Imagine you’re working in a library, and someone with a suit and a buzz cut comes up to you, gestures towards a patron who’s leaving the building, and says “That guy you were just helping out; can you tell me what books he was looking at?”
Many librarians would react to this request with alarm. The code of ethics adopted by the American Library Association states “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” Librarians will typically refuse to give such information without a carefully-verified search warrant, and many are also campaigning against the particularly intrusive search demands authorized by the PATRIOT Act.
Yet it’s possible that the library in this scenario is routinely giving out that kind of information, without the knowledge or consent of librarians or patrons, via its web site. These days, many sites, including those of libraries, invoke a variety of third-party services to construct their web pages. For instance, some library sites use Google services to analyze site usage trends or to display book covers. Those third party services often know what web page has been visited when they’re invoked, either through an identifier in the HTML or Javascript code used to invoke the service, or simply through the Referer information passed from the user’s web browser.
Patron privacy is particularly at risk when the third party also knows the identity of users visiting sensitive pages (like pages disclosing books they’re interested in). The social networking sites that many library patrons use, for instance, can often track where their users go on the Web, even after they’ve left the social sites themselves.
For instance, if you go to the website of the Farmington Public Library (a library I used a lot when growing up in Connecticut), and search through their catalog, you may see Facebook “Like” buttons on the results. On this page, for example, you may see that four people (possibly more by the time you read this) have told Facebook they Liked the book Indistinguishable from Magic. Now, you can probably easily guess that if you click the Like button, and have a Facebook account, then Facebook will know that you liked the book too. No big surprise there.
But what you can’t easily tell is that Facebook is informed you’ve looked at this book page, even if you don’t click on anything. If you’re a Facebook user and haven’t logged out– and for a while recently, even if you have logged out– Facebook knows your identity. And if Facebook knows who you are and what you’re looking at, it has the power to pass along this information. It might do it through a “frictionless sharing” app you decided to try. Or it might quietly provide it to organizations that it can sell your data to as permitted in its frequently changing data use policies. (Which for a while even included tracking non-members.)
For some users, it might not be a big deal if it’s generally known what books they’re looking at online. But for others it definitely is a big deal, at least some of the time. The problem with third-party inclusions like the Facebook “Like” button in catalogs is that library patrons may be denied the opportunity to give informed consent to sharing their browsing with others. Libraries committed to protecting their patron’s privacy as part of their freedom to read need to carefully consider what third party services they invite to “tag along” when patrons browse their sites.
This isn’t just a Facebook issue. Similar issues come up with other third-party services that also track individuals, as for instance Google does. Libraries also have good reasons to partner with third party sites for various purposes. For some of these purposes, like ebook provision, privacy concerns are fairly well understood and carefully considered by most libraries. But librarians might not keep as close track of the development of their own web sites, where privacy leaks can spring up unnoticed.
So if any of your web sites (especially your online catalogs or other discovery and delivery services) use third party web services, consider carefully where and how they’re being invoked. For each third party, you should ask what information they can get from users browsing your web site, what other information they have from other sources (like the “real names” and exact birthdates that sites like Facebook and Google+ demand), and what real guarantees, if any, they make about the privacy of the information. If you can’t easily get satisfactory answers to these questions, then reconsider your use of these services.
RSS feed
Everybody's Libraries 
PS, since someone’s otherwise bound to ask: Yes there are various “Share this” buttons, including one for Facebook, as well as a WordPress “Like” button, attached to this and other posts on this blog. As far as I can determine, none of them contact the web sites they refer to unless you click on them (unlike the Facebook “Like” button, which in its typical configuration contacts Facebook as soon as it’s displayed).
The fact that it’s hard to tell the difference between buttons that automatically “phone home” upon display, and ones that wait until you click, is one aspect of the “informed consent” problem with many of these services.
Visits to this blog are logged by WordPress.com (the hosts of this site) and some affiliated sites. If you’re signed into a WordPress account, your WordPress identity may be reported to them in connection with this post (and you’ll see a note by the comment box that you’re logged in under that identity). I am not aware at this time of WordPress or its related sites misusing this information.
ironic/meta ‘share on facebook’ icon below article :)