Anonymous Browsing at the Library

A rural New Hampshire library decided to install Tor on their computers and allow anonymous Internet browsing. The Department of Homeland pressured them to stop:

A special agent in a Boston DHS office forwarded the article to the New Hampshire police, who forwarded it to a sergeant at the Lebanon Police Department.

DHS spokesman Shawn Neudauer said the agent was simply providing "visibility/situational awareness," and did not have any direct contact with the Lebanon police or library. "The use of a Tor browser is not, in [or] of itself, illegal and there are legitimate purposes for its use," Neudauer said, "However, the protections that Tor offers can be attractive to criminal enterprises or actors and HSI [Homeland Security Investigations] will continue to pursue those individuals who seek to use the anonymizing technology to further their illicit activity."

When the DHS inquiry was brought to his attention, Lt. Matthew Isham of the Lebanon Police Department was concerned. "For all the good that a Tor may allow as far as speech, there is also the criminal side that would take advantage of that as well," Isham said. "We felt we needed to make the city aware of it."

The good news is that the library is resisting the pressure and keeping Tor running.

This is an important issue for reasons that go beyond the New Hampshire library. The goal of the Library Freedom Project is to set up Tor exit nodes at libraries. Exit nodes help every Tor user in the world; the more of them there are, the harder it is to subvert the system. The Kilton Public Library isn't just allowing its patrons to browse the Internet anonymously; it is helping dissidents around the world stay alive.

Librarians have been protecting our privacy for decades, and I'm happy to see that tradition continue.

EDITED TO ADD (10/13): As a result of the story, more libraries are planning to run Tor nodes.

Posted on September 16, 2015 at 1:40 PM • 51 Comments

Comments

DerelictSeptember 16, 2015 1:56 PM

If only the librarians would talk to the school administrators. Or whack them with the .bat

Mace MonetaSeptember 16, 2015 2:44 PM

If the fixed location of the entry / middle / exit nodes is known (e.g. at public libraries), isn't it relatively simple for a government entity to establish a tap on their traffic via a FISA warrent? If a large number of nodes is now tapped for analysis, TOR is no longer private, is it?

Alan KaminskySeptember 16, 2015 2:58 PM

Following on to @Mace -- The feds never actually wanted the New Hampshire library to shut down its Tor exit node. The feds knew that putting pressure on the one library would cause other libraries to rally in support and start up more Tor exit nodes. That's exactly what the feds wanted, so they could increase the level of surveillance on Tor.

Just because I'm paranoid doesn't mean they're not out to get me.

Mark HaasSeptember 16, 2015 3:31 PM

It should also be noted that the first free public library in the world supported by taxation was the Peterborough, New Hampshire Town Library which was founded at town meeting on April 9, 1833. I know that because I lived there for two years.

AnamikaSeptember 16, 2015 3:33 PM

Looks like good sense prevailed. Hope there are more who use common sense instead of succumbing to the whims and fancies of powers that be.

rgaffSeptember 16, 2015 3:54 PM

I wonder why DHS isn't sending, ahem, "memos" to all auto makers and owners, you know, "just informing" them of the vast "criminal element" that benefits from there being cars around to steal and use as getaways at bank robberies, etc... It's quite a concerning thing, you know, that there are so many to choose from... it really helps criminals and terrorists get away with it, think of the children!

US DISTRICT COURT FOR THE DISTRICT OF CONNECTICUTSeptember 16, 2015 4:11 PM

The Court would like to clarify that even though we said you could keep smart people off the police force, that doesn't mean you have to promote morons like Matthew Isham to lieutenant.

Special Agent BlartSeptember 16, 2015 4:59 PM

So who is the unsung hero in the Boston fusion center peeking over your shoulder in the library? Are the DHS mall cops that useless, that they have to spy on Marian the Librarian for something to put in their APR? We got rid of the ICC, the CAB, the WPA, once there was no point to them. Isn't it time to shitcan DHS?

albertSeptember 16, 2015 6:37 PM

"...A special agent in a Boston DHS office forwarded the article to the New Hampshire police, who forwarded it to a sergeant at the Lebanon Police Department...."

What a joke. Was that a 'special agent' or an agent with 'special needs'? There's a lack of information here, common to all MSM. What else did the email say? I find it difficult to believe that the agent just forwarded the Arse Teknika article and nothing else. What happened at the DHS? At the LPD?

Is the DHS smart enough to engineer something like this?

. .. . .. oh

PeanutsSeptember 16, 2015 6:45 PM

While browsing anonymously in the library tor, a friend ran across a press release, Sharp builds world's first 8 K TV, only $133,000

I jest a Solution in four words, search Ashley Madison @Sharp.com

Free shipping too I bet
I won't be getting one but .... The thought boggles, doesn't it

Ps as far as I know no one at Sharp or in their supply chain used or uses any social media including AM

BennySeptember 16, 2015 8:56 PM

Mace, an adversary who observes the entry and exit nodes might be able to correlate the traffic. The developers are aware of it, but I'm not sure anyone has provided a good countermeasure (people propose things like always routing through multiple countries; but that's not trivial, and more research is needed to know how much it would help). It's very likely that libraries running Tor nodes will help more than they hurt anyway. And I'd hope even the FISA court would think twice when asked to wiretap all the nation's libraries. Sure, their job is basically to legalise whatever the government's already doing, but that sort of thing could look especially bad when leaked.

Some things that might help:

  • get non-US libraries to join the project
  • have the library staff help regular people set up their own (mostly bridge/non-exit) Tor nodes
  • reduce dependence on exit nodes by encouraging websites to set up hidden services (like Facebook, DuckDuckGo, etc.)
  • as always, improve Tor and associated software and documentation to make the above easier

Brian KilgoreSeptember 16, 2015 9:00 PM

Maybe the library should inform DHS the the knowledge in the books they have is not illegal, but it could be used to break the law. Maybe we should also ban books.

Alien JerkySeptember 16, 2015 11:24 PM

@Brian Kilgore

Maybe the library should inform DHS the the knowledge in the books they have is not illegal, but it could be used to break the law. Maybe we should also ban books.

Well flipping through my history books.... oh wait... books are banned... But I do seem to recall that banning books was tried by a little guy with a weird mustache from 1935-1945... trying to remember if banning books was successful.... hmmm...

JohnSeptember 17, 2015 2:11 AM

its good the more people on TOR the more anonymous it will be. That being said, i would not be using TOR at a library.. #supportTOR

Clive RobinsonSeptember 17, 2015 4:00 AM

@ Benny, Mace,

[A]n adversary who observes the entry and exit nodes might be able to correlate the traffic. The developers are aware of it, but I'm not sure anyone has provided a good countermeasure...

Yes, several, and I've been saying what the solutions are, long befor the developers even appeared to acknowledge the problem.

The simplest solution is "Get rid of the entry and exit nodes"...

It's a similar idea as is used for the hidden servers, if the "clients" become fully part of the network traffic analysis becomes considerably more difficult. If you then add "fixed rate padded signaling" you make traffic analysis even more difficult, the addition of multiple comms paths that rotate around alows non-interactive traffic to be "store and forwarded randomly" making things even harder for an adversary.

The solutions are out there it's a question of if people want to change the core design of ToR clients from the "low probability of detect" model to the "traffic analysis hardened" model.

I would argue the LPD model is only valid for stego type "hiding messages within messages" that realy only works with "broadcast store and forward" systems not a "routed network". The reason is that except under exceptional circumstances [1], the ToR end points are almost always going to be know to the adversary, thus the traffic easily detected. Even if the adversary does not know the end points prior to you using it, the meta-data of "record everything" means that once it is known you are known all be it retrospectivly.

Further the major use for ToR is for interactive traffic requiring "low latency" thus "traffic analysis hardened" is a much more appropriate way to use the network. This does not preclude the inclusion of "gateways" for non interactive LPD type traffic [3], it just treats that type of traffic as it should be, ie covertly.

[1] Think a spy network run by a major power that can use a secure out-of-band way --like a numbers station [2]-- to communicate where the next secure end point is. It must also rapidly change them and have unique end points for each agent, otherwise everything unravels.

[2] Whilst there are otherways --such as using search engines-- to make an equivalent of a numbers station they all have problems that need a good atention to details.

[3] There are a multitude of ways to do this which means that there is more scope to make the detection threshold more in the covert users favour, and much less in the adversaries favour.

fgaffSeptember 17, 2015 5:00 AM

@Clive Robinson

"clients become fully part of the network"

Is that conceptually kind of like running a middle relay node directly on the client machine, that the client uses as its own private entry/exit point as well? Without the padding you mention, it would still be susceptible to the traffic analysis (which is why you mentioned adding that obviously). I'd be ok with using up some bandwidth on my client for this benefit...

By the way my head exploded from footnotes within footnotes...

Warrants Replaced by Terms Of ServiceSeptember 17, 2015 6:17 AM

I have investigated privacy at a major metropolitan library. Once you logon with your unique account number, big-data monitors your verified identity completely!

When you search the library catalog using the popular Polaris software, Google and Chilifresh are there silently collect your searches. The library personal do not have the skillset to understand or block high-tech eaves dropping.
Chilifresh wants to become the Facebook of libraries and push partons to share (read monetize) into ‘global community events’.
Chilifresh Collection of Information
Non-personal information is collected behind the scenes by ChiliFresh web server and is used to compile general website usage statistics or facilitate access to restricted website services. Such information includes:
• IP address of computer
• Browser-related information
• Locations visited on the web site
• HTTP cookies

Chilifresh brazenly calls your unique IP address non-personal information in direct conflict with California State data privacy law.
Further they contradict themselves stating
• A Customer’s IP address is used to VERIFY access rights of licensed subscribers to ChiliFresh products and services. They also aid in the general administration of the web site.

Can a library customer use a computer without uniquely logging on?
I had to pressure the branch manager to follow their own privacy policy. She analyzed me (for terrorist risk no doubt) and then logged on using her card. There are also several video cameras recording partons entering and leaving tied directly into the police department/FBI/DHS (who use announced facial recognition software).
Library privacy policies are meaningless and outdated. Everyone acts stupid like you still have privacy. In America it’s up to each user to fend for themselves from the foxes of Big-Data.

Now with Windows 10, Microsoft scans every personal LOCAL file (medical, taxes, email) along with your library web usage fed directly into law enforcement/NSA. Poor Chilfresh data-mining doens't stand a chance!

Patriot COMSECSeptember 17, 2015 10:16 AM

We were siting around at work wondering how to make TOR even more formidable.

Where it is legal: use radio nodes and TOR nodes in concert. Send your message via UHF (encrypted) to a radio node that then hooks into a TOR node and the internet. Let the UHF message system have no metacontent that identifies the sender.

People who know how to verify downloads can do a service by downloading TAILS (the 32 bit version and the 64 bit version), verifying the download, and handing out the discs.

It is an elegant and user-friendly OS.

Our company hands out copies of TAILS like candy.

Bob S.September 17, 2015 10:26 AM

Seems clear to me the visit by local police was intended as benign dictatorial intimidation and yes it was at the direction of DHS.

Indeed, the later released DHS official statement infers anyone who uses TOR might be a C R I M I N A L or T E R R O R I S T. (And, as many others have pointed out, anyone who reads a book might be a criminal or terrorist.)

Once the Mil-Pol Regime (MPR) succeeds in taking over government entirely there won't be any need for nuance, interpretation, double-speak, mixed messaging or confusion.

Their intent and the consequence of resistance will be made exquisitely clear. There will be no doubt whatsoever.

Jihadi JohnSeptember 17, 2015 3:14 PM

I love this library! I'm a dissident too. And I go there to read al-Qaeda's Inspire magazine and to connect and recruit. I want to thank the American taxpayer for providing me with this tool in a muddled public setting that doubles my anonymity.

And if anybody tells you Tor is used by bad guys, tell them to read this page:

https://www.torproject.org/about/torusers.html.en

See. No bad guys use it. Only good people doing good things for the good of the world. There is no dark side to Tor. So no one should dare claim Bruce is only telling one side of the story here. That would be "confirmation bias". And as everyone knows, echo chambers are "confirmation bias" free zones.....

Bob S.September 17, 2015 3:41 PM

Meanwhile,

"SCREW YOU, FEDS! Dozen or more US libraries line up to run Tor exit nodes"

"Publicity over relay takedown drives demand" ~theRegister

The TOR browser is much easier to use than in times past: download, install and browse. It's easy.

Folks can use it for their everyday surfing and as a good way to lawfully protest Mil-Pol mass surveillance. Indeed, a side benefit is many ordinary ads are blocked using TOR with NoScript.

Sysadmins might want to ask management to permit setting set up a node.

The freedoms you save may be your own.

rgaffSeptember 17, 2015 4:12 PM

@Jihadi John

Beware that jokes WILL hang you, when all is being collected by the police... just like mouthing off at them in the street ALWAYS gets you jail time too!

Sancho_PSeptember 17, 2015 4:42 PM

@Jihadi John

Don’t make a mistake, both are welcome, the good and the bad.
We have them everywhere in nature, from cholesterol to politicos.
There wouldn’t be “good” if there was no “bad”.

What we’d love is the stupid always to report “Here I am!”.

BlueLightMemorySeptember 17, 2015 6:00 PM

Good for the library. It's encouraging to see them interested in protecting peoples' privacy with Tor,while resisting the "all seeing eye" of the DHS.

It's interesting how the article states that when the library implemented the Tor usage, it was soon afterwards that the DHS was trying to stop the Tor program at the library. Another example of how unconstitutional the DHS is. They are completely hell bent on spying on American citizens, and destroying the 4th amendment at all costs.

The local police departments need to grow some balls and stop allowing themselves to be used as DHS pawns.

rgaffSeptember 17, 2015 7:11 PM

@ BlueLightMemory

I'm not sure how the local police can grow balls when they're in on it... they want to destroy the 4th amendment just as much as DHS does... just think of how much easier it would be to catch criminals if we didn't have those pesky human rights and courts and things, I mean they could just gun innocent unarmed people down and be done with it... (oh, wait, that's what they do, don't they)

gorrSeptember 18, 2015 12:09 AM

@ Alan Kaminsky
>Just because I'm paranoid doesn't mean they're out to get me

Well, you visited this blog, so... ;)

SkepticalSeptember 18, 2015 1:07 AM

So:

1 - Library installs Tor on its system and acts as a relay node.

2 - Local police mentions to library trustees that Tor can be used for illicit activities and often is, although it also has legitimate uses.

3 - Library trustees, most of whom probably had little idea as to how Tor works or what the implications of functioning as a relay node are, decide to temporarily disconnect it until they can meet and discuss the issue.

4 - They do so, and decide to re-connect.

That's it. No government intimidation, no suppression of speech, no pressure.

Let me add that the library almost certainly has free wireless access, so anyone with a laptop could already use Tor.

Spinning this as some fight against government pressure, as some comments have, may serve the interests of certain non-profits, but it doesn't appear to be an accurate portrayal of the reality.

But hey on the subject of exit nodes, let me pose a hypothetical question. You're running an exit node, and are just as happy as can be, imagining political dissidents in authoritarian nations such as China, Russia, Iran, and elsewhere, hopping and skipping to your node to be able to speak freely.

It disturbs you though that a large amount of traffic seems almost certainly illicit - traffic that abuses the resources you've provided, and traffic that contributes to the harm and exploitation of innocents around the world.

So, what do you do? Or do you consider it just unfashionable to even consider it a problem? Perhaps you don't think about it at all, and even adopt a hostile attitude towards those whose job it is to combat that problem. Perhaps you try to design a solution. Or perhaps you just pat yourself on the back for "doing your part" and think no more of such things.

Clive RobinsonSeptember 18, 2015 6:40 AM

@ fgaff / rgaff :-)

Is that conceptually kind of like running a middle relay node directly on the client machine, that the client uses as its own private entry/exit point as well?

In essence yes, over and above the traffic analysis issues --which we know how to solve within reason-- there is also the issue of keeping the private connection private.

I've been thinking on this for some time now, and I've come to the conclusion that both crypto and anti traffic analysis needs to apply to that link as well. That is the actuall hardware runs the equivalent of a "tap bridge" and a "client" connected to the tap via a network loop back or suitable IPC process. Each in it's own VM or sandbox.

Not only should the tap traffic be encrypted it needs to be padded as well. Thus allowing for the client to actually run on another processor or computer in a cluster or as a thin client across a private network, that could in practice be across another communications link such as an HF or satellite radio link.

Further if the tap bridge is designed correctly, there is no reason why you could not in effect join two together via the taps across a different communication link, thus bridging over using the Internet.

With a little extra effort the taps could go to the equivalent of a "Fleet Broadcast" in a mesh radio network, thus those listening will not know which receive node is actually acting on any given packet of information.

I suspect it's fear of consumer level products that can do this in the ISM or equivalent "open licence" bands that led to a crackdown a little while ago on that 900MHz bridge that was to be presented at a security / hacker conferance. The simple fact is that "Pandora has opened her box" on this and push as hard as the NSA et al might, this baby is out and not going back. It makes you wonder if it could get "crowd source" funded... Especially if you make the hardware dual use for say bringing connectivity to small schools etc in areas where traditional Internet etc connectivity is low.

CallMeLateForSupperSeptember 18, 2015 10:13 AM

@Skeptical
"But hey on the subject of exit nodes,..."

Technical point: Lebanon's library operates a Tor relay node, not a Tor exit node.

rgaffSeptember 18, 2015 10:34 AM

@ anyone reading Skeptical's post:

Because getting a "visit" from the police and a "talking to" about what you're doing totally isn't the least bit intimidating.... I mean... NOBODY is EVER the least bit nervous when they get pulled over and they don't know why yet RIGHT???

Jonbenet is dead because of you.September 18, 2015 11:29 AM

1. Library installs Tor in accordance with their right to encryption specified as the legislative intent of CALEA.

1a. PTSD-crazed mutilée vet, having a slow day in his featherbed job at the Boston fusion center, accidentally notices (1) while downloading cannibal porn.

1b. PTSD-crazed mutilée vet vet gets Manning flashbacks and goes all General Quarters, Ah-OO-Gah-OO-gah!

2. 92-IQ cop makes a face like Barney Fife and goes "Uh, oh, Darknets!" and runs to the library.

3. Library management confers and tells Barney Fife to fuck off.

4. Avowed technical ignoramus Skeptical comes running yelling KIDDY PORN KIDDY PORN KIDDY PORN!!!!1!, heroically interdicting the 16 million cops enticing each other to trade kiddy porn from Comey's private stock, and their quarry, the four senile sad sacks hunt-n-pecking "Shirley Temple" into the facebook.

Sancho_PSeptember 18, 2015 3:34 PM

@Skeptical

Why have you omitted the details between 1 and 2, revealing the shocking American reality in 2015?

”Local police mentions …” Oh I see, between two hot dogs, yes.

Your hypothetical question tangents the privacy discussion you gov tries to avoid:
My data are not your data, and their data are not our data, simply put.

Exit nodes are not built to spy on others, so “you” should not know about content. Eavesdropping is dishonest, shameful and even against the law.
Organisations who run an exit node do it for our liberty, not to spy on us.

To be clear:
What someone privately talks to someone is not your business. Keep out.

There is another thought worth to consider:
Data itself can not be criminal and do no harm, esp. during transit.
Compare it to any book, e.g. the Holy Bible, the data (content) is innocent, it’s what you take from it.

The use of data may be criminal, and LE is welcome to act here.
Did the DHS inform the library regarding the imminent danger in their books?
Will they redact them?

tyrSeptember 18, 2015 5:20 PM


More library stuff.

https://www.gutenberg.org/ebooks/50000

This was the first interesting place I found on the
interNet. They didn't have much then a few ebooks
typed into ascii comp files and a vision for a better
future for everybody.

The local branch libraries around here are crap. They
order multiple copies of the latest best sellers and
sell off better material apparently at random. I have
downloaded and given then all of the gutenberg CDs
and DVDs so they can pass them on. Someday we might
need a decent library to rebuild civilization or at
least leave an interesting record of how we achieved
extinction by dumbing ourselves out of existence.

CallMeLateForSupperSeptember 19, 2015 10:33 AM

@tyr
Kudos for surfacing Project Gutenberg. It was one of the best good things that I, as well, found on the net. I d/l the autobiographies of Mark Twain and U.S. Grant to a laptop and read them on vacation. Wonderful project. I highly recommend it.

Though several file formats are available, I always choose ASCII.

Special, for-purpose eReaders and their embedded spyware; proprietary file formats; sharing restrictions; cost. These invasions and complications are antithetical to pleasure reading, IMO.

NiceFakeNameSeptember 19, 2015 2:49 PM

@WRBTOS said "Library privacy policies are meaningless and outdated. Everyone acts stupid like you still have privacy. In America it’s up to each user to fend for themselves from the foxes of Big-Data."

Some idealists that the public school system that I found myself subjected to, instilled in me a value of privacy and not acting stupidly. Eventually I learned that enough of them were hypocritical slave owners that I ought to reconsider things. If it were not for that later insight, I'd shed tears over your accurate description of Library privacy policies in this day and age. The epochal moment seemed to be 9/11, and just as a certain idealistic propagandized view of anti-torture went out the window, so did the view that it was the most insane thing imaginable to allow police departments to collaborate with librarians to monitor which books a person was reading.

ActuallySkepticalSeptember 19, 2015 2:54 PM

@Skeptical was heard to opine - "3 - Library trustees, most of whom probably had little idea as to how Tor works or what the implications of functioning as a relay node are, decide to temporarily disconnect it until they can meet and discuss the issue."

I'm too skeptical to believe this is likely to be true without much further investigative journalism. In one of the mainstream (ARSTechnica?) articles about this story, there is a quote from someone relevant at the library stating that they were surprised by the controversy. I'm too skeptical to believe that likely either. It sounds like someone playing stupid to me. Or are we supposed to believe that this library tor project is actually targeting the most stupid of librarians in their first wave of deployments? Good Luck With That (no, I'm too skeptical to believe that likely either)

DanielSeptember 19, 2015 3:48 PM

@NiceFakeName

Not at my library! My public library does not keep a record of what books are checked out unless one specifically tells them too. They don't keep logs. The only thing a warrant could see is what one currently has checked out.

Now in theory if the warrant was on-going the police could get a picture of one's interests because in effect the police would maintain the database and not the library. But even in that situation there would be no data for the library patron prior to the warrant.

The other qualification is that once a patron opts in they cannot opt out again.

Also, I don't know that the library would tell one if there was a warrant--probably not.

So if your library does keep logs you should agitate that they do not. There is no law that requires it.

SkepticalSeptember 19, 2015 4:29 PM


@LateForSupper: Technical point: Lebanon's library operates a Tor relay node, not a Tor exit node.

Yes, and I said as much in my comment about the Lebanon library.

The original post however describes the persuasion of libraries to providde exit nodes as a goal of the Library Freedom Project. So once I'd finished commenting about the library, I raised a separate hypothetical concerning exit nodes - a subject raised in the post.

@rgaff: Because getting a "visit" from the police and a "talking to" about what you're doing totally isn't the least bit intimidating.... I mean... NOBODY is EVER the least bit nervous when they get pulled over and they don't know why yet RIGHT???

No, I don't think city officials are nervous when their local police tells them that while Tor can be used for legitimate purposes, and that there's nothing illegal about it, it's also used for many illegal purposes.

The city officials sounded more concerned about the public relations aspect to this than anything else.

NOTHING in here sounds remotely like intimidation, and NO ONE has said they were intimidated in any way. Indeed the local police themselves said that they weren't necessarily opposed to the idea.

The motto of New Hampshire is "Live Free or Die", and libraries there no longer keep records of who has checked out material in the past precisely so that it would be impossible for them to ever divulge such information.

My favorite part of the story is this: apparently while the library operated a relay node, software allowing patrons to actually use Tor was not added to the public computers in the library.

In other words, this has nothing to do with anonymous browsing at libraries, and nothing to do with police intimidation.

@Sancho: Exit nodes are not built to spy on others, so “you” should not know about content. Eavesdropping is dishonest, shameful and even against the law. Organisations who run an exit node do it for our liberty, not to spy on us.

Of course Sancho. But it's perfectly possible for an intelligence agency or law enforcement agency to see connections from an exit node to a known network engaged in some practice that is both harmful and illegal, and to then approach the operator of the exit node and say "hey, do you realize that 80% of the traffic from your server is used to enable...."

That's really the crux of the problem here - that while the operation of an exit node does enable some good, it also enables some bad. So I don't view the decision to operate one as an uncomplicated one. Nor would I view the decision of a developer not to even consider ways of mitigating harmful use of the technology as an uncomplicated one.

There is no easy answer, Sancho. Let's stop pretending that there is.

DanielSeptember 19, 2015 6:03 PM

@skeptical

That's really the crux of the problem here - that while the operation of an exit node does enable some good, it also enables some bad. So I don't view the decision to operate one as an uncomplicated one.

It is uncomplicated. Let's change your statement by modifying one word.

That's really the crux of the problem here - that while the operation of a BOOK does enable some good, it also enables some bad. So I don't view the decision to operate one as an uncomplicated one.

Yet no one finds printing, or have a library, complicated. If they did, they lost that battle hundreds of years ago. There are many things from a hammer to a book that are capable of both good and ill. But in our society and in our consistent traditions we have held that it is not the technology to blame but the use to which it is put.

Banning exit nodes--like banning encryption--is like banning books because censors can't read. We could do that...we could ban all books in order to prevent censors from having to be come literate. Thankfully and wisely our society chose a different course.

All this nonsense about how "complicated" simple questions are is simply the statement of a blowhard with a transparent agenda.

Kevin CSeptember 19, 2015 6:33 PM

It may be true, as you claim, that librarians have been "protecting our privacy for decades," but it sure ain't true of all of them.

When I asked the technology officer at the Wellesley, Massachusetts town library how to go about getting our library signed up for the Tor initiative, I received a guarded but negative reply, containing a vague reference to "apparently questionable activities."

I was undaunted: this library is a member of greater Boston's Minuteman Library Network. Seems like a promising group to engage for a project involving freedom, does it not? So I then followed up asking how to bring the question before the town librarian. This time I received a one-line email from the librarian: "This does not appear to be a project we can take on at this time."

So the lasting image is less that of Minutemen at the Concord Bridge than of the characters in the fable of the Little Red Hen, willing to enjoy the fruits of others' sacrifices for freedom, but unwilling to lift a finger for freedom themselves.

Sancho_PSeptember 19, 2015 6:56 PM


@Skeptical

Oh, it is easy - only it will not be perfect for everybody and everything.
But no answer / solution would.

Again your reply avoids the statement in the posting you reply to,
instead you try to confuse (yourself?) with an unfit example.
On the contrary, your example reveals a bizarre mindset in context with privacy - it’s nearly the opposite.

Yes,
”it's perfectly possible for an intelligence agency or law enforcement agency to see connections from an exit node to a known network engaged in some practice that is both harmful and illegal,”
but it would be completely useless to approach the operator of the exit node,
because the operator is honest and doesn’t know about content.
Even if, until the traffic doesn’t harm his server it is not his business.

On the other hand, when a stupidity agency or LE “sees ... harmful and illegal connections”,
it is their duty to take action - not to talk to a “tool” in the network.

Yet in reality they seem to sleep at the wheel or watch porn.
That’s exactly why no one trusts them: Tons of spam, fraud and data theft.

And then, cowardly speaking in condition of anonymity, they blame others for their own blunder / failure to protect the nation.

Don't you care about Macaulay Culkin's sphincter?September 19, 2015 7:06 PM

In which Skeptical dreams up unspecified abstract malefactions, the very quiddity of terribleness, whatever they are, and philosophizes about them like some kind of retarded Socrates. To prove it, Skeptical pulls an honest-to-god actual number - 80 per cent(!) - out his ass because it's, uhh, possible. Very convincing - at those for-profit online universities they send the troops to on my tax dime.

At least now Skeptical is embarrassed to play the kiddy-porn card directly. Maybe somebody at Boston Goskomizdat explained it real slow to him: if the US government gave a rat's ass about child sexual exploitation, NSA contact chaining could instantly link the Franklin Scandal pedos to the Watchers, Penn State and hilariously fake hedge-fund tycoon Jeffrey Epstein. Why? Because the US government keeps the chicken coming for Soviet-style kompromat of VIPs. When you blackmail a pedophile, he stays blackmailed. So don't gimme this save the children shit. CIA cornered the market on rectal fistulas long ago.

And the easy answer is fuck off, Special Agent Dick Steele, you can't read my mail.

rgaffSeptember 19, 2015 9:12 PM

@Anyone reading Skeptical's tripe:

Because getting a "visit" from the police and a "talking to" about what you're doing totally isn't the least bit intimidating.... I mean... NOBODY is EVER the least bit nervous when they get pulled over and they don't know why yet RIGHT???
No, I don't think city officials are nervous when their local police tells them that while Tor can be used for legitimate purposes, and that there's nothing illegal about it, it's also used for many illegal purposes.

So... this moron is saying that a federal agency got in touch with state police, who got in touch with local police, who gave someone a visit JUST TO TELL THEM THAT WHAT THEY WERE DOING IS LEGAL???? So three levels of police just run around all day telling people about all the legal things they do???? (and, as an aside, at the tail end, hardly worth mentioning, it CAN be used to do illegal things too...) This is me making fun of Skeptical! That's ridiculous!

The city officials sounded more concerned about the public relations aspect to this than anything else.

Now, THERE is the REAL reason for what the police released about what they said to the public! Even Skeptical admits it here! So of course they whitewashed what they said, for the PR angle... that's what PR is... they didn't say it to the newspapers the way they really said it to the library! Duh!

SkepticalSeptember 20, 2015 3:59 PM


@Sancho: but it would be completely useless to approach the operator of the exit node, because the operator is honest and doesn’t know about content.

Of course, but you're missing the actual ethical question that the hypothetical raises.

@rgaff: this moron is saying that a federal agency got in touch with state police, who got in touch with local police, who gave someone a visit JUST TO TELL THEM THAT WHAT THEY WERE DOING IS LEGAL???? So three levels of police just run around all day telling people about all the legal things they do???? (and, as an aside, at the tail end, hardly worth mentioning, it CAN be used to do illegal things too...) This is me making fun of Skeptical! That's ridiculous!

Let me quote the director of the Lebanon Public Libraries (who is obviously in favor of running the relay):

"I can understand the perspective. It's a really difficult question. How can you tell if the bad is outweighing the good? It's very difficult, because the whole nature of the project is anonymous. What's going through that server, I don't know."

The issue was raised with other government officials because the relay node is being run with taxpayer money. Tor enables some good; Tor also enables a lot of bad. The question becomes: is this something we want to fund or get involved in?

That's it. And the local police didn't "visit" anyone. The local police is a part of the city government, and they talk to, and email, other officials in the city government all the time. It was probably "hey, someone from so-and-so forwarded me this news article on Kilton library. Thought you should see it."

DanielSeptember 20, 2015 5:15 PM

@Skeptical

You are grossly misrepresenting the librarian's words. The librarian is not saying that he thinks the question about whether to run a tor node is difficult. He is saying that he understands the perspective of those who find it a difficult question. That is an entirely different thing. I too understand the perspective. I think it is an idiotic perspective but I understand it. Indeed, its idiocy is precisely what makes it easy to understand. But I no more agree with that perspective than the librarian does.

Given how much garbage you write, I shouldn't be surprised that your reading comprehension is at the same level.

Sancho_PSeptember 20, 2015 6:50 PM


@Skeptical

re ”Of course, but you're missing the actual ethical question that the hypothetical raises.”
Oh, sorry, please -
bring it up so I could probably learn what you understand as being “ethical”.

***

”The issue was raised with other government officials because the relay node is being run with taxpayer money. Tor enables some good; Tor also enables a lot of bad. The question becomes: is this something we want to fund or get involved in? [my emph]

The answer is yes, we should,
because information is right or wrong, not good or bad.

The purpose of a library is to offer information to the interested public. Tor is mostly used to get information, especially that kind of information that might raise suspicion if connected to a certain individual, regardless of the reason.
This is especially true for youngsters - Didn’t you visit libraries / bookshops just to rummage through all kind of collected knowledge?
Had you have an officer or your father behind you all time?

So a library and Tor are perfectly working together in education.
Simply drop paranoia and start to see people as being innocent - until guilty.
Education is key to understanding, respect - and peace.

Yes, some individuals abuse Tor. So they do with …
Get the LE to take them out, don’t waste resources by eavesdropping on innocents.

rgaffSeptember 21, 2015 3:34 AM

Nah, maybe the police should "visit" those who think about funding roads with taxpayer money, after all, there's so much evil they enable, criminals and even TERRORISTS drive on them all the time... YOUR CHILDREN MAY DIE AS A RESULT!

I mean, that's what Tor is after all, a virtual road to information...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.