Yesterday Institutional Marketing made a change to our website that will help support our users’ privacy. All traffic to the library website (and sub-websites) at gvsu.edu/library will now use HTTPS, which means that traffic from our servers to our users’ computers is now encrypted, rather than being sent in plain text. HTTPS isn’t necessarily a privacy solution, but, as the Library Digital Privacy Pledge states, it is a prerequisite for digital privacy. Since the third article of the ALA Code of Ethics is protecting user privacy, this helps us take the first step to implement a way for our users to conduct research that is immune from eavesdropping.
Since many of our other tools are provided by third-party vendors hosted on servers we do not control, not all visits to all parts of the library website take advantage of HTTPS today. For instance, LibGuides, the Database A-Z list, LibChat, and LibAnswers (self-service help) do not currently support HTTPS (although we are looking into options for making this work in the future.)
Many of our services support HTTPS but do not force secure connections. I have been working to switch our search forms and links across all of our tools to use HTTPS when possible. WebPAC Pro from Innovative (our catalog) doesn’t allow you to force HTTPS connections, but I have changed all of the links to the catalog from our site to use HTTPS. In addition, I’m working on changing the root URL for the catalog in Summon and the link resolver to use HTTPS, and we’ve already changed the links in the emails that Sierra sends to users. Rather than forcing all connections to use HTTPS on the server, I’ll change all the ways to get to the tools to use HTTPS.
Document Delivery and Course Reserve have long forced HTTPS, since they route users through a login process. And WebPAC Pro has always switched users to HTTPS when they log in to their accounts. Search forms for Summon throughout our site also direct the user to an HTTPS connection. (The weak link here is LibGuides, but I’ve been scrambling to update URLs there for a while, and will continue. Most links to the catalog should be fixed.)
Soon I’ll be working on routing our link resolver and journal finder traffic through HTTPS, and then moving our home-grown tools like the status app and the displays throughout the Mary Idema Pew Library. (The journal search form and links already direct users to HTTPS connections.) In addition, where possible I’ll be making a few other privacy-protecting changes, such as limiting the information we share with sites about referrer traffic, and revisiting the use of Google Analytics for understanding usage.
Let me know if you have any questions!