Category: Security

Posted on

Zoom and Privacy at the Library

Welcome to this week’s Tip of the Hat!

The amount that you spent web conferencing has most likely increased exponentially in the last few weeks. Library workers working from home now rely on web conferencing software for daily operations, including meetings and check-ins with other colleagues. With this shift to web conferencing, though, comes a shift in the level of risk to patron privacy.

Most libraries rely on third party web conferencing software which, like any other third-party vendor, brings its own set of risks to patron privacy. However, when you fundamentally change library operations to embed a third-party application into almost all parts of core operations, the existing privacy risks of that application change dramatically. You also introduce new risks into the mix! It’s already hard to keep up with all the risks to patron privacy in normal operations, and a rapidly changing work landscape compounds matters.

Let’s take Zoom, for example. Many libraries and library vendors use Zoom as their primary web conferencing application before the COVID-19 outbreak. That number only increased as many workplaces went remote, with many workers relying on their institutional Zoom accounts for both professional and personal online meetings. Other workers took advantage of Zoom’s generous free plan. What was once a tool used for webinar presentations and professional organizational group meetings, Zoom has become a lifeline for many remote library workers to stay connected to the library world for the foreseeable future.

With the increased use of Zoom came increased scrutiny of the application from the increasing number of remote workers in several industries. Soon after the shift to remote work started in earnest across the US, news media started reporting on privacy and security concerns with Zoom. One of the earlier news reports described Zoom’s “attention tracking” function, where an administrator can keep track of meeting participants who clicked away from the Zoom window. This level of tracking by the meeting organizer does not reach the level of other tracking software used by businesses to monitor employee productivity, but this tracking can still encroach on employee privacy. “Zoombombing” – the act of gatecrashing a public Zoom meeting and bombarding it with inappropriate material or attacks – is also on the rise, compromising the security of business and other meetings held by users who are newer to the platform.

Zoom’s data privacy practices have received increased scrutiny in the last week with the mass movement to remote work. In the same article about “attention tracking”, the reporter also touched on Zoom’s privacy policy’s vague language around selling personal data. The privacy policy has since been updated to remove the first sentence which caused the most concern, but the vague last sentence in the paragraph remains – “So in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood.” – which is still a privacy concern. In addition, Zoom’s iOS App was sending user information to Facebook, which again wasn’t made explicitly clear in the privacy policy. Zoom released a statement that they will change the app to no longer send this information, but Zoom’s overall privacy practices and policies remain unchanged as described in this Twitter thread.

Your library might be using Zoom for business meetings, or it might be using Zoom for library programs, such as delivering online programs (like storytime or classes) or research/reference services. In both cases, Zoom might be collecting and processing patron data for their business purposes, increasing the risk of a privacy breach. You can take some actions to mitigate the new risks to patron privacy from using Zoom:

  • Use Zoom’s end-to-end encrypted chat feature [Update – the E2EE feature turned out to be false advertising.]
  • Limit the amount of patron data disclosed in Zoom, including text chats
  • Do not record video, voice, or text chats that involve patron data, including services to patrons conducted over Zoom
  • Do not share files with patron data over Zoom’s filesharing feature
  • Review privacy and security settings on the administrator, organizer, and user levels
  • Follow best practihttps://lifehacker.com/how-to-prevent-jerks-from-ruining-your-zoom-meetings-1842453487ces to prevent Zoombombing, including enabling the waiting room feature, limiting screen-sharing and voice controls (muting participants by default when they join), and locking the session when all attendees have arrived.

Limiting patron data disclosure on third-party applications is a challenge for a remote workforce. Choosing third-party applications with strong privacy and security practices is one of the best ways to mitigate privacy risks. Taking the time to assess privacy and security during a major global health crisis, nonetheless, doesn’t come naturally if you are not used to making critical privacy decisions under pressure. Settling into the new normal provides the opportunity to reassess data privacy and security practices in the workplace, including mitigating expanded or new risks to patron privacy. In the case of Zoom, limiting the amount of patron data transmitted through the application as well as making full use of privacy and security settings can help mitigate these privacy risks.

Posted on

Doxing: How to Protect Yourself and Patrons

Welcome to this week’s Tip of the Hat!

The Executive Assistant has her paws full this week with rescheduling and shifting various project timelines around thanks to recent events. She was batting objects off of ledges redoing Gantt charts when she came across a small list of privacy-related things to do on a rainy day and promptly knocked the list off the pile and onto the floor. While this is not a rainy day, a few of us could use a distraction, so what can be a better distraction than protecting your privacy?

Today we’ll explore doxing: what it is, how it can harm you and your patrons, and what you can do to protect yourself and patrons from being doxed.

Doxing and You

Doxing is the act of publishing private or otherwise identifying information about a person to the public. This can include your home address, phone number, private email address, or bank account details, but it can also involve publishing private information about those close to you, like family members, along with your private information. Most times doxing is used as a tactic to intimidate or to harm a person or their loved ones – an infamous example of doxing in action is Gamergate, where online harassers doxed several games journalists, researchers, and others in the gaming industry.

Being doxed can mean a stranger showing up at your home or otherwise harassing you as you try to go about your daily life, but it can also mean that your identity can be stolen. With just a few pieces of private personal information, you can social engineer your way through customer service staff and help desk representatives to get access to critical accounts, potentially destroying the financial and reputational aspects of a person’s life in the process.

How to Dox Yourself (@ the Library)

The scary part about doxing is that anyone with little time and effort you can get access to private information. The New York Times recently published a guide on how to dox yourself, describing the various places where you can find information that you thought was not available to the public. Search engines, social media, and data brokers are all potential sources for doxers looking for your private information. Take some time to study their resource guide and perform some searches on your favorite search engine. You might be (un)pleasantly surprised as to what you can find about yourself.

Libraries are not exempt from being potential targets for doxers to gain information about a person. Library patrons routinely contact library staff with requests or questions about their patron account or another person’s patron account. What can be in the patron record that can potentially be used to dox someone? Legal name, home address, and birth date are three pieces of patron data that come to mind. Chances are, though, that your patron record includes much more, including telephone numbers, email addresses, and even government or organization-issued identification numbers, such as driver’s license numbers or student or employee id numbers.

Library workers also face the possibility of being doxed and harassed. An article by American Libraries recounted the experiences of two library school professors who were doxed for their research on racial microaggressions in academic libraries. Library workers are subject to the same harassment and doxing that their patrons face in daily life, as documented in the article. Any private information of both patrons and library workers is fair game to a doxer, even at the library.

Dox Defenses

How can you protect yourself and others from doxing?
On the personal front:

On the library front, review policies and procedures surrounding patron data confidentiality, particularly surrounding requests to disclose patron information:

  • Do you have a procedure in place to verify the patron’s identity if they request access to information in their patron record? What are the procedures regarding identity verification in-person versus over the phone versus online?
  • What information is used in the verification process?
  • What information do you disclose in the patron record in person? Over the phone? Online?
  • What is the procedure when the patron doesn’t have this information for verification?
  • What is the procedure if the patron requests access to another patron’s record?

Employee information also needs protection; however, a different set of regulations, policies, and procedures apply. Check with your human resources staff as well as legal counsel to determine what information is private, what is public, and when employers are allowed to disclose employee information to others.

Doxing is scary and can lead to harassment and other dangerous situations. The best personal defense against doxing is to be proactive in limiting the amount of private information a random person off the street can access through a data broker, your online presence, or other places where private information can be accessed by someone with a little bit of time and resources. The best library defense is making sure that there are policies and procedures in place for verification of the patron’s identity before disclosing patron information in certain situations, as well as protecting the privacy of library worker information, be it from not publishing private information such as home addresses to protecting the data from unauthorized access.

Posted on

COVID-19 Updates And More Privacy Considerations

Welcome to this week’s Tip of the Hat, everyone.

It’s been a week for many of us as COVID-19 rapidly changed both work and personal lives. During the last newsletter, public events were still going on, schools and libraries were still open, and we were not in a pandemic. This newsletter is being composed in a completely different world in Seattle – closed schools and libraries, canceled events, and the realization that COVID-19 is much more widespread than previously thought.

This week, many libraries are closed to the public, while other libraries that are still open are being pressured to close to protect the health of their staff. This means staff might be working from home for the first time, or are trying to move in-person library instruction online. The Library Freedom Project provides a good list of privacy considerations for online instruction. Academic and school libraries should also be aware of the updated guide on FERPA and COVID-19 and how student privacy is impacted by the COVID-19 pandemic. In the general world, healthcare professionals, as well as employers, are struggling to find a balance between personal privacy and disclosure in the context of HIPAA regulations.

The rapid developments of last week also presented a challenge – how do you protect privacy while at the same time keeping up with changes at work? Many work from home arrangements were hastily put together with less than 24 hours’ notice, leaving IT departments scrambling to figure out if VPN or other remote access to staff systems can handle the increased user traffic, but at the same time might not realize that the remote access method has a vulnerability, such as an unknown open port, or even providing access to internal applications without special logins or IP restrictions. IT staff should ensure that only staff can access work systems and network drives, including requiring VPN use to access these places as well as additional authentication and user access rules. In short, IT staff have their work cut out for them in the next few weeks. Nonetheless, there have been many guides published in the last week, like this one from NC Department of Information Technology, for people working from home and what they can do to protect their digital privacy and security.

On the public services side, online communications between staff might take a variety of forms, from an increased number of emails to online web conferencing. If the organization doesn’t offer an online group collaboration platform, like Microsoft Teams, staff might take to free third party applications, such as Slack, Discord, or your tried and true suite of Google products. Patron privacy might be compromised if patron data is shared on unsecured applications, as well as places that are subject to a public records disclosure request. Therefore, it’s a good time to remind everyone to keep patron privacy in mind in working from home, including limiting storing and communicating patron data to secure communication channels controlled by the organization.

It’s impossible to keep track of every COVID-19 development, and libraries have struggled to respond to these changes. With more libraries closing and trying to keep staff busy, we cannot forget that the choices we make during the COVID-19 pandemic will have long-lasting consequences on data privacy for some time to come. It’s hard to step back and take a breath to reassess where everything stands on patron privacy, but it’s worth the effort to take a few moments to go through the library’s response so far and ask how each response might put patron privacy at risk.

Posted on

COVID-19: Resources and Privacy Considerations

Welcome to this week’s Tip of the Hat!

Some of you might already know that LDH is based out of Seattle. Seattle has been in the news with the recent COVID-19 cases and deaths in the area. We at LDH are staying relatively healthy (outside of it being allergy season in town). Nonetheless, some of you have also been impacted by COVID-19, including institutional travel restrictions, dusting off the disaster policy and procedures, and fielding questions from both staff and patrons about what will happen when there’s an outbreak of COVID-19 in your area.

There’s a lot of information out there regarding COVID-19 and what you should do to help slow the spread of the infection. Some sources include:

The most important things to keep in mind during this time:

  • WASH YOUR HANDS WITH SOAP AND WATER. It doesn’t matter if it’s hot or cold water. There are several memes out there with lists of songs you can sing for about 20 seconds, be it Happy Birthday, the opening trumpet solo in Mahler’s 5th, or the chorus to this song.
    Hand sanitizer (store-bought, not homemade) is also an option, but not as effective as washing your hands with soap and water. [1]
  • Cover coughs and sneezes using your elbow or tissue (then throwing the tissue away).
  • If you are able, stay home if you are sick. This is not an option for those who do not have paid sick time, or if there’s a lack of coverage at work. If you do have the privilege to stay home, do so.
  • Extra cleaning of any hard surfaces as well as public or shared areas, such as open offices and break rooms.

COVID-19 has also brought up some good reminders and discussions surrounding privacy in a time of a possible pandemic:

Here are a few more articles surrounding the COVID-19 and the possible long-term implications to privacy regulations and public discourse:

Stay safe and healthy in the coming weeks!

[1] You would be surprised by the number of people who do not wash their hands regularly; this is something you should be doing anyway in normal circumstances. Hence, the shouting. Forever shouting about the washing of hands.

Posted on

That Little Driver’s License Card…

Welcome to this week’s Tip of the Hat!

A driver’s license card is the first document many people use to prove their identity, be it at work, or the bank, or the airport. The card has key information needed for organizations and institutions: name, date of birth, address, photo, and the illustrious driver’s license number. Driver’s license cards can be a convenient form of identification, but it can also be a convenient way for your patrons’ identities to be stolen if your library is not careful in its handling of the card’s information.

As part of the library card registration process, many public libraries require some form of identification with a current address to confirm the patron’s home address. These libraries almost always accept driver’s license cards as one form of identification. But what do libraries do with the information on the card? Some record the driver’s license number in the patron record, while others take a photocopy scan of the card (yes, this has happened!). Several libraries use specially programmed barcode scanners to automatically populate the fields in the patron record from the information provided from the driver’s license barcode.

Each method carries its level of risk to the library patron’s privacy. Storing driver’s license numbers in the patron record or other places can open the patron up to identify theft if the library’s systems or physical spaces are compromised. There are various ways to compromise a physical or electronic space. We are familiar with the story of a person breaking into the system to steal information, but sometimes it is a staff person who steals the information. We also can’t forget that a leak is as damaging as a breach – sometimes staff leave the patron record up on the screen at public service desks, or a report printout is left on a desk for anyone to see or take.

Overall, the best way to mitigate the risk of a breach or leak of driver’s license numbers is to not collect or store driver’s license numbers. In the collection stage of the patron data lifecycle, we decide what data to collect. The data you collect should be tied to a specific, demonstrated business need at the point of collection. If you are collecting driver’s license numbers as a way to verify patrons and addresses, what are the business needs for collecting and storing that number in the patron record? You can achieve the same business need by other means, including creating a process of validating the patron record information with the identification without recording additional personal information in the record. Another consideration is that while driver’s license cards are a convenient form of identification, the card might have a name that the patron no longer uses and might have other outdated or incorrect information, including address information if the state does not mail a new card when there is an address change. Finally, not all patrons have driver’s license cards, and your patron registration policies and procedures need to accommodate this reality.

Even if you don’t collect or store the driver’s license number, there are still ways in which the library might inadvertently collect more patron information than they need from the card. Scanning driver’s license barcodes to auto-populate patron registration forms and records can save time in data entry, but be aware that these barcodes carry much more information than what is presented on the card, including gender and even Social Security Numbers. The software that you use to scan the barcodes should only record the information needed for the patron form and not store the additional information in the barcode. Your software vendor should have information about how they treat this extra data; if they do not, then the vendor product is a potential security risk for the library and the patrons which needs to be addressed with the vendor.

No matter how your library handles driver’s license cards, your library should be actively reviewing privacy practices on a regular basis. In 2019, the Contra Costa County Library System decided to stop collecting driver’s license numbers and purged existing numbers from their patron records. This decision came just at the right moment – the library system suffered a ransomware attack at the beginning of 2020. While recent reports state that no personal data was compromised, the risk of identity theft to library patrons would have been much greater if the driver’s license numbers were still stored at the library. In short, it’s never too late to review policies and procedures around patron address verification at your library!

Posted on

Privacy Tech Toolkit: Tor

Welcome to this week’s Tip of the Hat!

A new year brings New Year resolutions. If you resolved to adopt better privacy practices and tools, you’re in luck! This week’s newsletter continues our exploration of the Privacy Tech Toolkit with the Tor browser and network.

Tor Basics

Tor enables users to anonymously browse and communicate online through two main parts. The first part is the Tor network, a worldwide network of servers. These servers serve as relays, sending encrypted information to randomly selected relays, masking the location of the user of the network. “Tor” stands for “the onion network” because this relay process resembles layers of an onion – each relay decrypts one layer of encryption and sends the rest off to the next relay for the next round of decryption. This routing masks both the source and destination locations of the online traffic. This is similar to a VPN in such that you can hide your actual location. The Electronic Freedom Foundation illustrates how the Tor network works with the following illustrations:

Three diagrams showing how Tor works. The first diagran shows the initial request to the tor directory server. The second diagram shows the random path through the tor relays to transmit the information. The third diagram shows a different relay path when the requester comes back to request the same information at a different time.

End-users can access the Tor network with the Tor browser. The browser is based on Firefox and comes with the NoScript plugin already installed. You can install the Tor Browser on all major operating systems as well as install the browser on a USB stick or SD card for when you are traveling or won’t have access to your computer.

Tor Considerations

Instead of accessing the internet through a single private network in the case of a VPN, Tor uses a distributed relay network that shifts your “location” every time you connect to the network. Tor is open source and is free to the public, but there are some considerations when choosing to use Tor for online browsing and communications:

  • Speed – the Tor network has more users than relays, as well as high user demand, which means slower browsing speeds on Tor than on other networks.
  • The Good and Bad of Blocking and Tor
    • Bad – some websites block the IP addresses of Tor exit relays (the last server in the relay chain). Those sites will need to be accessed outside of Tor. To add insult to injury, some sites block both Tor AND VPN access, making it near impossible to use those sites without having your location and activity wide open to those sites.
    • Good – because of the Tor network’s ability to route traffic through several relays worldwide, Tor can bypass government or other types of geo-blocks on certain websites, making Tor a necessity for those living in areas of the world that restrict access to the web.
  • Onion addresses – some websites, on the other hand, have onion addresses that can be accessed through the Tor browser. For example, you can access the BBC News website at https://www.bbcnewsv2vjtpsuy.onion/.
  • Anonymity – Tor provides an additional level of anonymity for online communications and browsing with the distributed relay network and browser; however, your actions can still give your location and identity away to third parties. If you log into a service that is connected to your real-world identity through Tor, then the site knows that it’s (most likely) you. Some users use Tor for specific purposes to avoid being identified while on Tor, staying away from logging into services connected to real-world identities. You can use Tor to search online without those searches being tied back to any accounts that are open in other browsers outside of Tor.

Tor @ Your Library

Some libraries include the Tor browser as part of the public computer image, while other libraries allow for patrons to install the Tor browser on the public computer (which then is wiped after the user session). Several libraries also advertise the option to run the Tor browser off of a USB stick to patrons who want to use Tor on public computers.

Several libraries are going beyond offering Tor access to public computers by becoming a relay, increasing the Tor network’s capacity to meet user demand. The Kilton Public Library in New Hampshire was the first public library in the US to host a Tor relay as part of the Library Freedom Project’s Tor Exit Relay Project. The project was not without controversy, but in the end, the public library was allowed to keep the relay.

Tor And Other Privacy Tools And Practices

If you need an anonymous way to browse the internet, Tor is one of your best bets. While some people opt to use both Tor and a VPN at the same time for additional security and privacy, most use one or the other when they need to have a private and secure way to browse and communicate online. Again, each tool has its strengths and weaknesses in protecting your privacy and choosing which one to use depends on your situation. Tor and VPNs are widely known tools, but there are many other tools to cover in our Privacy Tech Toolkit – stay tuned!

Thanks to subscriber Kristin Briney for the topic suggestion!

Posted on

Safe Travel for the Holidays (Guest Post)

Welcome to this week’s Tip of the Hat! Many of you will be traveling the next couple of weeks, which might involve flying to your destination. This week we bring you a guest post from Joe Reimers, Sales Engineer at III, about how to protect your privacy at the airport. Joe also writes about traveling tips and tricks at https://flyinfrequently.wordpress.com.

Holiday season is once again upon us, and for a number of us, that means air travel. For some, it’s another opportunity for grand adventure; for others, it’s an ordeal to be endured so we see family, friends and loved ones. For all of us, it’s another way for our personal data to be exposed to others.

Airports are public places where there is no reasonable expectation of privacy – you are always being observed and recorded. TSA and other law enforcement have the authority to search you and your bags. On domestic flights they may not search the contents of your phone or laptop (this is still unsettled law on inbound international flights), but they can require that you turn those devices on to prove that they are what they appear to be. Note that you don’t need to authenticate in, they just need to see the login screen. Air travel, like banking, is very, very closely tied to your legal identity – you can’t board unless the names on your ticket and ID match exactly, and the government can and does look at who is traveling where.

With this in mind, the privacy-minded traveler can prepare themselves accordingly. First and foremost, don’t bring anything you really don’t want other people to see or handle. Bringing some personal stuff is unavoidable, but I’ve found that when packing clothes in packing cubes or see-through bags, clothes that are obviously clothes are generally left alone. Another consideration is your ID – you’re going to need it at multiple times at the airport, typically when checking a bag and at the security checkpoint. You’ll want to keep your ID ready along with your boarding pass, but otherwise I try to keep it out of sight as much as possible. If you’re flying with a passport, it’s generally OK to keep out, but keep it closed and away from prying eyes.

A number of airports are now starting to use biometrics as a way to verify identification. I have very, very mixed feelings about this. The advantages are undeniable: things move quicker and you have less paperwork to keep track of (CLEAR + TSA Pre-Check at JFK or Atlanta is the difference between clearing security in 5 minutes vs. half an hour or more.) The disadvantages are also undeniable: the government gets regularly updated data about you and what you’re doing, and they don’t have to be transparent about how this data gets used. The same is true of third-party companies like CLEAR. And if there’s a data breach, well… What’s critical for you as a traveler is to understand that you cannot be compelled to submit to biometric identification. It can appear that there’s no choice but to use biometrics, but neither the airlines nor the government can legally compel its use.

Next, let’s talk boarding passes. To a skilled identity thief, boarding passes are treasure troves. They provide your full legal name as it appears on your ID. They provide hints about your frequent flyer information and status – frequent flyer miles are common targets for theft! They also contain your PNR (Passenger Name Record) and ticket number, which allow thieves to do fantastic damage. But the real danger is in the 3D barcodes (or QR codes on electronic boarding passes), which store a lot of this data in plain “text” rather than masked or by reference. If you have a paper boarding pass, protect it as you would an ID card, and destroy it the same way you’d destroy a credit card statement – not in an airport or hotel trash bin!

Now on to tech toys. Airports are public spaces where threat actors have lots of opportunity to get up to lots of mischief. It’s safe to assume that both airport WiFi and USB charging ports are compromised – even in airline clubs. Fortunately, these are easily countered with wall plug adapters and the use of VPN. Please also bear in mind that airports are public places with lots of people around. I’ve heard more than my share of “personal” phone calls. Headphones are a Very Good Thing but people tend to speak louder when wearing them. Calls aren’t always avoidable, but I strongly recommend keeping them short and light on private details until you’re someplace a bit further from prying ears.

Ultimately protecting yourself while at the airport boils down to two things: plan ahead, and stay alert. With a little bit of preparation and a little bit of awareness, it’s quite possible to keep your personal information and identity pretty safe while traveling. While you can’t control everything, controlling those things you CAN control can make all the difference.

Thanks again to Joe for the guest post! If you have an idea for a guest post, email us at newsletter@ldhconsultingservices.com.

Posted on

Beyond Web Cookies: WordPress, Plugins, and Privacy

Welcome to this week’s Tip of the Hat!

Previous posts in our series about web cookies, tracking, and privacy discussed ways that tracking applications such as Google Analytics can track website users across sites. We covered how using other Google-related products can put site user privacy at risk through third party data collection. This week we explore another area in which online user privacy might be compromised, and this area is one that libraries and library vendors are familiar with – WordPress.

WordPress is one of the most used content management systems – over 35% of the sites you visit on the Web use WordPress. Sometimes libraries need a website that works “out of the box”: install on a local server, pick a theme, edit some pages, and publish. Sometimes libraries choose to host a site on the WordPress.com commercial hosting service. Other times libraries use WordPress when they need a customized site to fit their libraries’ needs. Library vendors also work with WordPress by working with libraries to create customized WordPress sites and plugins.

WordPress is popular for a reason. It’s flexible enough to provide a good basic site with as little or as many customizations as the site owner sees fit. One of the ways WordPress achieves this flexibility is plugins. Because WordPress is Open Source, anyone can write a plugin and share the plugin with others. On the WordPress Plugin Directory site, there are almost 55,000 plugins to choose from, ranging from site statistics and analytics and form creators to social media integrations and email newsletter systems (for example, LDH uses MailPoet). The possibilities plugins bring to a library website are endless.

The same could be said about the ways that plugins can put your patrons’ privacy at risk. WordPress plugins have the potential to collect, retain, and even share your site users’ data to the creators of the plugin and other third parties. For example, some libraries might forego Google Analytics to use Jetpack or other WordPress statistics and site management plugins. What they might not be aware of is that site management plugins like Jetpack also use cookies, along with other tracking methods, to collect user data from your site.

These plugins can carry a security risk as well. WordPress plugins are used to compromise WordPress sites. One such hack happened with the GDPR compliance plugin in 2018 (the irony of this hack is not lost on LDH). What can you do to protect the privacy of your library and site users when using WordPress plugins?

  • Research the developer – some plugins are created by one person, while others are created by companies. Evaluating the developer can help with determining the trustworthiness of the plugin as well as uncover any potential privacy red flags.
  • Read the privacy policy – unfortunately, the Plugin Directory doesn’t have a standard spot for developers to publish their plugin privacy policy, which means that you will need to research the developer’s site. Jetpack has a general site regarding data collection and tracking which some might have skipped over if they didn’t search the support site.
  • Download plugins from trusted sources – the Plugin Directory is a good place to search for plugins, though this doesn’t relieve you from doing some homework before downloading the plugin.
  • Once you download the plugin:
    • Check and change any settings that might be collecting or sharing user data
    • Update the plugin regularly
    • If you no longer use the plugin, delete it from your site

This is only a small part of how you can use WordPress and still protect the privacy of your patrons. In a future installment of the series, we will talk about how you can be proactive in communicating privacy practices and options to your site visitors through WordPress.

Thanks to subscriber Carol Bean for the topic suggestion!

Posted on

Beyond Web Cookies: The Ways Google Tracks Your Users

Welcome to this week’s Tip of the Hat!

Earlier we discussed the basics of web cookies, including the cookies used in tracking applications such as Google Analytics. However, there are many ways Google can track your online behavior even when you block Google Analytics cookies and avoid using Google Chrome. Because Google provides applications and infrastructure for many web developers to use on their sites, it’s extremely hard to avoid Google when you are browsing the Web.

An example of this is Google Fonts. The LDH website uses a font provided by the service. To use the font, the following code is inserted into the web page HTML code:

link href=”https://fonts.googleapis.com/css?family=Open+Sans&display=swap” rel=”stylesheet”

For those who are not familiar with HTML code, the above line is instructing the web page to pull in the font style from the external fonts.googleapis.com site. The FAQ question about user privacy describes the data exchanged between our site and the Google Font API service. The exact data mentioned in the FAQ is limited to the number of requests for the specific font family and the font file itself. On the surface, the answer seems reasonable, though there is always the possibility of omission of detail in the answer.

This isn’t to say that other Google services provide the same type of assurance, though. In Vanderbilt University Professor Douglas C. Schmidt’s research study about how Google tracks users, many other Google services that collect data that can be tied back to individuals. Schmidt’s study leans heavily toward tracking through mobile devices, but the study does cover how users can be tracked even through the exclusive use of non-Google products thanks to the pervasiveness of third-party tracking and services that feed data back to Google.

We covered some ways that you can avoid being tracked by Google as a web user in our earlier newsletter, including browser add-ons that block cookies and other trackers. Some of the same add-ons and browsers block other ways that Google tracks web users. Still, there is the same question that we brought up in the earlier newsletters – what can web developers and web site owners do to protect the privacy of their users?

First, take an audit of the Google products and API services you’re currently using in your web sites and applications. The audit is easy when you’re using widgets or integrate Google products such as Calendar and Docs into your site or application. Nonetheless, several Google services can fly under the radar if you don’t know where to look. You can make quick work out of trying to find these services by using a browser plugin such as NoScript or Privacy Badger to find any of the domain URLs listed under the Cookies section in Google’s Privacy and Terms site. Any of the domains listed there have the potential to collect user data.

Next, determine the collection and processing of user data. If you are integrating Google Products into your application or website, examine the privacy and security policies on the Google Product Privacy Guide. APIs are another matter. Some services are good in documenting what they do with user data – for example, Google Fonts has documentation that states that they do not collect personal data. Other times, Google doesn’t explicitly state what they are collecting or processing for some of its API services. Your best bet is to start at the Google APIs Terms of Service page if you cannot find a separate policy or terms of service page for a specific API service. There are two sections, in particular, to pay attention to:

  • In Section 3: Your API Clients, Google states that they may monitor API use for quality, improvement of services, and verify that you are compliant within the terms of use.
  • In Section 5: Content, use of the API grants Google the “perpetual, irrevocable, worldwide, sublicensable, royalty-free, and non-exclusive license to Use content submitted, posted, or displayed to or from the APIs”. While not exclusively a privacy concern, it is worth knowing if you are passing personal information through the API.

All of that sounds like using any Google service means that user tracking is going to happen no matter what you do. For the most part, that is a possibility. You can find alternatives to Google Products such as Calendar and Maps, but what about APIs and other services? Some of the APIs hosted by Google can be hosted on your server. Take a look at the Hosted Libraries page. Is your site or application using any libraries on the list? You can install those libraries on your server from the various home sites listed on the page. Your site or application might be a smidge slower, but that slight slowness is worth it when protecting user privacy.

Thank you to subscriber Bobbi Fox for the topic suggestion!

Posted on

Privacy Tech Toolkit: VPNs

Welcome to this week’s Tip of the Hat!

Data breach and website hacking stories are (sadly) commonplace in the news. But what happens when the hack in question did not involve a single site, but your entire browsing history, complete with sensitive data, while you were logged into what was supposed to be a secure and private connection? With the recent breach with three VPN services – NordVPN, TorGuard, and Viking VPN – customers might be looking at that reality.

Some of you might be scratching your heads while reading the reports, though. Not everyone is familiar with VPNs, how they work, why they matter, and when you should use one. In this newsletter, we’ll cover the basics of VPNs, including how you can use them to protect your online privacy.

VPN Basics

A virtual private network (VPN) is a network of computers that provide access to the internet from a private network. Let’s use your work’s VPN service as an example. You are traveling with your work computer and you need to log into a work application. The problem is that the application can’t be accessed by computers outside the office. That’s where the work VPN comes in. You open your VPN client and log into the VPN service, creating a connection between your computer and the office server running the VPN service. This connection allows you to use the internet from that office server, making it appear that you are back in the office. Your computer can then access the work application now that the application thinks that your computer’s location is at the office and not in a hotel room.

Typically, the VPN connection is secure and encrypted, which makes VPN use essential for when you are connecting to public WIFI connections. Being able to change your location by using a server in another part of the world can also help protect privacy by placing you in a location other than the one you’re currently at. This comes in handy when trying to access sites that are geo-locked (sites that you cannot access outside of a certain geographical area, such as a country). Then there is the privacy component. A VPN can provide privacy protection for browsing history, current location, and web activity. Overall, VPNs can provide a secure and private space for you to browse the web away from those who want to track your every online move, be it some random person running Wireshark on a public network, your internet service provider looking for data for targeted advertising purposes, or possibly even the government (depending on your location).

VPN Considerations

A private and secure connection to the internet can protect online privacy, but as we found out last week, VPNs themselves are susceptible to breaches. This might cause some to wonder if VPNs are still a good choice in protecting online privacy. While VPNs are still an essential tool in the privacy toolkit, you still have to evaluate them like any other tool. There are some things to look for when choosing a VPN for work or personal use:

  • Encryption, protocols, and overall security – is the connection between your computer and the VPN server encrypted? You also have to consider the processes used in the actual creation of the tunnel between you and the VPN server. You might run across a lot of protocol terminology that is unfamiliar. NordVPN has a good post explaining various security protocols to help you wrap your head around VPN protocols.
  • Activity logs – is the VPN service keeping a log of activity on its servers? You might not know if your work VPN keeps a log of user activity, so it’s safer to use a separate VPN service than your work VPN for any personal use. No logs mean no record of your activity and your privacy remains intact.
  • Location – What server locations are available so you can access geo-blocked sites? Do you need your computer’s location to be at a specific IP address or location for work?
  • Price (for personal VPN use) – Never use a free VPN service. They are the most likely to log your activity as well as sell your data to third parties.

VPNs @ Your Library

Most likely you have access to a VPN service at work. While the technical aspects of work VPN are relegated to the IT and Systems departments, there is the question of who can use a VPN. Some libraries do not restrict VPN use to certain types of staff while other libraries only allow those who travel for work or do remote work to use VPN. A potential risk with work VPNs is when staff change roles or leave the organization. Auditing the list of users who have VPN access to the system will help mitigate the risk of unauthorized access to work systems by those who no longer should have access.

Your library provides internet access to patrons, so how do VPNs fit into all of this? First, we have WIFI access. Your library’s WIFI is a public network and patrons who want to protect their privacy might use a VPN to protect their privacy. Can your patrons use their VPN service while connected to the WIFI? Your desktop computers are another place where patrons are using a public network, but many public computers don’t allow patrons to install software, including VPN clients. There are ways to configure the public network to break the ties between one IP address and one computer, so web activity cannot be traced back to a single computer user based on IP alone.

VPNs And Other Tools In The Privacy Tech Toolkit

VPNs are just one way to protect your privacy online. There are many other ways you can protect privacy, including Tor and other types of proxy servers. Sometimes folks use multiple tools to protect their privacy; for example, some folks use both a VPN service and the Tor browser. Each tool has its strengths and weaknesses in protecting your privacy, and choosing which one to use depends on your situation. We’ll be covering other tools in the Privacy Tech Toolkit soon, so stay tuned!