Week 14: intermediate privacy tools

  • What did you learn this week?
  • What was surprising?
  • What are you going to start using right away?
  • How can we bring these privacy tools into the library, either on the public computers or in our programs?

First I was thinking about how I would be to get new extensions (HTTPS!) and firefox browser fixed to our teen public desktops. We could throw a launch party.
•Then I started thinking about how our tools are configured for how we are EXPECTED to use them.
•Then to Ivan Illich and “If tools are not controlled politically, they will be managed in a belated technocratic response to disaster.”
•Then I was thinking about how to represent to folx the idea that our data is ‘us’ (for all intents and purposes in a capitalist system, eg ‘data double’) and that we leave it wherever we go and must create and/or choose our tools and thus our habits rather than having them thrust upon us.
•and then about a program with maybe some participatory performances with document shredders and redacted junk mail (more later).
•Then I started thinking about convenient metaphors for data and ended up reading about ecdysis and exuviae and now all I can picture is data sloughing off me like dead skin but with tells and secrets inside and some underpaid roombas hoovering it up after me.

I didn’t get a lot else done this evening.

5 Likes

After the lecture, I immediately started using two-factor authentication for everything. I use a combination of Ghostery, Privacy Badger, and Ad Block Plus on my browsers. I didn’t know that Google funds Firefox which was really surprising but makes sense.

I use the DuckDuckGo browser app on my phone. It has a “fire” icon that immediately “burns” your browser windows and I’m assuming your data. I don’t use Chrome anymore and I’m slowly trying to get the public workstations at my library to discontinue its use or switching to Brave. I’ve heard controversial things about Brave, however, such as they block other ads but replacing them with their own - https://brave.com/

I was thinking of tinkering with this in the next few months to block ads on the network level on my home network - https://pi-hole.net/ . Perhaps if a library has control of their network at this level, this could be a good solution to block ads or it could be configured to block tracking in tandem with a VPN.

2 Likes
  • What I learned:

  • backend security ticket & http : vulnerabilities

  • the name for the login for public wifi: captive portals (!!!) - captive portals take away https security in order to provide you the ability to login via captive portal. this explains a lot - “your connection is not private” when using public wifi is a constant notification I get.

  • What was surprising: Google gives a lot of money to Mozilla (not sure if it is for the non-profit part of the organization or not). This reminds me of the “on the low” donations that wikipedia gets from both Amazon and Google (or Alphabet, really). I guess the nature of non-profit organizations necessitates some shady donations, but I can’t help but wonder how this becomes further complicated when the companies involved are amassing massive amounts of data.

  • what am i going to start using right away: ORBOT (Tor’s VPN) & Privacy bagder on my work computer (at least).

  • how can we bring these tools to the library?:: I really need to think about this a bit more considering the (segmented) relationship between the community college I work at & IT.

2 Likes

I’ve never used two-factor authentication before, but I have been meaning to. Kudos!

& It’d be great to get Chrome off of the library’s desktops.

1 Like

Funnily enough, one of my biggest takeaways was about e-mail. I think social media and web browsers take most of the attention for data mining, so I forgot to think about good old unsecure e-mail.

Like with most weeks, I left feeling a bit overwhelmed by what I can implement. Also, when I put this in the context of my library, many of my patrons are low tech or new to tech. They might just be getting down the basics of e-mail, so I wonder how I can make some of this more complex privacy ideas understandable and meaningful to them.

1 Like

Okay but Maty can I just say that I love your brain.

This would be fun!

So true. In Tor we think a lot about the difference between security by policy and security by design. Security by design is a component of having political control over tech.

um yes

Yes but also I wonder how we might use this metaphor to further drive home the importance of harm reduction and thinking of the future when we make decisions about privacy. Sure, we shed the exoskeletons which contain all this revealing data about us, but then there’s the fresh new soft body underneath that represents an opportunity for a new beginning. Maybe I am being too literal lol.

Yeah, I am not entirely sure what to make of their business model!

Oh yeah these are so cool. I would love to see this piloted at a library.

Too true about non-profits. It’s can be really hard to know the difference between “getting paid” and “bought and paid for”. Even EFF gets money from Google. But Mozilla is unique in that for years Google was their main funding source (I believe it was in exchange for making Google the default search engine). And it’s still I think their largest source of funding.

When we talk about mobile privacy in a few weeks, we’re going to hear from Soraya Okuda at EFF who specializes in teaching low-literacy folks about these things.

I’ve done some work on setting up https protocol in our electronic resources, libguides and library website. So, I’ve developed relationships with our IT department to help with more easily obtaining certificates and it has worked well BUT this info about https certbot is super helpful. This may not be something that I can implement in my current work environment, but this is good to know for tother areas and, jeez, I just checked my personal website and I realize I am not using https protocol. I’ve got some work to do.

One thing that I should do and need to do is break up with Chrome. I have been procrastinating on this just because I have it optimized to support me in my work. I still waffle on whether it is better to use a browser that better supports privacy (i.e. firefox) or security (i.e. Chrome). And, not completely related to this discussion is that I would really like to break up with Google Apps/presentation tools, but need to find another system that works as well. We have access to both Google Apps and Office 365 at our college, but is Microsoft any better than Google in terms of privacy and security? Does anyone know of tools like these that can be used collaboratively?

As for other tools, I currently use ad blockers, but will try out Privacy Badgr. Also, I appreciate having the vetted list that I can add to my search strategies class. I share a list now, but I will definitely add Ghostery to the mix. Honestly, all of this has helped me to feel more confident in instructing others on privacy and security, in general.

1 Like

I didn’t think to look for a DuckDuckGo browser app, so thanks for that info, Junior. I love the image of burning your browser windows and data. Ha ha! I am going to try it out. I really do try to use DDG more often, and sell it to my students ( I even make them use it for an assignment). I just wish it had as good of a search experience as Google. However, I have had a few students say that they appreciate not being tracked, even though they don’t feel it’s as good as Google. Anyhow, any reasons I can find (hey - look at this cool app!) can help to get them to at least use it more often.

2 Likes

Replacing Google Suite is a really difficult one. I would say that Google is preferable to Microsoft, but from there it’s hard. Nextcloud is probably the best alternative but it’s not as usable as Google Suite and it costs money.

Last week’s lecture and discussion about doxxing was extremely powerful. I know that my internet behavior has been careless (it could be worse, but my habits are not one’s which I’d encourage people to adopt) over the course of my lifetime online. For myself, I clearly haven’t taken the threat of doxxing seriously enough and I am committed to erasing myself from the web …and, deleting what I can from data brokers (I have already been working on going through the list in LFI’s Wiki and will continue to do so!) Another big step in this process involves a shift in email provider (and, ultimately, a break up with Google. I am okay with changing this personally – I do not rely on Cloud Based productivity software very much) and following the lecture, I was able to establish a RiseUp email.

The question about how to bring these tools into the library: I need more time to think about this one.

1 Like