[Web4lib] Library Elf reveals user info

Karen Coyle kcoyle at kcoyle.net
Wed Dec 28 14:18:49 EST 2005


Does this mean that Elf is the problem because it aggregates feeds? Or 
is Bloglines(etc) alone the problem? Because if it's the latter then we 
have to conclude that RSS is not private enough for this library data. 
If it's Elf, then libraries need to take a different action. And if it's 
Elf, then I would have to wonder if Elf isn't violating the law in some 
jurisdictions that provide privacy protection for library records.

kc

Edward Vielmetti wrote:

>This is a problem with Bloglines, My Yahoo, and most
>of the web-based RSS aggregators.  They tend not
>to have a notion of a "private feed" and instead
>focus on sharing as widely as possible.
>
>RSS does have provisions for passworded feeds,
>and indeed some products (e.g. enterprise wikis)
>have this kind of support on the server side, and
>native clients like Newsgator can handle the password
>authentication.  It is straightforward to describe
>and could be done without undue work by
>library catalogs.
>
>The Ann Arbor District Library puts periodic
>notices in people's RSS feeds telling them if
>they want to keep the feed fully private they
>shouldn't use web based aggregators.
>
>Ed
>
>On 28 Dec 2005 17:59:15 -0000, cpikas.14607360 at bloglines.com
><cpikas.14607360 at bloglines.com> wrote:
>  
>
>>It appears that they're trying to fix it... if you do the search now (as of
>>12/28 12:55 EST)...
>>"Invalid password. A change has been made to the RSS
>>feed security which makes it necessary for you to resubscribe to your Library
>>Elf feed. Please login to your Elf account and copy the updated XML link to
>>your feedreader. Note also that if your feedreader is one of the public RSS
>>aggregators, Bloglines in particular, your feed could be treated as a public
>>feed and therefore searchable by others on that system. Search for your feed
>>in these aggregators to see whether your feed has been designated public.
>>Our apologies for the inconvenience."
>>
>>HOWEVER -- if you look back a little
>>in the feed, you can still see historical check-outs and all related personal
>>information.
>>
>>Christina
>>
>>--- RL Hartman <lisrochelle at gmail.com wrote:
>>
>>It appears to be an issue with RSS feeds (at least in Bloglines).  I
>>    
>>
>>>randomly
>>>      
>>>
>>emailed one of the patrons who had his account hanging out for all
>>    
>>
>>>the
>>>      
>>>
>>world to see, and he was grateful to know about the problem, and said he
>>    
>>
>>>felt "a little stupid" for not having known of the risk.
>>>
>>>Rochelle
>>>      
>>>
>>Hartman
>>    
>>
>>>Bloomington Public Library
>>>
>>>On 12/28/05, Karen Coyle <kcoyle at kcoyle.net>
>>>      
>>>
>>wrote:
>>    
>>
>>>>Mary Minow posts a rather amazing story about Library Elf
>>>>        
>>>>
>>on her web site:
>>    
>>
>>>>   http://blog.librarylaw.com/librarylaw/2005/12/breaking_discov.html
>>>>        
>>>>
>>>>According to Mary:
>>>>  "I had my Bloglines.com reader open for
>>>>        
>>>>
>>blog reading.  I typed
>>    
>>
>>>>"library elf" in the SEARCH ALL BLOGS box
>>>>
>>>>        
>>>>
>><http://www.bloglines.com/search?t=1&r=0&q=%22library%20elf%22>.
>>    
>>
>>>>Imagine
>>>>        
>>>>
>>my surprise when I got 228 results, most of which are
>>    
>>
>>>>*individuals' accounts
>>>>        
>>>>
>>- one more click gives you first names, email
>>    
>>
>>>>addresses, titles borrowed,
>>>>        
>>>>
>>on hold, etc. "
>>    
>>
>>>>It isn't yet clear how this happens, but at least
>>>>        
>>>>
>>one person whose
>>    
>>
>>>>account Mary retrieved claims that she had her feed
>>>>        
>>>>
>>marked as "private."
>>
>>_______________________________________________
>>Web4lib mailing list
>>Web4lib at webjunction.org
>>http://lists.webjunction.org/web4lib/
>>
>>    
>>
>
>
>--
>Edward Vielmetti in Ann Arbor, MI 48104
>+1 734 276 5910
>
>edward.vielmetti at gmail.com
>http://www.vacuumgroup.com
>_______________________________________________
>Web4lib mailing list
>Web4lib at webjunction.org
>http://lists.webjunction.org/web4lib/
>
>
>  
>

-- 
-----------------------------------
Karen Coyle / Digital Library Consultant
kcoyle at kcoyle.net http://www.kcoyle.net
ph.: 510-540-7596
fx.: 510-848-3913
mo.: 510-435-8234
------------------------------------



More information about the Web4lib mailing list