An abstract image of a greyscale gradient triangle on top of a greyscale gradient background.

Image by Xiaowei Wang.

Free as in Smash the Surveillance State: Alison Macrina on Library Freedom Project and Tor Browser

There are a thousand reasons to feel sentimental about public libraries. Perhaps the most obvious is that they’re freely accessible repositories of vast amounts of human knowledge. But librarian Alison Macrina gives us yet another reason: libraries can serve as the front line of a community response to mass surveillance. After all, there are thousands of them across the US. They have chairs and air conditioning and public computers. And, most critically, they have librarians.

In 2013, Macrina started teaching digital privacy workshops at the Watertown Free Public Library outside of Boston. In 2014, she founded the Library Freedom Project to expand that work to other libraries around the country. As part of her workshops, she has taught library patrons about Tor Browser, which looks similar to Google Chrome or Firefox but protects users’ privacy and anonymity under the hood by proxying web traffic through multiple servers along the way to its destination. While Macrina was building the Library Freedom Project, she also led Tor’s community team—work that took her around the world to conduct user research with activists who needed to protect their identities online.

Lately, she’s been running a new initiative out of the Library Freedom Project: the Library Freedom Institute, which scales up her work by training librarians around the country to run workshops similar to the ones she used to run herself. We sat down with her to learn about privacy, power, and why librarians can save the world.

You founded the Library Freedom Project and you're also a core contributor to the Tor Project. Which came first for you?

Library Freedom Project (LFP) came first. I was working at a library outside of Boston in Watertown, Massachusetts. Through a confluence of forces, including living through the Boston Marathon bombing and the police militarization around that, plus the Snowden revelations just a couple of months later, plus the nascent but growing Black Lives Matter movement... all of it made me think about technology and policing and privacy in a way that I never had before. 

I started LFP in the summer of 2014. At first it just involved teaching people about privacy in my library, doing some introductory community events. When there turned out to be a lot of interest, I cold emailed the people at Tor saying, “Hey, I'm a librarian working on privacy, and I'm teaching people about Tor. Can I be in touch with your outreach people?” And they responded, “We don't have any outreach people. Do you want to be our outreach people?” That’s how the Tor connection happened.

I read that the Library Freedom Project's pilot project was setting up a Tor relay in a public library. What is a Tor relay?

The Tor network is made up of nodes run by volunteers. When someone uses the Tor Browser from their own computer, their web traffic gets bounced to all those different volunteer nodes so that someone looking from outside can’t trace that person’s web traffic back to their computer at their house. A Tor relay is one of those nodes; it’s a computer that’s configured to just forward traffic all day to other nodes of the Tor network. 

We did set up a Tor relay in a library in New Hampshire around the summer of 2015. It wasn’t quite LFP’s pilot; I had already been running LFP for about a year at that point. But a lot of people first learned about us because the relay got the attention of the Department of Homeland Security (DHS), and that whole situation got some press coverage.

How did the Tor relay project come about? And what was your pitch to that library?

I had been traveling around the country doing these direct trainings, building relationships with librarians and helping them understand the surveillance problem from justice-focused angles. I was focusing on strategies that they could employ, both in their direct work with patrons, and then also in a bigger, advocacy sense—macro-level stuff they could do out in their communities. 

The Tor relay project came about because I started thinking about how libraries are in a strong position to run privacy infrastructure. And Tor relays were the perfect example. In order to run one of these things, all you need is a little bit of bandwidth. It also helps if you are an institution rather than an individual, because law enforcement might be more likely to hassle an individual, especially if they run one of the exit relays, which is identifiable on the network.

I thought, “Libraries are ideal for this.” Fortunately, because I had built all these relationships, I knew who the other hardcore privacy-minded librarians were. One of them was my friend Chuck McAndrew at this library in New Hampshire. He was already a Linux guy and he was as evangelical about privacy as I was. He was 100 percent on board with being the first library to set up a Tor relay. The conversation asking him to do it was quite simple. I was like, "Maybe you want to do this?" And he was like, "Yeah." So it was easy.

The Tor Project has its critics. Did you get any pushback? 

We set the relay up and promoted it. A cute little story ran in Ars Technica. And then the library contacted me a few weeks later and said, "We've gotten this email from our local police department who've been contacted by the DHS. They said that we’re not allowed to have the relay and that we have to turn it off." The library was understandably frightened. 

I remember being pretty taken aback when I first read the email. But then I thought, “Well, this is the best thing that's ever happened to us.” At that time, people weren't thinking about DHS in the way that they are now—I mean, certainly immigration activists were, but the general public was not. You might recall that before Trump, DHS was seen as the ugly stepchild of the intelligence community. They're a Bush-era construction. People were like, “What do they even do?” And the "homeland" thing in their name is just creepy. So of all the federal law enforcement agencies that could have gone after us, they were the best because they're total yahoos. 

We rallied around the library and got a lot of support from the ACLU and the Electronic Frontier Foundation and the local community. The libertarian separatist community that lives in New Hampshire even showed up. It was a great demonstration of support for the library and privacy, but also a broader rejection of that kind of law enforcement interference.

We had a big public hearing, and you can imagine what a library board meeting on a Tuesday night in rural New Hampshire is normally like. But that night, it was standing room only. A bunch of press came. Meanwhile, no one from DHS showed up. They knew they had no legal grounds to ask the library to remove the Tor relay. 

So anyway, the relay got turned back on and it was a lovely story. That was the first big thing that happened for LFP. 

That's wild. How did DHS find out about the relay? Were they monitoring the library's internet traffic or social media or what?

I guess they read Cyrus Farivar? He was the journalist who wrote the article about us for Ars Technica. Someone later did a FOIA request for the DHS emails and found that an agent linked that article and then said something funny about me. That was basically it. 

Privacy School

When did the Library Freedom Institute (LFI) happen? 

People were super into the LFP trainings. I was getting invited to speak to a lot of librarians. It became apparent to me pretty quickly that I couldn't scale the project in the way that I needed to without bringing other people in somehow. 

It was also clear to me from the beginning that we needed to have a community response to surveillance. I really wanted to build a community of practice that could meet that challenge, so I started thinking about what that could look like. I developed a blueprint for a six-month-long train-the-trainers workshop where librarians located in different places could get together online every week and learn about this stuff. I got grant funding, and our first LFI cohort of thirteen librarians started in June 2018.

We're currently experimenting with different timeframes, but LFI workshops currently run for four to six months. Librarians apply to get into it. It's totally funded by the Institute of Museum and Library Services (IMLS), so it's free to attend. We spend each week online together thinking about a different aspect of the surveillance problem. To date, there are forty-three librarians that have finished the program, and another twenty librarians will begin the course in March 2020. 

Where are these librarians joining from?

We have librarians in twenty-one states. In this last LFI cohort, we had three people in Georgia, somebody in West Virginia, a couple of New Yorkers, a few in the Bay Area, one at Los Angeles Public Library, Boston Public Library, Hennepin County Public Library in Minneapolis. All over the US. For now, we’re restricted to the US since our funding is through IMLS, a US federal agency. 

I make sure there are a lot of folks from rural libraries and Southern libraries since those libraries tend to be under-resourced and far from in-person training opportunities. We also prioritize public librarians because they tend to interact with the public more than academic librarians, and also because public librarians generally don’t have the professional development funding to make something like LFI happen on their own. 

Do they come representing their patrons or are they also curious for themselves?

A little of both. In order to be accepted into the program, there's a short application and it's basically a free-form questionnaire about what they see in their communities and what their personal experiences are that make them a fit for LFI. Sometimes their community is representative of who they are. 

One of our librarians from the last cohort is Anishinaabekwe of the Sault Tribe of Chippewa Indians. They work in a non-Native community now, but their whole objective was to think about how surveillance affects Indigenous people. How, for example, Indigenous women are more subject to certain kinds of both domestic violence and state violence, and how surveillance intersects with that. 

To talk about surveillance online, you have to talk about how the internet works, and it seems like a fine line between being too high-level and too technically nitty-gritty. How do you teach about the internet? 

Most of the time, what we're teaching is fairly 101-level. In terms of getting into the structure of the internet, we try to avoid getting in the weeds just because most people, whether they’re the librarians who we’re training for the first time or the patrons who our graduates go on to train, come into a privacy-focused educational setting feeling hopelessness and resignation. Often, they're dealing with a problem that is happening to them right now, like stalkerware or having had their identity stolen. They're already freaked out. Most people think they don't have a good sense of how technology works. They already feel stupid asking questions about it. 

In LFI, we work with a trainer named Mallory Hanora, who comes from the world of  prison abolition and teaches us how to create transformative workshops. Their framework is about incorporating the experiences of the people in the room, being as nonhierarchical as possible, meeting people where they are—all these sorts of things to create an environment that people can actually learn in. 

Then, LFI graduates are able to bring that kind of framework forward in their workshops with their own patrons. Usually when they teach, no matter what the focus of the lesson is, people will say during the question and answer period at the end things like, "I started using this password manager. Is this good?" Or, "My nephew told me about this thing I can download to block ads. What do you think about it?" That is fascinating to me because it confirms to me that people do care about their privacy. They are already taking steps to mitigate or manage what is revealed about them on the internet. They haven't developed a nuanced threat model for their own unique situation, but most people are already doing something. In those moments, LFI librarians have the information and facilitation tools to help patrons build on what they already know.

User Testing in Uganda

I want to make sure we also talk about Tor. What does your work on the community team look like? 

I was the community team lead for two years and I'm still a contributor, though not at the level I used to be as Library Freedom Project has taken up more of my time. The community team works on outreach—teaching people about Tor and getting more of an understanding of who it's for and what it does. LFP really fits into that work. But beyond LFP, Tor is a global community, so our outreach is global. 

The interesting thing about Tor software development and usability research is that we don't do the surveillance stuff that some software does to make sure that it's usable for you. We don't track your clicks or how your mouse moves around the page; we're not doing A/B testing and getting analytics back. So how are we supposed to know how well Tor is working for you? For years, we got that feedback directly from the most technical people because that was who was using Tor. But the problem with that method was that it meant we were designing for the most technical people, and if only the most technical people are using Tor, then Tor doesn't actually work. 

A couple of years ago, we started focusing on making the Tor Browser usable for people doing social justice movement work—water rights, reproductive justice, queer and trans issues—around the world. We wanted to focus on members of these movements in the Global South for a few reasons. One is that we didn't want to have the kind of free software project that was all white dudes in the US and Western Europe, which is what most of those projects are and, to be honest, what ours kind of was. We also thought it was important to understand the context of using Tor in places where the internet is much slower and more expensive—places where there are all kinds of environmental factors that make using it harder, even if you know how to use it technically. 

Our teams started traveling to meet with community organizers who were part of political movements in different parts of the world. We spent a lot of time learning about their contexts, what kinds of work they do, and who their adversaries are. Then, we showed them the Tor Browser, conducted some user tests, and asked for feedback. That's how Tor usability work has been happening for some time now. 

Can you give an example? 

In 2018 I traveled to Uganda with Antonela Debiasi, the head of Tor’s usability team. We visited two cities: Kampala, the capital, and a smaller city called Hoima. Hoima is in what's known as the Albertine region of Uganda, after Lake Albert. They discovered a lot of oil in the Albertine region around fifteen years ago, and US, Chinese, and Israeli companies have been scrambling to extract the oil in that region since then. 

Antonela and I met with a number of people in Hoima, mainly environmental activists. They were mostly doing journalism, writing and publishing anonymously to try to bring international attention to the environmental effects of large-scale oil extraction that they were experiencing. We asked them who their adversaries were and what they knew about the companies operating there. They had some anecdotes about people being followed and weird things happening with their phones.

In that situation, we were able to bring knowledge about the surveillance capabilities of these big companies. We talked about different kinds of monitoring that may have been happening, like Stingrays for intercepting phone calls. Of course, Tor can only solve a piece of those issues, but it can really help with anonymous research and publishing, especially if you teach people about what its limitations are. And it's like that with every different group: we learn about their context, we think about what Tor can do in that specific context, and we share information about other ways people can protect themselves. The process was similar when we went to Kampala, although the activists we met were focused on different issues. There are a lot of refugees there from Sudan and South Sudan, so people were working with them. And we met with reproductive and gay rights activists. 

In both cities, we were meeting with a combination of different people who knew each other through their own networks. I think that is fairly typical. In some cases, we try to go back again and meet with people a second time. But, in general, we learn all these things and then we take that information back to the developers and incorporate what we learn into the Tor Browser. 

What were the meetings like?

In general, our workshops with activists are fairly straightforward. We get together in a classroom and learn about their threat models—what kind of work they’re doing, who their adversaries are, what kind of work they would be doing if they felt less threatened by those adversaries. Since we work with people who are all familiar with each other through social and political networks, they tend to feel comfortable sharing these details in a group. After we get a better sense of their work, we give them a hands-on training on using Tor. We have them use their own phones and laptops, and we walk them through the download process while explaining what Tor does and doesn’t do. If it’s not safe for them to download the files directly—because evidence of the download would be visible to their ISP—then we can sideload them using a USB stick. We troubleshoot any issues that come up, and we learn about unique local challenges like data limitations, slow internet, or electrical outages. We think about the specific adversaries that these activists are facing and what kinds of capabilities those adversaries are likely to have. 

For example, from what we know about the companies operating in the oil market in Uganda, we can reasonably assume that they’re employing some security firm like NSO Group to spy on the activists. [Eds. NSO Group is an Israeli spyware company that sells surveillance software to governments.] And we know that the Ugandan government is monitoring them. Knowing those specifics helps us explain to activists how Tor can help. We also spend time conducting user tests, asking activists to complete a series of tasks using Tor Browser, and documenting what was difficult. 

Beyond the fairly unique threat models that people are working with, it's helpful to know how internet infrastructure impacts Tor use and performance in different places. For example, using Tor in San Francisco is slower than using Chrome in San Francisco because, in order to anonymize your traffic, Tor bounces your web requests to relays all over the world before it returns the website you want. So we figured that a slower internet connection would make Tor even slower. How much slower? In Uganda, it turns out: not much! The electricity goes in and out, so you get disconnected, but that impacts every browser the same way. It's also helpful to know how much data Tor is using and how much mobile data plans cost; a lot of the people we met there are primarily browsing on their phones and we don’t want people to have to use up their whole data plans. We learned about censorship by internet service providers there and which anti-censorship mechanisms that are built into Tor will work in those contexts. There’s all sorts of feedback that's coming to us in those meetings. We take all this information and write up a report for the developers and the user experience team so that they can address any challenges that arose. 

Socially Necessary Library Time

You’ve said that the discussion about privacy is really a discussion about power. The fact that Tor solves a similar privacy problem for environmental activists in Uganda and also for librarians in the US seems to highlight that.

Absolutely. That's the common thread in all of this, and that's my approach with Library Freedom Project. To me, privacy is the Trojan horse. Then when I get in the building, I'm like, “Alright, let's actually talk about capitalism.” Privacy is important, but what we're really talking about is the newest frontier of exploitation by capital. 

With both Tor and the Library Freedom Project, you're making libraries places that are anti-capitalist not just because they're free, but also because data harvesting won't work in there. You're making a Faraday cage around libraries.

I love that. I do think of libraries as one of the most socialist institutions that we have in the US in 2020: they are funded with public money. They are not means-tested. They're everywhere. You talk to the average librarian about why they got into the profession and there is a real love for the public. You can go into a library and you don't even have to use it for its explicit purpose of looking at books or magazines or computers. You can just go there and be, even if you’re the kind of person that late capitalism has decided is not worthwhile. To the library, you are. And this is a radical idea. Libraries’ doors are still open, even as their budgets get cut. They’re special spaces and I want to help them expand what they're capable of doing.

At the same time, right now, seven of the top ten companies by market capitalization are tech companies. Seven out of ten are using data that they take from us, without our consent, to create their products. That is part of our labor power: those products are made with our emotional labor, our mental labor. Privacy is a way to reclaim our labor power. I want people to think about those relationships. 

And, yeah, I also want people to not get their identities stolen. All of the more concrete problems are still important to me, especially when you think about who is subject to them—it's poor people and elderly people and people who don't have power. But with all of this work, I'm really trying to force a conversation about who controls the internet and what that means for our lives.

Alison Macrina is a librarian, internet activist, and founder and executive director of the Library Freedom Project.

This piece appears in Logic's issue 10, "Security". To order the issue, head on over to our store. To receive future issues, subscribe.