Hidden Online Surveillance: What Librarians Should Know to Protect Their Own Privacy and That of Their Patrons
Librarians have a professional responsibility to protect the right to access information free from surveillance. This right is at risk from a new and increasing threat: the collection and use of non-personally identifying information such as IP addresses through online behavioral tracking. This paper provides an overview of behavioral tracking, identifying the risks and benefits, describes the mechanisms used to track this information, and offers strategies that can be used to identify and limit behavioral tracking. We argue that this knowledge is critical for librarians in two interconnected ways. First, librarians should be evaluating recommended websites with respect to behavioral tracking practices to help protect patron privacy; second, they should be providing digital literacy education about behavioral tracking to empower patrons to protect their own privacy online.
Adobe. 2011. “Adobe Flash Platform runtimes: PC penetration”. http://www.adobe.com/mena_en/products/flashplatformruntimes/statistics.html.
“AdOne Classified Network and ClickOver announce strategic alliance”. 1997. Business Wire, March 24.
“Affinicast unveils personalization tool”. 1996. AdAge, December 4. http://adage.com/article/news/affinicast-unveils-personalization-tool/2714/.
American Library Association. 2008. Code of Ethics. http://www.ala.org/advocacy/proethics/codeofethics/codeethics
———. 2013. Digital literacy, libraries, and public policies: Report of the Office for Information Technology Policy’s Digital Literacy Task Force. http://www.districtdispatch.org/wp-content/uploads/2013/01/2012_OITP_digilitreport_1_22_13.pdf.
———. 2014. Choose Privacy Week. Accessed April 8. http://chooseprivacyweek.org.
Angwin, Julia. 2010. “The web’s new gold mine: Your secrets”. The Wall Street Journal July 31. http://online.wsj.com/news/articles/SB10001424052748703940904575395073512989404
Ayenson, Mika, Dietrich James Wambach, Ashkan Soltani, Nathan Good and Chris Jay Hoofnagle. 2011. “Flash cookies and privacy II: Now with HTML5 and ETag respawning”. Social Science Research Network. http://ssrn.com/abstract=1898390.
Ball, James. 2013. “NSA stores metadata of millions of web users for up to a year, secret files show”. The Guardian, September 30. http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents.
Barth, Adam. 2011. “HTTP State Management Mechanism”. Internet Engineering Task Force, RFC 6265. http://tools.ietf.org/html/rfc6265.
Canadian Library Association. 1976. Code of Ethics. http://www.cla.ca/Content/NavigationMenu/Resources/PositionStatements/Code_of_Ethics.htm.
Castelluccia, Claude and Arvind Narayanan. 2012. Privacy considerations of online behavioural tracking. Heraklion, Greece:
European Union Agency for Network and Information Security. http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-considerations-of-online-behavioural-tracking.
comScore 2007. The impact of cookie deletion on the accuracy of site-server and ad-server metrics: An empirical comScore study. https://www.comscore.com/fre/Insights/Presentations_and_Whitepapers/2007/Cookie_Deletion_Whitepaper.
———. 2011. The impact of cookie deletion on site-server and ad-server metrics in Latin America: An empirical comScore study. http://www.comscore.com/Insights/Presentations_and_Whitepapers/2011/Impact_of_Cookie_Deletion_on_Site-Server_and_Ad-Server_Metrics_in_Latin_America.
Council of Europe. 1981. Convention for the protection of individuals with regard to automatic processing of personal data. http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm.
Earp, Julia B., Annie I. Antón, Lynda. Aiman-Smith and William H. Stufflebeam. 2005. “Examining Internet privacy policies within the context of user values”. IEEE Transactions on Engineering and Management 52 (2): 227–237.
Gomez, Joshua, Travis Pinnick and Ashkan Soltani. 2009. KnowPrivacy. http://ashkansoltani.files.wordpress.com/2013/01/knowprivacy_final_report.pdf.
Goodwin Josh. 2011. Super cookies, ever cookies, zombie cookies, oh my. Ensighten, blog entry. http://www.ensighten.com/blog/super-cookies-ever-cookies-zombie-cookies-oh-my.
Harding, William T., Anita J. Reed and Robert L. Gray. 2001. Cookies and web bugs: What they are and how they work together. Information Systems Management 18 (3): 17–24.
Johns Hopkins University Sheridan Libraries. 2013. Evaluating information found on the Internet. http://guides.library.jhu.edu/evaluatinginformation.
Kamkar, Samy. 2010. “evercookie”. http://samy.pl/evercookie/.
Kapoun, Jim. 1998. “Teaching undergrads web evaluation: A guide for library instruction”. College & Research Libraries News,
Komanduri, Saranga, Richard Shay, Greg Norcie, Blase Ur and Lorrie Faith Cranor. 2011-2012. “AdChoices? Compliance with online behavioral advertising notice and choice requirements”. I/S: A Journal of Law and Policy for the Information Society 7: 603–638.
Kristol, David M. 2001. HTTP Cookies: Standards, privacy, and politics. ACM Transactions on Internet Technology 1 (2): 151–198.
Leon, Pedro Giovanni, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang. 2012. “Why Johnny can’t op out: A usability evaluation of tools to limit online behavioral advertising”. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. http://dl.acm.org/citation.cfm?id=2207759.
Marshall, Matt. 2005. “New cookies much harder to crumble”. The Standard-Times, May 15. http://www.southcoasttoday.com/apps/pbcs.dll/article?AID=/20050515/NEWS/305159957.
Martin, David, Hailin Wu and Adil Alsaid. 2003. Hidden surveillance by web sites: Web bugs in contemporary use. Communications of the ACM 46 (1): 258–264.
Mayer, Jonathan R. and John C. Mitchell. 2012. Third-party web tracking: Policy and technology. Proceedings of the 2012 IEEE Symposium on Security and Privacy. https://cyberlaw.stanford.edu/files/publication/files/trackingsurvey12.pdf
McCracken, Harry. 2011. “50 websites that make the web great. Time, August 16. http://content.time.com/time/specials/packages/0,28757,2087815,00.html.
McDonald, Aleecia M. and Lorrie Faith Cranor. 2010. “Beliefs and behaviors: Internet users’ understanding of behavioral advertising”. Social Science Research Network. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1989092.
———. 2012. “A survey of the use of Adobe Flash Local Shared Objects to respawn HTTP cookies”. I/S: A Journal of Law and Policy for the Information Society 7 (3): 639–687.
Micheti, Anca, Jacquelyn Burkell and Valerie Steeves. 2010. “Fixing broken doors: Strategies for drafting privacy policies young people can understand”. Bulletin of Science, Technology, and Society. 30 (2): 130–143.
Narayanan, Arvind. 2011. “There is no such thing as anonymous online”. Blog entry, July 28. https://cyberlaw.stanford.edu/blog/2011/07/there-no-such-thing-anonymous-online-tracking.
Office of the Privacy Commissioner of Canada. 2011. Report on the 2010 Office of the Privacy Commissioner of Canada's Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing. https://www.priv.gc.ca/resource/consultations/report_201105_e.pdf.
———. 2013. Survey of Canadians on privacy-related issues. http://www.priv.gc.ca/information/por-rop/2013/por_2013_01_e.pdf.
Pollach, Irene. 2005. “A typology of communicative strategies in online privacy policies: Ethics, power, and informed consent”. Journal of Business Ethics 62 (3): 221–235.
Rainie, Lee, Sara Kiesler, Ruogu Kang and Mary Madden. Anonymity, privacy, and security online. Pew Research Internet Project. http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/.
Randall, Neil. 1997. “The new cookie monster”. PC Magazine 16 (8): 211–214.
Schneier, Bruce. 2013. “Attacking Tor: How the NSA targets users' online anonymity”. The Guardian, 4 October. http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity.
Schoen, Seth. 2009. “New cookie technologies: Harder to see and remove, widely used to track you”. Blog entry, September 14. https://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide.
Sipior , Janice C., Burke T. Ward and Ruben A. Mendoza. 2011. Online privacy concerns associated with cookies, Flash cookies, and web beacons. Journal of Internet Commerce 10 (1): 1–16.
Smit, Edith G., Guda Van Noort Hilde A. M. Voorveld. 2014. Understanding online behavioural advertising: User knowledge, privacy concerns, and online coping behaviour in Europe. Computers in Human Behavior 32 (1): 15–22.
Smith, R. M. 2000. “Why are they bugging you?” Privacy Foundation. http://www.privacyfoundation.org/resources/whyusewb.asp.
Soltani, Ashkan, Shannon Canty, Quentin Mayo, Lauren Thomas,
Chris Jay Hoofnagle. 2009. “Flash cookies and privacy”. Social Science Research Network. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862.
“‘Tor Stinks’ presentation”. 2013. The Guardian Online, October 4. http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document.
TRUSTe. 2013. US 2013 Consumer data privacy study – Advertising edition. http://www.truste.com/us-advertising-privacy-index-2013/.
Turow, Joseph, Jennifer King, Chris Jay Hoofnagle, Amy Bleakley and Michael Hennessy. 2009. “Americans reject tailored advertising and three activities that enable it”. Social Science Research Network. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1478214.
United States Federal Trade Commission. 2009. FTC staff report: Self-regulatory principles for online behavioral advertising. http://www.ftc.gov/os/2009/02/P085400behavadreport.pdf.
University of California, Berkley Library. 2012. “Finding information on the Internet: A tutorial” http://www.lib.berkeley.edu/TeachingLib/Guides/Internet/Evaluate.html.
Ur, Blase, Pedro Giovanni Leon, Lorrie Faith Cranor, Richard Shay, and Yang Wang. 2012. “Smart, useful, scary, creepy: Perceptions of online behavioral advertising”. SOUPS ’12 Proceedings of the Eighth Symposium on Usable Privacy and Security. http://dl.acm.org/citation.cfm?id=2335362.
Weston, Greg, Glenn Greenwal and Ryan Gallagher. 2014. “CSEC used airport Wi-Fi to track Canadian travelers: Edward Snowden documents”. CBC News, January 30. http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881.
“What they know”. 2010. The Wall Street Journal Online. http://blogs.wsj.com/wtk/.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors that submit to Information Technology and Libraries agree to the Copyright Notice.