Articles, Blog

How Websites (including Medical Databases) Spy on Users, Kernel of Knowledge Series

February 15, 2020


Welcome to today’s National Network of
Libraries of Medicine webinar. This session is being hosted by the Greater
Midwest region as part of our Kernel of Knowledge series. That little
picture you see is a kernel of corn. I heard some speculation that it might be a tooth of this corn. For those of you who are not familiar with the
Greater Midwest Region we are located here at the University of Iowa which is
why we have the kernel of corn and our kernel of knowledge series. We do have a
pretty exciting presentation for you today
so I’m going to go ahead and get started and make sure we have time for all the
content that Eric has put together for us and to give some time for you guys to
ask questions at the end. Just a couple of housekeeping things really quick
you’ve all been muted upon entry so if you do have questions or comments please
go ahead and type them in the chat box and you want to select to everyone from
that little drop-down menu so that people will see that. Eric can’t see them
while he’s presenting so I’ll be keeping an eye on that and asking him the
questions probably at the end unless it’s clarification about some specific
technical aspect of something we are going to go ahead and close caption this
recording and post it on our youtube channel probably in about a week or so
and I will send that email when that happens. All right Eric if you want to go
to our introduction slide alright so just quickly introduce myself for those
of you who aren’t familiar with me I’m the host and the community engagement
specialist here at the Greater Midwest Region and my name is Bobbi Newman I’m thrilled to be able to introduce our presenter today Eric Hellman after doing
10 years after 10 years doing physics research at Bell Labs Eric got
interested in electronic publishing started an e-journal
started a company built linking technologies for libraries then sold
that company to OCLC and worked there for a few more years and started
blogging at go-to Hellman and finally decided that the important thing to do
would be to make free ebooks work for libraries and everyone else at Unglue.it, GITenberg, and the Free Ebook Foundation the last two years Eric has been raising
awareness about privacy leakage in the Internet services of libraries and
scholarship pushers and has volunteered with the
Library Freedom Project to promote encryption for libraries and publishing
websites so I asked Eric to come talk to us today a little bit about how even are
some maybe our trusted medical websites are tracking information or to learn why
we should care about that when we’re looking at medical information online so
it’s all to you Eric thank you. so the title I gave Bobbi how websites including
medical databases spy on users if you want to follow me on twitter and @gluejar so first of all why me well hmm so as the introduction gave me a hint of
I’ve been working in technology most same libraries for about 20 years now
and I’ve learned quite a bit about how websites work and built a few websites
myself the most recent of those was um unglue.it which is relatively complicated
website and the the goal of on unglue.it is to make Creative Commons license and
other free ebooks available so basically it’s a database that lets people
download free books there’s a was a crowdfunding aspect to it and so when we
were building it about five years ago we had to make a lot of decisions about how
to build it and many of those decisions involved privacy and security so for
example we were taking credit card payments and so we had to choose a
vendor to help us meet the requirements for taking credit cards one of the
people who I had the good fortune to hire to help me build this website was a
librarian named Andromeda Yelton and many of the decisions that involve
privacy she really enlightened me about how libraries and librarians think about
privacy so I give her credit to raising my awareness and since then I’ve tried
to learn as much as I can about what’s going on on the greater internet about
privacy and tracking and security and I also look at the websites that we use in
libraries and publishing and ebooks with them and when I look at those websites I
see a lot of decisions that those websites made that might be different
than the ones I made and sometimes I understand why they did things
differently but other times it looks like the decisions that were made were
made without really understanding the implications of those decisions
especially as as it impacts privacy so I made it my extra curricular mission for
the last two years to raise awareness in the library community and the publishing
community and vendor community that supports libraries about all the
different technology decisions that impact privacy so my goal for this talk
for today and hope I hope that they’re also your goals are first of all to
learn a bit about how internet advertising works I’m focusing on
advertising because that’s one of the the big things that people haven’t
really thought about and you need to think more about
in order to understand how internet advertising works I also have to learn a
little bit about how webpages get built up built and we have to understand about
all the information that flows and where it flows to when in the process of
building a web page once we understand a little bit more about how that works we
can think of it about how it matters and what we can do to change what happens if
it’s not the way we think it should be all right so I’m going to start at the
place where most people start and that’s Google so this is what happens when I
search for mesothelioma cancer and these are the results that I get back from
Google now the interesting thing here is first of all they have to have a big
info box that dominates the right side and they’re the search listings start
out with four count them for ads it’s rather unusual I think for a search
result to get these so many ads and so you might ask why is that well the
answer is mesothelioma is a very expensive keyword so every year search
engine watch comm does a study of what the most expensive keywords in the US
are on Google and last year the number one results for a most expensive keyword
was best mesothelioma lawyer’ so let me let me explain what that means or that
number means that means that case a year ago you did a search on best
mesothelioma lawyer’ and clicked one of those ads at the top of the listing
somebody was paying almost a thousand dollars per click to Google for the
privilege of getting you to click on their ad and have the opportunity to do
something once you’ve got someplace obviously what’s going on is client the
lawyers the lawyers who deal with mesothelioma lawsuits are paying a lot
of money to get leads on who they can click who they can represent
mesothelioma is a very rare cancer and so finding these people who are
unfortunate enough to to to be afflicted with this disease can be very valuable
to a lawyer. that’s a lot of money I think just think if if all the people
listening to this talk go to google and type in meso fee ” “mesothelioma lawyer” and
click on ads well you made a lot of money for google mmm for cost a lot of
money for a law firm. well suppose that one of the things that you click on as a
organic search results is a page at WebMD well they have a special page for
mesothelioma as you might expect it’s part of their cancer section and well
the first thing you see when you go to this website is an ad a display ad and
we’ll talk a little bit more about the display ad in a bit
but it’s almost like they picked a perfect ad for this particular webpage
now that looks like a pretty normal webpage if you ask me. but if you go behind itand look at how it’s built if you look at it with the eyes of a web developer
you see is that webpage is built from 233 requests I’ll talk a little bit more
about requesting this doesn’t go on but among those requests are 75 requests for
Java scripts there was a little pieces of code that do various things ten
different cascading style sheet files that make the web page look all pretty 123 different images
you wouldn’t think just looking at it there that many images. five different
font files okay that’s not that’s not so unreasonable and the thing that you
think of when you get documents from the web HTML there are nine different HTML
documents that make up this one web page what’s more those 233 different requests
come from 41 different servers. in other words your web browser whether it’s
Firefox Chrome or Safari or whatever it’s talking to 41 different places on
the Internet to get all the pieces that it needs to put together this
ordinary-looking webpage so what i want to try to explain is what the hell is going on in this webpage alright so i promised to talk a little bit more about our request
remember 233 different requests go up to make that one webpage so the first part
of a request is the URL that’s the address of the web page now within that
URL there are answers to three questions first of all how that’s HTTP that’s the
protocol that your web browser software uses to talk to the web server that’s
giving the web page the where well it’s coming from WWwlWebMD.com which is the
name of a server computer somewhere on the Internet
you’re a web browser computer has to look up that name get an IP address
contact that IP address and then some the rest of the requests and finally the
what what is it that you want from that web server well you want a web page name
slash character slash mesothelioma – one one two one one the name is kind of
important Google uses the words in the name to establish ranking and so we want to
make sure that both cancer and mesothelioma in there otherwise the one
there just is number for for some page that they made all right well it turns
out there’s more it’s not just the URL that gets sent in a request if you think
about it there’s a lot of stuff that means to information that needs to be
exchanged in order to give you the right stuff. first of all you have to tell your
IP address because otherwise it’s not going to be able to send you back the
right information so that’s your IP address but basically
identifies the computer that you’re working from. what language do you use
well when your browser makes a request it says what your preferred language is
languages and so when I get the page I get English and sometimes I’ll go to the
page with a different language and I might get a different language results I
also tell the server computer what kind of software I’m using whether it’s
Chrome on Firefox and Mozilla Internet Explorer Edge. what kind of device I’m
using with. I’m reading with so for example if I’m on my iPhone it says one
one thing and if I’m on my laptop it’s something completely different. it also says what I’ve
just been reading now that’s what’s called the referrer URL so whatever page
you say you’ve got this in a link from another page the address of that page
gets sent along with the request that I get for this page
now this is a somewhat funny story it turns out that in the original spec that
defined HTTP refer was spelled wrong so that’s why when we talk about requests
we talk about refer or spelled er-er rather than the correct way e r r e r. so that’s just a fun thing to throw about. that so in case you have to report it
you know that you’re supposed to misspelled refer in some instances and
not others. It’s web development fun so all this information that you’re sending
just in order to get that webpage and just one request it’s a whole meal of
information but no meal is finished without the cookies. included in requests
are cookies I’m sure you’ve all heard of cookies and cookies sounds like fun but
if you it’s important understand what exactly they are. so imagine that the
website you’re visiting asks you every time have you visited us before and if
you say yes I’ve visited you before then the server ask well we gave you an ID
number can you tell us what it was that ID number is what’s in the cookie once you
by sending the ID number in the cookie the website can remember everything you
told it before so for example if I go to Facebook I don’t have to log in every
time I can just give Facebook a cookie that says Who I am and another cookie
that says yet it’s really me I’ve logged in to the site so please let me see my
feed as it talks to someone else’s on the other hand if you haven’t been
there before then the website says okay well here’s a new ID number don’t lose
it and give it to us next when you come oh and then please tell us some more oh
and also click the stupid box about cookies the reason they have the stupid
box about cookies is because the European Union has this rule that says
websites have to show a stupid box about cookies if they use cookies and
everyone uses cookies and no one really understands what cookies are so everyone
knows to click on the box about cookies and then it goes away and when you click
on the box about cookies it gave you a cookie that says you clicked on the box
and you don’t have to see the cookie stupid box again that’s what you need to
know about cookies cookies are basically the memory of the Internet of you
without a cookie the internet will not remember who you are and it would seem
really stupid but now remember all that big meal of information including the
cookies all of that was just for one request that first request for the HTML
page to find that web webpage did you see now think about doing that
233 times and doing that with 41 different servers because that first
HTML page you got was just the first it lists out all the parts of the page that
you really need and artists and everything okay I’m exhausted
how about you? Now remember it’s 41 different servers and each of those different
servers have their own cookies and even though you might never have remembered
going to app Nexus app Nexus treats you the same way that Facebook treats you or
Google treats you it wants your cookie and cookie wants to know who you are and
it doesn’t know who you are it gives you another cookie so it knows you next time
and that’s 41 different servers that are doing more or less let’s look at
the components of that you get with those 233 requests well we know for just
from looking at the page at least 2/3 of those requests are for display ads ok
this is the big banner ad at the top of that page that we saw from WebMD it’s an
ad for surviving the website surviving mesothelioma which is a website for a
book written by the world longest living mesothelioma survivor it turns to be
some guy in Australia turns out to be some guy in Australia now it’s not selling you the
book it wants to give you a free book and so you know they’re paying pretty
much money to get this ads shown to you and when you click that add they’re
paying a pretty penny to get you to come there so there’s maybe more going on
than you might think it turns out if you go to that website
and if you go to the same address you might get a different ad but when I went
to this website it was a website that wants to mail me a free copy of a book
if only I give them my name address and other personal information so you can
see what you can guess pretty well what this website is doing and what their
business model is they are giving people free ebooks in exchange for personal
information and then they’re selling that personal information to law firms
that want to make money representing mesothelioma victims ok let’s
about the request that was made to get this wonderful little banner at well
first of all you might think that it was specially selected by WebMD to grace
their mesothelioma page but no this ad comes from Google’s advertising business
that business is called Double Click double click gets the request and
decides what ad to send you now the ad that it sends you is determined based on
first of all the topic of the page which Google knows of course because it’s
indexed every web page and the demographics of the page so WebMD so
probably relatively educated so you want to send them something that will cater
to that audience so it turns out that Google knows that I’m interested in
books I’m interested in free books I mean I do run the Free eBook Foundation so maybe
that’s why Google decided to send me an ad about a free book. You think so? maybe I
don’t know market now Google knows where where I am it knows my location it goes
I’m in Montclair New Jersey so in case the web page is for lawyers it’s not
going to a ad for a California law firm it’s going to send me an ad for
a New Jersey law firm when there are two other factors which determine what
ad I actually get and that is the willingness of the advertiser to pay
lots of money the price their own to pay and the click rate for this ad (That’s one d not two, I gotta spell check) anyway so Google optimizes its income by multiplying the
price of the ad times the click rates for the ad and whatever ad makes them
the most money is the ad that I get shown and that’s how I got this
particular ad now remember that that ad came to me from a one of the 233
requests now I don’t want to pick on Google in specific they are the largest
advertiser on the or advertising network I mean right but there are plenty of other
advertising networks and it works pretty much the same for all of the advertising
networks the requested the request goes to Google and Google first you know
wants to look at my cookie they want to know if I’ve ever visited Google and
what my Google idea is once they have my Google ID they know exactly who I am and
they know all my interests. They know what ads to send me. If Not it’s hey they’ll get you next time Google and Google is going to see me at some other website even if they
don’t send them my cooking for this one Google knows where I am etcetera and well
we all like relevant ads it’s a be relevant ads that are early along so the
better that we will come to at making the ads relevant the better it is for
me back to that number 233 web page
components alright they’re only like five ads that we can see on that web page
so that accounts for maybe 10 20 most of those 233 web page counts what what
there must be even more going on well if you go and look at all the things of
that web page is pulling in the advertising P load most of it is not
visible payload it’s all sorts of trackers on that web page there are 23
different advertising trackers 23. 3 analytics trackers and 2 social media
trackers so that’s 28 different
trackers that are getting a whole meal of information about me and my requests
let’s look a little bit more at how this tracker works okay so remember the
requests we talked about before most of the trackers are requests for
images when a web page gets rendered by a web browser it has to add all the
images so the first thing it does is it requests all the images that are
specified by the html it turns out that a lot of these images are just one by
one clear pixels I have a pixel here that’s magnified so you can see that
there’s nothing there one pixel by one pixel and it’s clear so you can see us however the request has all sorts of
stuff and I want you to look at the size of the requests don’t try to look at the
specifics of the requests because it’s all gobbledy gook and you won’t be able
to figure that well maybe you can if you like Google
everything but look at how much information that is that’s like about 10
20 times more information in the request then comes back in the pixel that is
returned in addition all of those requests all on 233 of those requests
get a referer header remember 1 r refer in this case it’s the mesothelioma address
at WebMD so all of those 28 tractors now know that Eric Hellman alias ID number 1
5 6 7 8 9 10 or whatever has been reading about mesothelioma now that might be very valuable
information and there might be all sorts of other valuable information and all
this gobbledygook and that’s interesting ok let’s talk about those chapters
chapters actually did quite a number of different jobs one very important thing
that trackers have to do there are specific kinds of trackers that try to
prevent fraud now you can imagine that if you’re an advertiser and you’re
paying thousand dollars a click for a web app web ad you really want to make
sure that those ads aren’t being clicked a robot or that they’re being clicked by
a thousand people in Malaysia or other ways that fraudsters might be exploiting
these high-priced ads or even low prices for that matter so there are companies
that specialize in detecting fraud click fraud it called in advertising and
trackers are one way they do it they also send along with the the tracker you know these scripts that probe information about your computer and about you and if
you’re only going to pay off for the advertiser if you look really like a
real person other kinds of jobs the trackers do well there there are
trackers that are specifically designed to link your laptop profile so your
iPhone profile so that’s kind of interesting that means that that two
separate computers that have should have completely different cookies different
IDs on your iPhone and your laptop but these trackers have ways to connect your
iPhone profile to your laptop profile by for example fingerprinting the websites
you visit or fingerprinting the characteristics of your computer things
like that. Linking of data sets there are thousands of these trackers and trackers
collect different kinds of data sets and each of the data sets may not be so
valuable by themselves but if they can be linked to other data sets for
example that include demographics or data sets that include information about
political affiliation or data sets that include your gender and age each of
those linkages increases the value of the data set when you can sell the data
set for a much higher price so you have certain kind of trackers to just do that
then there are trackers that their job is to measure the website’s audience
this kind of tracker is like the tracker stick to Google Analytics these are the
trackers that measure the traffic to your website the usage of your resources
there is another set of trackers that analyze how you use the website so they
they track all your clicks on your mouse over this and that and so they’re able
to see what parts of the website that you’re actually looking at and that
helps the the web developer to place ads in the right place as content in the
right place and all of this is ultimately to increase advertising revenue.
so just as an example the WebMD page has a tracker called or a set of
trackers called pixels there’s a Facebook pixel there’s
a Twitter pixel and there’s a Pinterest to go to Pinterest pixel say that
seven times fast. okay so what the track the tracker isn’t even getting a pixel
would ever need to JavaScript the tracker says hey Facebook Eric’s looking
at a cancer patient one indie district says super tracker says hey Facebook
Eric clicked a cancer-related ad on WebMD Facebook says oh that’s so cool we’ll show that ad to
Eric all over the internet we’ll follow him everywhere he won’t be like get
away from it that’s called remarketing mmm
I hate remarketing I’m sure you’ve experienced remarketing usually I get
remarketed for stuff that I’ve already bought which means it’s a total waste of
the advertisers money and that probably a year to it’ll go away because everyone
will realize it’s not worth it. also in my reactions is hey wait I clicked the do not track box it’s an option on my web browser what happened to that
Facebook site oh sorry we don’t pay attention to that stuff . And the tracker says oh god what an idiot well anyway so that’s that’s how trackers talk to each other it’s important to realize that it’s not just WebMD.
don’t take this talk as a criticism of WebMD because it’s not all that
different from most advertising driven sites on the internet but because these
tractors are so widespread and in particular the Google tracker is so
widespread and each of the trackers gets the same tracking cookie they’re able to
link together all my behavior at all these different web sites so when I do a
search on Google that search goes into the advertising database when I view a
page on WebMD that goes into the Google web database
if I go to a Huffington Post or to Brietbart.com all those views go into the
Google advertising database unfortunately it’s not just advertising
driven sites so for example it turns out that the catalog for my local public
library had advertising trackers on it so my searches on the library catalog my
public library catalog were being sent to the Google advertising database it
turns out that even a PubMed sends click trails to the Google advertising
database I think that’s an invert mistake and I’m going to write them about it but that’s one thing I just noticed while it’s playing this
talk together. New England Journal of Medicine you know all the money that libraries pay to for all these expensive journals you’d think that they
wouldn’t have to support their journals with advertising but all those webpages
most of the journals have advertising unfortunately and because it’s the same
tracking cookie for all of these different sites that identifies you the
database can connect all of the browsing you do there’s a really cool tool
from Mozilla called Light Beam it’s a it’s a plugin for Mozilla or Firefox that
allows you to visualize all of the third-party linkages from webpages you
see so this is the graph before I just showed you a schematic of
what happens this is an actual graph that likely made for my browsing of five
web pages that’s New England Journal of Medicine WebMD
mlb.com and Breitbart oh and and one of these little dots not one of the big
stars is a PubMed so you can see wherever there are lines connecting or
triangles with one connection multiple sites
those are trackers that can connect the browsing on one site with another and
this is for only five sites you know that all of us is it a lot more than
five websites per day so you can imagine in what it looks like and if you’re
curious what it really looks like for you download the plugin from Mozilla and
try it yourself it’s beta it crashed my computer after a while so be careful but
it’s really fascinating advertising trackers are everywhere
I mentioned that 18 at the top 20 I found it 18 of the top 20 research
journal put advertising trackers on every page of their journals. New England
Journal of Medicine was the most intense tracking site that I found among on
research journals 19 trackers Saw Press 16 trackers and as I mentioned even
PubMed has one ad tracker disappointing part of this half
because libraries and publishers use social share widgets like add this and
share this and their their business is to collect demographic information a
user and sell them to the advertising networks so they’re basically
advertising trackers too. So you might ask is this consistent with library values now
I’m an engineer and I so I can’t really speak to the library values so much to
kind of excessive to me but you know I did get a lot of training
from Andromeda and I think the answer is pretty clear I don’t think it’s
consistent with the values that libraries and librarians hold dear ok
so moving right along I on the positive side awareness of these kinds of issues
is growing in the past year of sanam primo removed Amazon trackers from their
products and once because not because you know I mentioned it to them it’s
because librarians or their customers spoke up and said we don’t like this can
you please do something about it and they did something bad
another example worldcat.org They had been using one of the social share
widgets if someone gotten rid of that and so that’s a library world website
that has significant improved and hopeful
continuing to improve in the future so yay okay now you may ask is this legal
if it’s legal why is it legal? well that’s a complicated question and certainly for
some types of information personally identifiable information there are lots
of privacy laws covering it and but privacy PII or personally identifiable
information has been construed so far by the legal profession as being things
like Social Security numbers email addresses names addresses phone numbers
things like that you don’t need any of that stuff
to accumulate a huge database of users and they’re the web browsing habits
perfectly legal so I don’t know what this is that’s good or not I’m not I
don’t know if it would be make sense to like make laws to to to change your
situation but that’s the way it is I might ask who cares well there’s nothing
wrong with an advertising-supported website I think and the more relevant
the ads are the better the website as far as I’m concerned so I think there is
an appropriate place for all this advertising technology we perhaps a
shame that the best minds of the generation of last 10 years have been
put to work devising advertising st strategies but at the same time I do think
that there is a role for a safe space on the Internet a space that’s
non-commercial it’s not advertising supported where people don’t have to
worry about being stalked by advertisers or being stalked by purported
advertisers you know as as a boring white guy it’s probably not for me to
say that it’s okay to do all this tracking but I can imagine you know at in some near future situation where my political beliefs or my religion get
held against me by some government entity or some some non government
entity and I’m not sure I like that so I do think we need to construct safe areas
of the internet which are not tracked and where people can can speak and read
without fear so last part what should we do well the first thing we should do is
the thing that I hope we’ve done a little bit of today and that is get a
better understanding of what’s going on what we’re doing and I hope I’ve been
able to contribute a little bit to that and the second thing is understanding
what we can do if we decide that something needs to be done well one
thing that we can do is apply privacy tools that work inside our browser here
are five tools I’ll mention them briefly privacy badger is a plug-in made by the
Electronic Frontier Foundation it is pretty aggressive about blocking
trackers of all kinds mmm works pretty well occasionally it’s a little bit over zealous
and break sites but allows gives you lots of control so you can fix it
Ghostrey is a tool I like to use for mostly for uncovering all but the
trackers on the website Ublock Origin is primarily an ad blocker there are
another set of issues with blocking ads with respect to taking away revenue
sources for websites that are giving you good resources but that’s that should be
up to individuals to decide chrome of the browser has an incognito mode that
gives you an increased increased privacy well as you browse the internet and it
forgets all that we browse while you were in incognito mode. That’s
something that every browser should every everyone uses Chrome should be
aware of finally there’s Tor tor is an anonymous
browsing software that allows you to visit websites without betraying any of
your information including your location or or your IP address so if you want to
to use the internet without anyone knowing who you are tor is then you want
to use now Library Freedom Project which I mentioned briefly before is it
has a lot of resources about using these kinds of tools especially tour and is
also encouraging libraries to run tour nodes to improve the robustness of the
Tor network and enable more people all around the world to use the Internet
anonymously collection development tools one thing you can do to reduce the
amount of advertisers that user see is to use aggregators
when aggregators get journal articles from publishers all the ads constrict so
that’s one thing to consider when deciding whether to use an aggregator to
use a direct subscription I think the best way to combat intrusive ads where
they shouldn’t be is to require disclosure when when you negotiate a
contract with a vendor require them to disclose all of the advertising content
that they put on the website all the advertising networks of these and all
the trackers chances are they don’t really know themselves so just asking
what what they’re doing will force them to also think carefully about the
trade-offs between using advertising and privacy of your users finally require
your vendor sees HTTPS let me say a little bit more about HTTPS its the
secure version of HTTP now with HTTP content can be intercepted and changed
in transit that’s because a connection you make to a internet website is really
going through ten to twenty different servers owned by maybe five to ten
different companies in each of those companies anyone with a presence on any
of those networks can look at all your traffic and see what you’re sending back
and forth in your request and in the response they can inject malware into
the response it’s as if all the requests were being sent on postcards no there’s
no envelope HTTPS puts all that stuff in an envelope so nobody can read it in
transit or well anyway so the bottom line is use an envelope last
some things to do is if you’re involved in web development if you’re involved in
web development there are things that you should pay attention to
first of all refer policy headers done right can drastically increase the
privacy of your users so that’s the referrer spelled with two r’s I know it’s
different but that’s the way it is. If you use Google Analytics or another analytics tool
configure it for privacy there are issues with Google Analytics you can do
configure it with privacy but if you don’t configure it with privacy for
privacy using the Google tools Google will map all your users to their
advertising database and all the information we collect and a lot of
analytics will go into advertising database
so don’t do it also be aware of third-party tools that may leak privacy
I mentioned add this service similar issues exist with like buttons Facebook
like content embeds Vimeo YouTube etc embedded discussion tools and JavaScript
and style sheet libraries that we get from content books can possibly have
privacy implications so to end I like to quote Princess Leia
she can use HTTP so I can insert my own words into her quote help me libraries
you’re my only hope so thank you and yeah alright I’m this
is Bobbi I’m back we’ve got about five minutes to answer some pretty good
questions Eric I don’t know if you can stick around for a couple minutes longer
well but we do have some really good questions that came in during chat so
one of them was okay so how do we prevent the websites from tracking this
which i think might be its own webinar or webinars in and of itself and you did
to give us some tips on that at the end is there anything else you want to add
but so I’d like to recommend again a Library Freedom Project that Allison
Macrina has put together a lot of training material both for librarians
and for library patrons so that’s a great place to start I think Bobbi has a
good web page too and the book is out okay the next question is does Google
use the Google Analytics that many people add to their site to also gather
information so I hinted that this a little bit on one of my last slide if
you configure Google Analytics and privacy we looked at if they do not do
this and personally I I take Google at their word because it would be disaster
for them it’s turned out not to be true however many websites make the mistake
of turning on demographic tool in Google Analytics that’s appropriate if you’re
doing an advertising based site but if you care about privacy you just stripped
you just told Google but it’s okay for them to link your analytics data to
their advertising as I said don’t do that. that one person just says that they feel
sort of like or doomed which I think we’ve all felt. Maybe we need Obi-Wan then too.
then another person has a question is there any overlap between what we learned
here today and free downloadable apps oh you mean like iPhone apps. oh that would be
yes I think so so that’s sort of a complicated question
and I’ve not really studied it myself I do know there are differences between
Android and iPhone iPhone tends to be Apple a little bit more
and all about letting information outside of their walled garden there are
advertising tools obviously that work inside iPhone and so if you get ad in your iPhone
what basis as much as them cans and those contextual so those similar issues
what another person asks what about clearing caches and cookies daily or
similar does that help so it’s hard to know the most of the advertising company
or many of the advertising companies have you technology called
fingerprinting technology that allows them to reconnect IDs even if you
flush cookies they’re also things called ever cookies which are use flash flash
cookie so like they store your ID in flash and so enable flash on the website
they could flash cookies to reincarnate your IDs on you cookies so I
would say yes it helps but it’s not something that and the last question is
do hospital firewalls pass all this advertising information back and forth
all their browsing does use HTTPS so the advertising network are way ahead of
libraries in switching to HTTPS so the firewalls I have not seen the firewalls
are making an effort to block advertising much at all
so in fact there are firewalls that unfortunately reduce the security of
their connections because they haven’t been keeping up with latest failure
settings so again I wouldn’t the firewalls can help I don’t think they do much
about advertising trackers. and then we have it look I’m not I’m not the right
person to ask about that because the question for ya have I configured
someone else asks how much do VPNs help with blocking trackers so a VPN won’t do
anything to block a tracker the only thing it will do is make your IP address
something other than what you’re using the VPN from since well you can configure
Gateway to block cookies but I don’t see how much as it’s going about this ok
and then the last thing is I just a comment from someone about seeing an ad
in a journel seeing an ad a journal generated pdf medical research article so
like maybe some comments borrowing there are content borrowing ok it looks like
that’s it for the questions thank you so much Eric I definitely appreciate it. This video was produced by the national
network of libraries of medicine select the circular channel icon to subscribe
to our channel select a video thumbnail to watch another video from the channel

No Comments

Leave a Reply