Mary Minnow has written several posts on Library Elf and potential privacy issues. Since my library uses Voyager, I haven’t tried Library Elf out yet, but it’s supposed to create an RSS feed for you to keep track of what you have out, what’s coming due, and where you are on your holds. You can also get an e-mail notice, but those among us who already use aggregators have likely chosen to get their feeds that way. I love the idea of keeping people up-to-date that way, and there are already two libraries I know of (Seattle Public Library and Hennepin County PL) that are offering RSS feeds for this purpose. However, I don’t know if these libraries have adequately explored the privacy issues of putting these feeds into web-based aggregators. The Seattle Public Library has a notice about privacy:
IMPORTANT PRIVACY NOTICE: The Seattle Public Library cares about the privacy of your personal information. Patrons who use public RSS aggregator Web sites, such as Bloglines, Rojo or Feedster, are cautioned that some of these services allow other users of the service to read your RSS feeds. This means that other people can view information regarding items you have checked out or have placed on hold.
Usually you can control this by using an option in your profile or in the setup of the feed to mark it “private” or “public.”
They write “Usually you can control this by using an option in your profile or in the setup of the feed to mark it “private” or “public,” but have they actually tested that in those feed readers they recommend? Apparently not.
Mary discovered something very interesting yesterday about putting in your Library Elf feed into Bloglines… we can all see it. When she did a search for “Library Elf” in bloglines under “all blogs,” she found over 200 people’s personal feeds where you could see their e-mail address, what they have out, what they have on hold, and what library they use. YIKES! I tried it out and was easily able to see what a number of my friends subscribed to Library Elf were reading. Creepy. According to Kelli Staley, even making the feed private doesn’t matter, because it still will show up in the search. All making your feed private will do means it won’t show up in your blogroll. It will still be listed in Blogline’s database of feeds. All the “private” thing is for is if you subscribe to a blog that you don’t want people to know you subscribe to. If you really want information like this to be private, put it in a desktop aggregator or go for the e-mail alert option. Frankly, I feel uncomfortable giving my library log-in info to a third party, even for the sake of saving time. Since Mary’s post, Library Elf has warned its users (in the FAQ) about Bloglines, but how many people really read an FAQ unless they are having real problems? They really should have a warning smack dab on the front page if they are concerned about privacy. I’m no feed expert, but is there any way Library Elf could generate these feeds where so much personal info isn’t showing? Like don’t tie a person’s name and e-mail address to the feed, but give it a unique number. It still sucks the people can see what other people are reading, but it’s less meaningful to see what #593832 is reading as opposed to seeing what Bob Jones is reading.
We put a lot of information out there on the Websites of third parties and give a lot out to different Web sites. We need to read terms of service and carefully test the privacy claims companies make. We need to find out what rights the company has to our info and what would happen if they went belly-up or were bought by another company. We can’t afford to take our privacy for granted.