Library CryptoParty: 9/22, 4-6pm

crypto_800x600Curious about privacy, surveillance, or encryption?

Is the stuff on Mr. Robot real?

Find out:
Thursday, September 22 from
4-6:00 pm in
Milne 208.

At Milne Library’s CryptoParty, work with staff one-on-one to explore tools for better privacy and hear short talks on topics including: Tor, SciHub, the Internet of Things, social engineering, and more.

Better privacy is for everyone. All levels of comfort with technology are welcome!

Can’t make it? Our Systems Librarian, maintains a guide about some of the topics we’ll cover.

Apple, the FBI, and your phone.

via flicker, CC BY-NC-ND 2.0
via flicker, CC BY-NC-ND 2.0

Over time, phones become extensions of ourselves. There’s a lot on your phone: the entertainment you like, texts to friends, family, and partners, your search history, thousands of pictures and video. Although this doesn’t seem like much, your phone reveals where you’ve been, who you’re with, and what you care about.

Apple is appearing in the news because of a San Bernardino county-owned iPhone confiscated by the Federal Bureau of Investigation. In general, phones issued by a workplace have higher level security features, and the FBI would like for Apple to create a backdoor for law enforcement to access this particular phone. The FBI’s request is insists it will only apply to this phone, one time. This is oversimplifying the situation for the sake of this writing–a more detailed explanation of the technology and its implications is available here.

The government tends to frame this argument as a trade-off: less privacy for greater security, and who doesn’t want more safety? But, any backdoor developed for law enforcement—even in secret—would be exploited, as data breaches happen all the time without our devices being handed over to investigators.

Apple has confronted the FBI about this before—an article in Wired suggests a handful of other cases. The FBI choosing this incident to lean harder on Apple is masterful. The narrative has all the components driving people to hand over their privacy: terrorists, violence, and investigators just trying to do their jobs in the interest of safety. But who pays for the development of features to bypass operating system security? What does Apple pay for developers to create the impossible, unhackable feature? What does the public pay in access to private spaces?

In security, it’s never about just one phone and cases create precedence which can ultimately erode privacy. Like Barbara Fister I wonder: what is the public interest here? Like Jason Griffey I wonder what I can do as a librarian to protect the interests of my users?

Over the next few weeks, I’ll be writing more about surveillance, privacy, and what students can do to empower themselves.

If you’d like to learn more about privacy online but aren’t sure where to start, try the Library Freedom Project’s basic class in online privacy.

If you’d like to encrypt a device, check out the tutorials at Electronic Frontier Foundation.

The library uses Google Analytics for many projects. The library doesn’t use any identifying information, but you should still have a choice. Here is how you can opt out if you’d prefer not to be tracked.

Change Passwords to Avoid the Heartache of Heartbleed

HeartbleedIf you’ve been under a rock the past week, you may not be aware that many of your online accounts might have been compromised by the heartbleed bug.  The security breach is with the servers you have been logging into (e.g. Gmail, instant messaging, Facebook, Instagram, Netflix, Dropbox, etc.), so the best thing that you can do is change your passwords for those accounts sooner rather than later.

Mashable has compiled a great list of accounts that may have been affected including social networks, email providers, online shopping sites, financial institutions and more.  Bottom line, now might be a good time to update your passwords and continue to do so on a regular basis.

Geneseo’s CIT NewsBytes offers some other tips as well and will continue to update the campus on this issue.

Drawing a Line…In the Ether

Transparency VS Anonymity
Transparency VS Anonymity
Right to Privacy?

As scholars and professionals, many of us spend a lot of time in the connected digital realms of the interwebs. While the Internet allows us access to information and entertainment of all kinds, individuals and companies – both benign and malicious – are getting much more savvy about finding, tracking, and collecting information in the other direction — about you!

While this infographic (left) is positively ancient at nearly a year old, it gets to an important issue of how the web is used as a communication tool and it got me wondering about how folks in our community feel about the topic, whether they’re aware of the issues, and what precautions they take – or don’t care about!

Poll results from Mashable
Results of Mashable's Anonymity Poll

According to this poll  (right) from Mashable which shows nearly 80% support, people overwhelmingly feel that anonymity is an important quality for their web experience. Pseudonyms are a common and time-honored  strategy used by folks to maintain a kind of privacy/anonymity. Would we have the published works of George Elliot or the Bronte sisters had they not committed this subterfuge? And what of the “victims of fame” like Charles de Lint who, after gaining a devoted following as a fantasy author, used an alternative name to publish a series horror stories.

Many people whose professional work all-but-requires them to have an online identity (including myself) have created separate online personas where they can interact with non-work related communities. Some long-time bloggers who have shared extensively about their expertise and life have come to regret the decision, despite what they and others may have gained from their open sharing. This evidence notwithstanding, Internet giant Google has made it clear that the only way you’ll use their Google+ services is with your “real” identity.

How do you use the web? Do you fall more to the side of supporting transparency or anonymity? In between? Tell us in the comments!