1GraceCollection
Hi there. I hope I don't sound like a crackpot for asking a question like this. I read through the site privacy policy, which I found far more agreeable than many of the services I have considered or succumbed to joining in the past, and which was far more entertaining to read! I did still have a few questions, though, if it is possible (legally, etc) for them to be answered.
1) If a shipping address/location is provided to the site through the Early Reviewers service, (a) is this data considered part of the Personal Identifying Information, (b) is data this collected by, provided to, or analyzed by Google Analytics, and (c) is this data anonymized and/or aggregated and then provided to third parties, and if so, can any details be given about the specific processes that anonymize and/or aggregate this data?
2) If a location is provided to the site through the Local feature, (a) is this data that can, through normal usage of the website (ie without hacking into someone's account or into data stored by LT), be traced back to the user if the location is provided as 'private'*, (b) is data this collected by, provided to, or analyzed by Google Analytics, and (c) is this data anonymized and/or aggregated and then provided to third parties, and if so, can any details be given about the specific processes that anonymize and/or aggregate this data?
Thank you for your patience with my weird questions. I figure you can't be too careful these days, but I have slowly become more and more interested in features such as Local and Early Reviewers, so I thought I might as well ask.
I appreciate LT's continued commitment to Not Being Evil. Still.
*For context, I ask this question firstly because the 'books marked private' feature does not always work as intended, and also because, even if your library is private, if you create a book called 'Mylegal Name's Photo Album from When I Lived in Address House, City, from Year-Year with My Spouse, Spouseslegal Name and Our Lovely Children Thing1 and Thing2 Name,' that book will still be public. I understand the reason, for a site that functions the way LT does, why a book you add to a private catalogue will still exist as a public record, but for private holdings like 'MNPAfWILiAH,C,fYear-YearwMSSNaOLCTaTN,' this presents a privacy concern, especially for users who don't yet understand how libraries/private libraries/books work on LT.
1) If a shipping address/location is provided to the site through the Early Reviewers service, (a) is this data considered part of the Personal Identifying Information, (b) is data this collected by, provided to, or analyzed by Google Analytics, and (c) is this data anonymized and/or aggregated and then provided to third parties, and if so, can any details be given about the specific processes that anonymize and/or aggregate this data?
2) If a location is provided to the site through the Local feature, (a) is this data that can, through normal usage of the website (ie without hacking into someone's account or into data stored by LT), be traced back to the user if the location is provided as 'private'*, (b) is data this collected by, provided to, or analyzed by Google Analytics, and (c) is this data anonymized and/or aggregated and then provided to third parties, and if so, can any details be given about the specific processes that anonymize and/or aggregate this data?
Thank you for your patience with my weird questions. I figure you can't be too careful these days, but I have slowly become more and more interested in features such as Local and Early Reviewers, so I thought I might as well ask.
I appreciate LT's continued commitment to Not Being Evil. Still.
*For context, I ask this question firstly because the 'books marked private' feature does not always work as intended, and also because, even if your library is private, if you create a book called 'Mylegal Name's Photo Album from When I Lived in Address House, City, from Year-Year with My Spouse, Spouseslegal Name and Our Lovely Children Thing1 and Thing2 Name,' that book will still be public. I understand the reason, for a site that functions the way LT does, why a book you add to a private catalogue will still exist as a public record, but for private holdings like 'MNPAfWILiAH,C,fYear-YearwMSSNaOLCTaTN,' this presents a privacy concern, especially for users who don't yet understand how libraries/private libraries/books work on LT.
2norabelle414
>1 GraceCollection: With regard to your first question, about LT Early Reviewers, there are separate terms and conditions for that program, found here: https://www.librarything.com/ner/rules
Notably:
LibraryThing, and LTER publishers, authors and publicists may only use the personally identifiable information obtained from the entrants in accordance with its privacy policy and these Rules and Conditions.
LibraryThing will not sell any personally-identifiable information to any third party. Your mailing address will only be used to ship the LTER books.
Notably:
LibraryThing, and LTER publishers, authors and publicists may only use the personally identifiable information obtained from the entrants in accordance with its privacy policy and these Rules and Conditions.
LibraryThing will not sell any personally-identifiable information to any third party. Your mailing address will only be used to ship the LTER books.
3MarthaJeanne
>2 norabelle414: And LT has repeatedly stepped in against those who have continued to use this information afterwards. It is not possible to get the books to people without sharing the information. If you don't want it shared, the answer is not to use ER.
4timspalding
Some quick answers:
First, real talk. The answers below should assuage your fears. But I want to add caution. Read the below and you will see that LibraryThing doesn't do the things you fear we might do. But we can't protect against all dangers. LibraryThing can be hacked. The publishers that use us can be hacked. Your connection can be tapped, legally or illegally. Someone can install a key logger on your machine. People can look at your browser when you don't want them to.
All this means that if your fears are well-grounded and serious--for example, if you have a dangerous stalker--then I would urge you not to rely on anyone to keep you safe, including me. You will like our policies and we try hard to avoid hacks, but I can't make guarantees. We are a book site, not a bank—and banks get hacked too. Your safety is more important than a free book, or indeed LibraryThing.
1. Your ER address is not sent to anyone except the publisher. They get it if you win, and it's not an ebook, etc. Our rules with publishers prevent them from using it in other ways, and we are harsh on publishers who misuse this. I don't think we've ever had a problem with mailing addresses, but we have had a publisher use emails for subsequent marketing. This is against our terms and we told them to stop immediately.
We don't send your address to Google Analytics. You can trust on this also because this isn't a feature of their system. I suspect it would be illegal, or at least legally onerous for them. They don't want your address.
That said, Google Analytics does get your IP when the analytics JavaScript is run and IPs can be triangulated to a rough location. That comes to us in graphs of what countries or visitors people visit from—very useful information for us. I think we also get top cities. But nobody can turn IPs into actual addresses without help from your internet provider. Also, IPs lie. For example, when I use my home connection, Google thinks I'm in Portland, Maine--correct. But when I use my iPhone, Google thinks I'm in Kentucky or somewhere else, because that's the IP Apple is using to hit them.
2. There is a *public* location field on your profile. This is public. If you don't want your location there, don't put it there. I strongly recommend you not put a fulll address there either way. Say "Maine" or "Portland, Maine." (This is MY ADDRESS. I don't know yours!)
We also have a private location field, for LibraryThing Local. This is not available to other users. It is not given to other users. It is sent to Google, however, because our mapping feature is Google Maps. I doubt very much they do anything with it, because the maps feature is for everything--you'll see it on bookstore features, etc. But, yes, any time we map a thing, person, store or wahtever, we have to send them the address given for them to make a map.
Other things to add:
1. Cameras often add the location you took a picture to the metadata of the picture. Depending on the system, you can turn this off. (I know iPhone has a setting.) I believe we strip this out when we resize and represent the image on the site, but I don't promise it. But I'm over my skis here, and @conceptdawg, the photographer and expert on this, is on vacation this week.
2. You didn't mention SantaThing. If you participate in that, the bookstore gets the address, not a publisher.
3. Venues you favorite are public. Needless to say, people tend to favorite venues where they live so, again, if you've got a stalker, don't use this feature.
4. LibraryThing is not outside the law. We value reader privacy, and won't accept mere requests from law enforcement, but if we get a valid legal order in the US, we have to disclose whatever we know. (We've never had one.) Even if you don't provide your address, law enforcement can combine IP information from us with a legal request to your IP to get your address, full name, etc.
5. We have a thing in the TOS "LibraryThing cannot guarantee member privacy in emergencies." This is somewhat wiggly. The basic idea is that—like all social media services—we need to respond when someone says they're going to kill themselves, are planning a school shooting, etc. Generally that would mean reaching out to services in your area, if we know it. We developed that section in concert with suicide-prevention people and looking at other sites' policies. I think it's important, but it's a potential hole in our policies.
Sorry if this is TMI. If I had more time, I'd write a shorter reply. I'm open to more questions.
First, real talk. The answers below should assuage your fears. But I want to add caution. Read the below and you will see that LibraryThing doesn't do the things you fear we might do. But we can't protect against all dangers. LibraryThing can be hacked. The publishers that use us can be hacked. Your connection can be tapped, legally or illegally. Someone can install a key logger on your machine. People can look at your browser when you don't want them to.
All this means that if your fears are well-grounded and serious--for example, if you have a dangerous stalker--then I would urge you not to rely on anyone to keep you safe, including me. You will like our policies and we try hard to avoid hacks, but I can't make guarantees. We are a book site, not a bank—and banks get hacked too. Your safety is more important than a free book, or indeed LibraryThing.
1. Your ER address is not sent to anyone except the publisher. They get it if you win, and it's not an ebook, etc. Our rules with publishers prevent them from using it in other ways, and we are harsh on publishers who misuse this. I don't think we've ever had a problem with mailing addresses, but we have had a publisher use emails for subsequent marketing. This is against our terms and we told them to stop immediately.
We don't send your address to Google Analytics. You can trust on this also because this isn't a feature of their system. I suspect it would be illegal, or at least legally onerous for them. They don't want your address.
That said, Google Analytics does get your IP when the analytics JavaScript is run and IPs can be triangulated to a rough location. That comes to us in graphs of what countries or visitors people visit from—very useful information for us. I think we also get top cities. But nobody can turn IPs into actual addresses without help from your internet provider. Also, IPs lie. For example, when I use my home connection, Google thinks I'm in Portland, Maine--correct. But when I use my iPhone, Google thinks I'm in Kentucky or somewhere else, because that's the IP Apple is using to hit them.
2. There is a *public* location field on your profile. This is public. If you don't want your location there, don't put it there. I strongly recommend you not put a fulll address there either way. Say "Maine" or "Portland, Maine." (This is MY ADDRESS. I don't know yours!)
We also have a private location field, for LibraryThing Local. This is not available to other users. It is not given to other users. It is sent to Google, however, because our mapping feature is Google Maps. I doubt very much they do anything with it, because the maps feature is for everything--you'll see it on bookstore features, etc. But, yes, any time we map a thing, person, store or wahtever, we have to send them the address given for them to make a map.
Other things to add:
1. Cameras often add the location you took a picture to the metadata of the picture. Depending on the system, you can turn this off. (I know iPhone has a setting.) I believe we strip this out when we resize and represent the image on the site, but I don't promise it. But I'm over my skis here, and @conceptdawg, the photographer and expert on this, is on vacation this week.
2. You didn't mention SantaThing. If you participate in that, the bookstore gets the address, not a publisher.
3. Venues you favorite are public. Needless to say, people tend to favorite venues where they live so, again, if you've got a stalker, don't use this feature.
4. LibraryThing is not outside the law. We value reader privacy, and won't accept mere requests from law enforcement, but if we get a valid legal order in the US, we have to disclose whatever we know. (We've never had one.) Even if you don't provide your address, law enforcement can combine IP information from us with a legal request to your IP to get your address, full name, etc.
5. We have a thing in the TOS "LibraryThing cannot guarantee member privacy in emergencies." This is somewhat wiggly. The basic idea is that—like all social media services—we need to respond when someone says they're going to kill themselves, are planning a school shooting, etc. Generally that would mean reaching out to services in your area, if we know it. We developed that section in concert with suicide-prevention people and looking at other sites' policies. I think it's important, but it's a potential hole in our policies.
Sorry if this is TMI. If I had more time, I'd write a shorter reply. I'm open to more questions.
5GraceCollection
>4 timspalding: Thanks, Tim. I really appreciate the work LT does, and your honesty. Banks do get hacked, there are other ways of data I provide being exposed to third parties, and I appreciate that you don't act like you have more ability than anyone logically could (or would extend to resources for on, as you say, a book site) to protect any individual data.
This was not TMI! I really appreciate your thoroughness! I do have one follow-up question, which is about the line in your privacy policy which reads, We reserve and currently exercise the right to sell or give away anonymous or aggregate information. I know that this is really common, but if you are (legally, etc) able to, I would like to hear more about if location data (not from IP addresses, but from public or private location or from ER addresses) is included in the data that is anonymous and/or aggregated, what the process of anonymizing and/or aggregating that data looks like, and where, if you can share, that data goes to (I assume advertisers?).
If you (or anyone else reading) is curious about why I ask this, I think this article and the links therein offers some information this average internet user might not be aware of.
If my list of books I read/own/want is on the internet, and I provide someone else with that information (i.e. a friend, my FaceBook profile, my Amazon wishlist, my local community who might want to borrow books from me, my GoodReads profile...) those bits of information can be used for someone who knows me in the real world to find my online profile, or for someone (or a business entity) to connect one profile to another, and the data therein is associated, either with me, or with that other account. Some people do not mind this, but I am careful about what information I share, and to whom (or what), because I know that in most cases, once data is out there, you can't get it back. I understand that making this library private doesn't guarantee that a third party can't ever get a hold of it (and I'm not planning to keep it private anyway, just until I get it into a less embarrassing sense of order), but there is certain data I wouldn't want it associated with (like my address) if I know third parties are getting that data (even in most anonymized forms of providing data, if my address is provided it would be coupled with the books data).
Thank you again for providing this information and being patient with my questions. I really, truly appreciate all that LT has done & is doing in order to not be evil.
This was not TMI! I really appreciate your thoroughness! I do have one follow-up question, which is about the line in your privacy policy which reads, We reserve and currently exercise the right to sell or give away anonymous or aggregate information. I know that this is really common, but if you are (legally, etc) able to, I would like to hear more about if location data (not from IP addresses, but from public or private location or from ER addresses) is included in the data that is anonymous and/or aggregated, what the process of anonymizing and/or aggregating that data looks like, and where, if you can share, that data goes to (I assume advertisers?).
If you (or anyone else reading) is curious about why I ask this, I think this article and the links therein offers some information this average internet user might not be aware of.
If my list of books I read/own/want is on the internet, and I provide someone else with that information (i.e. a friend, my FaceBook profile, my Amazon wishlist, my local community who might want to borrow books from me, my GoodReads profile...) those bits of information can be used for someone who knows me in the real world to find my online profile, or for someone (or a business entity) to connect one profile to another, and the data therein is associated, either with me, or with that other account. Some people do not mind this, but I am careful about what information I share, and to whom (or what), because I know that in most cases, once data is out there, you can't get it back. I understand that making this library private doesn't guarantee that a third party can't ever get a hold of it (and I'm not planning to keep it private anyway, just until I get it into a less embarrassing sense of order), but there is certain data I wouldn't want it associated with (like my address) if I know third parties are getting that data (even in most anonymized forms of providing data, if my address is provided it would be coupled with the books data).
Thank you again for providing this information and being patient with my questions. I really, truly appreciate all that LT has done & is doing in order to not be evil.
6MaureenRoy
To Grace and other LT users, I do some volunteer work on this website, and have done so for 12 years. I also have a graduate IT degree from UCLA, and have always found LT to have a high level of integrity among internet businesses as well as other user groups online.
7timspalding
I do have one follow-up question, which is about the line in your privacy policy which reads, We reserve and currently exercise the right to sell or give away anonymous or aggregate information. I know that this is really common, but if you are (legally, etc) able to, I would like to hear more about if location data (not from IP addresses, but from public or private location or from ER addresses) is included in the data that is anonymous and/or aggregated, what the process of anonymizing and/or aggregating that data looks like, and where, if you can share, that data goes to (I assume advertisers?).
Well, we don't actually have advertisers, and we have no plans to ad them. (We used to have Google ads on some pages if you weren't signed into the site, but it wasn't worth it, and we'd rather be ad-free.) We have never given anyone user location data. I'm not sure why we would or who'd want it, either anonymized or aggregate. We have certainly given people very high-level aggregate location data from Google Analytics—that X% of our visitors are from the US, X% from the UK, etc.
If my list of books I read/own/want is on the internet, and I provide someone else with that information (i.e. a friend, my FaceBook profile, my Amazon wishlist, my local community who might want to borrow books from me, my GoodReads profile...) those bits of information can be used for someone who knows me in the real world to find my online profile, or for someone (or a business entity) to connect one profile to another, and the data therein is associated, either with me, or with that other account. Some people do not mind this, but I am careful about what information I share, and to whom (or what), because I know that in most cases, once data is out there, you can't get it back. I understand that making this library private doesn't guarantee that a third party can't ever get a hold of it (and I'm not planning to keep it private anyway, just until I get it into a less embarrassing sense of order), but there is certain data I wouldn't want it associated with (like my address) if I know third parties are getting that data (even in most anonymized forms of providing data, if my address is provided it would be coupled with the books data).
Yes, a smart online researcher can often put public data together across multiple sites, using similar user names, profile pics, or whatever. If your library is private here, then your book data is basically private. (One exception would be that you agree that reviews you write for ER are public.) And social stuff you do here, like posting here, is public. I'm sending you a DM about one thing you may want to make private.
Well, we don't actually have advertisers, and we have no plans to ad them. (We used to have Google ads on some pages if you weren't signed into the site, but it wasn't worth it, and we'd rather be ad-free.) We have never given anyone user location data. I'm not sure why we would or who'd want it, either anonymized or aggregate. We have certainly given people very high-level aggregate location data from Google Analytics—that X% of our visitors are from the US, X% from the UK, etc.
If my list of books I read/own/want is on the internet, and I provide someone else with that information (i.e. a friend, my FaceBook profile, my Amazon wishlist, my local community who might want to borrow books from me, my GoodReads profile...) those bits of information can be used for someone who knows me in the real world to find my online profile, or for someone (or a business entity) to connect one profile to another, and the data therein is associated, either with me, or with that other account. Some people do not mind this, but I am careful about what information I share, and to whom (or what), because I know that in most cases, once data is out there, you can't get it back. I understand that making this library private doesn't guarantee that a third party can't ever get a hold of it (and I'm not planning to keep it private anyway, just until I get it into a less embarrassing sense of order), but there is certain data I wouldn't want it associated with (like my address) if I know third parties are getting that data (even in most anonymized forms of providing data, if my address is provided it would be coupled with the books data).
Yes, a smart online researcher can often put public data together across multiple sites, using similar user names, profile pics, or whatever. If your library is private here, then your book data is basically private. (One exception would be that you agree that reviews you write for ER are public.) And social stuff you do here, like posting here, is public. I'm sending you a DM about one thing you may want to make private.
8GraceCollection
>7 timspalding: Thank you again for answering all of my questions! I really appreciate the time you've put into my concerns here. LT is a gem in a sea of websites that no longer bother to Not Be Evil.

