[Web4lib] Library Elf reveals user info

Ryan Eby ryaneby at gmail.com
Wed Dec 28 15:55:06 EST 2005


On 12/28/05, Karen Coyle <kcoyle at kcoyle.net> wrote:
> Does this mean that Elf is the problem because it aggregates feeds? Or
> is Bloglines(etc) alone the problem? Because if it's the latter then we
> have to conclude that RSS is not private enough for this library data.
> If it's Elf, then libraries need to take a different action. And if it's
> Elf, then I would have to wonder if Elf isn't violating the law in some
> jurisdictions that provide privacy protection for library records.
>
> kc

It's a combination of both plus patron education. The feed itself
should not identify someone specifically. I believe a Seattle library
had a problem with feeds that included the patron PINs right in the
RSS feed. I can see no real need for feed output to be identifiable as
the library elf appeared to have the libraryelf username included. I
subscribe to some private feeds and most have random generated URLs
that can be re-generated if it's compromised. This doesn't help on
sites like Bloglines though as you can usually tell who's subscription
it is.

I personally think such services are nice though I'd prefer the
library offer it themselves. There are people who use it to create
"what i'm reading" and other lists on their websites and don't mind
that information being public. On the otherhand I don't think many are
aware that web-based aggregators often make things public by default.
This same problem would occur if the library or some other place
offerred the service. The only thing that can help prevent this is
better information and education. If you offer feeds with potentially
sensitive data then you should have a warning nearby that indicates
some of the potential hazards.

Ryan Eby
Michigan State


More information about the Web4lib mailing list