In ensuring user privacy, libraries that provide personalized online services often encounter tensions and contradictions. Tools and technologies that offer opportunities for better engagement do not always draw a clear boundary between privacy and personalization.
Commercial websites aim to capture as much personal data as possible. This data powers a global advertising ecosystem designed to strengthen retail sales through finely targeted ad placement. To manage websites and internet technologies in ways that reflect their values, libraries invariably must make difficult choices and compromises.
While they may not be able to entirely isolate their web-based services from commercial technologies, they can take measures to limit exposure and protect patron privacy.
HTTPS at a minimum
Libraries must ensure that their websites provide adequate privacy protection, particularly HTTPS protocol. Without this standard encryption, visitors are vulnerable to exposure. Even with HTTPS, tracking agents placed on the site for analytics or advertising—or added inadvertently as components of a desired feature—can circumvent basic protections.
Web browsers now routinely flag unencrypted library websites as insecure and untrustworthy. A substantial portion of libraries continue to operate unencrypted websites, while others fail to implement basic HTTPS. The widespread use of tracking agents without employing an anonymization process means that some libraries are putting their patrons at greater risk.
Libraries often borrow scripts or widgets from other libraries or commercial sources to achieve the desired visual effects or functionality. These components may in turn include tracking agents or other code that can have an impact on patron privacy. To mitigate these threats, library staff can use the Ghostery tool to confirm which tracking agents have been installed. An audit allows libraries to identify all tracking agents deployed and review them against their privacy policies.
There is no fast or easy way to encourage the deployment of properly secured HTTPS. Many libraries have made a slow transition from obsolete technology to more modern alternatives. The libraries that remain represent a long tail with sparse resources and low awareness about the technical issues involved.
In the future, privacy must be a key consideration in library website design to be consistent with libraries’ values and strategic objectives.