Voices For Privacy Blog

Guidelines for Private Online Searching & Browsing

There are few options for searching without being tracked. To search anonymously from home requires tech-savvy and money. This is something many people do not have. Libraries should help any user access information anonymously.

Guidelines

A group of library privacy experts created the following guidelines. Use them to bolster your efforts.

Starting a Computer or Wi-Fi Session

  • Offer Guest User Options:
    • Allow users to log in to public computers and Wi-Fi without using their personal library card.
    • This can be facilitated through the use of guest passes.
    • Do not require identification or keep logs of users who check out a guest pass or sign in as a guest.
  • Avoid Paper Sign-up Sheets:
    • Do NOT have paper sign-up sheets for the computers.
    • If there is no other option, practice the following:
      • Staff should always be in control of these paper sign-up sheets
      • Only require the minimum amount of data needed for reserving a computer.
      • Shred paper sheets at the end of the day.

Filtering Software

  • No Logging: Filtering software should not log user activity. Ensure and verify that this is not happening on filtered computers.
  • Guest Passes: If disabling logging is not possible, offer a guest pass at no charge.
  • Age Data: Do not capture proof of age when removing filters. Just verify.

Erasing Computer Sessions

  • Public Computers:
    • Set public computers to load a fresh computer image after each user session. Software example: Deep Freeze.
    • End sessions automatically if the user forgets to log out at the end of a session.
  • Circulated/Loaned Devices: Reset or reimage borrowed devices at point of check-in. Examples of devices: laptops, tablets, and other mobile devices.
  • Session Logs:
    • Do not store logs of users’ computer or Wi-Fi sessions for longer than 24 hours.
    • Delete computer reservation and Wi-Fi session logs that contain personal information. Include this practice as a closing activity.
    • Do not collect information about user activity during a public computer or Wi-Fi session. Activity examples: applications used and web browser activity.
  • Printers: Clear the print queue for the print management system daily.

Physical Protections

  • Physical Space:
    • Arrange the physical library space for privacy. People should be able to use personal technology without observation.
    • If security cameras are required inside the buildings, optimize for privacy. Check to make sure they are not pointed toward screens or other places where they may record library use.
  • Privacy Screens:
    • Provide easily accessible privacy screens.
    • These screens should be available for any user who needs one.
    • If possible, install privacy screens on all public computers.
  • Shredding:
    • Shred print-outs left at the printer.
    • Provide access to shredders for users.

Browsers & Search Tools

  • Default Search: Set DuckDuckGo as the default search for all browsers.
  • Default Browsers: Set the default browser on computers to Brave or Firefox.
  • Anonymous Search with Tor:
    • Install the Tor browser on all public access computers.
    • Provide guides for users about how to use Tor for anonymous searching.

Training

For Users

  • Guides: Provide guides to users who wish to remain anonymous online. Examples:
    • Personal Accounts: Do not log in to any personal accounts during the entire session. Examples:
      • Google
      • Amazon
      • Facebook
      • Learning Management Systems
    • Private vs. Public: Treat school or work cloud-document services as public record. Don’t use these services to keep track of sensitive information.
    • Search Tools: Use a privacy-focused search engine, such as DuckDuckGo.
    • Mobile Browsers: Download privacy-focused browsers on mobile devices. Examples:
      • Firefox Focus
      • Brave
      • Tor
      • DuckDuckGo
  • Tech Help: Assist users in installing encrypted messaging apps, such as Signal.
  • Programs:
    • Device Settings: Teach users how to turn off the following on their devices:
      • Personalized advertising or ad tracking (iOS and Android)
      • Location sharing
      • Unused and unnecessary app permissions
    • VPNs: Teach users about virtual private networks (VPNs):
    • Attendance: Allow people to attend these training programs anonymously.
    • Alternatives: Provide digital and physical resources for those who are unable or unwilling to attend in person. Example: https://sec.eff.org/

For Staff

  • New Hires: Include privacy training as part of new-hire onboarding.
  • Ongoing: Have regular privacy training for library workers.
  • State Laws: Review state laws on confidentiality of library use data. Do this with all library workers.
  • Communication: Share updates on changes in privacy issues. Do this especially for state and national laws.

 

More blog posts »