Advice from the Socially Engineered
by Infra Read
The local public library is a great source for free material. That includes physical objects like books and DVDs, but also free Internet access, downloads, and a whole variety of other services. Many libraries even lend out devices and laptops. Since they are usually funded by tax dollars, they have limited budgets, and that leads to policies that can limit use of their services. So people are always looking for ways to get around those limits, and use resources in ways that aren't approved by the Library Board. The potential for hacking also increases as libraries make more use of technology, with self-check systems and smartphone apps.
Having been on the receiving end of various strategies, here is some advice on the social engineering aspect of the endeavor. These tips can probably be applied to other services you have legitimate access to, but want to explore for extra services or unauthorized uses.
First, keep it simple. An elaborate explanation of what you're doing sets off people's warning bells, even when it's true.
Next, stick to your lie. Don't change your story halfway through. If you start out saying you live in Suburb A, and find out you need to live in Suburb B to get access to something, nothing's more suspicious than suddenly remembering that you really live in Suburb B.
Be prepared to back out gracefully. If they say you need to live in Suburb B, the best thing to do is thank the person and move along. You have new knowledge about how the system works, and you can come back later and use it when someone else is working, or when your false story isn't fresh in anybody's mind.
If you get caught doing something you shouldn't, the goal should be to get out of the situation without losing your long-term access to the resources you'd otherwise be able to use. Whether you're doing a technical hack or exploiting a policy loophole, your best bet is to claim it was an honest mistake. It's the same as when you're caught at night in a closed city park. If you want to, you're free to take a stand about your rights, or spout your manifesto on liberty and the police state. But the sensible thing is to say, "Officer, I'm so sorry, I didn't see the sign," and get out of there safely.
Library staff, and other people in public services, are used to people not knowing or understanding their policies. So it's believable that you didn't know. You accidentally clicked on something, you forgot the limit on DVDs, whatever it is. Don't kick up a fuss that anyone is going to remember.
One of the worst responses you can make is, "I got away with it before, so I should be able to get away with it again." That's not a useful defense, and all it does is piss people off.
There's one that's very specific to libraries, but may be applicable in other areas. Know your address. Seriously. You can't get a library card without one, and if you don't know your address, that's a red flag. Likewise, if you're setting up a library card for a child and forget their name. Most parents won't do that.
Possibly the most important thing I can tell you is: don't be a jerk.
For all you know, a staff person may disagree with policies they're supposed to enforce, or may be working behind the scenes for changes that would be in your favor. You also don't know what discretionary powers that staff people have, or which people have them. Two people might be working at the desk, and there may be no way to tell that one is a supervisor with situational "override" authority, and one is not. It's very possible that a person can choose to let you off with a warning, or ban you from future use of their services. So be polite, don't freak out, and enjoy what your library has to offer.