US public library system website privacy
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
$
%
123
 
 
 
 
 
 
 
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
What is this?
2
This is a quick-and-dirty crowdsourced evaluation of security and privacy measures employed (or not) on US public library system/consortium websites.
3
4
Why library systems/consortia? Why not individual libraries?
5
For feasibility. If there's enough interest, we can move on to individual public and academic libraries, as well as library-centric organizations such as state library associations.
6
7
How can I help?
8
In this initial stage, helping find URLs would be terrific. US states usually list their public library consortia somewhere in their Department of Education website.
9
10
What do the evaluation columns mean? How do I fill them in?
11
Secure (HTTPS)?: "Yes" if the site URL starts with https:// "No" if it starts with "http://" or you cannot see the URL prefix in the browser bar. "NotWorking" if the URL says https:// but you get a certificate error or a warning about insecure content.
12
Uses Google Analytics?: Install a tracker detector in your browser (UBlock Origin or Privacy Badger). Click on its icon in the browser bar. "yes" if you see "google-analytics.com" in the list of domains; "no" otherwise.
13
Has social media tracker(s)?: Using your tracker detector, "yes" if you see "facebook.com," "twitter.com," "addthis.com," "sharethis.com," or any other recognizable social-media domain; "no" otherwise.
14
Has other tracker(s)?: "yes" if you see doubleclick.com, adnxs.com, or other tracking domain, "no" otherwise. Please list the tracker domain(s) in the next column.
15
16
What are best practices around these questions?
17
Serving websites securely (HTTPS) prevents snooping on website use over the local network, as well as malicious content alteration (e.g. by ISPs, or man-in-the-middle attackers).
18
19
Google Analytics tracks patron use of library websites when patrons are logged in to a Google service (such as GMail or Google Drive). There is some indication that Google may attempt to identify even users who are not logged in to Google.
20
21
Social-media trackers add library website use to their dossiers on logged-in users, much as Google does. Several, Facebook particularly, are considerably more aggressive in using browser fingerprinting and other reidentification techniques to reidentify logged-out users and even non-users. Some trackers sell data to data brokers, who in turn sell data wherever they please.
22
23
Other trackers are a grab bag, but in general, they do not protect user privacy.
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...