Some years ago I did a few privacy audits for local public libraries,
where they went through all of their data-gathering points (circulation,
summer reading programs, vendors, patron letters to the library
director...) [1] It was very useful for them to discover where data
might "leak". At the time, none of the libraries I was working with was
terribly involved with social networking.
I think it would be good to provide libraries with more information
about what data is gathered via social networks, along with an analysis
of where they are putting their patrons' privacy at risk. My guess is
that many librarians are unaware of the data gathering done behind
something like Google Analytics -- they just see a service that they
need. And there's no use us complaining about it if we can't give good,
solid information about 1) what data is gathered 2) what is the
alternative.
I think a "Code4lib guide to library privacy" or something of that
nature would be a valuable contribution. I'd be happy to work with folks
on it.
kc
[1] http://kcoyle.net/privacy_audit.html
On 8/16/14, 10:12 AM, Riley Childs wrote:
> I think that pretty much sums up the situation ;)
>
> Sent from my Windows Phone
> ________________________________
> From: Eric Hellman<mailto:[log in to unmask]>
> Sent: ý8/ý16/ý2014 1:06 PM
> To: [log in to unmask]<mailto:[log in to unmask]>
> Subject: Re: [CODE4LIB] Library Privacy, RIP (Was: Canvas Fingerprinting by AddThis)
>
> I think what we want is http://socialitejs.com/
>
> On Aug 16, 2014, at 12:52 PM, Riley Childs <[log in to unmask]> wrote:
>
>> Another question for someone who utilizes these services: What analytics does this provide and are the social analytics worth losing your user's privacy? (I think not)
>> Can't we make our own non dynamic share links????
>>
>>
>>
>>
>> Sent from my Windows Phone
>> ________________________________
>> From: Eric Hellman<mailto:[log in to unmask]>
>> Sent: ý8/ý16/ý2014 12:25 PM
>> To: [log in to unmask]<mailto:[log in to unmask]>
>> Subject: Re: [CODE4LIB] Library Privacy, RIP (Was: Canvas Fingerprinting by AddThis)
>>
>> So, 2 points worth discussing here.
>>
>> 1. I'll bet you most proxy servers are not proxying AddThis.com or Sharethis.com. So there wouldn't be any effect of proxying on the user tracking they do.
>>
>> 2. It really doesn't matter if you identify yourself to the catalog or not. You're being tracked across sites all over the internet. If you identify yourself to one of them, you can be identified. Note that the main concern here is if you use your own device to access the library's catalog.
>>
>>
>> On Aug 15, 2014, at 5:52 PM, Karen Coyle <[log in to unmask]> wrote:
>>
>>> On 8/15/14, 12:07 PM, Eric Hellman wrote:
>>>> AddThis and ShareThis, on the other hand have TOS that let them use tracking for advertising, and that's what their business is. So, hypothetically, a teen could look at library catalog records for books about childbirth, and as a result, later be shown ads for pregnancy tests, and that would be something the library has permitted.
>>> Eric, I'm wondering about the full scenario that you are envisioning. Many libraries use proxy servers, so individual users are not identified. (Meaning that an 80-yr-old man may get the ad for the pregnancy test, not the teen.) In addition, in many cases the machine wipes itself clean daily, replacing all potential user files. (Someone else can explain this MUCH better than I just did.)
>>>
>>> In my public library, I do not identify myself to the use the catalog on site -- not even to use journal article databases, because 1) authentication takes place in the library system 2) the proxy server's IP is my identity for those services. I have no idea what exits the library when I hook my laptop to the open network. Shouldn't all of these factors be taken into account? Can anyone articulate them from the point of view of a public library?
>>>
>>> Note: At the university here at Berkeley, no network use is allowed without an account, so there is no anonymous use, at least on the human side of any proxy server that they run. But at the public library there is no log-on. So what is AddThis getting in those two situations?
>>>
>>> kc
>>>
>>> --
>>> Karen Coyle
>>> [log in to unmask] http://kcoyle.net
>>> m: +1-510-435-8234
>>> skype: kcoylenet/+1-510-984-3600
--
Karen Coyle
[log in to unmask] http://kcoyle.net
m: +1-510-435-8234
skype: kcoylenet/+1-510-984-3600
|