This week I’ve taken the step to move a bit more of our library traffic to HTTPS, ensuring that our patron’s visits to our website are sent with encryption. The most recent update is that Summon now sends users to the catalog over HTTPS. And in a few weeks, users routed to the link resolver for articles will also be sent over HTTPS. (It takes a few indexing cycles for the link resolver change to catch up.)
I’ve also changed how LibGuides, Document Delivery, Course Reserves, the Self-Help Knowledge Base, the link resolver, the journal finder, and the Library Catalog share patron data with the services they link to. Whenever you follow a link to a new website, an HTTP “referer” header is sent that tells the new website owner what the previous URL you visited was. (Yes, the HTTP header is spelled incorrectly.) This can be useful for understanding where your traffic comes from, but when the sites linking to you expose patron search queries in the URL, you might be getting more data than you need (and more than the patron realizes they are sharing.) For instance, as Eric Hellman has noted, a search for “What to Expect when you’re expecting” might pass data on to a third party journal provider, who may have advertising beacons embedded on their site. To address this, I’ve added a meta referrer tag to both services, so that the referrer information shared with the new sites just includes the base URL of the service, not the page the user was on or any of their previous searches.
I’ll continue to improve the security of our services to protect patron privacy. If you have any more ideas for improvement, let me know! Hopefully I can get back to working on improving the security of our eBook providers soon.