(watch very closely for removal of this title)
September 15, 2014 9:51 PM   Subscribe

 
Of course it is universally agreed that "stunt modding" is harmful but it would be super funny if they temporarily turned Jessamyn's mod powers back on just so she could delete this post without comment.
posted by nanojath at 10:51 PM on September 15, 2014 [13 favorites]


Hooray for the Watertown Free Public Library! I live equidistant from there and my own town's library, and one day I just started going to Watertown instead, and never looked back. If you live near Watertown, check out their library. Also, hooray for the EFF and the ACLU, as always.

Oh yeah, and hooray for Jessamyn, but I definitely have no objectivity there...
posted by not_on_display at 10:56 PM on September 15, 2014 [2 favorites]


library tradecraft is now a thing, sigh. i'm all in favor of ninja librarians, but...

1. is the tor browser really secure? as i recall, it was developed by the US navy, hardly a bastion of robust anti-statism, and look what happened to silk road.

2. the warrant canary won't protect the very first patron who's a target of a national security letter, so...advanced techniques!

for an inappropriate book, i'd be tempted to take it into the john, sit on one of the thrones, put on google glass and blinkphoto my way through it as fast as i could turn the pages. for inappropriate online activities, well, i'm pretty well-known at my two nearest libraries, so they're out. 100 miles inland, nobody's ever heard of me, fake name if there's a signup sheet, fake beard and hat to make me look like one of the duck commander people if there's a camera, and of course, parking my truck a good way away from it so...i can get a nice walk in.

of course, i don't actually READ inappropriate books or DO inappropriate online activities, my activities are boring as shit, but i love spy literature and welcome any opportunity to use its lessons IRL, so keep those tips coming!
posted by bruce at 11:19 PM on September 15, 2014 [1 favorite]


of course, i don't actually READ inappropriate books or DO inappropriate online activities

Yes, of course you don't.

Of course.
posted by hippybear at 11:47 PM on September 15, 2014 [2 favorites]


This is not how libraries work near me. Libraries in London all have Police notices next to their computers warning users that the libraries work with the police to prevent viewing "inappropriate" material and that accessing "certain" material could constitute a criminal offence.
posted by Another Fine Product From The Nonsense Factory at 11:49 PM on September 15, 2014 [1 favorite]


Huzzah for radical ninja librarians!
posted by homunculus at 12:29 AM on September 16, 2014


for an inappropriate book, i'd be tempted to take it into the john, sit on one of the thrones, put on google glass and blinkphoto my way through it as fast as i could turn the pages.

Your cloud provider and the government would like to extend a heartfelt thank you for providing verifiable proof of looking at inappropriate materials.
posted by mcrandello at 12:54 AM on September 16, 2014


is the tor browser really secure?

Define "secure".

Tor and the Tor Browser Bundle are open source. You can read all of the source code if you like and look for bugs and backdoors.

Of course, you have to download the source code first. All source releases are signed, so just fire up GNUPG and check the signature. Of course, you have to have the signing key the source code was signed with. Which you also have to download from the Internet. But you're all good if the signer's key has been signed by other people you've elected to trust because you know them in real life.

Don't have any trusted keys? Bummer. Well, at least the signature matches.

Now you can do your security audit and compile the source code. I hope your compiler's not backdoored.

No problem! "Just" audit the compiler source code, compile it, and use that audited compiler to compile Tor. Whoops: what if the compiler you used to compile your audited compiler source code was itself backdoored in such a way that it inserts backdoors into compiler binaries even if it's compiling clean source code? (Ken Thompson spoke on this many years ago [1]. There are techniques to mitigate [2].)

Okay, so let's assume the Tor source code is clean and so is your compiler. Is your OS? If you're using the TBB on Windows, I'd be more concerned about the security of Windows than of Tor. I don't know if they still do it, but Microsoft used to disclose software vulnerabilities in their products to the NSA before disclosing them to the public and fixing them. This was to allow the NSA time to exploit these bugs. To my knowledge no such shady security practices have ever clouded the Tor project.

The point of all of this is that if you want secure communications, your best bet is to junk your computer and take the person you want to communicate with deep into the woods and talk in whispers. If you absolutely must communicate at a distance, use one-time pads [3].

Of course, most people need more flexibility in communicating and are willing to accept some tradeoffs. Tor is more convenient and effective than whispers in the woods, but less secure. For avoiding mass surveillance, it is potentially quite powerful. There are possible attacks on Tor, but unless Tor is broken completely, even a major government is going to have to really want to know what you're saying/browsing to find out.

This is all to say that Tor may or may not be "secure" (depending on your definition of secure), but it is almost certainly more anonymous than browsing/chatting/etc. without Tor. If your adversary is a major government and you're in its territory, and they want your information, Tor's security is the least of your concerns.

as i recall, it was developed by the US navy, hardly a bastion of robust anti-statism,

The U.S. Navy most certainly is a bastion of robust anti-statism. It was anti the Soviet state, anti the North Vietnamese state, anti the Iraqi state (twice), etc.

It just depends on what state you're talking about. Tor is a tool that can allow democratic (or, at least, pro-U.S.) entities to communicate anonymously even in oppressive states.

and look what happened to silk road.

If you believe the FBI, it wasn't any fundamental weakness in Tor that led to the Silk Road takedown. It was a misconfiguration of part of the Silk Road web app that leaked information over a non torrified connection. A number of missteps on the part of the Dread Pirate Roberts helped them track him down.

If you don't believe the FBI, and you think that the U.S. government has broken Tor, you have to question whether they would risk overplaying their hand (with the whole "it was just old-fashioned police work" gambit) and potentially revealing to the world that Tor is no longer anonymous. As when the Allies figured out the Enigma system in WWII, having broken Tor is only useful if people don't know you've broken it. I would question whether the U.S. government would risk losing years of foreign and domestic intelligence that could be gleaned from Tor just to bust a drug ring.

Yes, for what it was, the Silk Road was remarkable. But it was still a miniscule fraction of the drug trade in the U.S. and especially abroad.

[1] http://cm.bell-labs.com/who/ken/trust.html
[2] http://www.dwheeler.com/trusting-trust/
[3] http://en.wikipedia.org/wiki/One_time_pads
posted by jingzuo at 1:10 AM on September 16, 2014 [17 favorites]


do all google glass images necessarily have to be stored in the cloud, or can they be stored locally on my own server or the glass itself?

"it's clouds illusions i recall, i really don't know clouds, at all."
posted by bruce at 1:14 AM on September 16, 2014 [1 favorite]


on failure to preview, thank you jingzuo for your comprehensive answer. "secure" means either absolutely unbreakable, akin to a one-time pad, or unbreakable with reasonably projected computing power between now and when the sun goes nova, which is a difficult assessment for me because i'm a lawyer, not a technologist. i get your point about the many potential failure points and regrettably, i don't know shit from shinola about examining source code.

i commented about this awhile back, what i wanted was an airgapped dedicated box where i would enter the plaintext, it would render ciphertext on its screen, which i would then type into my laptop. i told metafilter i was trying to "sing this into being" and it would skip over all the problems you mentioned with compilers, operating systems, browsers, etc. assume that i have exchanged asymmetric keys in advance with alice, and that our adversary is satan. there should rightly be a simple hardware and software protocol whereby i could communicate securely with alice without satan knowing what we were up to, and this protocol should be cheap enough that it could be sold to the masses to free them from government/corporate surveillance.

since you obviously know more about this than i do, is what i propose doable? is there a simple solution that will save me from having to drive 100 miles and go into a strange library looking like a duck commander?
posted by bruce at 1:56 AM on September 16, 2014


bruce: If you're certain that Alice's public key really belongs to Alice, and that her private key hasn't been compromised, you should be able to communicate your ciphertext to her by any means you like. Paste it into an email. Communicate it over ham radio by Morse code. Whatever you like. The communication should be private, unless the crypto has been broken. The communication is not anonymous, however. A sufficiently interested party would be able to find out that you communicated something to Alice, just not what.

If you want the communication to be anonymous and private, then you might need to drive 100 miles and wear a costume when you send your message. And, of course, only you are anonymous. It will be obvious that Alice has received a message, just not from whom.

Tormail tries to solve this problem. It's an email service that operates as a Tor hidden service.

As far as your theoretical airgapped machine goes, I'm sure something like that could be built. Hardware can be fundamentally compromised by the manufacturer (Wheeler, who I referenced above, talks a bit about that), but if it hasn't been, a purpose-built piece of cryptography hardware would basically be a digital Enigma machine. Or it could store digital one-time pads or what have you.

The technology isn't really the problem, though. Most adversaries, even exceptional ones like the NSA, don't appear to have broken currently recommended strong crypto. They subvert secure communications by other means. Like TEMPEST. [1] So you put your crypto machine in an underground concrete bunker so they can't detect the signals. But you're going to go to work at some point. Or on vacation. Then they send in the Evil Maid. [2] When you get back, you fire up your machine and type out a message, and the plaintext is stored to be retrieved the next time you leave the house.

And so forth. Of course, it's impossible to be totally secure and to mitigate every potential threat. Even a one-time pad is useless if your adversary gets a hold of a copy. A security consultant (which I am not, but I'm sure there are some on MeFi who might chime in) would probably recommend developing a threat model, i.e. identifying likely adversaries and their likely routes of attack, then devising ways to mitigate those attacks.

There's a lot of excellent and well-reviewed crypto out there already. The trouble is always getting people to use it. If people won't download gpg4win and Enigmail, they won't likely be willing to type a ciphertext into their laptop.


[1] http://en.wikipedia.org/wiki/Tempest_%28codename%29
[2] http://en.wikipedia.org/wiki/Rootkit#Bootkits
posted by jingzuo at 3:12 AM on September 16, 2014 [5 favorites]


Coincidentally, there are two kids' book series out now: The Ninja Librarian and The Ninja Librarians.

A meme who's time has come?
posted by fairmettle at 3:31 AM on September 16, 2014


At my old library, we had a nailgun in the server room for quick application to select drives in case the feds came calling. This was an academic library and we were more concerned about a student's late night on Pirate Bay ruining the rest of their education than the NSA.

At my new, public library many privacy options fall apart in favor of practicality. "My eight year old checked out dozens of Fairy Books. What do you mean I need her permission for you to tell me if they are all returned? She's eight. I need to know if all her books are returned so she doesn't get fined." We're currently going round and round about privacy vs practicality. Our computers clear their browsers when a new patron logs on, which is fine, but I'm not sure we can do more than that and still meet patrons' needs. Tor is going to confuse grandma, not bother Online Gambling Guy, and reinforce Worried About Cults Lady's suspicions.
posted by robocop is bleeding at 3:43 AM on September 16, 2014 [10 favorites]


The problem with using Tor and Tormail and such is that, as soon as you do so (or show an interest), you immediately get flagged as a person of interest. From then on, it's a race between you and the NSA, and that's one you're not going to win unless you're extremely paranoid in a particularly knowledgeable way and have the tradecraft down pat. (Edward Snowden could just about pull it off; Random Cypherpunk Dude probably would fall into one of the traps off to the side.)
posted by acb at 3:48 AM on September 16, 2014


For libraries that use a bar code scanner to check out books, just copy the bar code from an innocent book and paste it over the code on your copy of 'Chemistry for Anarchists' or whatever.
posted by hexatron at 6:02 AM on September 16, 2014


In college, I worked a job in the library acquisitions department. Since I worked the 3:00-8:30 shift, the position was called "Acquisitions Night Crew." Before my first day of work, I was sitting in my dorm room talking to a woman I had just met a couple days before. I mentioned that I had work, she asked what the job was, and I said "at the library, the Acquisitions Night Crew." Immediately she shouts 'YOU'RE A NINJA! YOU BREAK INTO OTHER LIBRARIES AS A NINJA AND STEAL THEIR BOOKS." Because I was an idiot, I actually tried to talk her out of it, and explain what the job was, rather than rolling with it. It's a testament to my good luck that she eventually married me anyway.

This is my immediate association with ninja librarians.
posted by Bulgaroktonos at 6:09 AM on September 16, 2014 [12 favorites]


The single best thing that libraries do to protect privacy is to wipe circulation records as soon as materials are returned. It is a standard feature of all commercial circulation systems. Subscription databases should wipe search histories and probably don't, but it hardly matters, since there is no record of who made the search unless the patron signs in, which most don't. Sign-in sheets for who used public computers when should be destroyed at the end of every working day. If you don't know, you can't be made to tell.

Everyone should remember that librarians are professionally interested in censorship and surveillance, not because we are good people, but because we have a long history of working as censors and police spies. We are naturals for the role. We are interested in what you are reading. We have strong private opinions about what you should be reading. We are very good at remembering esoteric details of book location. We are not very brave. It is easy to intimidate us into reporting all your reading to the police and into making sure you never even see books the state does not approve of. So, we make sure that we can't do any of those things, even if threatened, even if we want to.
posted by ckridge at 6:26 AM on September 16, 2014 [7 favorites]


jingzuo: "The point of all of this is that if you want secure communications, your best bet is to junk your computer and take the person you want to communicate with deep into the woods and talk in whispers. If you absolutely must communicate at a distance, use one-time pads [3]. "

Yeah, but they have like super ultra high def mics. What you gotta do is lipread, and voiceless move the mouth, then shield your mouth from outside scanning via a well placed lead tube. Actually, it's best if you just have a lead box placed around your heads (or a lead chamber if you want full body protection), because otherwise they can work to detect your overall movement of facial muscles and neck muscles to discern your words. The only way is to prevent scanning completely of your entire linguistic/vocal apparatus, and probably just easier for a big 2 person lead chamber in the middle of the woods, underground. But do not talk, lipread only.
posted by symbioid at 6:49 AM on September 16, 2014


From yesterday: Analysis of Privacy Leakage on a Library Catalog Webpage.

As robocop is bleeding alluded to, one of the debates in library technology concerns how to balance patron privacy with enabling functionality that patrons want (or that we think they want).

For example, immediately detaching the record of a loan from the patron who made it, in conjunction with making sure not to hold on to backups too long, can prevent the FBI from going on a fishing expedition later. But if you do that, it's harder for a patron to keep track of what they've checked out in the past. It's also harder to build a kick-ass recommendation engine for the catalog if you don't keep the data.

Also, nowadays, most library catalogs aren't just self-contained silos. Most of the third-party services that Eric Hellman mentioned in the post I linked to have defensible reasons for being there. After all, can you imagine a catalog without book jacket images? And it can be handy for the impatient to be able to buy a book right from the catalog. The problem, of course, is that every new third party exposes patrons to privacy leakage.

To top it off, there actually isn't a clear consensus about patron privacy among library technologists. A position that occasionally comes up is the feeling that FBI raids on library circulation data are a thing of the 1970s, and that making efforts to protect patron privacy end up being overly paternalistic. In other words, if the patrons don't value privacy, why should we librarians? And if we add options to the catalog to opt-in or out of certain types of data retention, would most patrons understand the implications?
posted by metaquarry at 7:17 AM on September 16, 2014 [1 favorite]


Everyone should remember that librarians are professionally interested in censorship and surveillance, not because we are good people, but because....

...but because in the US at least we have an entire professional organization which is tens of thousands strong which has professed professional values against censorship and in favor of your personal right to read whatever the heck you want, even if you are a kid.

I get what ckridge is saying, these are government employees with a lot of your personal information and people are not that into trusting the government in the US, many of us. At the same time, I don't know about your librarians but mine, even in my small town, were threatened by the police and told them to come back with a warrant. Like everything, but particularly anyone who works for a public institution, you need to prove this sort of thing every day and not just rest on your reputation as good people. But that fact that I might have strong private opinions about what you are reading has fuckall to do with whether I think cops or feds or the NSA or other people have any right to that information. And I don't know about you ckridge, but if I'm protecting patron privacy, I am brave. But not everyone in the profession is.

All that said, I have mixed feelings about the Tor suggestion only because it can insert a level of complexity into technology that is already a bit challenging for people (librarians as well as patrons) and while I'm super into it as a privacy option I'm concerned about sending the "computers are hard" message to librarians who may not be up for it. I'm all in favor of making the process simpler and the library experience more secure for patrons and staff. I look forward to seeing where this will go.

if the patrons don't value privacy, why should we librarians?

This is the hardest part. The message frequently sent is that patrons don't care about privacy. This message is, to my mind, crafted by bigger businesses who traffic in patron/user data and would love to get their hands on library data and are being hamstrung by our insistence on privacy concerns. THAT SAID, I've always thought that the solution to this would be to have libraries come up with their own ways to encrypt and/or anonymize patron data so that we could use "You might also like..." types of features with the patrons full consent and understanding. Patrons may like privacy but they don't like hassle and they've been led to believe that more privacy = more hassle. The more I've been feeling lately that using technology involves (moreso lately) an awful lot of non-consensual interaction and I'd like that to stop. It's yet another complex issue that winds up being put on the back burner until we've "solved" the digital divide and I think actually issues like this (people wanting privacy, businesses not wanting to provide it) are helping to exacerbate that divide and not smooth it over.
posted by jessamyn at 7:36 AM on September 16, 2014 [15 favorites]


In high school, I was one of the librarian's pets. There were a half dozen of us who spent our lunch hours and any other little scraps of free time, sitting around the circulation desk with her. This was before computers. Each book had a card in it. To check the book out you wrote your name and the date on the next line on the card, and handed it in at the desk before you left the room with the book. The cards represented all the books that were currently checked out, and who had them.

One of the things we did there, was use big black markers to black out all the names of people who had previously checked out books. She started by bringing carts out of the stacks, with selected books that were potentially controversial, and then we moved on to the general mass of other books.

And we were all in on the conspiracy to not let the gym teacher know what we were doing. That jerk... I bet he'd have been the first to expose which students had checked out banned books, if he'd been smart enough to think of it before we blacked 'em all out.

Anyway, I have fond memories of ninja librarianism in the days before computers. I love to know that this is still ongoing.
posted by elizilla at 8:03 AM on September 16, 2014 [15 favorites]


If you are on the watchlist it is trivial for them to get a warrant. Probably one mouse click. There are 680 000 people on the watchlist according to the intercept story, most of them (may be should be "us", not "them"?) have no known affiliation to any suspected terror group.

I have not yet read every word of the 166 pages of the watchlist guidance document which is written in eyes-glazing-over government-employee style, but I would be really interested in a discussion of practical tips for staying off that list and being able to get through an airport or a customs line without setting off the brain-dead alarms. I own a Koran and a Qutb book and an Ayatollah Khomeni book I bought from an online bookseller. According to the New Republic the most suspicious reading material is Islam for Dummies.

Anybody know a decent HOWTO for staying off the list?
posted by bukvich at 8:06 AM on September 16, 2014 [1 favorite]


And another thing from yesterday: Libraries Balk at OverDrive Changes.

OverDrive is a service that many libraries use to lend ebooks. For years, patrons using the service have had to have an Adobe account to unlock DRM on many of the ebooks. While the insistence on DRM has more to do with the publishers than OverDrive itself, dealing with it has caused any number of usability problems and untold numbers of questions to libraries using the service.

OverDrive is now dropping the need for an Adobe account, but the catch is that new users apparently need to register with OverDrive instead.

This requirement could expose a new privacy loophole, as hithertoo I think it's been possible for libraries to keep personally identifying patron information out of the hands of OverDrive — as all that OverDrive and similar services should need to know is that a given session is associated with a valid patron of the library, not who that person is.

Another issue, from libraries' point of view, is that OverDrive is but one of several ebook lending platforms. If patrons start thinking (more than they already do) in terms of OverDrive, or 3M, or whatever, rather than borrowing ebooks from the library, the less leverage libraries could have during negotiations.

Having to use third-party services is a fact of life for most libraries — and it requires constant vigilence to ensure that their privacy polices and practices are strong enough.
posted by metaquarry at 9:57 AM on September 16, 2014 [2 favorites]


Okay, so let's assume the Tor source code is clean and so is your compiler. Is your OS?

TAILS does a good job of mitigating this (but only mitigating).

Also, for those of you that did not know it: CryptoCat allows not only encrypted chat, but also file transfer, encrypted in the browser. So TAILS for a temporary operating system with a TOR-enabled browser for anonymity and then CryptoCat for actual traffic encryption. You could do worse.

You'd still, unfortunately, need to dress funny and drive 100 miles to an unfamiliar library.

Anybody know a decent HOWTO for staying off the list? - That's the problem with these damn 'lists': the nofly list, the persons of interest list, the whatevers-next list: just wanting to stay off the list puts you on the list.
posted by eclectist at 10:31 AM on September 16, 2014


This is not how libraries work near me. Libraries in London all have Police notices next to their computers warning users that the libraries work with the police to prevent viewing "inappropriate" material and that accessing "certain" material could constitute a criminal offence.

Yeah. Just because one is a librarian, doesn't really mean they give a shit about any issue a "ninja librarian" would give a shit about.

I'm more familiar with librarians that restrict book&internet access for the destitute, children, and elderly than I am with librarians who uphold the rights do their patrons.
posted by hal_c_on at 11:54 AM on September 16, 2014


Yeah, but they have like super ultra high def mics. What you gotta do is lipread, and voiceless move the mouth, then shield your mouth from outside scanning via a well placed lead tube. Actually, it's best if you just have a lead box placed around your heads (or a lead chamber if you want full body protection), because otherwise they can work to detect your overall movement of facial muscles and neck muscles to discern your words. The only way is to prevent scanning completely of your entire linguistic/vocal apparatus, and probably just easier for a big 2 person lead chamber in the middle of the woods, underground. But do not talk, lipread only.

No, that'd just flag you for extra attention.

A better idea is to do everything out in the open where they can see you, but to figure out exactly how they sort the wheat from the chaff and make sure that your actions are discarded as insignificant early on in the data-acquisition stream. (After all, even with black budgets and reptilian-alien technology, bandwidth and processing power are finite.)
posted by acb at 12:31 PM on September 16, 2014


Just because one is a librarian, doesn't really mean they give a shit about any issue a "ninja librarian" would give a shit about.

Yes and no. There are professional values, in the US and in other countries, that are core to the profession. That doesn't mean that everyone shares them or upholds them, certainly, but it does mean that they are professional values. Whether people decide to be activist about the things they care about is professionally more of a personal choice. I find it useful. Other people find it distasteful.

There are pressure points in the profession that a lot of people are split on. How far to defend patron privacy is one. How much to defend a child's right to read without parental oversight is another (MPAA guidelines are guidelines not laws, for example). Serving the homeless and other frequently-marginalized community members (prisoners, poor, undocumented, disabled) is usually less controversial but sometimes a point of disagreement. I'm sorry you're not familiar with more forward thinking librarians in your community. Based on the geographic location in your profile, I could definitely suggest some if you were interested, or offer suggestions on how to work within the system you have to try to get to more of a system you'd want.
posted by jessamyn at 1:48 PM on September 16, 2014 [3 favorites]


Ninja librarians are the "unsung heroes" who are quietly but firmly maintaining our freedom. What I especially like is that it's policy now, across the board, every library, to keep the patrons' privacy a priority.

The books I check out couldn't be more bland, but I'm just dumb enough that if I saw an article on the web that made me wonder how on earth something like that could be, I might go check out a bunch of books to explain the history and development of some subject that could seriously backfire on me if our police state becomes even more powerful. It's nice to know the library policies would simply eliminate my book check-out list as a matter of course.
posted by aryma at 1:57 PM on September 16, 2014


i commented about this awhile back, what i wanted was an airgapped dedicated box where i would enter the plaintext, it would render ciphertext on its screen, which i would then type into my laptop.

To keep raining on your parade, this is practically unworkable. Typing the ciphertext is a giant pain in the ass, and you have to get it exactly right--any transposition or omission will result not in a slightly-garbled plaintext, but rather an unrecoverable error.

The text of "Mary Had a Little Lamb," symmetrically encrypted with the passphrase "hello!", looks like:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

jA0EAwMC/kOIkMwLNElgycAFVw+twuaOnLb46LJyL1RL/9ePt6BlZDvZCUeMQ24Q
ny//87O563vFuD4OmCIFx5bVsExxJAM5T1njcESNUQ/31BoaYQtb5hxXIRwVMeTb
2AMX3MjI04kBwZSfetTA/jkWvBEXhJA2/WCrn9XX9yn5PgWgH9fg5YioozIjX/ya
epY0roMbnTb1M/tIOJCfMgQbGNI0E27DP6sN9/asVQwNRfIBoZmaAvonsHN0WNUx
VttPrbDLpKpJIWoEN95W8JoX2D5p/9g=
=T1VS
-----END PGP MESSAGE-----


If you can transcribe that whole thing error-free, you're a better typist than I am. What's worse, ciphertexts using asymmetric encryption will be significantly longer...

So, you're probably stuck using either a wire or some kind of media to transfer data to your decryption machine. That's ok, though! Consumer encryption is actually reasonably secure. If you aren't being specifically targeted for investigation, using products like TOR and GPG should keep you clear of the dragnet searches. For now. Probably.
posted by I've a Horse Outside at 3:46 PM on September 16, 2014 [2 favorites]


Great post!

Some more links: We Are All Suspects: A Guide for People Navigating the Expanded Powers of Surveillance in the 21st Century (pdf)

Relevant websites

ACLU | ACLU of Massachusetts
PrivacySOS.org (Blog | FAQ makes the case for privacy.)
Urban Librarians Unite
Radical Archives
IThe International Federation of Library Associations and Institutions (IFLA)
Tor (about and blog)
HTTPS Everywhere("HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.")
posted by joseph conrad is fully awesome at 4:04 PM on September 16, 2014 [2 favorites]


(Shedding a small tear for my beloved tags: radicallibrarianshiplibrarians libraries publiclibraries Massachusetts surveillance ACLU chillingeffect freespeech rightnottobetracked privacy privacyrights AlisonMacrina Watertown Boston Massachusetts RadicalReferenceCollective AprilGlaser ElectronicFrontierFoundation netneutrality digitalrights intellectualinquiry intellectualfreedom informationprofessionals UrbanLibrariansUnite and RadicalArchives JessieRossman KadeCrockford technology computers internet datacollection data ) Oh tags I love you...
posted by joseph conrad is fully awesome at 4:05 PM on September 16, 2014 [1 favorite]


Shedding a small tear for my beloved tags:...

I am now hoping that somebody on MeFi Music will take that as inspiration for composing the Ballad of the Second Place Library MetaFilter Post.

posted by metaquarry at 4:21 PM on September 16, 2014 [2 favorites]


jingzuo: ... if you want secure communications, your best bet is to junk your computer and take the person you want to communicate with deep into the woods and talk in whispers.

Or just use the Cone of Silence.

eclectist: That's the problem with these damn 'lists': the nofly list, the persons of interest list, the whatevers-next list: just wanting to stay off the list puts you on the list.

"That's some catch, that Catch-22."
"It's the best there is."
posted by Greg_Ace at 9:03 PM on September 16, 2014 [1 favorite]


If you can transcribe that whole thing error-free, you're a better typist than I am.

Some of us practiced doing similar things decades ago with our C-64 computer and the magazines with programs published in the back. One tiny mistake, nothing worked. After a while, you develop systems to make such sorts of transcription less... arduous.
posted by hippybear at 12:22 AM on September 17, 2014 [1 favorite]


robocop is bleeding: "At my old library, we had a nailgun in the server room for quick application to select drives in case the feds came calling. This was an academic library and we were more concerned about a student's late night on Pirate Bay ruining the rest of their education than the NSA."

If the feds come calling, it's a bit too late to start destroying evidence. In fact, the name of the crime you're describing here is 'spoilation of evidence.' And if you were a librarian at a state university, I imagine there were other concerns.

I'm told the best way to not hand over data in the face of a subpoena is to not have that data in the first place.
posted by pwnguin at 8:41 AM on September 17, 2014


Our director had a flair for the dramatic - it was more a statement to the administration/IT that if they did dumb stuff, there would be damage.

Also, he got to buy a nailgun on the university's dime.
posted by robocop is bleeding at 11:53 AM on September 17, 2014 [1 favorite]


Related, about metadata: Just how much information can be squeezed from one week of your metadata? (Naked Security)
posted by joseph conrad is fully awesome at 1:37 PM on September 17, 2014


> communicate your ciphertext to her by any means you like. Paste it into an email. Communicate it over ham radio by Morse code.

On the other hand, if your intention is to avoid legal attention, perhaps it best not to
violate federal law so obviously and directly.
posted by one weird trick at 2:50 AM on September 18, 2014


« Older Festival of Bad Ad Hoc Hypotheses, bolstered with...   |   Selected Lectures on Science and Engineering in... Newer »


This thread has been archived and is closed to new comments