TILT # 27 — Keeping our democratic strongholds secure
OPSEC stands for operational security
Mostly holidaying this week and away from librarianing. Thinking about privacy, surveillance, and keeping our shit secure. This is a topic librarians should be comfortable with, or quickly get comfortable with. The security of our data and our systems has a multiplier effect — it improves security for all of our patrons.
EFF is the gold standard for this. They write easy-to-understand blog posts (here’s their year in review set) and have good one-hitter pages like this Security Starter Pack. They love metadata, we love metadata; we should be fast friends!
Eric Hellman (you may know him from such hits as Unglue.It) has written a post called How to check if your library is leaking catalog searches to Amazon. The example he uses is from Harvard.
To put this plainly, my entire search session, including my search string killing trump is sent to Amazon, alongside my personal information, whether I like it or not. I don’t know what Amazon does with this information. I assume if a government actor wants my search history, they will get it from Amazon without much fuss.
Businesses aren’t so gung-ho about privacy usually. This is not just because it’s good for business to know everything about you, but also because privacy is hard. And, apologies for paraphrasing from JFK, but managing the privacy policies in libraries is something we choose to do not because it is easy, but because it is hard, and it’s a challenge that we accept.
A guest pair of paragraphs from a mailing list pal Trey Gordner. In case people didn’t understand the larger context of linkbuilding and why libraries might be prime targets for that and other scams.
In TILTY #24, Jessamyn shared a story about Proquest’s Gradshare blog falling for a linkbuilding scheme. Here’s another one to watch out for: scholarship outreach. A couple of years ago, companies realized that reference librarians were linking back to their corporate scholarship pages from resource lists. Google considers universities and government institutions high-authority sources, so these links are especially valuable to marketers. Unfortunately, shady businesses who don’t offer scholarships at all have started to take advantage of this tactic, sending fake scholarships for inclusion.
If you get an email about adding a scholarship to your directory or resource page, ask for a press release naming past winners. That should weed out the liars. For more on scholarship outreach, read “How to Create and Run an Effective Scholarship Outreach Campaign.” Have you been the target of a shady campaign? Let me know at trey@koios.co.
Some of these mechanisms can be pretty opaque. This mailing list also exists online on Medium. I have a reader in Pakistan who would like to read it there but can’t. Medium is blocked in Pakistan at the national level (by a Canadian company who bid on a project that others wouldn’t). There are ways around this, but they are complicated. Medium is “aware of the problem” but can’t fix it, probably. How hard do you try to fix this problem? How much is that informed by revenue models (and the profitability of Pakistan)?
While tech workers are vowing to not help build a Muslim registry, we should also think about what other tools we have that could be repurposed in nefarious ways.
The Seattle Public Library has created a Shelf Talk blog post called simply The 2016 Election: Library Resources. It is a very well put together (and emulatable) set of resources.
Hope you are enjoying the holidays in whatever way you choose and that 2017 brings you better things in whichever way you define that.
Today in Librarian Tabs is written irregularly by Jessamyn West who also maintains librarian.net. It’s also available in your inbox via TinyLetter. Thanks for reading.
