Protecting Patron Privacy

Recently, I was teaching a privacy class for librarians, and the topic turned to the privacy versus convenience trade-off—the occasional annoyances of using privacy-enhancing technologies online. An audience member laid out what she felt I was asking of the group. “You’re telling us to start selling granola when everyone else is running a candy store.”

The Republican-controlled U.S. Senate and U.S. House of Representatives have both voted to repeal restrictions on the sale of customer data by internet service providers (ISPs). President Donald Trump is expected to sign the bill into law. The restrictions were short-lived, enacted by the Federal Communications Commission (FCC) in October 2016, days before the election. Still, as Gary Price, editor of LJ infoDOCKET notes, "This troubling event is an opportunity for the library community to become a clearinghouse of awareness, education, and knowledge about digital privacy to those we serve." This article by Alison Macrina, founder and director of the Library Freedom Project, was originally published in July 2016. Macrina's site features a wealth of resources and links to resources to help libraries educate or work with concerned patrons. Libraries can also direct concerned patrons to the Electronic Frontier Foundation's Surveillance Self Defense page at


Recently, I was teaching a privacy class for librarians, and the topic turned to the privacy versus convenience trade-off—the occasional annoyances of using privacy-enhancing technologies online. An audience member laid out what she felt I was asking of the group. “You’re telling us to start selling granola when everyone else is running a candy store.”

I thought about her comment for a moment. “Yes, but don’t you see? There’s about to be a huge demand for granola, and no one else will have it.”

It’s true that the candy stores abound. We rely on dozens of free digital services for everything from email to document storage—“free” at the expense of signing over our personal data. Advertising covers the costs of our favorite blogs and news outlets—but ad trackers follow us all over the web, often without our knowledge or consent. The huge amount of data collected and stored in plain text makes it easy for intelligence agencies and law enforcement to Hoover up all that information using one of their many overbroad surveillance authorizations—whether or not we’ve been accused of a crime.

Just like the sweet stuff, all of these free services are gratifying in the moment but come with long-term costs. In fact, digital privacy is analogous to health in a number of ways—regularly seeing a doctor, paying attention to nutritional content, and making time for exercise can be inconvenient, but the costs of neglecting your health can be grave and irreversible. Maybe you’ll never have a heart attack, or maybe you’ll never get hacked, but if you do, you’ll probably be wishing you had taken some precautions to protect yourself.

I hear often from people who think that privacy can’t be salvaged, that the toothpaste is already out of the tube, and we should just give in to our Google overlords. While it’s true that the situation is dire, I’m personally not ready to give up such an essential civil liberty. Privacy matters; without privacy, we don’t actually have free speech: you can’t read, write, research, or talk freely if your every move is being monitored. There’s a reason why libraries have championed privacy alongside intellectual freedom since as far back as the 1939 American Library Association (ALA) Code of Ethics.

Furthermore, violations of privacy, much like other injustices, disproportionately affect people who are already vulnerable or marginalized. Police surveillance targets black and brown communities. Queer students are often in danger when their schools or parents monitor their digital communications. Politically dissident views are chilled. And, of course, paid alternatives to free but invasive services may be out of reach for poor or working class users—unless they come through the library. Privacy is vital to intellectual freedom, and although it might seem like a lost cause, the sooner we take steps to safeguard our digital privacy, the better we’ll be in the long run.

So where do we begin? Here are some fairly simple steps to get you started on bringing digital privacy into your library:

1Teach strong password strategies: My good friend Nima, Library Freedom Project’s technologist, likes to say that passwords are “the biggest vulnerability on the Internet.” What he means is that most people use incredibly insecure passwords—weak, not complex, nonrandom, and not unique (the same password for everything)—and this makes for a very simple entry point for any attacker who wants to compromise you. Strong passwords require randomness, in the true mathematical sense. My preferred password strategy uses the Diceware word list to create strong, memorable master passphrases. Using a regular six-sided die, you roll the die five times to get the first word from the ­Diceware word list. Repeat this process until you have a total of five, six, or seven words—you’ve now got a strong, memorable master passphrase that you can use to log in to a password manager, like or, and store the rest of your passwords there. Password managers have built-in password generators, so you can create strong, random passwords for all the other accounts you need without having to think of a jumble of letters and numbers yourself. I recommend changing all of your passwords to new, unique, random passwords as soon as you set up the password manager.

Finally, whenever possible, you should set up two-factor authentication. Two-factor authentication is a way to add security by including a second thing that only the user knows or possesses. For example, a common form of two-factor authentication is receiving an SMS message with a secret code that you have to enter after entering your username and password for a service. Two-factor authentication isn’t available for everything, but you should set it up if you see it available.

2Teach secure texting and calling: Using plain SMS for texting is like sending your text messages on a postcard. Apple has done a lot to prioritize privacy and security on its devices, including making iMessage end-to-end encrypted, i.e., no one can read the messages but the parties sending them. Apple does not have copies of the encryption keys. But what about folks with Android phones (or texting between iOS and Android)? Signal, from, enables end-to-end encrypted calls and texts for both iOS and Android users, and it works just like any other texting app, offering group texts, emoji, animated gifs, and more. Make sure to verify the fingerprint of the person you’re communicating with—read it out loud to them after long-pressing their name in the text message view, and make sure the one they see is identical to what you see.

3Update software and remove Flash: Software updates often contain patches for critical security vulnerabilities. The longer we wait to update software, the more we run the risk of serious exploitation. No one should use Flash for anything, ever. It’s horribly insecure. There is no way to use Flash safely—just remove it. Your patrons might ask for it if it’s gone, so I recommend making signs in the library about why Flash isn’t available. If you encounter any services that require it such as AdobeConnect, write a strongly worded email to whoever is in charge.

4Offer online anonymity with Tor Browser: Tor Browser is an incredibly sophisticated tool to protect privacy on the web. When you use Tor Browser, websites don’t know anything about who you are unless you log in and tell them. It protects your location privacy—anyone who observes your network traffic can’t see where in the world you’re really coming from. It also prevents websites from knowing which other websites you are visiting, making it harder to be tracked from site to site, and it includes a bunch of other built-in privacy protections.

Don’t make Tor Browser the default browser for any public access computers, however. Sometimes websites can behave in unexpected ways over Tor. For example, Google Maps may render content in non-English languages. Also, some sites block Tor. So offer it as a backup browser for privacy-minded patrons.

5Use HTTPS for all library digital services: All websites should use strong HTTPS encryption, not just banking or shopping sites. HTTPS encryption helps ensure three things:

  1. Confidentiality—no one can eavesdrop on what’s being transmitted between you and the website you’re visiting.
  2. Authenticity—assurance that you are visiting the site you intended to visit and not a malicious interloper.
  3. Integrity—encryption prevents would-be attackers from injecting something malicious into your traffic.

Sadly, an overwhelming majority of the web is still unencrypted, partly because most people don’t recognize how important HTTPS is and partly because HTTPS implementation can be difficult. But it has become much easier with ­, a new initiative to encourage the use of HTTPS by default for all websites. There’s even a client called CertBot that deploys Let’s Encrypt certificates automatically.

If your library is ready to start using HTTPS for all services under your control, please sign Library Freedom Project’s Digital Privacy Pledge. We’re encouraging libraries, membership organizations, and vendors to help make libraries the industry leader in using HTTPS across all of our services.

Just as we introduce our patrons to other new technologies, we can offer privacy education and tools in the library and assist our communities in identifying libraries as privacy-protective spaces in the 21st century. Let’s have the best granola stores our constituents have ever seen.

Alison Macrina is a Librarian, Privacy Activist, and the Founder and Director of the Library Freedom Project. She is also a 2015 LJ Mover & Shaker

Comment Policy:
  • Be respectful, and do not attack the author, people mentioned in the article, or other commenters. Take on the idea, not the messenger.
  • Don't use obscene, profane, or vulgar language.
  • Stay on point. Comments that stray from the topic at hand may be deleted.
  • Comments may be republished in print, online, or other forms of media.
  • If you see something objectionable, please let us know. Once a comment has been flagged, a staff member will investigate.


I often wonder at privacy. It seems to be uneven tutorials at every turn. A few libraries leave books people order on display so everyone can see what the orderers are reading or "into". Sometimes it feels like a naughty invasion. Or staff takes pictures of little kids and post on the Internet, along with their names, without asking permission. But many people do not want pictures of their children on the Web. One Library group went down to the kids playground to take pictures of children. If someone was hanging around taking pictures of my kids playing I would immediately think he was a predator. So many are not on the same page when it comes to web safety. On one hand we work hard to ensure privacy and spread the word, and on the other hand throw it away. Especially with kids who don't understand, for example, why posing for one stranger is alright and the next wrong. Many people don't understand privacy because they don't believe anything unfortunate can happen because of dishonest people. They feel its rude not to fill out all the questionnaires and personal info forms. They think its only a phone number or address and is harmless enough. I think there should be more courses on privacy and it should be uniform. Especially among children and the elderly who may be more trusting. It should be present with every device, computer, and Internet presentation given. The responsibility should be shared by manufacturers and Internet providers. Its like selling someone a gun without instructing safe handling and they hurt themselves.

Posted : Aug 09, 2016 10:31

Margaret Woodruff

Hello. I appreciate this clear and direct advice about protecting privacy. As the director of a small library in Vermont, I'd be curious to learn what libraries of our size and budget can do to implement patron privacy measures. I'm also curious about options to Flash since that program seems fundamental to many offerings that libraries are encouraged to include, such as coding programs and graphic design software for patrons. Thanks!

Posted : Jul 18, 2016 07:34


I eliminated Flash as soon as I became aware of the Occupy Flash movement (, but Flash is still (inexplicably) the standard. Disabling it blocks a lot of video and causes pages to hang. You can selectively activate it, but that gets tedious. When will Adobe do the right thing?

Posted : Jul 18, 2016 07:34


>>what libraries of our size and budget can do to implement patron privacy measures Good question, with many answers full of many steps full of many details. Alison's article hit on all the big ones. Her website has a pile of things to work on getting started with as well. Her first two here both involve training, something people want and should expect at their library. Teach, continually, IT Security and Privacy in your library, make it part of the culture. Have someone on staff keep current and continually stay informed on the latest in security and privacy. >>I’m also curious about options to Flash since that program That's currently a problem without an easy solution. My guess would be it will quickly be solved, as most websites are phasing it out now.

Posted : Jul 18, 2016 07:34



We are currently offering this content for free. Sign up now to activate your personal profile, where you can save articles for future viewing