Aiding and Abetting: Third-Party Tracking and (In)secure Connections in Public Libraries

Gardner, Gabriel Aiding and Abetting: Third-Party Tracking and (In)secure Connections in Public Libraries. The Serials Librarian, 2021. [Journal article (Unpaginated)]

[thumbnail of Gardner_Aiding_and_Abetting_postprint.pdf]
Preview
Text
Gardner_Aiding_and_Abetting_postprint.pdf - Accepted version

Download (357kB) | Preview
[thumbnail of Plain Text Bibliography] Other (Plain Text Bibliography)
bibliography.txt - Bibliography

Download (13kB)

English abstract

Patron privacy, as articulated in the American Library Association (ALA) Code of Ethics, is a longstanding concern for librarians. In online environments, the possibility of tracking by third parties, usage of HTTPS/TLS to provide secure connections, and easy disclosure of a site’s privacy policies all have implications for user privacy. This paper presents new empirical evidence about these issues and discusses their ethical implications. Data about the incidence of third-party tracking, usage of HTTPS by default, and easy discoverability of a privacy policy or terms of service (TOS) were collected for public libraries across Canada and the United States. The sample consisted of 178 public libraries; members of the Canadian Urban Libraries Council and Urban Libraries Council. Several common commercial databases (e.g. OverDrive) were also examined using the same criteria. Results show that only 12% of libraries were devoid of third-party tracking, with Google Analytics being the most common third-party tracker. While libraries may support HTTPS under certain circumstances, it was found that a majority of libraries serve neither their websites nor their online catalogs (OPACs) HTTPS by default. Regarding disclosure of possible tracking, it was found that 58% of libraries did not link to a TOS or privacy policy from their homepage. Together with previous research on the usage of privacy-enhancing tools in public libraries, these results suggest that public libraries are accessories to third-party tracking on a large scale. Implications of this fact in light of library professional ethics are discussed.

Item type: Journal article (Unpaginated)
Keywords: privacy, security, tracking, HTTPS/TLS, ethics, data collection
Subjects: D. Libraries as physical collections. > DC. Public libraries.
L. Information technology and library technology > LC. Internet, including WWW.
L. Information technology and library technology > LH. Computer and network security.
Depositing user: Gabriel Gardner
Date deposited: 04 Aug 2021 18:42
Last modified: 04 Aug 2021 18:42
URI: http://hdl.handle.net/10760/42329

References

Acar, Gunes, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, and Claudia Diaz. 2014. “The Web Never Forgets: Persistent Tracking Mechanisms in the Wild.” In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 674–689. CCS ’14. New York, NY, USA: ACM. https://doi.org/10.1145/2660267.2660347.

Albrecht, Katherine, and Liz McIntyre. 2014. “How and Why to Keep the NSA Out of Your Private Stuff - Even If You’ve ‘Got Nothing to Hide.’” IEEE Technology & Society Magazine 33 (4): 39–41. https://doi.org/10.1109/MTS.2014.2369571.

American Library Association. n.d. “Programs.” Choose Privacy Every Day. Accessed April 18, 2020a. https://chooseprivacyeveryday.org/programs/.

———. n.d. “Resources.” Choose Privacy Every Day. Accessed April 18, 2020b. https://chooseprivacyeveryday.org/resources/.

American Library Association Office for Intellectual Freedom. 2014. “Privacy Tool Kit.” Text. ALA Privacy Tool Kit. January 2014. http://www.ala.org/advocacy/privacy/toolkit.

Ard, BJ. 2016. “Librarians as Privacy Advocates.” I/S: A Journal of Law and Policy for the Information Society 13 (1): 161–74.

Assange, Julian. 2014. “Julian Assange on Living in a Surveillance Society.” The New York Times, December 4, 2014. http://www.nytimes.com/2014/12/04/opinion/julian-assange-on-living-in-a-surveillance-society.html.

Ayre, Lori Bowen. 2017. “Protecting Patron Privacy: Vendors, Libraries, and Patrons Each Have a Role to Play.” Collaborative Librarianship 9 (1): 1–5.

Barron, Simon, and Andrew J. Preater. 2018. “Critical Systems Librarianship.” In The Politics of Theory and the Practice of Critical Librarianship, 87–113. Sacramento, CA: Library Juice Press. https://repository.uwl.ac.uk/id/eprint/4512/.

Breeding, Marshall. 2016. “Protecting Patron Privacy.” American Libraries Magazine, May 31, 2016.

Chandler, Adam, and Melissa Wallace. 2016. “Using Piwik Instead of Google Analytics at the Cornell University Library.” The Serials Librarian 71 (3–4): 173–79. https://doi.org/10.1080/0361526X.2016.1245645.

Clark, Ian. 2016. “The Digital Divide in the Post-Snowden Era.” Journal of Radical Librarianship 2 (0). https://journal.radicallibrarianship.org/index.php/journal/article/view/12.

Cranor, L. F. 2012. “Can Users Control Online Behavioral Advertising Effectively?” IEEE Security Privacy 10 (2): 93–96. https://doi.org/10.1109/MSP.2012.32.

Disconnect. n.d. “Disconnect.” Accessed April 7, 2020. https://disconnect.me/about.

Englehardt, Steven, and Arvind Narayanan. 2016. “Online Tracking: A 1-Million-Site Measurement and Analysis.” In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16, 1388–1401. Vienna, Austria: ACM Press. https://doi.org/10.1145/2976749.2978313.

Esposti, Sara Degli. 2014. “When Big Data Meets Dataveillance: The Hidden Side of Analytics.” Surveillance & Society 12 (2): 209–25. https://doi.org/10.24908/ss.v12i2.5113.

Gallagher, Christine, David McMenemy, and Alan Poulter. 2015. “Management of Acceptable Use of Computing Facilities in the Public Library: Avoiding a Panoptic Gaze?” Journal of Documentation 71 (3): 572–90. https://doi.org/10.1108/JD-04-2014-0061.

Gardner, Gabriel J. 2013. “Simple Tools to Refract PRISM in Your Library.” Minitex Reference Notes, August 2013.

Gardner, Gabriel J., and Myron Groover. 2015. “Web Privacy in Practice: Assessing Internet Security and Patron Privacy in North American Public Libraries.” Presented at the 2015 LITA Forum, Minneapolis, MN, November 12. https://macsphere.mcmaster.ca/handle/11375/19016.

Ghostery. n.d. “About Ghostery.” Ghostery. Accessed April 7, 2020. https://www.ghostery.com/about-ghostery/.

Google. n.d. “Best Practices to Avoid Sending Personally Identifiable Information (PII).” Google Analytics Help. Accessed April 10, 2020. https://support.google.com/analytics/answer/6366371.

Griffey, Jason. 2016. “Keep On Rockin’ In The Free World.” Keynote presented at the Lake Superior Libraries Symposium, Duluth, MN, May 20. https://speakerdeck.com/griffey/privacy-and-libraries.

Hanson, Cody. 2019. “User Tracking on Academic Publisher Platforms.” Presented at the Coalition for Networked Information Spring 2019 Member Meeting, St. Louis, Missouri, April 8. https://www.codyh.com/files/HansonCNISpring19.pdf.

Hellman, Eric. 2016. “97% of Research Library Searches Leak Privacy... and Other Disappointing Statistics.” Go To Hellman (blog). May 23, 2016. http://go-to-hellman.blogspot.com/2016/05/97-of-research-library-searches-leak.html.

Hess, Kirk. 2012. “Discovering Digital Library User Behavior with Google Analytics.” Code4Lib Journal, no. 17 (June). https://journal.code4lib.org/articles/6942.

Hoofnagle, Chris Jay, Ashkan Soltani, Nathaniel Good, Dietrich J. Wambach, and Mika D. Ayenson. 2012. “Behavioral Advertising: The Offer You Cannot Refuse.” Harvard Law & Policy Review 6 (2): 273–96.

“HTTPS.” 2020. In Wikipedia. https://en.wikipedia.org/w/index.php?title=HTTPS&oldid=949480078.

Huey, Laura, Micheal Vonn, Reg Whitaker, Paul Rosenzweig, danah boyd, Steven Margulis, Gary Marx, and Judith Rauhofer. 2012. “The Future of Privacy Online.” Surveillance & Society 10 (3/4). https://doi.org/10.24908/ss.v10i3/4.4551.

Lambert, April D., Michelle Parker, and Masooda Bashir. 2015. “Library Patron Privacy in Jeopardy an Analysis of the Privacy Policies of Digital Content Vendors.” Proceedings of the Association for Information Science and Technology 52 (1): 1–9. https://doi.org/10.1002/pra2.2015.145052010044.

Lamdan, Sarah Shik. 2015. “Social Media Privacy: A Rallying Cry to Librarians.” Library Quarterly 85 (3): 261–77.

Lerner, Adam, Anna Kornfeld Simpson, Tadayoshi Kohno, and Franziska Roesner. 2016. “Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016.” In Proceedings of the 25th USENIX Security Symposium, 997–1013. Austin, TX. https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_lerner.pdf.

Let’s Encrypt. n.d. “Let’s Encrypt Stats.” Let’s Encrypt - Free SSL/TLS Certificates. Accessed April 10, 2020. https://letsencrypt.org/stats/.

Linden, Thomas, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. 2020. “The Privacy Policy Landscape After the GDPR.” Proceedings on Privacy Enhancing Technologies 2020 (1): 47–64. https://doi.org/10.2478/popets-2020-0004.

Macrina, Alison. 2015. “Why We Need to Encrypt The Whole Web... Library Websites, Too.” LITA Blog (blog). January 27, 2015. http://litablog.org/2015/01/why-we-need-to-encrypt-the-whole-web-library-websites-too/.

Madrigal, Alexis C. 2012. “I’m Being Followed: How Google—and 104 Other Companies—Are Tracking Me on the Web.” The Atlantic, February 29, 2012. http://www.theatlantic.com/technology/archive/2012/02/im-being-followed-how-google-151-and-104-other-companies-151-are-tracking-me-on-the-web/253758/.

Mathur, Arunesh, Jessica Vitak, Arvind Narayanan, and Marshini Chetty. 2018. “Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking.” In , 103–16. https://www.usenix.org/conference/soups2018/presentation/mathur.

Miller, Rebecca T. 2014. “Getting Real About Privacy: Confidentiality, Digital Literacy, and beyond | Editorial.” Library Journal. December 2, 2014. http://lj.libraryjournal.com/2014/12/opinion/editorial/getting-real-about-privacy-confidentiality-digital-literacy-and-beyond-editorial/.

Morrone, Melissa. 2015. “Privacy Matters: Anti-Surveillance Education in the Library.” Metropolitan New York Library Council. January 28, 2015. http://metro.org/articles/antisurveillance-education-in-the-library/.

Mozilla. 2017. “Hackers, Trackers and Snoops: Our Privacy Survey Results.” Medium (blog). March 9, 2017. https://medium.com/@mozilla/hackers-trackers-and-snoops-our-privacy-survey-results-1bfa0a728bd5.

National Information Standards Organization. 2015. “NISO Consensus Principles on Users’ Digital Privacy in Library, Publisher, and Software-Provider Systems (NISO Privacy Principles) | NISO Website.” 9781937522704. Baltimore, MD: National Information Standards Organization (NISO). https://www.niso.org/publications/privacy-principles.

O’Brien, Patrick, Scott W.H. Young, Kenning Arlitsch, and Karl Benedict. 2018. “Protecting Privacy on the Web: A Study of HTTPS and Google Analytics Implementation in Academic Library Websites.” Online Information Review 42 (6): 734–51. https://doi.org/10.1108/OIR-02-2018-0056.

O’Neil, Cathy. 2017. Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy. First Paperback Edition. New York: B/D/W/Y Broadway Books.

Phetteplace, Eric. 2012. “Hardening the Browser.” Reference & User Services Quarterly 51 (3): 210–14.

Privacy International. 2018. “Examples of Data Points Used In Profiling.” London, United Kingdom: Privacy International. https://privacyinternational.org/sites/default/files/2018-04/data%20points%20used%20in%20tracking_0.pdf.

Radical Reference. 2014. “We Are All Suspects: A Guide for People Navigating the Expanded Powers of Surveillance in the 21st Century.” Radical Reference. http://radicalreference.info/content/we-are-all-suspects-guide-people-navigating-expanded-powers-surveillance-21st-century.

Rankin, Kyle. 2014. “NSA: Linux Journal Is an ‘Extremist Forum’ and Its Readers Get Flagged for Extra Surveillance | Linux Journal.” Linux Journal (blog). July 3, 2014. http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance.

Santa Cruz Public Libraries. n.d. “Data Privacy.” Santa Cruz Public Libraries. Accessed April 19, 2020. https://www.santacruzpl.org/data_privacy/.

Schaub, Florian, Aditya Marella, Pranshu Kalvani, Blase Ur, Chao Pan, Emily Forney, and Lorrie Faith Cranor. 2016. “Watching Them Watching Me: Browser Extensions Impact on User Privacy Awareness and Concern.” In Proceedings 2016 Workshop on Usable Security. San Diego, CA: Internet Society. https://doi.org/10.14722/usec.2016.23017.

Smith, Emily, and David Lyon. 2013. “Comparison of Survey Findings from Canada and the USA on Surveillance and Privacy from 2006 and 2012.” Surveillance & Society 11 (1/2): 190–203. https://doi.org/10.24908/ss.v11i1/2.4517.

Soat, Molly. 2013. “Incomplete Insights. (Cover Story).” Marketing News 47 (5): 32–37.

Sørensen, Jannick, and Sokol Kosta. 2019. “Before and After GDPR: The Changes in Third Party Presence at Public and Private European Websites.” In The World Wide Web Conference, 1590–1600. WWW ’19. San Francisco, CA, USA: Association for Computing Machinery. https://doi.org/10.1145/3308558.3313524.

Sullivan, Mark. 2012. “Data Snatchers!” PCWorld 30 (8): 77–85.

Tate, Barton Gellman, Julie, and Ashkan Soltani. 2014. “In NSA-Intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are.” The Washington Post, July 5, 2014. http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html?hpid=z1.

Uzunoglu, Doruk. 2016. “Understanding Ad Blockers.” Worcester Polytechnic Institute. https://www.wpi.edu/Pubs/E-project/Available/E-project-032216-001707/unrestricted/dcuzunoglu_understanding_ad_blockers.pdf.

Varnum, Ken. 2015. “Editorial Board Thoughts: Library Analytics and Patron Privacy.” Information Technology & Libraries, December 2015. https://doi.org/10.6017/ital.v34i4.9151.

Vecchione, Amy, Deana Brown, Elizabeth Allen, and Amanda Baschnagel. 2016. “Tracking User Behavior with Google Analytics Events on an Academic Library Web Site.” Journal of Web Librarianship 10 (3): 161–75. https://doi.org/10.1080/19322909.2016.1175330.

York, Jessica A. 2019. “Grand Jury: Santa Cruz Libraries Should Better Protect Patron Privacy.” Santa Cruz Sentinel, June 30, 2019. https://www.santacruzsentinel.com/grand-jury-santa-cruz-libraries-should-better-protect-patron-privacy.

Zetter, Kim. 2014. “The NSA Is Targeting Users of Privacy Services, Leaked Code Shows.” WIRED. July 3, 2014. http://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/.

Zimmer, Michael. 2014. “Librarians’ Attitudes Regarding Information and Internet Privacy.” Library Quarterly 84 (2): 123–51. https://doi.org/10.1086/675329.


Downloads

Downloads per month over past year

Actions (login required)

View Item View Item