To make a long story short, Pinboard owner Maciej Ceglowski milkshake-ducked himself with bizarre and out-of-nowhere hair-splitting regarding whether JK Rowling is a TERF. I have too many trans and non-binary people in my life to give my money willingly to someone like that. So I was suddenly, unexpectedly, and unhappily in the market for a new linkspam tool.

A quick recap of my user story: I keep (not to say “hoard”) links because I build readings for course syllabi out of them. I also share tag-based URLs with students and colleagues when inspiration strikes. New links get shunted to my Mastodon account, since apparently some folks find that useful. I need my linkspam tool to handle a LOT of links, give me a reasonably fast link-add mechanism, produce an RSS feed, let me combine tags (ideally with search) into a filtered linklist and share the resulting URL with others, and let me build such URLs from memory based on my knowledge of my own tag use.

I tried LinkAce first. I can say in its favor that it can be run on CPanel-enabled shared hosting, though I wouldn’t call it exactly easy to install. (I did manage it, and I’m a terrible awful useless sysadmin, so yeah.) I can say little else in its favor—it’s painfully slow, its link-add page is almost as infuriating as Raindrop’s (the tag lookup is just deadly bad), and it doesn’t have combined-tag filters or intelligible URLs. I have hopes for it, but as-is, I can’t make it work for what I need. To add insult to injury, its HTML export (in the de facto exchange format for link tools) wouldn’t work for me.

I was scared off Shaarli at first because of the documentation’s exhaustive list of server prerequisites and incantations. I shouldn’t have been! It installed quite easily on my webhost! Let’s say you want your Shaarli to live on the web at linkspam.example.com, and in a folder named “linkspam” on your webhost.

1. In CPanel, make the linkspam.example.com subdomain, and point it to your linkspam folder. (Currently this is done via CPanel’s “Subdomains” menu item, but apparently this functionality is being moved to “Domains” shortly.)
2. Go to CPanel’s “Domains” menu item and toggle “Force HTTPS Redirect” on for linkspam.example.com. (Do it for all your other domains and subdomains while you’re at it. I’d missed a couple of mine!)
3. Download the .zip file for the latest Shaarli release.
4. Use CPanel’s File Manager (or SFTP, if you’re so inclined) to upload the .zip file to the folder one level up from your linkspam folder. (Trust me, okay?)
5. In File Manager, delete your empty linkspam folder. (No, really, trust me!)
6. Choose the Terminal menu item in CPanel. You’re in your home directory; if you need to, cd to the folder you put the .zip file in. Now type unzip sh and hit your tab key, which should autocomplete the filename for the Shaarli .zip file. Hit return.
7. Go back to File Manager. Reload it. Find a folder named Shaarli, and rename it to linkspam. (Now you see where I was going with this! You could also do this in the Terminal with mv Shaarli linkspam.)
8. Go to linkspam.example.com in your browser, and finish setup.

And that should be it. (On my to-do list: setting up an automatic backup for Shaarli’s “data” directory. Pretty sure I can do this directly in CPanel, via cron if necessary.)

I don’t have time for a full Shaarli report card, but here are a few things I’ve noticed in the couple of hours I’ve had it running:

• Text search can be combined with tag filtering, which Raindrop can do but Pinboard can’t. Nifty, though it’d be more elegant with just one search bar and a parseable text trigger (probably #) for tags, as Raindrop does.
• I don’t love Shaarli’s URLs—everything is query parameters—but I can live with them. They definitely copy-and-paste cleanly, unlike Raindrop’s or LinkAce’s, and the components are memorizable.
• Bookmarklet is a tiny bit slow to load, but so was Pinboard’s sometimes; I can live with it. Bookmark entry is a breeze; Shaarli does not do LinkAce’s horrible horrible real-time(-ish) tag lookup.
• OH MY GOSH, SEARCH OPERATORS! Phrase searching, minus-ing, wildcards! I will enjoy getting to know these.
• The Wayback Machine integration is clever and useful, and will save me some time during syllabus construction. (Sometimes irreplaceable links 404.)
• Shaarli could really use some CSS love. Maybe if I locate some spare time. One thing I would immediately do is get rid of the little tag icon next to tags. It’s purest visual clutter, but a simple display:none will take care of it.
• What the hell is that QR code thing doing there, and why can’t I get rid of it?! Minor nit, it’s not all that obtrusive, but ugh.
• I haven’t checked into its add-ons yet, but there seems to be a flourishing community, so I will.

So yeah, Shaarli is solid and useful and does what I need it to, and is not profiting any milkshake ducks. Fancy and pretty I don’t actually need. As for my Pinboard, I’m leaving it up for a bit until I’ve weaned my various syllabi and course assignments off it, and then it will go away.

Well, the article I started last spring is finished and off to a journal. I expect to have some trouble placing this one, because I’m just stubborn enough to send it to outlets whose practices it calls into question. (They are absolutely appropriate outlets for the piece, I hasten to say—I’m not wasting anybody’s time, that would be wrong of me.)

So I’ll track the rejections, and post ’em here once it’s finally accepted somewhere. Which it will be, I’m confident. I did good and useful work on this one, if I do say so myself.

Dr. Latanya Sweeney, for those who haven’t encountered her work before, is one of the titans of data privacy and reidentification research. Her work is the source of the oft-quoted factoid about nearly nine in ten Americans being uniquely identifiable with a combination of birth date, gender (binary assumed), and ZIP code. She’s deliberately reidentified politicians who blathered ignorantly about data privacy. She assembled evidence to call out search engine ad targeting for racism based on naming practices specific to African-American communities. Basically, she’s badass and a hero and I admire her exceedingly.

And I think there’s a tremendous LIS research agenda that grows out of her work (and the work of others, Arvind Narayanan not least) going begging: assessing the reidentifiability and risk profile of common sources of library patron data, and quantifying how possible it is to (re)associate a patron with evidence of (as ALA privacy guidance puts it) the subject(s) of their interest.

Such sources should probably include:

• Retained circulation records, identified and various flavors of de-. It may seem obvious that identified circ records pose a hazard to patrons, but it’s really, really not obvious to many librarians and most patrons.
• Proxy-server logs, identified and de-.
• CRM system records; these are identified (or what would be the point?) — the research questions have to do with the use of these records to reidentify patrons in other data sources.
• Chat reference logs, since they get retained for internal analysis and research a lot.
• Website and web-service logs from all sources (local logging, SaaS-tool-logging, logging-by-web-tracker-emphatically-including-Google-Analytics, logging-by-usability-tool)
• The usual-suspect computer-use logs and caches: browser caches, software-use caches, desktop-search caches, and the like.
• Single-sign-on data, especially but not only when it’s pseudonymous or limited to entitlement data. This isn’t strictly-speaking library data, but it’s getting baked into library authentication processes deeply enough that I consider it a valuable arena of LIS inquiry.

Example research questions include but are emphatically not limited to:

• How easy is it to associate a given patron with the subject(s) of their inquiry based on these data sources? Combinations of these data sources? Combinations of one or more of these data sources with common library-external data (e.g. for library learning analytics projects, GPA and major and demographic data and whatnot)? For academic libraries, combinations of one or more of these data sources with institution-external data (e.g. LinkedIn and alumni databases)? From the published LIS literature (because oh, are there ever skeletons in this closet and where is the Narayanan who will proof-of-concept them)?
• Quantification of some standard measures of reidentifiability potential — k-anonymity and l-diversity and stuff like that.
• Feasibility of reidentification-by-behavior-trail. For example, if an attacker (probably a library insider) with access to library data comes in with knowledge of a specific person’s likely interests, can they pick that person out of (just as one example) proxy-server logs? What data-retention time horizons enable/prevent such reidentification? Put another way… how unique do behavior trails tend to be, and which patron populations are most at risk of behavior-trail reidentification? (Like, some freshman in a large-lecture course with a canned research project likely isn’t super-reidentifiable from deidentified proxy logs… but I suspect pretty strongly that I, a longtime staff member with fairly outré intellectual interests, would be.)
• What’s the potential of assessing group membership, particularly for groups targeted by law enforcement? Basically, if The Man drops by wanting to know who’s been searching up abortion or immigration or critical race theory or LGBTQ+ issues, can library data (alone or in combination with other data) rat patrons out to The Man as possible uterus possessors, or Dreamers, or people of color, or queer folks?
• What actually are libraries’ present data-retention and data-handling practices? Records schedules? Privacy policies? Governance processes? Data-handling processes during internal assessment as well as research for publication? We just don’t know enough about this, and the work I’m doing barely scratches the surface of the work that’s possible. (Pour one out for ARL SPEC Kits; this would actually be a good use for them.)

Here’s the kicker. A lot of this work pretty much has to be done by working library practitioners, because they’re (quite properly, to be sure) the only folks who can actually get at library-internal data. I’ve wanted to do some of the above work for literal actual years, but as yet I haven’t located a library IT person willing to go in on it with me. There are additional wrinkles with library-external IT, too—I really want those single-sign-on reidentifiability studies to happen, but most librarians can’t unilaterally do them because (again) they can’t get at the institutional data without IT cooperation.

Like, I would actually prefer to be less paranoid than I am about library-patron data. It’d help my blood pressure, if nothing else. But without answers to the research questions I just posed, I… kind of have to assume the worst, based on the anecdata I have and on data-privacy solecisms evident in the LIS literature.

So. I’d be absolutely delighted to see a journal or conference or two—emphatically including code4lib journal—create some incentives for this work (and for doing it carefully and ethically, natch). Hey, editors and editorial boards, how about a themed issue? Even if it has to be guest-edited (and yes, I would absolutely serve in that capacity, pace my well-known unwillingness to donate labor to grossly exploitative commercial publishers). Hey, LIS conference organizers, can we get a track please? Hey, folks mentoring new academic librarians in need of research agendas, how about suggesting this one?

Let’s do this. It sure does need doing.

OCLC Research is going all-in on “research analytics” (see also). Rah-rah libraries, or something.

I chuckled ruefully at the discussion of libraries whose constituencies can’t see them as anything other than book pushers. Been there, done that, burned a whole stack of T-shirts—dealing with it right now at the day job, actually, and it’s as demoralizing and demotivating as ever.

But no, I actually had a much more visceral reaction to the idea that’s far more TattleTape-relevant. I’ll be blunt: the point of all this bibliometrics stuff at the institution level is judging and punishing people. Oh, sure, it’s never couched in those terms, but is anybody at all fooled? Really? It’s about denying tenure and promotion, axing “unproductive” departments, and making sure every single researcher knows that the bosses are breathing down their neck.

It’s bossware. It’s all bossware. Academic bossware. And libraries—some of them, anyway—are piling right in, unthinking and uncaring. Parallels with learning analytics will be left as an exercise for the reader… but I’ll spoil it: the main commonality is the so-far ubiquitous and inevitable use of the analysis techniques to judge and punish. Knowing what the “successful” student or researcher does just leads to judging and punishing the “unsuccessful” one. Understanding success does not come from data; it comes from understanding, which is not a quantitative enterprise.

Down with learning analytics. Down with research analytics. They’re too easy to wield as bossware, as weapons.