their department's equipment.  If you come across as a responsible
adult who makes a good impression and provides a good case for satisfying the
request, a case that looks good from the university's point of view, which is
to say, convincing them that it would benefit the university in some way, then
you may get somewhere with them.
 If you convince them, however, be prepared to find out that the staff has
decided to run the relay itself.  The department may well have to run it past
the university's legal department.  Because you are not acting as a university
employee, either or both departments may not be willing to make the university
liable for possible consequences of a non-employee's actions.  I know that, as
a systems programmer at the university here, I would never have let anyone out
of our group, much less outside of our department, do anything like running a
relay on a machine under my responsibility.  I wouldn't have risked having to
clean up someone else's mess, and my boss would have been apoplectic at the
idea.  The security issues would have overwhelmed everything.
 OTOH, you might still get lucky.  It would definitely be worth your time
to find out whether the university (e.g., through its computer center or
library) or some other individual, department, or college office is already
running one or more relays.  Faculty members at some universities have been
known to get special arrangements to run tor relays, even exits, on university-
owned equipment.  At some schools, faculty members would not likely even be
questioned about it.  Note, for example, that many individual faculty members
and sometimes even (paid) graduate assistants run web servers to publicize
their research and results.  Note that any networking staff will want to know
how much of the available network capacity your networking program (in this
case, tor) would require if the decision were to allow it.  Asking to run an
exit is almost certain to subject your request to legal department scrutiny,
so you might consider running a middle/entry node first for some time, say six
or twelve months, before asking to upgrade your relay to an exit relay.  That
would give time to establish your skill at managing a relay, responding well
and quickly when problems occur, to become personally known to the staff, and
so forth.  Once you've established a good reputation with them, they are more
likely to oblige you.
 In any case, best wishes for your attempt.  Please let us know whether
you pull it off and, if so, what you did that succeeded.


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Tor Node Admin @ SechsNullDrei.org]

Hi AJ,

First, thank you for supporting Tor!

Second, you're smart to contact the library, as IT would immediately shut
down the idea as they don't want to receive more abuse emails than they
already do (I know we did when I worked in academia).  An additional
resource you may wish to research is the https://libraryfreedomproject.org/
by Alison Mecrina.  The resources available on this site speak directly to
librarians on such issues.  Good luck!

Thank you for your email,
Isaac, t...@sechsnulldrei.org

-Original Message-
From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf
Of AJ Jordan
Sent: Sunday, October 01, 2017 3:20 PM
To: tor-relays@lists.torproject.org
Subject: [tor-relays] Feedback wanted: letter to my university's library

Hey, all!

I'm AJ; I've been lurking on this list for many years but have never had
cause to post. I've run a Tor relay (`strugees`) on AWS for a number of
years now, but haven't been able to dedicate all that much bandwidth to it
due to cost concerns.

However I've just started college at the University of Rochester, which
obviously presents a great opportunity to set up a relay on a really great
network. I'm planning to reach out to the library with the following email
and would love some feedback:

> Heya!
>
> I'm a new first-year student and I'm active in the technology activism 
> community. One of the things I'm very interested in is the Tor Project 
> (https://torproject.org), whose mission is to make it possible to 
> freely and anonymously use the internet, without fear of surveillance 
> or censorship. Tor is used by a wide variety of people
> - activists, journalists, corporations, law enforcement, and 
> individuals - to gain free access to information and speak their mind. 
> Tor is able to provide this free expression by utilizing a worldwide 
> network of relays run by volunteers. A relay can make a big difference 
> on the Tor network if it's run on a connection which is fast and has 
> lots of bandwidth - like the University's connection.
>
> I think it would be really cool if UR would donate part of its 
> internet resources to the Tor network. I considered directly 
> contacting IT, but I thought it actually made sense to talk to the 
> library first since the core values are actually really similar - 
> libraries and the Tor project both know the value and power of 
> unrestricted access to information and are dedicated to making 
> information available to anyone who wants it.
>
> If this is something that sounds interesting, I would love to chat 
> about this in person. I would also be willing to invest the time 
> needed to administrate the relay - I have several years of experience 
> doing this already, but haven't had access to the resources the 
> University has.
>
> Thanks very much!
>
> AJ Jordan

Does anyone who's done something like this before have any tips or
suggestions? Am I going about this in the best way?

Cheers!

AJ

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[AJ Jordan]

On Mon, Oct 02, 2017 at 07:08:35AM +0200, Moritz Bartl wrote:

> On 01.10.2017 22:52, teor wrote:
> > AWS is an expensive way to run a relay, because they charge per GB.
> > Capped providers can cost less, and you can use AccountingMax to
> > limit your usage.
> > 
> > Here's a list of providers that allow tor: 
> > https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
> 
> For non-exit relays, you actually don't have to limit yourself to ISPs
> that "allow Tor". Be careful with "unmetered/unlimited" offers. I would
> be honest up front in terms of data usage, and find out what kind of
> "fair use policy" the ISP has. Often, the customer support can give you
> an exact number, even if it's not stated anywhere on their website.

Thanks (to both you and Tim); this is really good advice. I'll look
into it... assuming I can find the time, of course :/

> I hope Alison can help you with the uni library. That's a really good
> idea. Internet and policies can be hugely different between different
> universities, so at least for non-exit relays, it should be pretty
> straightforward: Here also, I would suggest to first (without making a
> lot of noise about it) to find out what the rules around Internet usage
> are, and just set one up.

The problem is that logistically I can't without help,
unfortunately. I don't have a spare machine to run it on and more
importantly, I don't have access to a good wired connection. The only
Ethernet jack I know of is in my dorm room and I can't imagine it's
very good compared to a datacenter connection. So there's two things
I'd need from IT.

Cheers,

AJ


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[Moritz Bartl]

On 01.10.2017 22:52, teor wrote:
> AWS is an expensive way to run a relay, because they charge per GB.
> Capped providers can cost less, and you can use AccountingMax to
> limit your usage.
> 
> Here's a list of providers that allow tor: 
> https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs

For non-exit relays, you actually don't have to limit yourself to ISPs
that "allow Tor". Be careful with "unmetered/unlimited" offers. I would
be honest up front in terms of data usage, and find out what kind of
"fair use policy" the ISP has. Often, the customer support can give you
an exact number, even if it's not stated anywhere on their website.

lowendbox.com is a good place to find cheap virtual machines, for
example. Again, for non-exits (like the current "strugees"), I wouldn't
tell the ISP that what you're doing is pushing encrypted traffic for
some network. For exits, it's a bit more difficult.

I hope Alison can help you with the uni library. That's a really good
idea. Internet and policies can be hugely different between different
universities, so at least for non-exit relays, it should be pretty
straightforward: Here also, I would suggest to first (without making a
lot of noise about it) to find out what the rules around Internet usage
are, and just set one up.

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Feedback wanted: letter to my university's library

[teor]

> On 2 Oct 2017, at 07:20, AJ Jordan  wrote:
> 
> Hey, all!
> 
> I'm AJ; I've been lurking on this list for many years but have never
> had cause to post. I've run a Tor relay (`strugees`) on AWS for a
> number of years now, but haven't been able to dedicate all that much
> bandwidth to it due to cost concerns.

AWS is an expensive way to run a relay, because they charge per GB.
Capped providers can cost less, and you can use AccountingMax to
limit your usage.

Here's a list of providers that allow tor: 
https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs

> However I've just started college at the University of Rochester,
> which obviously presents a great opportunity to set up a relay on a
> really great network. I'm planning to reach out to the library with
> the following email and would love some feedback:
> 
>> Heya!
>> 
>> I'm a new first-year student and I'm active in the technology
>> activism community. One of the things I'm very interested in is the
>> Tor Project (https://torproject.org), whose mission is to make it
>> possible to freely and anonymously use the internet, without fear of
>> surveillance or censorship. Tor is used by a wide variety of people
>> - activists, journalists, corporations, law enforcement, and
>> individuals - to gain free access to information and speak their
>> mind. Tor is able to provide this free expression by utilizing a
>> worldwide network of relays run by volunteers. A relay can make a
>> big difference on the Tor network if it's run on a connection which
>> is fast and has lots of bandwidth - like the University's
>> connection.
>> 
>> I think it would be really cool if UR would donate part of its
>> internet resources to the Tor network. I considered directly
>> contacting IT, but I thought it actually made sense to talk to the
>> library first since the core values are actually really similar -
>> libraries and the Tor project both know the value and power of
>> unrestricted access to information and are dedicated to making
>> information available to anyone who wants it.
>> 
>> If this is something that sounds interesting, I would love to chat
>> about this in person. I would also be willing to invest the time
>> needed to administrate the relay - I have several years of
>> experience doing this already, but haven't had access to the
>> resources the University has.
>> 
>> Thanks very much!
>> 
>> AJ Jordan
> 
> Does anyone who's done something like this before have any tips or
> suggestions? Am I going about this in the best way?

I've CC'd Alison, who heads up the Library Freedom Project.
She has a lot of experience working with libraries and tor relays.

Tim___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays