Some years ago I did a few privacy audits for local public libraries,
where they went through all of their data-gathering points (circulation,
summer reading programs, vendors, patron letters to the library
director...) [1] It was very useful for them to discover where data
might "leak". At the time, none of the libraries I was working with was
terribly involved with social networking.
I think it would be good to provide libraries with more information
about what data is gathered via social networks, along with an analysis
of where they are putting their patrons' privacy at risk. My guess is
that many librarians are unaware of the data gathering done behind
something like Google Analytics -- they just see a service that they
need. And there's no use us complaining about it if we can't give good,
solid information about 1) what data is gathered 2) what is the
alternative.
I think a "Code4lib guide to library privacy" or something of that
nature would be a valuable contribution. I'd be happy to work with folks
on it.
kc
[1] http://kcoyle.net/privacy_audit.html
On 8/16/14, 10:12 AM, Riley Childs wrote:
I think that pretty much sums up the situation ;)
Sent from my Windows Phone
________________________________
From: Eric Hellman<mailto:[email protected]>
Sent: 8/16/2014 1:06 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [CODE4LIB] Library Privacy, RIP (Was: Canvas Fingerprinting by
AddThis)
I think what we want is http://socialitejs.com/
On Aug 16, 2014, at 12:52 PM, Riley Childs <[email protected]> wrote:
Another question for someone who utilizes these services: What analytics does
this provide and are the social analytics worth losing your user's privacy? (I
think not)
Can't we make our own non dynamic share links????
Sent from my Windows Phone
________________________________
From: Eric Hellman<mailto:[email protected]>
Sent: 8/16/2014 12:25 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [CODE4LIB] Library Privacy, RIP (Was: Canvas Fingerprinting by
AddThis)
So, 2 points worth discussing here.
1. I'll bet you most proxy servers are not proxying AddThis.com or
Sharethis.com. So there wouldn't be any effect of proxying on the user tracking
they do.
2. It really doesn't matter if you identify yourself to the catalog or not.
You're being tracked across sites all over the internet. If you identify
yourself to one of them, you can be identified. Note that the main concern here
is if you use your own device to access the library's catalog.
On Aug 15, 2014, at 5:52 PM, Karen Coyle <[email protected]> wrote:
On 8/15/14, 12:07 PM, Eric Hellman wrote:
AddThis and ShareThis, on the other hand have TOS that let them use tracking
for advertising, and that's what their business is. So, hypothetically, a teen
could look at library catalog records for books about childbirth, and as a
result, later be shown ads for pregnancy tests, and that would be something the
library has permitted.
Eric, I'm wondering about the full scenario that you are envisioning. Many
libraries use proxy servers, so individual users are not identified. (Meaning
that an 80-yr-old man may get the ad for the pregnancy test, not the teen.) In
addition, in many cases the machine wipes itself clean daily, replacing all
potential user files. (Someone else can explain this MUCH better than I just
did.)
In my public library, I do not identify myself to the use the catalog on site
-- not even to use journal article databases, because 1) authentication takes
place in the library system 2) the proxy server's IP is my identity for those
services. I have no idea what exits the library when I hook my laptop to the
open network. Shouldn't all of these factors be taken into account? Can anyone
articulate them from the point of view of a public library?
Note: At the university here at Berkeley, no network use is allowed without an
account, so there is no anonymous use, at least on the human side of any proxy
server that they run. But at the public library there is no log-on. So what is
AddThis getting in those two situations?
kc
--
Karen Coyle
[email protected] http://kcoyle.net
m: +1-510-435-8234
skype: kcoylenet/+1-510-984-3600
--
Karen Coyle
[email protected] http://kcoyle.net
m: +1-510-435-8234
skype: kcoylenet/+1-510-984-3600
