The mystery of the targeted ad and the library patron The Register

Feature In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see in-game ads that reflected the audiobooks she recently checked out of the San Francisco Public Library.
Concerns about the privacy of library reading material date back to the early 20th century, explained Dorothea Salo, academic librarian and library-school instructor at the University of Wisconsin-Madison, to The Register.
If we wanted people to feel safe, using libraries, then we needed not to surveil what they were reading and certainly not to rat them out.
Things became more complicated as libraries went online, media became increasingly digitized, and distribution shifted to the network.
Library privacy became national news in 2005 when George Christian, then executive director of Library Connection, a Connecticut library consortium, received a National Security Letter from the FBI. The Feds, under the US Patriot Act, demanded library patron information without a warrant and imposed a lifetime gag order that forbade disclosure of the NSL. Christian and three colleagues, who became known as the Connecticut Four, refused to comply and a district court eventually found the gag order unconstitutional, prompting the government to drop its demand.
More recently, library privacy worries surfaced in North Carolina following the passage of state senate Bill 49, known as the Parents' Bill of Rights.
Aside from its politically motivated ban on school discussion of gender identity, sexual activity, or sexuality below fifth grade, it gives parents access to their child's library records.
The North Carolina School Library Media Association has objected to the law, which is being challenged in court, because it asks school libraries to violate the American Library Association Bill of Rights.
The study found that while libraries generally have basic privacy protections, there are often gaps in staff training and in privacy disclosures made available to patrons.
It also found that some libraries rely exclusively on social media for their online presence.
Salo said that the amount of visitor-tracking scripts on many library websites is just beyond the pale.
All three apps allow readers who have a library card to borrow ebooks, audiobooks, and more for free.
The Register worked with Zach Edwards, a security researcher, to analyze the network traffic in these apps and on the San Francisco Public Library website.
Based on OverDrive's insistence that it doesn't sell data for remarketing, The Register inquired further about whether the ad tracking scripts on SFPL's website might have come into play.
The subdomain it uses for library member login and ebook checkout, sfpl.
With regard to Google Analytics, she said that it only helps the library understand broad demographic data, such as the gender and age range of visitors.
Wong did say that the SFPL has participated in digital marketing campaigns that involve ad trackers and that these could possibly have been configured to deliver ads based on audiobook interests.
With tracking pixels, it would be possible to track the audiobooks that are being checked out and to track the pages that users visit and then target the user with an ad based on their actions.
The ad biz does provide various tools like My Ad Center to control ad personalization settings for ads on Google and partner sites, as well as the About this Ad menu.
According to Google, there are several reasons why Dudley might have been served an interest-based ad, including campaign targeting parameters based on interest data or location, or if the app involved served a retargeted ad based on first party data.


This Cyber News was published on go.theregister.com. Publication date: Sun, 19 May 2024 04:43:05 +0000


Cyber News related to The mystery of the targeted ad and the library patron The Register

The mystery of the targeted ad and the library patron The Register - Feature In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see in-game ads that reflected the audiobooks she recently checked out of the San Francisco Public ...
5 months ago Go.theregister.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
New FCC Pilot Shores Up Security for K-12, Libraries - One month after the Seattle Public Library's systems went down as part of a ransomware attack, the library is just beginning to restore services to staff and patrons. Some resources are back and running, but the library is far from being fully ...
4 months ago Darkreading.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 weeks ago Tenable.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
5 months ago Tenable.com
British Library: Finances are healthy amid cyber rebuild The Register - The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing. Reports at the weekend suggested the ransomware recovery costs were ...
9 months ago Go.theregister.com
British Library: Finances are healthy amid cyber rebuild The Register - The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing. Reports at the weekend suggested the ransomware recovery costs were ...
9 months ago Packetstormsecurity.com
Ontario public library shuts down most services due to cyberattack - A popular library in Ontario, Canada was forced to shut down most of its services this week due to a cyberattack - the latest library to face issues after hackers infiltrated its systems. The London Public Library, which services the Canadian city's ...
10 months ago Therecord.media
Toronto Public Library 'remains a crime scene' after ransomware attack - The Toronto Public Library is still in the process of recovering from a ransomware attack that limited its offerings and required wholesale changes to how the organization runs. Toronto City Librarian Vickery Bowles published a lengthy note on ...
10 months ago Therecord.media
Rhysida ransomware gang claims British Library cyberattack - The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage. Rhysida is auctioning off the data it reportedly stole from the United Kingdom's national library ...
11 months ago Bleepingcomputer.com
British Library: Ongoing outage caused by ransomware attack - The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. Over 11 million visitors use the library's website annually, with more than 16,000 people using its collections ...
11 months ago Bleepingcomputer.com
Ransomware takes British Library goes offline - When the British Library was infected with ransomware, few could have predicted how damaging the attack would be. A month later, the Library's IT systems are still offline - and now hackers are threatening to sell stolen personal data too. On 31st ...
10 months ago Pandasecurity.com
British Library confirms IT outage caused by infosec issue The Register - The British Library has confirmed to The Register that a "Cyber incident" is the cause of a "Major" multi-day IT outage. The social media mouthpiece for the Library began reporting issues on the morning of October 28, saying its website and services ...
11 months ago Theregister.com
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
7 months ago Tenable.com
CVE-2024-33928 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and ...
6 months ago
CVE-2023-52598 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
Toronto Public Library confirms data stolen in ransomware attack - The Toronto Public Library confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack. According to TPL, the attackers stole "a large number of ...
11 months ago Bleepingcomputer.com
Douglas County Libraries hacked by overseas criminal group - It's been over a week since Douglas County Libraries were the victim of an international cyber-attack and they're still in negotiations with that criminal group. The entire system, from the online catalog to placing holds and even checking out books ...
9 months ago Cbsnews.com
Operation Triangulation: The last mystery - After exploiting all the vulnerabilities, the JavaScript exploit can do whatever it wants to the device including running spyware, but the attackers chose to: launch the IMAgent process and inject a payload that clears the exploitation artefacts from ...
10 months ago Securelist.com
New Relic warns customers it's experienced a cyber incident The Register - Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something. "We value our New Relic community and want to make our customers aware of a recent cyber security incident ...
11 months ago Theregister.com
CVE-2023-52597 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
Toronto Public Library outages caused by Black Basta ransomware attack - The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across ...
11 months ago Bleepingcomputer.com
CVE-2021-41117 - keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)