The system not connected to the internet is more secure. But that border
keeps getting crossed. Stuxnet made the oxygen barrier leap, as have other
malware packages since, through a variety of exploit tactics, once they
managed to get to a machine that shared a network with or, in some cases,
was just in close physical proximity to another machine that wasn't
connected to the internet.
Generally speaking, I think surveillance is wretched stuff. But there is a
point at which the hand wringing becomes a bit much. I agree with Jon in
that, while things are at a critical point, the technologies of security
and anonymity will inevitable improve. In fact, the cruddy state of things
has been adding momentum to that progress. And I don't lose any sleep over
using Google Analytics to do some relatively innocuous web tracking. In
fact, I probably would lose sleep if I wasn't trying to track usage.
*Jason Bengtson, MLIS, MA*
Head of Library Computing and Information Systems
Assistant Professor, Graduate College
Department of Health Sciences Library and Information Management
University of Oklahoma Health Sciences Center
405-271-2285, opt. 5
[log in to unmask]
This e-mail is intended solely for the use of the individual to whom it is
addressed and may contain information that is privileged, confidential or
otherwise exempt from disclosure. If the reader of this e-mail is not the
intended recipient or the employee or agent responsible for delivering the
message to the intended recipient, you are hereby notified that any
dissemination, distribution, or copying of this communication is strictly
prohibited. If you have received this communication in error, please
immediately notify us by replying to the original message at the listed
email address. Thank You.
<[log in to unmask]>
On Fri, Aug 15, 2014 at 4:24 PM, Riley Childs <[log in to unmask]>
> First, I have to get it out of the way: One of the biggest things to
> remember, the most secure system is the one that is not on and connected...
> Second (read the entire statement): This tracking data serves as a barter
> system for services, but I think the big issue is that there is no "price
> tag" on the website, it is like walking into a grocery store and seeing
> "SALE!" but with no price tag, then getting to the register paying and THEN
> looking at your receipt and realizing that book cost your soul.
> Riley Childs
> IT Admin
> Charlotte United Christian Academy
> office: +1 (704) 537-0331 x101
> mobile: +1 (704) 497-2086
> web: rileychilds.net
> twitter: @RowdyChildren
> Checkout our new Online Library Catalog: catalog.cucawarriors.com
> From: Code for Libraries <[log in to unmask]> on behalf of Jon
> Goodell <[log in to unmask]>
> Sent: Friday, August 15, 2014 3:25 PM
> To: [log in to unmask]
> Subject: Re: [CODE4LIB] Library Privacy, RIP (Was: Canvas Fingerprinting
> by AddThis)
> I don't believe the horse has left the barn forever. As Bruce Schneier
> says, security is a process, not a product. And as we learn more about this
> space we can advocate in our own institutions for greater awareness and
> perhaps adjustments to the technologies we use to evaluate online activity.
> AddThis and ShareThis probably have limited value for the data they
> compromise. Google Analytics is probably a much better trade. EZproxy
> On Fri, Aug 15, 2014 at 2:07 PM, Eric Hellman <[log in to unmask]> wrote:
> > On Aug 14, 2014, at 4:32 PM, William Denton <[log in to unmask]> wrote:
> > > At the university where I work Google Analytics is the standard, and we
> > use it on the library's web site. There's probably no way around
> > that---but we can tell people how to block the tracking, which will help
> > them locally (ironically) and everwhere else. (I use Piwik at home, and
> > like it, but moving to that here would be a long-term project, only
> > for technical reasons.)
> > I think a reasonable place to draw a line in the sand is "use for
> > advertising". If you look at the Google Analytics site, it doesn't appear
> > that they can use Analytics tracking for advertising, because they don't
> > make the carve-outs for children that I believe would be required if they
> > did. So if you trust google, and assume they know everything anyway, you
> > can let them track users.
> > AddThis and ShareThis, on the other hand have TOS that let them use
> > tracking for advertising, and that's what their business is. So,
> > hypothetically, a teen could look at library catalog records for books
> > about childbirth, and as a result, later be shown ads for pregnancy
> > and that would be something the library has permitted.
> > A criminal prosecutor could subpoena either Google or AddThis/ShareThis
> > obtain tracking data for anyone in your library who had read books about
> > Nazism or the Black Panthers or witchcraft, completely without involving
> > the library. Do you think Google would easily comply with that sort of
> > request? would AddThis? Would EBSCO?
> > At Unglue.it, we use Google Analytics, but we have avoided Things like
> > Facebook Like, and the third party shares because we didn't like the
> > tradeoff.
> > But maybe the horse has left the barn forever.
> > Eric