Tor Exit Nodes in Libraries - Pilot (phase one)

Hello Tor Community!

We first introduced you to the Library Freedom Project back in February after we won the Knight News Challenge on Libraries. Since then, we’ve been hard at work bringing privacy education to libraries across the United States, with stops in the UK and Ireland, virtual trainings in Canada and Australia, and more plans to visit international libraries in the works.

Today, we're excited to announce a new initiative, a collaboration between the Library Freedom Project and Tor Project: Tor exit relays in libraries. Nima Fatemi, the Tor Project member who's already helped Library Freedom Project in a number of ways, is our main partner on this project. This is an idea whose time has come; libraries are our most democratic public spaces, protecting our intellectual freedom, privacy, and unfettered access to information, and Tor Project creates software that allows all people to have these rights on the internet. We're excited to combine our efforts to help libraries protect internet freedom, strengthen the Tor network, and educate the public about how Tor can help protect their right to digital free expression.

Libraries have been committed to intellectual freedom and privacy for decades, outlining these commitments in the ALA Core Values of Librarianship, the Freedom to Read Statement, and the ALA Code of Ethics. They're also centers of education in their local communities, offering free classes on a variety of subjects, including computer instruction. Libraries serve a diverse audience; many of our community members are people who need Tor but don't know that it exists, and require instruction to understand and use it.

Some of these patrons are part of vulnerable groups, like domestic violence survivors, racial and ethnic minorities, student activists, or queer and trans communities. Others belong to local law enforcement or municipal government. All of them could benefit from learning about Tor in a trusted, welcoming environment like the library.

Bringing Tor exit relays into libraries would not only be a powerful symbolic gesture demonstrating our commitment to a free internet, but also a practical way to help the Tor network, and an excellent opportunity to help educate library patrons, staff, boards of trustees, and other stakeholders about the importance of Tor. For libraries that have already installed Tor Browser on library PCs, running a relay is the obvious next step toward supporting free expression in their communities and all over the world.

As public internet service providers, libraries are shielded from some of the legal concerns that an individual exit relay operator might face, such as trying to explain to law enforcement that the traffic leaving her exit is not her own. Furthermore, libraries are protected from DMCA takedowns by safe harbor provisions. Importantly, librarians know their rights and are ready to fight back when those rights are challenged.

In order to begin this new project, we needed a pilot, and we had just the library in mind – Kilton Library in Lebanon, New Hampshire, one of two Lebanon Libraries. Chuck McAndrew is the IT librarian there, and he's done amazing things to the computers on his network, like running them all on GNU/Linux distributions. Why is this significant? Most library environments run Microsoft Windows, and we know that Microsoft participated in the NSA's PRISM surveillance program. By choosing GNU/Linux and installing some privacy-protecting browser extensions too, Chuck's helping his staff and patrons opt-out of pervasive government and corporate surveillance. Pretty awesome.

Kilton Library is not only exemplary because of its GNU/Linux computer environment; it's also beautiful and brand-new, LEED Gold-certified, with an inviting and sunny open floor plan and an outdoor community garden. It's an example of the amazing potential inherent in libraries. We drove up to New Hampshire last week to start phase one.

We decided to set our pilot up as a middle relay to start – we want to ensure that it is stable and doesn't interfere in any way with the library's other network traffic. We nicknamed the new relay LebLibraries, and you can check out how our relay is doing here, on Globe.

After the LebLibraries relay is up for a few months, we'll return for phase two of the project and convert it into an exit node. Our goal is to make exit relay configuration a part of the Library Freedom Project's privacy trainings for librarians; we'll meet with library directors and boards of trustees to talk about how Tor fits into the mission of libraries as beacons of intellectual freedom, and how libraries are perfectly positioned not only to help our patrons use Tor Browser, but are the ideal location to run Tor exit relays to help give back to the Tor community.

We need more libraries to join us in this initiative. Want your local library to be our next exit relay site? Know an awesome librarian who wants to help protect free expression locally and globally? Please have them contact us with the answers to this questionnaire. We're also looking for libraries to host FOSS seedboxes. And as always, we want libraries to install and run the Tor Browser on library computers.

Want to support this project and more like it? You can make a donation to the Library Freedom Project, or donate directly to Tor Project. And stay tuned for phase two of our pilot with Kilton Library.

Alison Macrina and Nima Fatemi


A version of this post also appeared on The Library Freedom Project’s blog

Note: This post was drafted by Alison. (Thank you!)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Great initiative, i'm sure everyone is happy to see this

great man !!!!!!

Hats off to you both. This is a great idea for all involved.

Glad to see people are using macbooks running OSX while simultaneously claiming they care about software freedoms and privacy. It's comical.

Hatters gonna hate

Constructive.

RMS - is that you?!

Anon above makes a valid point about OSX but nevertheless, this is an awesome concept to leverage libraries in this manner.

No it's not a valid point

This is not a place to start stupid Os flamewars and is beside the main point of people making an effort to actually work on freedom and privacy instead of giving some lazy nihilism critics.

Every individual seeks their own balance in practicing what they stand for, that does not necessarily mean that you have to practice that every inch everywhere. Only when it's a matter of literally saving your back.
But in a way, if you want to, it's possible on a Macbook. You can run Mac OS X, Windows, Linux and even a live system like Tails on that Macbook, and it's just a matter of choosing the system that suits best for the different tasks that you do at different moments.

Every system has their own builtin (plus external) possibilities of finetuning it to protect your privacy. What the owner of that Macbook did to accomplish that is not to see from here.
So, therefor, it was a stupid irrelevant remark in this topic made by that other person.

Give these people credits for what they started and give them credits for that (if you want to).

it is not a 'flamewars' but a fact - closed source OS can't be secured ( w/o putting it in "clean room" environment with qualified IT personal). period.
and you can try to re-read Snowden's Google-Microsoft-Apple+NSA part before crying "flamewar!"

Point to consider:

Even if Mac OS X is considered safe, or at least safer than Windows, the hardware is something to consider seriously.

Even among the Intel platform variants and manufacturers, Apples scares me the most. Hardware backdoors are the next big thing and we should consider the dangers before a new Snowden has to warn us about it.

It absolutely IS a valid point:

The latest version of Mac OS (Yosemite) sends your keystrokes back to Apple by default without your knowledge or permission -- including the files you search for on your own computer through Spotlight, and the internet search terms which you type into Safari. Among other things, OS X also does the following:

- Installs a browser plugin to bother you if you change your default browser to something other than Safari.

- Silently calls home to report which programs are installed on your computer.

- Silently transmits your serial number to Apple (which can be used to monitor your location.)

- Permits the remote installation (or removal) of files on your disk WITHOUT displaying the usual update notification. (This has already been used to avoid bad publicity by invisibly patching serious bugs, but is not limited to upgrades.)

I won't even get into the privacy issues with Apple Mail. If Apple customers are not already outraged, it is because they are asleep. The main problem here is Apple's CALCULATED & CONTINUOUS DECEPTION through lack of unambiguous disclosure. So long as one single customer remains unaware of Apple's secret spying (and its cooperation with oppressive political regimes), we have a right and a duty to tell them, no matter how it offends Apple fanboys with fragile egos.

Of course OS X is a nice operating system. I understand why people use it. I also understand why people who WANT to use it refuse to do so. If there was a 100% compatible open source version, I have no doubt it would be very successful.

Another thing to consider are the hardware backdoors that various researchers have pointed out.

Of course these backdoors are not entirely made by Apple but many are present in every Intel based firmware.

Since most Tor relays and clients run on Intel hardware, there will be some time when this will have to be dealt with.

I'm a librarian, and i think this is an excellent idea! I want to sign my local public library up, and i think that as a fellow professional i can pitch the benefits very well. who should i talk to? could you please connect me with someone who can help?

Thank you for your support! You can contact us (me and Alison) via email at "exits at libraryfreedomproject org"

This is kickass. Even if you don't have the balls to go talk with your library, you could forward them the link to this blog article anonymously over Tor even.

Hornet Browser and Astoria Browser coming to a computer near you!

MIT researchers can break Tor anonymity without even touching encryption

http://bgr.com/2015/07/30/mit-researchers-can-break-tor-anonymity-without-even-touching-encryption/

Ok, I wrote up a summary of this article, oriented towards researchers and developers:
https://blog.torproject.org/blog/technical-summary-usenix-fingerprinting-paper

The very short summary is "their paper does not show that the attack would work in practice, but it is still a worthwhile research area to work on."

Is the plan to let regular library visitors surf the Internet from the same network as a tor exit node?

That's doesn't sound very nice and makes them a secondary citizens on the Internet, as they can not comment on blogs, send email etc. (And this in itself is not a bad thing. Exit nodes are public knowledge for a reason.)

No. Exit nodes would have a dedicated IP address / network by themselves.

This will cost money on a monthly basis. Who is expected to pay?

will be fun to see blogs based in libraries - so comments can be allowed. the same for public email.

Was it really wise to use the Lebanon Public Library website as contact e-mail on the exit node?

I hope I can get libraries in my country interested in this. It's a really great idea because I believe public libraries operate their own networks here so no worry of government stepping in to monitor network traffic.

This sample torrc file has an explanation about why it's important to include contact information for your relay: https://gitweb.torproject.org/tor.git/plain/src/config/torrc.sample.in

If you know your local librarians, feel free to put them in touch with us at exits (at) libraryfreedomproject (dot) org. We'd love to help them see why this is an important initiative.

Regarding another matter. I could already create my hostname and private_key, now do you set up the hidden service? And how to enter the page created in hostservice file?

Thanks for the answer!

Hidden Services have nothing to do with running a relay. It looks like we confused you there. Sorry about that!

Please take a look at this instruction on how to run a relay. I suggest you run a non-exit relay for a while and switch it to exit if you were comfortable with it.

Add this line to your torrc file to make it a non-exit relay:
reject *:*

How are you funding hardware for this on a larger scale?

Nice write-up by Cyrus Farivar in Ars Technica:

http://arstechnica.com/tech-policy/2015/07/crypto-activists-announce-vision-for-tor-exit-relay-in-every-library/
Crypto activists announce vision for Tor exit relay in every library
"Librarians see the value as soon as you say ‘privacy protecting technology.'"
Cyrus Farivar
30 Jul 2015

This is a fine idea and I hope all library systems in North America will quickly adopt it, followed by libraries around the world.

Possibly one could try to recruit academic libraries first. For example, with respect to censorship, the situation in countries like Turkey is muddled, but there are some "Western oriented" universities. If you like this idea, please dialog with academic research enablers such as arxiv.org, JSTOR, etc.

In view of the relentless hacking of university systems worldwide by state and corporate espionage agencies, I wonder whether something like Tor Ramdisk might be suitable for operating Tor routers safely from university networks.

Academic librarians should be warned that some departments may want to "fiddle" with their Tor node to "conduct research". Such blandishments should be routinely denied.

Great will it also block any off this ever happening again..Hope so

http://thehackernews.com/2015/08/unmask-tor-network.html

For years, I have urged the public library system in a certain city to be more friendly to Tor, but they always reacted with unreasoning ignorant horror, so I gave up. I hope Tor Project can do a much better job than I could of convincing them that Tor is every library patron's friend.

Is the LebLibraries node mentioned in the article still active ?

No, every indication suggests that it's offline. Cannot find any word about what happened to this relay or project. None of the Tor node status websites recognize it:

https://globe.torproject.org/#/search/query=LebLibraries
https://globe.torproject.org/#/relay/27A5FD22519F0AF83927CEF1304EE19484247582
https://atlas.torproject.org/#details/27A5FD22519F0AF83927CEF1304EE19484247582
https://torstatus.blutmagie.de/router_detail.php?FP=27A5FD22519F0AF83927CEF1304EE19484247582

But here's an archived copy: https://archive.is/vEG6L

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <em> <strong> <cite> <code> <ul> <ol> <li> <b> <i> <strike> <p> <br>

More information about formatting options

Syndicate content Syndicate content