Feature In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see in-game ads that reflected the audiobooks she recently checked out of the San Francisco Public Library.
Concerns about the privacy of library reading material date back to the early 20th century, explained Dorothea Salo, academic librarian and library-school instructor at the University of Wisconsin-Madison, to The Register.
If we wanted people to feel safe, using libraries, then we needed not to surveil what they were reading and certainly not to rat them out.
Things became more complicated as libraries went online, media became increasingly digitized, and distribution shifted to the network.
Library privacy became national news in 2005 when George Christian, then executive director of Library Connection, a Connecticut library consortium, received a National Security Letter from the FBI. The Feds, under the US Patriot Act, demanded library patron information without a warrant and imposed a lifetime gag order that forbade disclosure of the NSL. Christian and three colleagues, who became known as the Connecticut Four, refused to comply and a district court eventually found the gag order unconstitutional, prompting the government to drop its demand.
More recently, library privacy worries surfaced in North Carolina following the passage of state senate Bill 49, known as the Parents' Bill of Rights.
Aside from its politically motivated ban on school discussion of gender identity, sexual activity, or sexuality below fifth grade, it gives parents access to their child's library records.
The North Carolina School Library Media Association has objected to the law, which is being challenged in court, because it asks school libraries to violate the American Library Association Bill of Rights.
The study found that while libraries generally have basic privacy protections, there are often gaps in staff training and in privacy disclosures made available to patrons.
It also found that some libraries rely exclusively on social media for their online presence.
Salo said that the amount of visitor-tracking scripts on many library websites is just beyond the pale.
All three apps allow readers who have a library card to borrow ebooks, audiobooks, and more for free.
The Register worked with Zach Edwards, a security researcher, to analyze the network traffic in these apps and on the San Francisco Public Library website.
Based on OverDrive's insistence that it doesn't sell data for remarketing, The Register inquired further about whether the ad tracking scripts on SFPL's website might have come into play.
The subdomain it uses for library member login and ebook checkout, sfpl.
With regard to Google Analytics, she said that it only helps the library understand broad demographic data, such as the gender and age range of visitors.
Wong did say that the SFPL has participated in digital marketing campaigns that involve ad trackers and that these could possibly have been configured to deliver ads based on audiobook interests.
With tracking pixels, it would be possible to track the audiobooks that are being checked out and to track the pages that users visit and then target the user with an ad based on their actions.
The ad biz does provide various tools like My Ad Center to control ad personalization settings for ads on Google and partner sites, as well as the About this Ad menu.
According to Google, there are several reasons why Dudley might have been served an interest-based ad, including campaign targeting parameters based on interest data or location, or if the app involved served a retargeted ad based on first party data.
This Cyber News was published on go.theregister.com. Publication date: Sun, 19 May 2024 04:43:05 +0000