Lost In The Tubes

As we progress farther into this age of technology, more and more of us are spending more of our social time online, connecting to one another and to a wide variety of communities through social networking tools. As a result, more and more people are expecting to be able to connect to their community institutions through these same social networking technologies. Libraries are beginning to recognize the benefit of using social networking to enable their users to connect to the library and to each other in powerful new ways. No longer are library users restricted to physically being at the library in order to take full advantage of the connections it provides. Jenny Levine created a list of library user expectations that she calls “The Online Library User Manifesto”:

• I want to have a say, so you need to provide mechanisms for this to happen online.
• I want to know when something is wrong, and what you’re going to do to fix it.
• I want to help shape services that I’ll find useful.
• I want to connect with others that share my interests.
• I want to use your services on my schedule, not yours. I don’t care if it’s noon, midnight, Sunday, or Christmas Eve.
• I want to know how your library works.
• I want to tell you when you’re screwing up. Conversely, I’m happy to tell you the things you are doing well.
• I want to interact with institutions that act in a transparent and ethical manner.
• I want to know what’s next. We’re in partnership‚ where should we go?

(Levine 2005)

Of major concern in the online social world are the issues of privacy and anonymity. While these are two different things, they are very closely intertwined. From the earliest days of the internet, people have taken advantage of the ability to make themselves anonymous in the virtual world; anonymity helps people feel safe and gives them a greater level of control over the personal information the put online. The anonymity that social networking technologies enables is both good and bad – on the one hand, it allows people a safety net and gives them more control over their personal information online, and is, therefore, intimately tied into their sense of privacy; on the other hand, anonymity enables people to be abusive in online environments without having to face the consequences of their cruelty. In his book, You Are Not A Gadget: A Manifesto, Jaron Lanier talks about a phenomenon he refers to as “drive-by anonymity.” Specifically, he defines drive-by anonymity as: “effortless, consequence-free, transient anonymity in the service of a goal… that stands entirely apart from one’s identity or personality.” (Lanier 2010, 63) This type of anonymity makes it very easy for people to be cruel and seems to encourage crude and mean-spirited behavior. Further, he claims that this sort of behavior is concentrated primarily by the design of the Web 2.0, and not by the demographics of its users. As an example, he points to the earliest computer networks, when the only people who had access to go online were academic, corporate, or military personnel who could utilize professional systems and sign in to special interest groups – in other words, people who were adult and educated, and probably the last ones most would expect to exhibit crass behavior. Many users “still turned into mean idiots online”. (Lanier 2010, 68) How, then, are libraries supposed to take advantage of online social networking, to give their users the services they increasingly expect, while protecting their privacy and yet avoid the pitfalls of drive-by anonymity? To begin addressing this question, we first need to survey the current literature on the topic of online privacy and anonymity.

John Grohol expresses similar concerns regarding online anonymity in his article, “Anonymity and Online Community: Identity Matters” on the website A List Apart. “Anonymity is a double-edged sword when it comes to an online community” – on the one hand, “anonymity may allow people to feel more free and disinhibited to discuss otherwise embarrassing or stigmatizing topics,” but it also, “allows people to hide behind their computers while saying whatever they want with little ramification.” (Grohol 2006) Anonymity can also undermine the authority of information; for example, before Wikipedia “implemented its current registration requirements, anybody could—and did—add anything to the site, of any quality.” (Grohol 2006) However, he also suggests an easy method for mitigating the detrimental effects of online anonymity – membership. Even if members are allowed to be pseudonymous, it still “allows members of the community to learn to identify other members they like or dislike based upon their behaviors and personality,” and, in fact, pseudonymity “strike[s] a balance between people’s needs to obscure their identities online, while still allowing them to build reputations in those usernames.” (Grohol 2006) Membership systems improve the operations of an online social network in three key ways: when someone is interested enough to become a member of a network, you’re “more likely to get valuable, useful information and responsible behavior from them” because they are invested in the system; membership can act as a filter “[b]y requiring users to take an affirmative action… it weeds out the casual troublemaker from an interested user;” and, finally, it provides an established reputation system within the online community, letting other users know who to trust and who to ignore. (Grohol 2006) This sounds like a fairly obvious and straightforward solution to the problem, but the reality of implementing a membership system like this in a library setting is more complicated. Membership in a library-based online community would of necessity be based on general library membership. For example, at the Oak Park Public Library in Oak Park, IL, if a user wants to take advantage of some of their online services, they either need to enter their library card number or sign in as a guest. Entering their library card number automatically means that the library system knows who they are – even if their fellow network users do not. This alone undermines the sense of privacy that many expect from a library when using its services. Also, while membership can act as a filter for causal troublemakers, it is incorrect to assume that most non-members are going to be troublemakers; or that just because someone chooses not to become a member of the community, that their interest in it – or their need for the services it offers – are illegitimate.

Drive-by behavior makes many people afraid to allow anonymity in social networks at all. Michael Casey and Michael Stephens provide a few examples of this in their article, “The Transparent Library: Coping with Anonymity”:

Picture this: your library has launched a visionary long-range reorganization plan that sparks an anonymous, critical blog from staff members. Or your library appears in an anonymous YouTube or Flickr extravaganza that targets your authoritarian signage, unfriendly staff, and dirty public restrooms. Or your soon-to-be-launched web revamp is reviewed on an employee’s personal blog before the library goes public. (Casey & Stephens 2008a)

In these two of these examples, the anonymous person doing the criticizing is a staff member, but it could just as easily be a user or member of the community. Many react to the threat of this type of situation by seeking to restrict or eliminate online anonymity. However, in these cases, the “best response to this new world is to audit signage, library policy, and staff communication… organizations willing to accept some level of criticism in return for ideas, suggestions, and the opportunity to change may be able to turn around a difficult situation.” (Casey & Stephens 2008a) Anonymity may allow library users the freedom to express harsh feelings and criticisms without fear of consequence, but the way to handle this situation is not to silence them or to refuse to let these critics speak. Rather, listen to what people say when they are allowed to be completely uninhibited and realize that their complaints may have merit. To cite another article by Casey and Stephens, “Anonymity can encourage people to share observations or ask questions that might otherwise never emerge. Be willing to look past nonconstructive critical statements… There may be substance behind the snark to be addressed and used.” (Casey & Stephens 2008b) Yes, anonymity will probably always go hand-in-hand with a certain amount of pointlessly cruel behavior, but the potential benefits for open and uninhibited communication outweighs this. One can always ignore mean-spirited comments; but legitimate complaints and criticism can never be heard or acted on if no one feels free to communicate them.

In his blog post, “The Future of Privacy and Libraries,” Casey Bisson states that while libraries take privacy seriously, they “nonetheless make decisions that trade bits of our patrons’ privacy as an operational cost,” such as circulation records and the way they connect library users with the books they read. (Bisson 2006) The problem, though, is that these decisions are often made “without bothering to inform our patrons of the risks we take with their privacy. And the problem there is that it violates users’ expectations of transparency and self determination.” (Bisson 2006) He goes on to ask: how, then, do libraries “deliver targeted and customized services online, without unhinging our patrons’ privacy?” (Bisson 2006) So far, libraries have addressed this issue mainly by allowing their users to choose, “giving patrons the tools and knowledge they need to make their own decisions about how much they reveal.” (Bisson 2006) This idea fits well with one presented by Michael Casey and Laura Savastinuk in their book, “Library 2.0: A Guide to Participatory Library Service.” When creating customizable participatory online services, they stress that “[p]ublic identification should not be obligatory for our users to participate in our services… Libraries can use some simple methods of helping to preserve privacy, such as allowing anonymous comments and content additions…” (Casey & Savastinuk 2007) Their preferred method of protecting the privacy of library users is to use an opt-in method for these types of services. When it comes to their personal information, “[u]sers should not have to take action to protect their privacy; they should only have to take action if they wish to share information that may be considered personal or private.” (Casey & Savastinuk 2007)

However, Mr. Bisson correctly points out that this answer “depends on the notion that library services must be self-contained.” (Bisson 2006) Many library users want to be able to integrate non-library services like LibraryThing into their library use, or to bookmark items in a library’s OPAC on their own browser. These options present potential threats to the security of patron’s privacy. A library could create a service that would integrate with a patron’s LibraryThing record, but they may have information on one account that they do not want on the other. How does such a service operate without exposing that information, and without requiring users to constantly try and remember what information they have posted where? More frightening still are two recently published papers that demonstrate the ability to de-anonymize social networks using browser histories and group memberships. “A Practical Attack to De-Anonymize Social Network Users,” written by Gilbert Wondracek and Thorsten Holz of the Technical University of Vienna, Austria; Engin Kirda of the Institute Eurecom, Sophia Antipolis; and Christopher Kruegel of the University of California, Santa Barbara; shows that “information about the group memberships of a user (i.e., the groups of a social network to which a user belongs) is often sufficient to uniquely identify this user, or, at least, to significantly reduce the set of possible candidates.” (Wondracek et al. 2010, 1) Basically, using “well-known web browser history stealing attacks” there are easy algorithms that can mine the online behavior of a social network user for information that can identify them to third part websites. (Wondracek et al. 2010, 1) Such an attack method “has the potential to affect millions of registered social networking users who have group memberships.” (Wondracek et al. 2010, 15) This study duplicates the results on one conducted a year earlier by Arvind Narayanan and Vitaly Shmatikov of the University of Texas at Austin. In their report, “De-anonymizing Social Networks,” they use a different set of techniques to analyze “anonymized social network graphs” and “show that a third of the users who can be verified to have accounts on both Twitter… and Flickr… can be re-identified in [an] anonymous Twitter graph with only a 12% error rate.” (Narayanan & Shmatikov 2009, 1) They conclude that “anonymity is not sufficient for privacy when dealing with social networks.” (Narayanan & Shmatikov 2009, 13) However, this danger may be unavoidable “since this attack relies on features that are generally considered essential to good interface design.” (Timmer 2010) Libraries must make efforts to educate their patrons and ensure that they extend great care in deciding how they want to behave online and what information they choose to share.

The question now arises: is this risk worth it in order to provide anonymity in an online social network? There are some compelling arguments to suggest that yes, it is. In a blog entry posted on July 13, 2007, titled “Anonymity for Library Staff?” Bob Kosovsky asks if anonymized responses from online reference services might not be perceived as anti-social; but he also points out that “some staff are not interested in being identified, because… you can never be sure who you are interacting with. In that sense, anonymity is protection.” (Kosovsky 2007) Another reason why anonymity is important – especially in libraries or any institution that has an educational responsibility – can be found in the paper, “Creating a Psychologically Safe Online Space for a Student-Generated Questions Learning Activity via Different Identity Revelation Modes” by Fu-Yun Yu and Yu-Hsin Liu. They studied the willingness of forty college freshmen to interact and ask questions in three different types of networked environments online – real-identity, anonymity, and created-identity (pseudonymity). The authors point out that “[i]t has been suggested that anonymity promotes intimacy and affection by lessening inner restraints” and the results of their study show that “when learners were authoring or assessing questions, most participants preferred either no identification (anonymity) or a subtler method of identification (nickname).” (Yu & Liu 2009) In other words, most students who participated in the study were more comfortable asking and answering questions when they were not required to reveal their actual identities. The authors conclude that:

By… remaining anonymous when authoring questions, students felt they were not exposed to humiliating or shameful situations… Anonymity helped students avoid uneasy feelings or tensions that may occur as a result of the evaluative ratings and comments they made about their classmates’ questions… Anonymity helped students avoid or mitigate emotional burdens such as fear of embarrassment and unease… [and] anonymity helps to establish a positive learning space. (Yu & Liu 2009)

These findings should have tremendous impact on the way that libraries offer online and socially networked services to their patrons. Anonymity makes it easier and more comfortable for people to ask questions and receive answers. This speaks to the heart of what libraries do.

Rory Litwin offers an excellent theoretical examination of Library 2.0 and the issues of privacy and anonymity in his blog post, “The Central Problem of Library 2.0: Privacy.” He points out that “libraries and Web 2.0 services are based on serving two very different essential activities, and those activities have an opposite relationship to privacy.” (Litwin 2006) Namely:

Web 2.0 websites are… based primarily on sharing information, but sharing information in a particular way: essentially, they are about seeing and being seen. Libraries are based on sharing information also, but in a different way: they are a place (virtual or physical) to find reading and to read… Reading is so necessarily private and so related to the process of thought… libraries have traditionally treated the privacy of readers as sacred. (Litwin 2006)

Furthermore, “the features of Web 2.0 applications that make them so useful and fun all depend on users sharing private information with the owners of the site, so that it can be processed statistically or shared with others.” (Litwin 2006) For libraries that want to institute Web 2.0-based services, this essential fact of social networking technology presents a problem. He suggests that some librarians will decide that “privacy is not as important a consideration as it once was” and that “the Millennial generation doesn’t have the same expectations of libraries in terms of privacy that older generations do, and that we should simply adjust.” (Litwin 2006) Of course, some of the younger generation’s apparent lack of concern for privacy may simply be a lack of experience, and painful experience may teach them to value privacy more as they grow older. “It may also be that in some real way the place of privacy in our culture is changing, but it is a question that is not easily answered and shouldn’t be approached too casually. It may take more time before we know the answer.” (Litwin 2006)

Sara Perez suggests a different possibility – she sees signs that online anonymity, and the sense of privacy it creates, is already becoming a thing of the past. In her article, “The End of Online Anonymity,” she looks at the increasing backlash against “fake” online personas. There has already been one legal case where a person was held criminally liable for the consequences of using a fake persona (the Lori Drew MySpace trial), which increases the need of online social networking sites to “weed out fake personas.” (Perez 2008) As a result, the users of these sites “will have to be authenticated in new ways,” (Perez 2008) and several sites are exploring the use of federated identity systems – “one set of credentials can follow you around the net, providing access to hundreds of sites.” (Perez 2008) In such a system, online users would no longer be able to maintain complete anonymity; instead they would have a consistent online identity that would follow them throughout their web-based activities. The psychological impact, according to Ms. Perez, “will start people thinking that their activities can be traced, that they are not as anonymous as before… regardless as to whether or not that is true. [emphasis original]” (Perez 2008) One possible consequence is that people would no longer be able to act freely in public places where others can observe, record, and post their behavior online:

When we reach the point where online anonymity has ended, instead of getting to be who we really are, the fact that we’ve become so aware of the fact that we’re always being recorded, photographed, tracked, and traced, will have actually created a slightly altered personality instead. Like reality TV show contestants, the act of being observed will change our behavior. Our personal brand image will become our public identity and therefore our identity. (Perez 2008)

We are already seeing this happen – impolitic comments can get back to the boss and cost someone their job; embarrassing party photos will be seen by Human Resource personnel conducting job interviews; in more and more situations, people feel the need to censor themselves rather than risk having something embarrassing broadcast to a world of strangers online. When we consider the study conducted by Yu & Liu, and we recognize that a certain level of comfort is necessary for the most beneficial information exchange in learning environments, then if social networking systems – and, by extension, socially networked libraries – are forced to reduce user anonymity by “the new frontier of identity management,” (Perez 2008) there is a real danger that it will have a negative impact on the level of comfort library users can establish with library services.

In his article, “Enhancing Web Privacy and Anonymity in the Digital Era,” Stefanos Gritzalis makes the statement: “In democratic societies privacy must be protected. With the arrival of modern information and communication technologies systems, privacy is increasingly endangered.” (Gritzalis 2004) He differentiates between territorial privacy, privacy of the person, and informational privacy, and makes the claim that “privacy is the indefeasible right of an individual to control the ways in which personal information is obtained, processed, distributed, shared, and used by any other entity.” (Gritzalis 2008) It is worth noting that the difference between personal and informational privacy becomes very fuzzy when someone’s online identity is made up entirely of the personal data they choose to share. He also points out that “privacy and anonymity are the fundamental issues of concern for most Internet users, ranked above issues like ease-of-use, spam-mail, security and cost.” (Gritzalis 2004) Whether or not a library is comfortable with the idea of allowing anonymity in its online and social networking services, it may not have a choice if it wants people to take advantage of those services. The other option is not to offer social networking-based user services – an option that seems ill-conceived in a world where more and more people are expecting their information to come to them through their online networks, and who will gladly turn to other information providers (such as Google) if they cannot find the services they want from the library.

The issues of online privacy and anonymity are not easy ones to tackle, but they are becoming increasingly pressing as we delve deeper into the Digital Age. Many conflate anonymity with privacy, and the ability of people to control the information they share by maintaining an anonymous online presence does seem to reinforce the privacy of their personal information. The privacy of patron information has long been one of the core values of library practice. It seems natural to extend this same ideal of privacy to our online services as we venture into the world of social networking. However, there is a price to pay for providing our patrons with online privacy – and, by extension, anonymity: some people will use this anonymity as an excuse to behave badly and disrupt the system. I would argue, though, that this has been true of every human system throughout history, and we have always found ways of coping with such individuals. The potential benefits of anonymity in library services are great; therefore, it seems counterproductive to deny our users, our communities, and ourselves these benefits just to deal with a handful of troublemakers. Rather, we need to maintain a responsible and rational social networking policy to minimize the effect they can have. We also need to be aware of the dangers posed to the privacy of personal information that are unique to online and social networking systems. These dangers are real and we have a responsibility to educate ourselves about them, and about the proper methods of protecting our patrons from them. Once again, denying services out of fear of these dangers is not the correct response. Failing to offer socially networked services does no one any good. These services offer real value to our patrons and to our communities; they are services that people want and libraries have an obligation to provide them to fulfill user needs. The correct response in the brave new world of Library 2.0 is education and responsible implementation.

Works Cited

Bisson, Casey. 2006. The future of privacy and libraries. MaisonBisson.com. http://maisonbisson.com/blog/post/11099/the-arrival-of-the-stupendous/ (accessed March 28, 2010).

Casey, Michael E. and Laura C. Savastinuk. 2007. Library 2.0: a guide to participatory library service. Medford, New Jersey: Information Today, Inc.

Casey, Michael and Michael Stephens. 2008a. The transparent library: Coping with anonymity. Library Journal (January 15, 2008). http://www.libraryjournal.com/article/CA6515878.html (accessed March 28, 2010).

—-. 2008b. The transparent library: Six signposts on the way. Library Journal (November 15, 2008). http://www.libraryjournal.com/article/CA6611609.html (accessed March 28, 2010).

Gritzalis, Stefanos. Enhancing web privacy and anonymity in the digital era. Information Management & Computer Security. 12, no. 3. 2004 : 255-288.

Grohol, John M. 2006. Anonymity and online community: Identity matters. A List Apart Magazine no. 214 (April 4, 2006). http://www.alistapart.com/articles/identitymatters (accessed March 28, 2010).

Kosovsky, Bob. 2007. Anonymity for library staff?. Library 2.0. http://www.library20.org/forum/topics/515108:Topic:35567 (accessed March 28, 2010).

Lanier, Jaron. 2010. You are not a gadget: a manifesto. New York: Alfred A. Knopf.

Levine, Jenny. 2005. The online library user manifesto. ALA TechSource. American Library Association. http://www.alatechsource.org/blog/2005/11/the-online-library-user-manifesto.html (accessed March 28, 2010).

Litwin, Rory. 2006. The central problem of library 2.0: Privacy. Library juice. http://libraryjuicepress.com/blog/?p=68 (accessed March 28, 2010).

Narayanan, Arvind and Vitaly Shmatikov. 2009. De-anonymizing social networks. Austin, Texas: The University of Texas at Austin.

Perez, Sarah. 2008. The end of online anonymity. ReadWriteWeb. http://www.readwriteweb.com/archives/the_end_of_online_anonymity.php (accessed March 28, 2010).

Timmer, John. 2010. Browser history hijack + social networks = lost anonymity. Ars Technica (February 24, 2010). http://arstechnica.com/security/news/2010/02/browser-history-hijack-social-networks-lost-anonymity.ars (accessed March 28, 2010).

Wondracek, Gilbert, Thorsten Holz, Engin Kirda, and Christopher Kruegel. 2010. A practical attack to de-anonymize social network users. iSecLab.

Yu, Fu-Yun and Yu-Hsin Liu. 2009. “Creating a psychologically safe online space for a student-generated questions learning activity via different identity revelation modes.” British Journal of Educational Technology 40, no. 6: 1109-23. OmniFile Full Text Mega, WilsonWeb (accessed March 28, 2010).