Jeremy's response made me think.
What do people think about formulating a "Library Digital Privacy Pledge" that libraries, publishers and vendors could sign onto?
Or perhaps a set of pledges. I'd start with moving services to SSL.
Principle:
Library Services and Resources should be delivered, whenever practical, over channels that are immune to eavesdropping.
Current Best Practice:
Require HTTPS (SSL) for all services and resources delvivered via the web.
Pledge (for Libraries):
1. All web services that we control will require SSL by the end of 2015.
2. All web services that we pay for will require SSL by the end of 2016.
Pledge (for Publishers and Vendors):
1. All web services that we control will enable SSL by the end of 2015.
2. All web services that we offer will require SSL by the end of 2016.
I pick HTTPS to focus on first because it's relatively easy to specify/ understand. You could do something similar with meta referrer, but it's a bit more arcane.
There's a NISO group (I'm on the steering committee) looking at developing principles for library privacy that might be an appropriate forum to support this.
Eric
> On Jun 11, 2015, at 11:55 PM, Frumkin, Jeremy A - (frumkinj) <[log in to unmask]> wrote:
>
> Eric -
>
> Many thanks for raising awareness of this. It does feel like encouraging good practice re: referrer meta tag would be a good thing, but I would not know where to start to make something like this required practice. Did you have some thoughts on that?
>
> — jaf
>
> -----------------------------------------------------------
> Jeremy Frumkin
> Associate Dean / Chief Technology Strategist
> University of Arizona Libraries
>
> +1 520.626.7296
> [log in to unmask]
> ——————————————————————————————
> "A person who never made a mistake never tried anything new." - Albert Einstein
>
>
|