Thanks for a great session today everyone! I think we’ll do a follow up on Privacy Tools 101 during week 5. I’ll get the wiki updated for that soon. In the meantime, let’s discuss what we talked about today:
How can we use threat modeling in our everyday work?
If you’re teaching privacy, talk about some teaching strategies that work for you. What are some challenges you’ve faced? What are some resources you love to use?
Complete one day of the Data Detox Kit and talk about what you learned.
Also, make sure to schedule time with me soon to talk about your initial small group work ideas!
I think in order to use threat modeling in our day-to-day lives is to practice what we preach, and also take a hard look at what our personal threat model is, that way we can illuminate it a little easier for our patrons/fellow librarians. It’s hard to teach a threat model if you don’t know what yours is. Ars has a good little write up that I find amusing:
That article is also how one of my teaching strategies, I try my hardest to mix in seriousness and levity. I find if people are laughing they are more engaged, so making things fun is very important to me when I teach (and life in general). My greatest challenge is attendance. I can have 10 people say they are coming but only 2 show up. So those two get a very tailored class, but it’s still disheartening. Frankly, I based my presentation of the LFP presentation Alison made a few years back. It’s still relevant and makes a nice backbone for teaching without having to reinvent the wheel.
As for the data detox. I’ve done it before (I’ve worked with TT, the org that produced it) so I’ve gone through it a couple times sense (I’ll have some printouts at ALA if you want a hard copy [assuming I have enough!])
I went through most of the the Data Detox Kit it was fascinating. I shared with some staff members. I shared the article “Do you know who your Iphone is talking to when you are sleeping,” my staff was absolutely blown away. One person thought that since she turned her phone off at night there were no dangers. My library system has not done much in teaching about privacy online or privacy literacy at all. Our public computers are suppose to have deep freeze but it does not work correctly. As a result sometimes patrons can come back the next day and find files they have left still on our computers.
Basically at the moment we are mostly trying to get public computer users to understand that they need to log out of Yahoo and Google completely or the next person coming will be able to get into their email.
So the information I am gaining in this course is going to be helpful to my entire library system and the public we serve.
I’m in charge of my library’s website, so I feel like I subconsciously think about threat modeling when developing our pages. For instance, I make sure that we don’t collect user information when forms are submitted. I think we’re going to move away from utilizing Google Analytics and exclusively using Matomo to collect user web data. The reason why is that Matomo is open source and we control how that data is used. I suppose it could be argued not to collect any web analytics, but we’ve been using analytic reports for writing grants and reporting usage after the fact.
As for challenges regarding teaching privacy, sometimes we’ll get questions that we can’t answer. Like one that comes to mind is setting the privacy options on the Android OS. I don’t have an Android phone so I’m kind of lost on what to do the one time that did come up.
As for the Data Detox Kit, I learned that there’s a lot of “Other Google Activity” that I didn’t turn off for my professional Google account. Most of the privacy settings was already disabled for my personal one but I neglected to think about the one I use for work. I also have a bit of paranoia if disabling those options really prevents data collection, but I suppose it’s helpful to have a healthy dose of skepticism
I feel the same way about adding some levity into teaching about privacy. I feel like it can be overwhelming to students who hadn’t thought about it before and it humor can potentially put people at ease.
I run out website too and I encounter the same types of issues, we need the info for state reporting, but we don’t want to capture more information than absolutely necessary. There are ways of anonymizing the google analytics information, it just takes a bit of work, though with some of the changes Google is rolling out I’m not sure how long I would have any trust in that.
Thank you to everyone who shared in class on Friday! I learned so much, and I am so grateful to know that you are teaching this information. I also realized how much I need to learn, which is why I am here.
I degooglised, and I am almost proud of how much I had already done prior to this exercise. So, I am not as lost as I feared I might be.
I didn’t have a name for “dark patterns” although I try to be intentional about the choices I make online, so I feel pretty confident that I can usually navigate dark patterns. I definitely feel like I should do a better job when I am helping others navigate the internet at pointing out these patterns. I appreciated that the kit pointed out that staying present online is a great way to recognize these patterns.
I have been thinking about threat modeling since our class on Friday, and especially about what Alison said about possibly using different language. I agree with TJ that having a strong understanding of our own individual threat models is a great place to start.
Educating ourselves on the variety of threats that our patrons face I think could be useful in helping patrons with their information needs and a good place to start for classes.
Without saying too specifically and only if you feel comfortable sharing this information, who attends the privacy classes at your libraries? I am interested to know who identifies this as a topic of interest, and I am also interested in who might face barriers to this type of class?
We have similar challenges in that Deep Freeze doesn’t work well, or at all, with our systems. Students will scan or save documents to our computers and the drives don’t get wiped at the end of each session. Our IT staff is overwhelmed and can’t address this issue right now, so we are struggling with finding ways to communicate/educate users on manually deleting any documents before logging out. Other than posting yet another sign at the work stations, I hope to find strategies or ideas here on how to both educate students, and also convey the importance of this issue to IT or administration. Actually, I have no doubt they know the importance, so maybe getting this issue higher up in the priority list at the college.
Data Detox was Kit was very enlightening – good combination of practical how-tos and clearly explained background information. I don’t currently teach privacy at my library, but I can see something like the Degooglise Your Life or the Renovate Your Social Media Profiles modules being very helpful for my patrons.
I imagine a lot of these topics can feel pretty overwhelming to people who are new to thinking about privacy, so I envision a hands-on workshop that focuses on just one topic – social media privacy, for example – for that hour.
•Was thinking about how to dovetail threat modeling into the everyday and started thinking about info desk encounters. A lot of library searches are initiated by the patron even before they get to the desk, often they’ll show a screenshot from our online catalog or an amazon product page, or the like. So in fact library searches are now conducted over an ad hoc network devices, with many of these devices not under the purview of the institution. Patrons who do this are actually showing me their device which has become an intermediary between librarian, collection and patron. Opportunity?
Thinking about why people come to the library I went back to Kuhltau’s book Seeking Meaning and there’s an interesting part in the first chapter where the author notes that “anxiety may be an integral part of the information seeking process, resulting from uncertainty and confusion.” If information seeking can mitigate anxiety (in an intellectual sense, not medical for sure) as per Dervin’s sensemaking model (remember the stick figure jumping a hole in reference class?) it might be helpful to somehow embody privacy resources in the library, give them a physical presence in the library as palpable as our print collections. I don’t know what that would look like.
•One of the challenges in presenting this stuff to teens is that they are resistant to new apps and tools for various reasons (learning curve, trepidation, e.g.). For instance, they thought Signal was cool but didn’t really see their friends also adopting the app, they have longtime group chats that would resist changing platforms.
The solution is probably to work with what we’ve got/know. The device types teens use can be counted on one hand with only a few exceptions: Android and iPhone mobile devices, Macbooks, library lending laptops (Windows) and school laptops (Chromebooks). Apps are legion but from what I hear from teens the threats they most consider are likely to come from someone they know or encounter on a regular basis, so they see communication and social media as both essential and potentially frightening at the same time.This is anecdotal.
The resource I use most of the time is the question “Did you log out of all your accounts?” when they return a borrowed laptop or walk away from a library desktop computer they’d signed into.
•I did the ‘Take care of your smartphone data’ course as I am not bad with my laptop and workstation but terrible with the phone vis-a-vis privacy for some reason. I think one of the reasons is I’m always turning stuff on and off all the time and I lose track.
All good stuff in this detox but the section on Significant Locations on iPhone was something I wasn’t aware of. It listed all the places I’ve gone including where I traveled to for winter holiday and the spots I’d stopped at there as well as my trips up and down the East Coast for wrestling matches. Changed that up quick!
@_TJ that article is a great, thorough breakdown of how to threat model.
There is one thing that I want to note though, about the inclusion of an infosec person named Adam Shostack. There are credible sexual assault allegations about him in this community (TRIGGER WARNING FOR RAPE – here are some of those accounts detailed http://adamshostack.com/). I felt like that was important for me to acknowledge. The privacy/anti-surveillance/infosec world has had multiple MeToo-type public call-outs in the last few years.
Anyway, I totally agree that using levity is the best approach. The people want memes!!! We should actually make a section on the wiki for memes to use in presentations.
Cool! When we do the next privacy 101 lecture I’ll be using some of my more recent slides.
It really is mind-blowing isn’t it? Our expectations about how technology works vs the reality of how it does is such a massive gulf, mostly because so much of it happens invisibly to us. We’ll do more about mobile devices and privacy later in the course.
Deep Freeze is such clunky, buggy software. I hear from librarians all the time about how badly it works. So I wonder if one small idea for group projects could be creating signs alerting patrons about the necessity of logging out? I know lots of libraries have signs like this already, but what if we made them prettier to look at? Just an idea. And actually, since the bigger issue is making Deep Freeze work better, I wonder how we might facilitate some collective librarian action around that? What happens when you report the issues to Deep Freeze? I remember them being responsive when I was the IT librarian, but the issues would always come back.
Yes! So much of our work already includes threat modeling! I think this is a great idea for an alternative to GA. I haven’t used Matomo, but I have used Piwik, which is the same idea. And I think it’s fine if your threat model is such that collecting analytics for your own purposes and being careful about things like access, storage, and law enforcement requests. It’s important to find a balance between privacy and convenience/access/being able to do our jobs.
As I mentioned above, we’ll have a week on mobile privacy where I hope we can cover specifics like this for teaching.
Absolutely right to have that skepticism. For me, it’s all harm reduction. It means less data collection, not no data collection.
In my experience it’s a huge range of people. It definitely skews towards the kinds of people who show up for library events – older people, mostly women. But I’ve had a huge range of people show up. Lots of people with a prior interest in privacy, who have maybe gotten started on making changes in their lives but are looking for ways to go further.
I’m a big fan of doing privacy events as part of a series. I know it’s a lot of work to plan multiple programs, but if you create let’s say three classes – one about basic privacy tools, one about social media privacy, and one about maybe just mobile devices or just email or something bigger like that, then you can have one a week for three weeks, and revive the series later in the year. People LOVE this kind of thing, and it’s way more digestible as three one-hour classes than it is as one three-hour class.
Not even exaggerating, this is how I started Library Freedom Project. When patrons would show me their devices at the ref desk or in 1:1 tech sessions, I would be like, hey does privacy on this device concern you? If yes (it was always yes), I would ask them a few more questions and make some recommendations.
Absolutely. I try to know as much as possible, from a security and privacy standpoint, about the apps that people already use. Already on iMessage/Facetime between two Apple devices? Great, the messages are encrypted by default. WhatsApp? Same thing. Signal hides the message metadata, which is great for the threat models it matters for, but why switch if it’s not necessary and just makes people irritated?
And as you note, a lot of it comes down to social media and how they use it. They don’t need to avoid it entirely, they just need to be thoughtful about what/how they post. Leave location services turned off. Ask consent before posting pictures of others. When posting photos, make sure sensitive info isn’t visible in the background. Things like that.
Alison you may need to move this to week three.
I wanted to comment on the police surveillance. This year I forgot to get my tag on time. Each morning as I drive to work I am aware of being watched by police on one road. They are usually there and i have observed who gets stopped. It is mostly African Americans. So I knew to be careful and not to break any speeding laws etc on this strip of Powder Springs Rd. I forget to get my tag on time. Just slipped my mind. I was two days late. I went down this strip where the police always watch…you can tell they are scanning your tags and looking for violations. So I passed and got pulled over for driving on an expired tag. I get out the car with hands up so the officer can see. She calls back up on me and I do as told I get back in car. She asked why I got out I said I wanted to make sure she saw my hands (black lives matter) she told me I was racist. I wanted no more trouble just wanted to get to work on time. She gave me a ticket. I knew in the back of my mind that if I did not pay that ticket on time she would be waiting for me. I paid it on time…but sure enough she got behind me one morning and was going to pull me over but discovered she had no reason the ticket was paid.
That is my experience with surveillance. A friend got arrested in the same place for not paying a ticket and spent three days in jail.
Pat, thanks for sharing your experience. It sounds really frightening, and as you note it’s all too common for police to use these new surveillance technologies to target African-American people. The scanner you’re referring to might be an Automated License Plate Reader (ALPR). The scanner will show information about who the car belongs to, and registration expiration and things like that.
We will be talking about some of these technologies this week with Kade Crockford, but we’ll go into much greater depth about them in a whole week about law enforcement surveillance where we’ll hear from someone involved in the Black Movement Law Project.
Sorry, I’m not sure what you’re referring to here Pat. But FYI, we will do the next privacy tools discussion during week 4 to pick up where we left off during week 2.
Threat modelling in everyday life: I believe we can use threat modelling in everyday work by creating workshops or events that fit in line with major headline events. Ex. just today Quest Diagnostics had a major data breach and US State department is requiring visa applicants to submit their social media profile information. I think that the “threat model” approach can potentially be strengthened if a session were to open up with a brief discussion about a real life event that made headlines recently and then be followed by specific methods and tools people can use to push back against these specific threats and actors. I am still wrapping my head around the threat model approach, so I’m very open to feedback on my thoughts.
In short - I can imagine many ways that threat modelling can be used as a way to approach teaching digital privacy tools and techniques. where I struggle with integrating this approach into my everyday work - is how to talk casually about it, in reference conversations and other spontaneous encounters I have with patrons.
Teaching Approach: I have been struggling with forming particular methods for teaching students about privacy - & this is why I’m here! so, what I have been doing thus far is illuminating the ways that google’s business model thrives by knowing your location. From there, I usually try to get a few students to share their thoughts about personalization via google/ explanations about what an IP address is/ etc. I am not sure if this is effective, especially considering that the classes I teach aren’t workshops but research instruction sessions.
I completely agree with your thoughts about the important balance between seriousness and levity. This is what I am aiming for, considering that I usually fall into a serious mode while teaching due to nerves!
I work at a community college in NY and we also have trouble with deep freeze. Lots of bureaucracy and the segmentation of IT work within the library has created some type of backlog and this issue has yet to be resolved! So, I understand the struggle.
I teach semester length online courses, so I have the luxury of being able to address privacy throughout the semester. What I find works best is through hands on exercises or discussions, for instance, where I have them compare experiences using different search engines. Basically, in my Internet research strategies class, they are required to use other search engines besides Google. We also discuss how Google tracks their searches, and we talk about strategies to avoid being tracked. After using the Data Detox kit this week, I plan to integrate this into the course. There’s always at least a handful of students that ask for ways to leave less of a digital footprint on the web. I also think that the Dark Patterns section can be helpful when we cover evaluation strategies. The goal is for them to be more critical of what they find on the web, and for them to see these deceptive design tactics in real life and in an interactive lesson, they might be more willing to question the credibility of any site.
Some of the challenges are making privacy engaging to more of my students and/or faculty. This includes in my courses and at the reference desk. So, I am looking for activities that could be integrated into a semester length course and in those brief moments at the desk.