Tor Exit Nodes in Libraries - Pilot (phase one)

Hello Tor Community!

We first introduced you to the Library Freedom Project back in February after we won the Knight News Challenge on Libraries. Since then, we’ve been hard at work bringing privacy education to libraries across the United States, with stops in the UK and Ireland, virtual trainings in Canada and Australia, and more plans to visit international libraries in the works.

Today, we're excited to announce a new initiative, a collaboration between the Library Freedom Project and Tor Project: Tor exit relays in libraries. Nima Fatemi, the Tor Project member who's already helped Library Freedom Project in a number of ways, is our main partner on this project. This is an idea whose time has come; libraries are our most democratic public spaces, protecting our intellectual freedom, privacy, and unfettered access to information, and Tor Project creates software that allows all people to have these rights on the internet. We're excited to combine our efforts to help libraries protect internet freedom, strengthen the Tor network, and educate the public about how Tor can help protect their right to digital free expression.

Libraries have been committed to intellectual freedom and privacy for decades, outlining these commitments in the ALA Core Values of Librarianship, the Freedom to Read Statement, and the ALA Code of Ethics. They're also centers of education in their local communities, offering free classes on a variety of subjects, including computer instruction. Libraries serve a diverse audience; many of our community members are people who need Tor but don't know that it exists, and require instruction to understand and use it.

Some of these patrons are part of vulnerable groups, like domestic violence survivors, racial and ethnic minorities, student activists, or queer and trans communities. Others belong to local law enforcement or municipal government. All of them could benefit from learning about Tor in a trusted, welcoming environment like the library.

Bringing Tor exit relays into libraries would not only be a powerful symbolic gesture demonstrating our commitment to a free internet, but also a practical way to help the Tor network, and an excellent opportunity to help educate library patrons, staff, boards of trustees, and other stakeholders about the importance of Tor. For libraries that have already installed Tor Browser on library PCs, running a relay is the obvious next step toward supporting free expression in their communities and all over the world.

As public internet service providers, libraries are shielded from some of the legal concerns that an individual exit relay operator might face, such as trying to explain to law enforcement that the traffic leaving her exit is not her own. Furthermore, libraries are protected from DMCA takedowns by safe harbor provisions. Importantly, librarians know their rights and are ready to fight back when those rights are challenged.

In order to begin this new project, we needed a pilot, and we had just the library in mind – Kilton Library in Lebanon, New Hampshire, one of two Lebanon Libraries. Chuck McAndrew is the IT librarian there, and he's done amazing things to the computers on his network, like running them all on GNU/Linux distributions. Why is this significant? Most library environments run Microsoft Windows, and we know that Microsoft participated in the NSA's PRISM surveillance program. By choosing GNU/Linux and installing some privacy-protecting browser extensions too, Chuck's helping his staff and patrons opt-out of pervasive government and corporate surveillance. Pretty awesome.

Kilton Library is not only exemplary because of its GNU/Linux computer environment; it's also beautiful and brand-new, LEED Gold-certified, with an inviting and sunny open floor plan and an outdoor community garden. It's an example of the amazing potential inherent in libraries. We drove up to New Hampshire last week to start phase one.

We decided to set our pilot up as a middle relay to start – we want to ensure that it is stable and doesn't interfere in any way with the library's other network traffic. We nicknamed the new relay LebLibraries, and you can check out how our relay is doing here, on Globe.

After the LebLibraries relay is up for a few months, we'll return for phase two of the project and convert it into an exit node. Our goal is to make exit relay configuration a part of the Library Freedom Project's privacy trainings for librarians; we'll meet with library directors and boards of trustees to talk about how Tor fits into the mission of libraries as beacons of intellectual freedom, and how libraries are perfectly positioned not only to help our patrons use Tor Browser, but are the ideal location to run Tor exit relays to help give back to the Tor community.

We need more libraries to join us in this initiative. Want your local library to be our next exit relay site? Know an awesome librarian who wants to help protect free expression locally and globally? Please have them contact us with the answers to this questionnaire. We're also looking for libraries to host FOSS seedboxes. And as always, we want libraries to install and run the Tor Browser on library computers.

Want to support this project and more like it? You can make a donation to the Library Freedom Project, or donate directly to Tor Project. And stay tuned for phase two of our pilot with Kilton Library.

Alison Macrina and Nima Fatemi


A version of this post also appeared on The Library Freedom Project’s blog

Note: This post was drafted by Alison. (Thank you!)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Great initiative, i'm sure everyone is happy to see this

great man !!!!!!

Hats off to you both. This is a great idea for all involved.

Glad to see people are using macbooks running OSX while simultaneously claiming they care about software freedoms and privacy. It's comical.

Hatters gonna hate

Constructive.

RMS - is that you?!

Anon above makes a valid point about OSX but nevertheless, this is an awesome concept to leverage libraries in this manner.

No it's not a valid point

This is not a place to start stupid Os flamewars and is beside the main point of people making an effort to actually work on freedom and privacy instead of giving some lazy nihilism critics.

Every individual seeks their own balance in practicing what they stand for, that does not necessarily mean that you have to practice that every inch everywhere. Only when it's a matter of literally saving your back.
But in a way, if you want to, it's possible on a Macbook. You can run Mac OS X, Windows, Linux and even a live system like Tails on that Macbook, and it's just a matter of choosing the system that suits best for the different tasks that you do at different moments.

Every system has their own builtin (plus external) possibilities of finetuning it to protect your privacy. What the owner of that Macbook did to accomplish that is not to see from here.
So, therefor, it was a stupid irrelevant remark in this topic made by that other person.

Give these people credits for what they started and give them credits for that (if you want to).

it is not a 'flamewars' but a fact - closed source OS can't be secured ( w/o putting it in "clean room" environment with qualified IT personal). period.
and you can try to re-read Snowden's Google-Microsoft-Apple+NSA part before crying "flamewar!"

Point to consider:

Even if Mac OS X is considered safe, or at least safer than Windows, the hardware is something to consider seriously.

Even among the Intel platform variants and manufacturers, Apples scares me the most. Hardware backdoors are the next big thing and we should consider the dangers before a new Snowden has to warn us about it.

It absolutely IS a valid point:

The latest version of Mac OS (Yosemite) sends your keystrokes back to Apple by default without your knowledge or permission -- including the files you search for on your own computer through Spotlight, and the internet search terms which you type into Safari. Among other things, OS X also does the following:

- Installs a browser plugin to bother you if you change your default browser to something other than Safari.

- Silently calls home to report which programs are installed on your computer.

- Silently transmits your serial number to Apple (which can be used to monitor your location.)

- Permits the remote installation (or removal) of files on your disk WITHOUT displaying the usual update notification. (This has already been used to avoid bad publicity by invisibly patching serious bugs, but is not limited to upgrades.)

I won't even get into the privacy issues with Apple Mail. If Apple customers are not already outraged, it is because they are asleep. The main problem here is Apple's CALCULATED & CONTINUOUS DECEPTION through lack of unambiguous disclosure. So long as one single customer remains unaware of Apple's secret spying (and its cooperation with oppressive political regimes), we have a right and a duty to tell them, no matter how it offends Apple fanboys with fragile egos.

Of course OS X is a nice operating system. I understand why people use it. I also understand why people who WANT to use it refuse to do so. If there was a 100% compatible open source version, I have no doubt it would be very successful.

Another thing to consider are the hardware backdoors that various researchers have pointed out.

Of course these backdoors are not entirely made by Apple but many are present in every Intel based firmware.

Since most Tor relays and clients run on Intel hardware, there will be some time when this will have to be dealt with.

I'm a librarian, and i think this is an excellent idea! I want to sign my local public library up, and i think that as a fellow professional i can pitch the benefits very well. who should i talk to? could you please connect me with someone who can help?

Thank you for your support! You can contact us (me and Alison) via email at "exits at libraryfreedomproject org"

This is kickass. Even if you don't have the balls to go talk with your library, you could forward them the link to this blog article anonymously over Tor even.

Hornet Browser and Astoria Browser coming to a computer near you!

MIT researchers can break Tor anonymity without even touching encryption

http://bgr.com/2015/07/30/mit-researchers-can-break-tor-anonymity-without-even-touching-encryption/

Ok, I wrote up a summary of this article, oriented towards researchers and developers:
https://blog.torproject.org/blog/technical-summary-usenix-fingerprinting-paper

The very short summary is "their paper does not show that the attack would work in practice, but it is still a worthwhile research area to work on."

Is the plan to let regular library visitors surf the Internet from the same network as a tor exit node?

That's doesn't sound very nice and makes them a secondary citizens on the Internet, as they can not comment on blogs, send email etc. (And this in itself is not a bad thing. Exit nodes are public knowledge for a reason.)

No. Exit nodes would have a dedicated IP address / network by themselves.

This will cost money on a monthly basis. Who is expected to pay?

will be fun to see blogs based in libraries - so comments can be allowed. the same for public email.

Was it really wise to use the Lebanon Public Library website as contact e-mail on the exit node?

I hope I can get libraries in my country interested in this. It's a really great idea because I believe public libraries operate their own networks here so no worry of government stepping in to monitor network traffic.

This sample torrc file has an explanation about why it's important to include contact information for your relay: https://gitweb.torproject.org/tor.git/plain/src/config/torrc.sample.in

If you know your local librarians, feel free to put them in touch with us at exits (at) libraryfreedomproject (dot) org. We'd love to help them see why this is an important initiative.

Regarding another matter. I could already create my hostname and private_key, now do you set up the hidden service? And how to enter the page created in hostservice file?

Thanks for the answer!

Hidden Services have nothing to do with running a relay. It looks like we confused you there. Sorry about that!

Please take a look at this instruction on how to run a relay. I suggest you run a non-exit relay for a while and switch it to exit if you were comfortable with it.

Add this line to your torrc file to make it a non-exit relay:
reject *:*

How are you funding hardware for this on a larger scale?

Nice write-up by Cyrus Farivar in Ars Technica:

http://arstechnica.com/tech-policy/2015/07/crypto-activists-announce-vision-for-tor-exit-relay-in-every-library/
Crypto activists announce vision for Tor exit relay in every library
"Librarians see the value as soon as you say ‘privacy protecting technology.'"
Cyrus Farivar
30 Jul 2015

This is a fine idea and I hope all library systems in North America will quickly adopt it, followed by libraries around the world.

Possibly one could try to recruit academic libraries first. For example, with respect to censorship, the situation in countries like Turkey is muddled, but there are some "Western oriented" universities. If you like this idea, please dialog with academic research enablers such as arxiv.org, JSTOR, etc.

In view of the relentless hacking of university systems worldwide by state and corporate espionage agencies, I wonder whether something like Tor Ramdisk might be suitable for operating Tor routers safely from university networks.

Academic librarians should be warned that some departments may want to "fiddle" with their Tor node to "conduct research". Such blandishments should be routinely denied.

Great will it also block any off this ever happening again..Hope so

http://thehackernews.com/2015/08/unmask-tor-network.html

For years, I have urged the public library system in a certain city to be more friendly to Tor, but they always reacted with unreasoning ignorant horror, so I gave up. I hope Tor Project can do a much better job than I could of convincing them that Tor is every library patron's friend.

Is the LebLibraries node mentioned in the article still active ?

No, every indication suggests that it's offline. Cannot find any word about what happened to this relay or project. None of the Tor node status websites recognize it:

https://globe.torproject.org/#/search/query=LebLibraries
https://globe.torproject.org/#/relay/27A5FD22519F0AF83927CEF1304EE19484247582
https://atlas.torproject.org/#details/27A5FD22519F0AF83927CEF1304EE19484247582
https://torstatus.blutmagie.de/router_detail.php?FP=27A5FD22519F0AF83927CEF1304EE19484247582

But here's an archived copy: https://archive.is/vEG6L

More details on the downing of the library TOR node.

http://www.metafilter.com/152886/Tor-libraries-and-the-Department-of-Homeland-Security

I would like to see journalism from any perspective on why this is important. I know it is difficult to get big media outlets to cover this, but if Tor as an organization could solicit and provide interviews with library associations, college newspapers, alternative weekly newspapers, or absolutely anyone else even at the entry level of journalism then the resulting publications would add a lot of legitimacy and history of cultural precedent to what the Tor community needs to accomplish.

I need to see more journalism in print which does not originate from Tor and allied activist groups, even if the journalism is not deep.

https://www.propublica.org/article/library-support-anonymous-internet-browsing-effort-stops-after-dhs-email
First Library to Support Anonymous Internet Browsing Effort Stops After DHS Email
Julia Angwin
ProPublica
10 Sep 2015

Apparently what happened was:

* an OSI (open source intelligence analyst) with some agency or fusion center alerted DHS about the library project, most likely because they are known to monitor this blog

* a DHS agent emailed the library itself warning them that DHS was alerting the Lebanon NH Police Department, which the library interpreted as an implicit threat

* The Lebanon PD says DHS did in fact email them, and they apparently put pressure on the City government to shut down the project

* "After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project. “Right now we’re on pause,” said Fleming. “We really weren’t anticipating that there would be any controversy at all.”"

New Hampshire has a long tradition of fierce independence-mindedness dating back to revolutionary times, which might help explain why Fleming did not anticipate that the Lebanon PD would object to their Tor node.

The US public library system was one of the last subcultures with strong free speech beliefs. What a tragedy for freedom and democracy world wide that even the American libraries are bowing to the slightest pressure.

https://lists.torproject.org/pipermail/tor-talk/2015-September/038958.html
[tor-talk] First Library to Support Anonymous Internet Browsing Effort Stops After DHS Email (propublica)
Jonathan D. Proulx jon at csail.mit.edu
Fri Sep 11 14:35:15 UTC 2015

"Anyone directly involved with this Library project let me know if there's anything I can do in support"

Contact the MIT library system and lobby them to join the Tor Library Project and urge them to use their contacts with other university library systems in the US, Canada, EU, etc. to urge academic library systems around the world to join.

Everyone, please contact your local public library and ask them to plan a public event explaining why they are joining the Project. Contact your political representatives to explain why Tor is so important in combating human rights abuses and censorship, and promoting free speech, freedom of religion, freedom of association, and democratic principles around the world.

I hope ACLU and EFF will consider legal action in Lebanon.

Many thanks to Julian Angwin for her story and to all the operators of Tor nodes, especially exit nodes.

http://www.theregister.co.uk/2015/09/10/tor_library_unplugged/
That's a Tor order: Library gets cop visit for running exit relay in US
Feds not happy with potentially criminal traffic running through public-funded network
Shaun Nichols
10 Sep 2015

"A New England library is calling off its plan to host a Tor exit node after cops, tipped off by the US Department of Homeland Security, paid a visit."

Thanks to ProPublica, Ars, and The Register for covering this story.

http://techcrunch.com/2015/09/14/homeland-security-shuts-down-librarys-tor-node-citing-situational-awareness/

Great news! The Library Freedom Project won round two; the citizens have rejected the demands of DHS and local police:

https://lists.torproject.org/pipermail/tor-talk/2015-September/038994.html
Tempest tempest at bitmessage.ch
Wed 16 Sep 2015

"i just want to share the news that all of the hard work that has gone
into the library freedom project paid off today at kilton library.
despite pressure from the us federal government, which pulled out every card to sell fear that they had in their hat, the local community refused to accept it and thought on a global level to support the library's choice to offer a tor relay to the public."

There will be more such battles and we need to help ensure the good guys win them.

https://libraryfreedomproject.org/donate/

The LebLibraries Tor node is back!

http://arstechnica.com/tech-policy/2015/09/small-town-library-restores-tor-relay-which-had-gone-dark-for-weeks/

A fine story on the government's attempt to shut down the Chilton node:

http://www.concordmonitor.com/
Lebanon library at center of internet privacy debate in shutting off its Tor server
David Brooks
11 Sep 2015

(David Brooks the tech reporter, not the blowhard NYT columnist)

At a board meeting, members of the community voiced unanimous support for the Chilton Library Tor node, and the board then voted to restart the node. Further, more libraries are now setting up their own nodes:

https://libraryfreedomproject.org/libraries-tor-freedom-and-resistance/
Libraries, Tor, freedom, and resistance
Alison Macrina
17 Sep 2015

http://www.theregister.co.uk/2015/09/17/library_freedom_project_dozen_more_tor_nodes/
SCREW YOU, FEDS! Dozen or more US libraries line up to run Tor exit nodes
Kieren McCarthy
17 Sep 2015

(Is the Vulture extraditable? It seems you can be jailed in the terribly misnamed town of Liberty for writing "Screw You, Feds!")

http://arstechnica.com/tech-policy/2015/09/small-town-library-restores-tor-relay-which-had-gone-dark-for-weeks/
Library’s Tor relay—which had been pulled after feds noticed—now restored
Cyrus Farivar
16 Sep 2015

http://motherboard.vice.com/read/a-dozen-libraries-want-to-host-tor-nodes-to-protest-government-fearmongering
A Dozen Libraries Want to Host Tor Nodes to Protest Government Fearmongering
Jason Koebler
17 Sep 2015

There are conflicting accounts of exactly what happened, but the common denominator is OSI (Open Source Intelligence) plus "information sharing". Here is a version of the story featuring details even uglier than the version in the previous comment. From

http://arstechnica.com/tech-policy/2015/09/small-town-library-restores-tor-relay-which-had-gone-dark-for-weeks/

> A Homeland Security Investigations (HSI) special agent first learned of the plan after reading Ars’ July 30 article and then forwarded it on as a heads-up to a local police officer on the New Hampshire Internet Crimes Against Children task force. That, in turn, led to a meeting between local law enforcement, city officials, and the library. (HSI is the investigative arm of the Department of Homeland Security.)
>
> "They claimed that they merely sent the link to the article, but that is incredibly baffling to me that they sent a link—the police have a whole narrative about Tor and that it's all about criminal activity," Alison Macrina, one of the leaders of the project, told Ars. "A DHS preemptive strike was not in our threat model."
>
> However, Sean Fleming, the library’s IT director, told Ars before the Tuesday vote that there was “no pressure from the feds at all.” He did say that at the local roundtable meeting, the library volunteered to take down the node until the library’s board of trustees could officially vote on the issue on September 15. Librarians nationwide have long been advocates for privacy and freedom of information.

If we accept this version of the story, it illustrates how the "information sharing" mandate imposed on "intelligence agencies" like HSI fails when the "intelligence agency" fails to put raw information (the link) in context when "sharing" it with a local police agency lacking (one presumes) any knowledge about Tor other than scare stories in the so-called "mainstream media". But putting information "in context" invites the intelligence analyst to shape the story in a way which would probably not be favorable to free speech, civil liberties, or free access to information.

Syndicate content Syndicate content