Enhancing Online Patron Privacy in Library Websites

This assessment by Marshall Breeding emphasizes the importance of maintaining online patron privacy on library websites. It covers key aspects such as the use of HTTPS, encryption, and privacy protection measures against vulnerabilities like tracking bots and unsecured transactions. The significance of enforcing privacy policies and secure site verification is highlighted to safeguard patron interactions and data. The article also discusses the impact of HTTPS on search engine ranking and user trust, emphasizing the need for libraries to prioritize privacy and security measures.

• Online privacy
• Library websites
• HTTPS encryption
• Privacy protection
• Data security

weld852 Follow

Uploaded on Oct 02, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Online Patron Privacy Online Patron Privacy Assessment of library websites Marshall Breeding Independent Consultant, Author, and Founder and Publisher, Library Technology Guides https://librarytechnology.org/ https://twitter.com/mbreeding ASIS&T WorkShop October 29, 2021

2. Privacy Policy Valid digital certificate Operate all web services using https Share web traffic only when consistent with privacy policy Online Privacy Checklist Google analytics? Only using anonymized configuration Eliminate crossover with advertising networks Enforce privacy protection options when using federated authentication services (RA21, Seamless Access, OpenAthens)

3. Lack of encryption enables eavesdropping and compromises the security of patron interactions Privacy Vulnerabilities Tracking bots exposes patron interactions with advertising ecosystem Unsecured SIP2 transactions expose items borrowed and returned by library patrons

4. Important to use https to protect the privacy of users Data transmitted with http is not encrypted and can be intercepted Security and Privacy Browsers show warnings for http sites as untrustworthy Sites not using https are penalized in search results by Google (and other search engines) Not enough to enable https, but must also redirect any http request to https

5. Browser privacy warning

6. Secure site verification

7. Based on library website URLs maintained in libraries.org directory Uses Perl lwp:Useragent libraries to test status and capture home page Validates https and http redirection Scans pages for Google Analytics tags advertising tags or trackers DoubleClick Facebook Connect Key loggers Privacy and Security Scanner

9. Privacy scan: US Academic Libraries https://librarytechnology.org/libraries/security/report/

10. Privacy scan: US Academic Libraries https://librarytechnology.org/libraries/security/report/

11. US Academic Libraries (Mar 2017)

12. US Academic Libraries (Oct 2019)

13. US Academic Libraries (Jan 2020)

14. US Academic Libraries (Sep 2020)

15. US Academic Libraries (Mar 2021)

16. US Academic Libraries (Oct 2021)

17. Privacy scan: US Public Libraries https://librarytechnology.org/libraries/security/report/

18. Privacy scan: US Public Libraries https://librarytechnology.org/libraries/security/report/

19. US Public Libraries (Mar 2017)

20. US Public Libraries (Oct 2019)

21. US Public Libraries (Jan 2020)

22. US Public Libraries (Sep 2020)

23. US Public Libraries (March 2021)

24. US Public Libraries (Oct 2021)

25. Advertising networks Use third party cookies as mechanism to identify users and transfer interest data Advertising networks aggressively collect personal data Track users across web sites Imperative for libraries: create a firewall between library resources and advertising data Major breach in privacy if content searched or viewed on a library site follows the user into the advertising ecosystem

26. Advertising trackers

27. https://themarkup.org/series/blacklight https://themarkup.org/series/blacklight https://www.ghostery.com/

33. https://themarkup.org/blacklight

37. Key loggers: antithetical to Privacy

40. Privacy and Security Report Card

41. Privacy and Security Report Card

42. Social plug-ins? https://www.webnots.com/6-factors-to-check-before-using-social-sharing-plugin-in-wordpress/

43. Self-service kiosks and peripherals SIP2 protocol used for self-check and other remote transactions is not encrypted by default Exposes very specific personally identifiable data regarding patrons and content items Susceptible to network eavesdropping All remote transactions should be encrypted via https, VPN, or other encryption tunneling methods RFID readers may also enable exposure of transactions or of items held by patrons

44. Most library websites use https, though exceptions remain The technical characteristics of a very large portion of public and academic libraries in the US are inconsistent with strict protection of patron privacy Most library websites remain entangled with analytics and advertising network bots that may track patron use Observations Concern that technical behavior of library websites does not conform to organizational privacy policies or professional value related to privacy Difficult to maintain a pristine privacy environment while using technical components inherent to the commercial advertising ecosystem. Libraries should validate privacy conformance (in-house, vendor, consultant)

45. Library Privacy Resources Library Freedom Project https://libraryfreedom.org/ LDH Consulting Services https://ldhconsultingservices.com/ ALA Privacy Tool Kit http://www.ala.org/advocacy/privacy/toolkit/