Sadly when I last I checked, Libx doesn't work in newer Firefox versions.
No word that I can find on if it's being updated or not.
-------
Mark Sandford
Systems Librarian
Assistant Professor in the Libraries
Colgate University Libraries
On Tue, Sep 4, 2018 at 10:45 AM, Andreas Orphanides <[log in to unmask]>
wrote:
> LibX is still kicking and as far as I know it does all its work in-browser
> (though I can't attest this with certainty). Does require more knowledge
> and work on the part of the user to get proxy access.
>
> On Tue, Sep 4, 2018 at 9:32 AM, Harper, Cynthia <[log in to unmask]> wrote:
>
> > Is there a browser extension that does meet data privacy concerns
> > adequately (or even well)? Your recommendations welcome.
> > Cindy Harper
> >
> > -----Original Message-----
> > From: Code for Libraries <[log in to unmask]> On Behalf Of Eric
> > Hellman
> > Sent: Friday, August 31, 2018 1:15 PM
> > To: [log in to unmask]
> > Subject: Re: [CODE4LIB] Lean Library Security Concerns
> >
> > Wow. Lean Library seems to be sloppily implemented, has a privacy policy
> > that says that big dutch companies that acquire them receive ALL the user
> > data, and the word "collect" doesn't mean what they think it means. The
> > icing on the cake is that their T&C forbid us from reverse engineering
> > their code to see what it really does.
> >
> > From their "privacy policy":
> > We may disclose the information we obtain:
> > If Lean Library is involved in a merger, acquisition or sale of all or a
> > portion of its Please note that you will be notified by either email or a
> > prominent notice on our website of any changes in ownership or uses of
> this
> > information.
> > from their T&C
> > No Reverse Engineering and the like.User nor Licensee may, or may cause
> or
> > permit any of its employees or any third party to, modify, adapt,
> > translate, reverse engineer, decompile, disassemble, translate or create
> > derivative works based on the Service without the prior written consent
> of
> > Licensor, which Licensor may withhold in its sole discretion.
> >
> > Any librarian that pays to hand users over to LL as it presents itself
> > today needs to reflect on their life choices.
> >
> > Having said that, (and having been involved in browser extension
> projects)
> > I think LL would be super valuable if done right, with all the i's dotted
> > and t's crossed.
> >
> > That would mean building independent code review and privacy and data
> > audits of ops into LL's contracts. Remember that giving a company
> > phone-back access to a browser extension gives that company (and anyone
> > with the power or craft to compel that company) to see everything a user
> > does online, credit card numbers, browsing behavior, passwords,
> EVERYTHING!
> > Libraries need to examine their potential legal liability for their
> > patron's catastrophic security loss if they recommend installation of
> this
> > product (as presented today.)
> >
> > If anyone needs technical backup on this, please don't hesitate to
> contact
> > me.
> >
> > Eric Hellman
> > President, Free Ebook Foundation
> > Founder, Unglue.it https://unglue.it/
> > https://go-to-hellman.blogspot.com/
> > twitter: @gluejar
> >
> > > On Aug 21, 2018, at 6:04 PM, Tammy Wolf <[log in to unmask]> wrote:
> > >
> > > I just wondered if anyone else on this list reviewed Lean
> Library<mailto:
> > https://www.leanlibrary.com/> and had any security and/or privacy
> > concerns.
> > >
> > > Here is what our Director of Security had to say,
> > >
> > > "I can confirm that browsing activity is sent to lean library. Attached
> > is an example screenshot showing the POST when visiting a URL on
> > reddit.com. And if you visit https://app.leanlibrary.com/?
> > r=api/api/institutes it's trivial to see info about all subscribers of
> > lean library.
> > >
> > > Also, there are Repeated Pings to capture user IP Address. This was
> also
> > verified during the session capture. This occurs via
> > https://app.leanlibrary.com/?r=api/api/getIp."
> > >
> > > Our Security Director goes on to say the following:
> > >
> > > "Of course this is also a question of consent. Any users of the plugin
> > should first have to consent to the privacy policy:
> > https://www.leanlibrary.com/privacy-policy/item181 - which would be in
> > conflict with deploying this automatically to lab computers. I have some
> > issues with the privacy policy itself as well. It states:
> > >
> > > What information does Lean Library and The Extension NOT obtain?
> > > Your security and privacy is our biggest priority. We are only
> > interested in information or data that can help us deliver the best
> > experience possible in saving you time while and optimizing your academic
> > research. Therefore, The Extension does not store any information for
> other
> > browsing activity such as activity on non-database webpage urls.
> > > Maybe they aren't technically "storing" the fact that I visited a URL
> on
> > reddit.com, but that visit still went to their server and was captured /
> > analyzed *somehow*. It would be more accurate for them to say that they
> > analyze all sites you visit to determine whether they are academic in
> > nature, or something. But that would be a red flag."
> > >
> > > Thoughts?
> > >
> > > Tammy Allgood Wolf
> > > Director of Discovery Services
> > > ASU Library
> > > Arizona State University
> > > 480-965-1797
> > > <leanlibrary-postrequest.jpg>
> >
>
|