[Web4lib] Library Elf reveals user info

RL Hartman lisrochelle at gmail.com
Wed Dec 28 11:13:16 EST 2005


It appears to be an issue with RSS feeds (at least in Bloglines).  I
randomly emailed one of the patrons who had his account hanging out for all
the world to see, and he was grateful to know about the problem, and said he
felt "a little stupid" for not having known of the risk.

Rochelle Hartman
Bloomington Public Library

On 12/28/05, Karen Coyle <kcoyle at kcoyle.net> wrote:
>
> Mary Minow posts a rather amazing story about Library Elf on her web site:
>    http://blog.librarylaw.com/librarylaw/2005/12/breaking_discov.html
>
> According to Mary:
>   "I had my Bloglines.com reader open for blog reading.  I typed
> "library elf" in the SEARCH ALL BLOGS box
> <http://www.bloglines.com/search?t=1&r=0&q=%22library%20elf%22>.
> Imagine my surprise when I got 228 results, most of which are
> *individuals' accounts - one more click gives you first names, email
> addresses, titles borrowed, on hold, etc. "
>
> It isn't yet clear how this happens, but at least one person whose
> account Mary retrieved claims that she had her feed marked as "private."
>
> More and more libraries are becoming accessible through Library Elf --
> this is not good news. Does anyone know how LE works and why this would
> be the case? I took a quick look at LE and already some red flags shot
> up -- such as it allows anyone to sign up for multiple accounts, e.g. a
> parent can sign up with all of her children's library accounts. So much
> for the rights of children.
>
> kc
> *
>
> --
> -----------------------------------
> Karen Coyle / Digital Library Consultant
> kcoyle at kcoyle.net http://www.kcoyle.net
> ph.: 510-540-7596
> fx.: 510-848-3913
> mo.: 510-435-8234
> ------------------------------------
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>


More information about the Web4lib mailing list