LibX in Firefox is missed! https://groups.google.com/forum/#!topic/libx-users/YpLF_v9VatU This has been a great discussion, thanks everyone! -Mike On Tue, Sep 4, 2018 at 8:56 AM Andreas Orphanides <[log in to unmask]> wrote: > In the past when that's happened it's just been a line in the manifest that > needs updating. A nudge to Godmar usually would do the trick. But as far as > active updating not much has been going on there. > > On Tue, Sep 4, 2018 at 11:48 AM, Mark Sandford <[log in to unmask]> > wrote: > > > Sadly when I last I checked, Libx doesn't work in newer Firefox versions. > > No word that I can find on if it's being updated or not. > > > > ------- > > Mark Sandford > > Systems Librarian > > Assistant Professor in the Libraries > > Colgate University Libraries > > > > > > > > On Tue, Sep 4, 2018 at 10:45 AM, Andreas Orphanides <[log in to unmask]> > > wrote: > > > > > LibX is still kicking and as far as I know it does all its work > > in-browser > > > (though I can't attest this with certainty). Does require more > knowledge > > > and work on the part of the user to get proxy access. > > > > > > On Tue, Sep 4, 2018 at 9:32 AM, Harper, Cynthia <[log in to unmask]> > wrote: > > > > > > > Is there a browser extension that does meet data privacy concerns > > > > adequately (or even well)? Your recommendations welcome. > > > > Cindy Harper > > > > > > > > -----Original Message----- > > > > From: Code for Libraries <[log in to unmask]> On Behalf Of Eric > > > > Hellman > > > > Sent: Friday, August 31, 2018 1:15 PM > > > > To: [log in to unmask] > > > > Subject: Re: [CODE4LIB] Lean Library Security Concerns > > > > > > > > Wow. Lean Library seems to be sloppily implemented, has a privacy > > policy > > > > that says that big dutch companies that acquire them receive ALL the > > user > > > > data, and the word "collect" doesn't mean what they think it means. > The > > > > icing on the cake is that their T&C forbid us from reverse > engineering > > > > their code to see what it really does. > > > > > > > > From their "privacy policy": > > > > We may disclose the information we obtain: > > > > If Lean Library is involved in a merger, acquisition or sale of all > or > > a > > > > portion of its Please note that you will be notified by either email > > or a > > > > prominent notice on our website of any changes in ownership or uses > of > > > this > > > > information. > > > > from their T&C > > > > No Reverse Engineering and the like.User nor Licensee may, or may > cause > > > or > > > > permit any of its employees or any third party to, modify, adapt, > > > > translate, reverse engineer, decompile, disassemble, translate or > > create > > > > derivative works based on the Service without the prior written > consent > > > of > > > > Licensor, which Licensor may withhold in its sole discretion. > > > > > > > > Any librarian that pays to hand users over to LL as it presents > itself > > > > today needs to reflect on their life choices. > > > > > > > > Having said that, (and having been involved in browser extension > > > projects) > > > > I think LL would be super valuable if done right, with all the i's > > dotted > > > > and t's crossed. > > > > > > > > That would mean building independent code review and privacy and data > > > > audits of ops into LL's contracts. Remember that giving a company > > > > phone-back access to a browser extension gives that company (and > anyone > > > > with the power or craft to compel that company) to see everything a > > user > > > > does online, credit card numbers, browsing behavior, passwords, > > > EVERYTHING! > > > > Libraries need to examine their potential legal liability for their > > > > patron's catastrophic security loss if they recommend installation of > > > this > > > > product (as presented today.) > > > > > > > > If anyone needs technical backup on this, please don't hesitate to > > > contact > > > > me. > > > > > > > > Eric Hellman > > > > President, Free Ebook Foundation > > > > Founder, Unglue.it https://unglue.it/ > > > > https://go-to-hellman.blogspot.com/ > > > > twitter: @gluejar > > > > > > > > > On Aug 21, 2018, at 6:04 PM, Tammy Wolf <[log in to unmask]> > > wrote: > > > > > > > > > > I just wondered if anyone else on this list reviewed Lean > > > Library<mailto: > > > > https://www.leanlibrary.com/> and had any security and/or privacy > > > > concerns. > > > > > > > > > > Here is what our Director of Security had to say, > > > > > > > > > > "I can confirm that browsing activity is sent to lean library. > > Attached > > > > is an example screenshot showing the POST when visiting a URL on > > > > reddit.com. And if you visit https://app.leanlibrary.com/? > > > > r=api/api/institutes it's trivial to see info about all subscribers > of > > > > lean library. > > > > > > > > > > Also, there are Repeated Pings to capture user IP Address. This was > > > also > > > > verified during the session capture. This occurs via > > > > https://app.leanlibrary.com/?r=api/api/getIp." > > > > > > > > > > Our Security Director goes on to say the following: > > > > > > > > > > "Of course this is also a question of consent. Any users of the > > plugin > > > > should first have to consent to the privacy policy: > > > > https://www.leanlibrary.com/privacy-policy/item181 - which would be > in > > > > conflict with deploying this automatically to lab computers. I have > > some > > > > issues with the privacy policy itself as well. It states: > > > > > > > > > > What information does Lean Library and The Extension NOT obtain? > > > > > Your security and privacy is our biggest priority. We are only > > > > interested in information or data that can help us deliver the best > > > > experience possible in saving you time while and optimizing your > > academic > > > > research. Therefore, The Extension does not store any information for > > > other > > > > browsing activity such as activity on non-database webpage urls. > > > > > Maybe they aren't technically "storing" the fact that I visited a > URL > > > on > > > > reddit.com, but that visit still went to their server and was > > captured / > > > > analyzed *somehow*. It would be more accurate for them to say that > they > > > > analyze all sites you visit to determine whether they are academic in > > > > nature, or something. But that would be a red flag." > > > > > > > > > > Thoughts? > > > > > > > > > > Tammy Allgood Wolf > > > > > Director of Discovery Services > > > > > ASU Library > > > > > Arizona State University > > > > > 480-965-1797 > > > > > <leanlibrary-postrequest.jpg> > > > > > > > > > > -- *Michael Price*Library Applications Specialist Robert E. Kennedy Library California Polytechnic State University San Luis Obispo, California Direct 805-756-6481 [log in to unmask]