LibX in Firefox is missed!
https://groups.google.com/forum/#!topic/libx-users/YpLF_v9VatU
This has been a great discussion, thanks everyone!
-Mike
On Tue, Sep 4, 2018 at 8:56 AM Andreas Orphanides <[log in to unmask]> wrote:
> In the past when that's happened it's just been a line in the manifest that
> needs updating. A nudge to Godmar usually would do the trick. But as far as
> active updating not much has been going on there.
>
> On Tue, Sep 4, 2018 at 11:48 AM, Mark Sandford <[log in to unmask]>
> wrote:
>
> > Sadly when I last I checked, Libx doesn't work in newer Firefox versions.
> > No word that I can find on if it's being updated or not.
> >
> > -------
> > Mark Sandford
> > Systems Librarian
> > Assistant Professor in the Libraries
> > Colgate University Libraries
> >
> >
> >
> > On Tue, Sep 4, 2018 at 10:45 AM, Andreas Orphanides <[log in to unmask]>
> > wrote:
> >
> > > LibX is still kicking and as far as I know it does all its work
> > in-browser
> > > (though I can't attest this with certainty). Does require more
> knowledge
> > > and work on the part of the user to get proxy access.
> > >
> > > On Tue, Sep 4, 2018 at 9:32 AM, Harper, Cynthia <[log in to unmask]>
> wrote:
> > >
> > > > Is there a browser extension that does meet data privacy concerns
> > > > adequately (or even well)? Your recommendations welcome.
> > > > Cindy Harper
> > > >
> > > > -----Original Message-----
> > > > From: Code for Libraries <[log in to unmask]> On Behalf Of Eric
> > > > Hellman
> > > > Sent: Friday, August 31, 2018 1:15 PM
> > > > To: [log in to unmask]
> > > > Subject: Re: [CODE4LIB] Lean Library Security Concerns
> > > >
> > > > Wow. Lean Library seems to be sloppily implemented, has a privacy
> > policy
> > > > that says that big dutch companies that acquire them receive ALL the
> > user
> > > > data, and the word "collect" doesn't mean what they think it means.
> The
> > > > icing on the cake is that their T&C forbid us from reverse
> engineering
> > > > their code to see what it really does.
> > > >
> > > > From their "privacy policy":
> > > > We may disclose the information we obtain:
> > > > If Lean Library is involved in a merger, acquisition or sale of all
> or
> > a
> > > > portion of its Please note that you will be notified by either email
> > or a
> > > > prominent notice on our website of any changes in ownership or uses
> of
> > > this
> > > > information.
> > > > from their T&C
> > > > No Reverse Engineering and the like.User nor Licensee may, or may
> cause
> > > or
> > > > permit any of its employees or any third party to, modify, adapt,
> > > > translate, reverse engineer, decompile, disassemble, translate or
> > create
> > > > derivative works based on the Service without the prior written
> consent
> > > of
> > > > Licensor, which Licensor may withhold in its sole discretion.
> > > >
> > > > Any librarian that pays to hand users over to LL as it presents
> itself
> > > > today needs to reflect on their life choices.
> > > >
> > > > Having said that, (and having been involved in browser extension
> > > projects)
> > > > I think LL would be super valuable if done right, with all the i's
> > dotted
> > > > and t's crossed.
> > > >
> > > > That would mean building independent code review and privacy and data
> > > > audits of ops into LL's contracts. Remember that giving a company
> > > > phone-back access to a browser extension gives that company (and
> anyone
> > > > with the power or craft to compel that company) to see everything a
> > user
> > > > does online, credit card numbers, browsing behavior, passwords,
> > > EVERYTHING!
> > > > Libraries need to examine their potential legal liability for their
> > > > patron's catastrophic security loss if they recommend installation of
> > > this
> > > > product (as presented today.)
> > > >
> > > > If anyone needs technical backup on this, please don't hesitate to
> > > contact
> > > > me.
> > > >
> > > > Eric Hellman
> > > > President, Free Ebook Foundation
> > > > Founder, Unglue.it https://unglue.it/
> > > > https://go-to-hellman.blogspot.com/
> > > > twitter: @gluejar
> > > >
> > > > > On Aug 21, 2018, at 6:04 PM, Tammy Wolf <[log in to unmask]>
> > wrote:
> > > > >
> > > > > I just wondered if anyone else on this list reviewed Lean
> > > Library<mailto:
> > > > https://www.leanlibrary.com/> and had any security and/or privacy
> > > > concerns.
> > > > >
> > > > > Here is what our Director of Security had to say,
> > > > >
> > > > > "I can confirm that browsing activity is sent to lean library.
> > Attached
> > > > is an example screenshot showing the POST when visiting a URL on
> > > > reddit.com. And if you visit https://app.leanlibrary.com/?
> > > > r=api/api/institutes it's trivial to see info about all subscribers
> of
> > > > lean library.
> > > > >
> > > > > Also, there are Repeated Pings to capture user IP Address. This was
> > > also
> > > > verified during the session capture. This occurs via
> > > > https://app.leanlibrary.com/?r=api/api/getIp."
> > > > >
> > > > > Our Security Director goes on to say the following:
> > > > >
> > > > > "Of course this is also a question of consent. Any users of the
> > plugin
> > > > should first have to consent to the privacy policy:
> > > > https://www.leanlibrary.com/privacy-policy/item181 - which would be
> in
> > > > conflict with deploying this automatically to lab computers. I have
> > some
> > > > issues with the privacy policy itself as well. It states:
> > > > >
> > > > > What information does Lean Library and The Extension NOT obtain?
> > > > > Your security and privacy is our biggest priority. We are only
> > > > interested in information or data that can help us deliver the best
> > > > experience possible in saving you time while and optimizing your
> > academic
> > > > research. Therefore, The Extension does not store any information for
> > > other
> > > > browsing activity such as activity on non-database webpage urls.
> > > > > Maybe they aren't technically "storing" the fact that I visited a
> URL
> > > on
> > > > reddit.com, but that visit still went to their server and was
> > captured /
> > > > analyzed *somehow*. It would be more accurate for them to say that
> they
> > > > analyze all sites you visit to determine whether they are academic in
> > > > nature, or something. But that would be a red flag."
> > > > >
> > > > > Thoughts?
> > > > >
> > > > > Tammy Allgood Wolf
> > > > > Director of Discovery Services
> > > > > ASU Library
> > > > > Arizona State University
> > > > > 480-965-1797
> > > > > <leanlibrary-postrequest.jpg>
> > > >
> > >
> >
>
--
*Michael Price*Library Applications Specialist
Robert E. Kennedy Library
California Polytechnic State University
San Luis Obispo, California
Direct 805-756-6481
[log in to unmask]
|