Default Settings for Library Public Computers

How does one ensure patron privacy on library public computers which will be shared by several people every day? Are there a standard set of defaults, or guidelines to assist in selecting defaults, which can be applied?

I'm thinking specifically in the context of a public computing lab in a library where users share the same login session. I'm also particularly interested in web browsers because I believe those are where patrons A) spend the majority of their time, & B) expose their most sensitive data. So, for instance, a scenario that needs to be avoided might be Jane Doe searching for "how to build a bomb" in the library catalog & then the web browser's autofill suggesting that search to the next user. While I'm well aware of how to prevent this using browser settings (e.g. "don't offer to autofill forms"), I'm unaware of any set of standards (published by, say, ALA or another pertinent organization) or well-known research on the topic.

phette23

internet
patron-management
privacy
public-computing

Comments

Erin White: By "share the same login session" do you mean that users are walking up to already-logged-in machines and not logging out when done?
phette23: Yes, precisely. I think this is an issue even in labs with session management software because many users forget to sign out when they're done.
1. Alan Thomas II: I have to argue that "sharing the same login session" is largely incompatible with what you want, which is why multiple answers are simply ignoring that requirement. (See my comment on the Deep Freeze answer below.)
phette23: I agree but I also have yet to see any public computer lab which entirely eliminates that scenario and most don't even try. The labs which do separate sessions don't necessarily do a restart in between, or do so simply to enforce a time limit and not for privacy reasons.

Answer by KatieR

To answer your first question:

We use Deep Freeze:

Faronics Deep Freeze makes your PC indestructible. It protects your computer by freezing its desired configuration, which prevents unwelcome or unwanted changes made while in-session from sticking. With a simple restore-to-reboot, your system integrity is maintained helping your machines to run smoothly and efficiently giving you more up-time and boosting user productivity.

Comments

Gem: This is what we use and our system reboots every time a user's session ends. We also have OPAC-only machines if users just want to browse the catalog without reservation a computer.
1. Alan Thomas II: This does require patrons to log out in order to force a wipe, but that turns out to be a fairly rare problem in my experience; we many questions from people asking how they log out, but virtually no problems as a result of someone walking up to an abandoned computer.
KatieR: The idea is that at the end of each day, when you shut off the computers at closing, they will be wiped clean and ready for the next day. Not necessarily after each and every user. We use Deep Freeze along with Envisionware's PC Reservation and Firefox browser settings to keep it as clean as possible throughout the day.
user130: Have any of you had problems with Deep Freeze (I think that's what we're using) not actually holding your settings? For instance, we'll tell Firefox to not remember passwords, do not check for updates, and the homepage is our library's website. Yet every computer in our lab completely ignores these orders so we spend a lot of time apologizing to patrons that yes, Firefox is whining again...
phette23: This is useful but doesn't answer the question fully. As noted above, users can still share sessions without restarts in between. My scenario would still occur. Also, Deep Freeze itself doesn't give guidance as to _which_ settings to freeze AFAIK.
KatieR: There is an option in browsers to not save searches after closing the browser. I have that set upon my work computer. Wouldn't that solve the problem of auto filling in previous searches? Also, deciding what settings to freeze would be determined by the library.

Answer by Erin White

Offhand I am not aware of an ALA standard for browser security, but one way to protect privacy would be to set the browsers so that they launch in "private" or "incognito" mode by default. Private/incognito mode does not store cookies, form data, browsing history, etc., and once the browser is restarted, all data is cleared. It's not perfect - users can still save bookmarks and change general browser settings.

Info on Incognito mode from the Chrome support site:

Webpages that you open and files downloaded while you are incognito aren't recorded in your browsing and download histories.

All new cookies are deleted after you close all incognito windows that you've opened.

Changes made to your Google Chrome bookmarks and general settings while in incognito mode are always saved.

This thread on SE superuser has info on how specifically to set that up for IE, Chrome, and Firefox in a Windows environment.

Hope this helps!

Comments

Peter Murray: Unfortunately, Incognito Mode in Chrome looks a little spooky in the user interface. While those visual clues might make sense for a personal user (to know when they are using the mode and when they are not) it is unnecessary and potentially off-putting when it is e default UI. Does anyone know how to make Incognito Mode the default without the UI elements?

Answer by Fisher

An alternative to deep freeze is Drive Vaccine.

As for session management software, I know that Pharos and Envisionware's PC Reservation allow for sessions to time out after a certain length of inactivity, which would cut down on, if not eliminate, people using others' sessions due to non log-out.

There is also a way to use Drive Vaccine (and I imagine other similar software) in conjunction with Pharos or Envisionware so that in between each session, the computer is completely wiped. This is, of course, a time consuming process, so not necessarily ideal in heavy-use areas.

A combination of the above softwares and setting your browsers to not keep history, cookies, etc, would probably make the most sense.

Comments

KatieR: Up For envisionware.

Answer by eby

Ensuring Privacy

The options present are going to vary greatly based on what kind of setup you are using (login/no login, linux/windows, etc). A few things:

Make sure sessions time out after inactivity
After session ends should return to blank slate (deep freeze, etc)
Browsers set to not remember, wipe on exit, etc.

You could go an extra step and use some proxy to filter out known ads, tracking cookies, etc but you're likely prone to false positives and issues like any filtering. If doing linux stations you probably have a bit more power with running scripts to delete things in the background.

We personally use custom developed web app that controls linux thin clients that connect to windows servers for those that need windows session. The windows side is set to delete the profile on logoff and the system watches for idle and warns or ends based on time. People can still sit down if quick of course but it lowers the incident. Patrons also sign on to stations with their information so there is incentive to sign off. Browsers are also set to delete everything on close so even if they do walk away if they at least close their browser they should have some level of protection.

Guidelines

I'm not aware of any general guidelines out there. I'm guessing some states have various laws similar to some that require filtering which you might have to meet. Privacy and proper computer use policies also seem to differ per library so can probably only be generalized.

The EFF does have things like ways to help protect yourself: https://www.eff.org/wp/effs-top-12-ways-protect-your-online-privacy and their guide for service providers: https://www.eff.org/wp/osp which you might be able to glean some general recommendations from.

Comments

Answer by Raminta

We use Pharos at our library and it wipes everything out after the patron has logged off. Patrons have a limit of 60min per day and the computers will automatically log them off after that period or after 5-10min of inactivity. We also have the capability of logging patrons off remotely. If a patron is caught using another library card (the card numbers are used as the log in ID), we will disable the card and it will no longer work in Pharos.