alt Hacker NewsHow is hitting the library an act of rebellious defiance? Getting a library card requires an ID and proof of address. The library then tracks which books you've signed out. Unless you're reading the books inside the library without signing them out.
Replies
A library is supported by local property taxes, so requiring proof of residence serves a practical purpose. Of course they are going to track loaned books too. This is not the same thing, by any stretch. If they are somehow making that information available beyond the scope of the library system it is a breach of trust.
Start your own library.
Write your own books.
Make your own music.
My library card has no picture on it. Me and 100 of my closest friends could easily share the same card.
I'm pretty sure I didn't provide an address or an id when I got my library card.
My library, at least, is fanatical about their patron's privacy.
I don't know what their retention time is on circulation records, but beyond aggregate statistics for culling materials that aren't circulating I bet it isn't too long. Now I want to go check.
My library also only keeps 24 hours of video surveillance because they didn't want to be able to fulfill requests from the cops for footage of patrons. I really liked that.
Edit: In the patron portal it permits me to disable "borrowing history" and says it permanently deletes my records. I do contract IT work for them so next time I'm engaged I'll ask about the details. They're moving to Koha later this year (free / open-source ILS) so I could go look at the code to see what it does (which is nice).
On the theme of their privacy fanaticism:
Over a decade ago the library got a grant to do outdoor public WiFi in the park behind their building. As part of that grant they needed to report the number of distinct users using the WiFi each day. Their UniFi controller tracks MAC addresses of associated stations. I used a query against the underlying MongoDB to get the usage reports to satisfy the grant.
To minimize the potential of tracking individual users the library director had me write a script to grovel thru MongoDB, do a SHA-1 hash of each public MAC address tracked concatenated with a randomly-generated salt for that day, then write back the first 48 bits of the hash over the original MAC. The library gets their daily statistics and long-term traffic trend data, they don't double-count associations for the same device in the same day, but they can't track individual people over a span of multiple days.
Now that devices randomly-generating MACs are mainstream it's much less necessary. I thought it was really cool she thought this. (The whole salting/hashing bit was my idea. She just wanted to be able to fulfill the grant reporting requirements amd be unable to track people.)