“We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” (Code of Ethics of the American Library Association)
In this post I’m going to detail some of the most common threats facing your patrons’ privacy when they use your public access computers, and provide guidance on how to better safeguard it, in keeping with the most vaunted code of ethics in librarydom.
(Note that the following is written from the perspective of Windows 7, as it remains the most widely used operating system in the U.S.)
Risk: patrons remaining logged into an account or saving their account credentials in the browser, allowing subsequent patrons to access their stuff.
Response: configure the browsers on your public access computers to always use private or incognito mode. Here are the instructions on how to do this.
Risk: a patron may install spyware or keylogging software (accidentally or maliciously) that compromises subsequent users’ privacy.
Response: enable the Guest account to inhibit installation of software and the changing of important system settings. You can do this in three easy steps:
- Open the Start Menu, search for guest account, and select “Turn guest account on or off”
- Click the icon of a well-traveled suitcase proclaiming “Guest account is off”
- Click Turn On
Huzzah! If you’re having difficulties or want further information, this post should help.
You may also wish to go the extra mile and setup a steady state/deep freeze program, such as Reboot Restore Rx, that can preserve your computers in a safe and stable state. Here are the instructions on how to do this.
Risk: patrons leave traces of their activities in jumplists and temporary files.
Respone: Use CCleaner to automate the removal of this data each time a new user logs into the Guest account. Here are the instructions on how to do this.
Risk: Third party tracking of unencrypted internet browsing and searching (via online trackers and aggressive ads)
Response: There are three things I recommend doing to mitigate risk to this particular threat.
1) Install these privacy-protecting browser extensions:
- HTTPS Everywhere helps ensure that secure encrypted connections to websites are used, when available.
- Adblock Plus blocks most banner, pop-up, and video advertisements.
- Disconnect blocks third-party trackers (Ghostery is an alternative that allows more granular configuration of blocking behavior)
2) Change the browser’s default search engine to one that safeguards user privacy, such as DuckDuckGo. To do this in Firefox, type about:config in the address bar, search for browser.search.defaultenginename, and change the value to DuckDuckGo. Also do this for browser.search.selectedEngine. To change the default search in Chrome, navigate to Settings: Search and change the search engine used from the omnibox to DuckDuckGo.
3) Change a couple of browser privacy settings so that it won’t accept 3rd party cookies. In Firefox, this is under Options: Privacy: History. In Chrome, this is under Advanced Settings: Privacy: Content Settings.
There’s a lot more to learn, but you’re off to a beautiful start! If you’re interested in diving further down the rabbit hole into the wild world of digital privacy, you can do so by reviewing the presentation that inspired this post.