[Web4lib] [web4lib] survey on library website third partyanalytics privacy concerns

Matthew Decker ae5367 at wayne.edu
Thu Aug 26 08:35:41 EDT 2010


  WSJ article about google's internal privacy policy battles:
http://online.wsj.com/article/NA_WSJ_PUB:SB10001424052748703309704575413553851854026.html

A few points to take away from this:
1. IP address is not the only form of tracking, GA specifically sets 
tracking cookies, also flash and LSO tracking are becoming much more 
prevalent.

2. Google is a for-profit corporation and like any other is subject to 
market pressures.  Larry Page fought against using cookies for 
advertising tracking, but eventually gave in.  Right now the only thing 
stopping them from connecting together searches, gmail, ads, analytics, 
orkut, maps, android phone contacts backups, etc., is their current 
policy which could be changed at any time.  What obligations do they 
have for this free service you're taking advantage of.

3. One reason to anonymize checkout records is so they can not be 
summoned by a court if you don't have them, but whatever data you send 
to google could be:
"... concludes that it is required by law or has a good faith belief 
that access, preservation or disclosure of such information is 
reasonably necessary to protect the rights, property or safety of 
Google, its users or the public..."
- http://www.google.com/analytics/tos.html

4. What was Google built on in the first place, and what do they do 
best, data mine!  They have and could infer an amazing amount of 
information about people that never even intentionally use their 
services.  It makes their personal data clearinghouse idea mentioned 
even more scary!  Yes I know they haven't chosen to do that, at least 
not yet.

5. Do you realize what information you are sending to GA?  Search terms 
in your online catalog, book or article titles viewed, checked out, etc.

There are other varying levels of free ways to gather 
analytics/statistics.  We use awstats for log files and also recently 
started using piwik <http://piwik.org/> for sites we don't have log file 
access to.  They even have an anonymizeip plugin for German sites that 
consider ip addresses to be personally identifiable.  Yes GA is an 
amazing analytics service, but even though it's not monetary, there is a 
price you and your users pay for you using it.


On 8/25/10 5:56 PM, Thomas Edelblute wrote:
> Interesting, the only reports I have seen have been pages viewed.
>
> But IP addresses bring up additional problems in my mind.  First, is DHCP.  How do I know which computer was using which address at a particular time when those addresses are changed by the system?  The second is NAT.  Every computer in the City of Anaheim goes out through at single IP address, and is seen on the Internet as that single NAT address.  So everyone in the Public Library will be seen the same as a public employee out on the Internet.  I am also going to assume that anyone who accesses the library web site from work will also come from a single NAT address for their place of employment.
>
> Tom
>
>
> -----Original Message-----
> From: Mutch, Andrew [mailto:AMutch at twp.waterford.mi.us]
> Sent: Wednesday, August 25, 2010 12:16 PM
> To: Thomas Edelblute
> Cc: web4lib at webjunction.org
> Subject: RE: [Web4lib] [web4lib] survey on library website third partyanalytics privacy concerns
>
> Thomas,
>
> It would depend on how much information your web site is logging. But in
> my experience, logging can include IP addresses and pages visited, which
> can tell you a good deal about what a person is viewing on your web
> site.
>
> Andrew Mutch
> Library Systems Technician
> Waterford Township Public Library
> Waterford, MI
>
>
>
> -----Original Message-----
> From: Thomas Edelblute [mailto:TEdelblute at anaheim.net]
> Sent: Wednesday, August 25, 2010 2:42 PM
> To: Mutch, Andrew; web4lib at webjunction.org
> Subject: RE: [Web4lib] [web4lib] survey on library website third
> partyanalytics privacy concerns
>
> I am told that in California, library privacy laws pertains specifically
> to library circulation and library registration records.  In practice we
> tend to apply to universally to any information we have on a library
> patron.
>
> But is seems to me that web site statistics are just a general
> aggregation of numbers for your whole population and does not identify
> individual sessions or people.
>
> Tom
>
>
> -----Original Message-----
> From: web4lib-bounces at webjunction.org
> [mailto:web4lib-bounces at webjunction.org] On Behalf Of Mutch, Andrew
> Sent: Wednesday, August 25, 2010 5:10 AM
> To: web4lib at webjunction.org
> Subject: Re: [Web4lib] [web4lib] survey on library website third party
> analytics privacy concerns
>
> I know in Michigan that libraries have a legal obligation to protect
> patron privacy particularly when it comes to information that the
> library collects related to patron usage of the library systems. I don't
> know the privacy laws in other states but libraries in Michigan don't
> have the luxury of blithely dismissing such concerns and claiming that
> it's the user's responsibility to ensure the privacy of their data.
>
> Andrew Mutch
> Library Systems Technician
> Waterford Township Public Library
> Waterford, MI
>
> -----Original Message-----
> From: web4lib-bounces at webjunction.org
> [mailto:web4lib-bounces at webjunction.org] On Behalf Of Robert Balliot
> Sent: Wednesday, August 25, 2010 8:04 AM
> To: David Kane
> Cc: web4lib at webjunction.org
> Subject: Re: [Web4lib] [web4lib] survey on library website third party
> analytics privacy concerns
>
> There is no privacy on the Internet.  You might be able to use
> Tor<http://www.torproject.org/>  to orchestrate a certain level of
> anonymity and use encryption and https to hide information in transit,
> but you can't have a reasonable expectation that using a Library website
> is private other than it being somewhat private within a library
> network.
>
> Given the proliferation of personal information on social network sites,
> many users have seemed to value their immediate social status much more
> highly than their privacy. The burden is on the user.
>
> R. Balliot
> http://oceanstatelibrarian.com
>
>
> On Wed, Aug 25, 2010 at 4:09 AM, David Kane<dkane at wit.ie>  wrote:
>
>> Libraries knowing your IP address is one thing.  I don't think that
>> this is a serious issue because no librarian I know is going to pore
>> over reams of IP addresses to try and connect particular real
>> individuals to possible book crimes.
>>
>> However, Google analytics works in such a way as to make it possible
>> for individual users to be tracked across all sites that use Google
>> analytics.  If those users also have Google accounts, as many do, then
>> suddenly Google is going to know a lot about you, as an individual.
>> Using something else would remove any significant privacy concerns
>> that I might have about this.  One such program might  be AWstats,
>> which analyses the server log files.
>>
>> David.
>>
>> On 25 August 2010 00:12, Brian Tingle
>> <brian.tingle.cdlib.org at gmail.com>
>> wrote:
>>> |There are a number of references to 'privacy concerns' in some of
>>> |the responses.
>>> |
>>> |Do these concerns have any validity, or to they arise from
>>> |uncertainty and insufficient understanding of the technologies used
>>> |to gather these data?
>>>
>>> I think that is an open question.  Like most things, there are trade
>> offs.
>>> As I understand it, German law considers IP addresses to be
>>> personally identifying information, and .de web site operators are
>>> not allowed to track this.
>>>
>>>
>> http://dees-club.com/google-analytics-german-privacy-paid-analytics-to
>> ols/
>>> My libraries' current interpretation of privacy policy categorizes
>>> IP addresses as personally identifying information.
>>>
>>> Even if no personally identifying information is logged, research
>>> suggests that with enough data tied to a specific yet not personally
>>> identified user such as with the cookies used by google analytics,
>>> data can be de-anonymized
>>>
>>> http://en.wikipedia.org/wiki/AOL_search_data_scandal
>>>
>> http://www.wired.com/politics/security/commentary/securitymatters/2007
>> /12/securitymatters_1213
>>> I think it is important that a) library privacy policies clearly
>>> indicate the use of google analytics on their websites and b) make
>>> it clear to end users that they may opt-out of behavioral tracking
>>>
>>> http://tools.google.com/dlpage/gaoptout?hl=en
>>>
>>> I've put in a proposal to have a discussion on this topic at the
>>> Digital Library Federation Fall Forum.
>>>
>>> -- Brian
>>>
>>>
>>> _______________________________________________
>>> Web4lib mailing list
>>> Web4lib at webjunction.org
>>> http://lists.webjunction.org/web4lib/
>>>
>>>
>>
>>
>> --
>> David Kane, MLIS.
>> Systems Librarian
>> Waterford Institute of Technology
>> Ireland
>> http://library.wit.ie/
>> T: ++353.51302838
>> M: ++353.876693212
>>
>>
>> _______________________________________________
>>   Web4lib mailing list
>> Web4lib at webjunction.org
>> http://lists.webjunction.org/web4lib/
>>
>>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>
>
> THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO
> WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED,
> CONFIDENTIAL, AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAWS. If the
> reader of this message is not the intended recipient, or the employee or
> agent responsible for delivering the message to the intended recipient,
> you are hereby notified that any dissemination, distribution,
> forwarding, or copying of this communication is strictly prohibited. If
> you have received this communication in error, please notify the sender
> immediately by e-mail or telephone, and delete the original message
> immediately. Thank you.
>
>
>
> THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL, AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAWS. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, forwarding, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail or telephone, and delete the original message immediately. Thank you.
>
>
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>


More information about the Web4lib mailing list