expunge-assist icon indicating copy to clipboard operation
expunge-assist copied to clipboard

Published 20 hours ago verified publisher icon hackforla

Outreach to public libraries and community orgs. to learn how they protect user information on public computers

Open cayd opened this issue 4 years ago • 11 comments

Overview

The research team needs to conduct outreach to public libraries to understand how they protect user information who use public computers. As EA users are more likely to use public computers, this research has implications for how we store user information.

Action Steps

  • [x] Reach out to public libraries in the LA area (e.g., downtown public library) and ask how they protect user information on public computers (what happens when they leave the computer? how frequently cookies are being cleared? Etc.)
  • [ ] Ask if they can connect to any associations to learn how it is done across the country
  • [ ] Connect to community-based organizations that have computer centers for clients to use and ask the same questions
  • [ ] PMs discuss findings and decide if we will be storing the client's responses to the statement generator in cookies; and if yes - how exactly.
  • [ ] Close the issue and remove dependency for issue #64

cayd avatar Nov 12 '20 01:11 cayd

Just found this ticket - I owe you an answer about how long local storage data persists: Looks like it's usually cleared only when the user is actively trying to clear history and cookie data, except for Safari users, where it might get cleared a lot more frequently.

Also it's not the most secure storage so mabye it wouldn't work with our user's sensitive data, although we aren't storing credit cards

https://www.jsdiaries.com/is-local-storage-persistent/

alexchoiweb avatar Nov 17 '20 03:11 alexchoiweb

We do not yet store anything in state in the application. This issue will be better addressed once we have state to store locally.

cayd avatar Jan 21 '21 03:01 cayd

Need to reconsider the possibility of user being on a public computer.

aahvocado avatar Aug 20 '21 01:08 aahvocado

PM's need to discuss this further.

brandohayes avatar Sep 29 '21 01:09 brandohayes

This issue used to have a development label on it. They along with product are a customer for the research findings. No decision can be made until proper research into what the client environment is (library, etc) and what level of privacy is already embedded in the environment (e.g., does it clear the cache when they leave the computer. Does it clear local storage i.e. cut and paste, etc.)

ExperimentsInHonesty avatar May 05 '22 23:05 ExperimentsInHonesty

Hi all,

I got in touch with the webmaster for LA public libraries. I asked if any information is stored between user sessions (i.e. browser history, saved login information, or any other kind of information that users might input into browsers or websites) and got the following response.

"Our full internet-access computers are on a managed system, and when your time is up the computer does a full restart, which returns the computer to a 'clean image', and anything the user has done in their session is gone."

So it looks like no information is saved between user sessions in LA public libraries.

Thomas-Pietruszewski avatar Jul 01 '22 18:07 Thomas-Pietruszewski

Hi all,

I got in touch with the webmaster for LA public libraries. I asked if any information is stored between user sessions (i.e. browser history, saved login information, or any other kind of information that users might input into browsers or websites) and got the following response.

"Our full internet-access computers are on a managed system, and when your time is up the computer does a full restart, which returns the computer to a 'clean image', and anything the user has done in their session is gone."

So it looks like no information is saved between user sessions in LA public libraries.

Thanks Tom! Can you quote what they said about time limits here as well so that information doesn't get forgotten? Thanks!

SamHyler avatar Jul 01 '22 19:07 SamHyler

Hi all, I got in touch with the webmaster for LA public libraries. I asked if any information is stored between user sessions (i.e. browser history, saved login information, or any other kind of information that users might input into browsers or websites) and got the following response. "Our full internet-access computers are on a managed system, and when your time is up the computer does a full restart, which returns the computer to a 'clean image', and anything the user has done in their session is gone." So it looks like no information is saved between user sessions in LA public libraries.

Thanks Tom! Can you quote what they said about time limits here as well so that information doesn't get forgotten? Thanks!

Here's where I found the information about time limits.

https://rsvpweb.lapl.org/pcrweb/reserve.pl

One reservation can be made per day, it can be up to 2 hours in length, and it must be scheduled 5 days in advance.

Thomas-Pietruszewski avatar Jul 01 '22 19:07 Thomas-Pietruszewski

Screen Shot 2022-06-08 at 3 34 32 PM

here's the disclaimer i saw on a survey that i found interesting.

thomasdemoner avatar Aug 22 '22 22:08 thomasdemoner

Screen Shot 2022-06-08 at 3 34 32 PM

here's the disclaimer i saw on a survey that i found interesting.

This is interesting. I wonder if we need to add anything about cookies. @anitadesigns @RenaNicole @cynphonic @jamiesiu

SamHyler avatar Aug 27 '22 13:08 SamHyler

This is interesting. Does our website and/or tool use cookies? @aahvocado @sydneywalcoff

anitadesigns avatar Aug 28 '22 02:08 anitadesigns

@jccchurch @SamHyler @anitadesigns @audrey-ma @mbui31 @sofialaguna Flagging this for our discussions about a privacy statement. If we have the info we need, I can close issue. Or, if you think we can continue to follow up on this, let me know.

amejiamesinas avatar Jun 21 '23 18:06 amejiamesinas