 |
 |
Sadly when I last I checked, Libx doesn't work in newer Firefox versions. No word that I can find on if it's being updated or not. ------- Mark Sandford Systems Librarian Assistant Professor in the Libraries Colgate University Libraries On Tue, Sep 4, 2018 at 10:45 AM, Andreas Orphanides <[log in to unmask]> wrote: > LibX is still kicking and as far as I know it does all its work in-browser > (though I can't attest this with certainty). Does require more knowledge > and work on the part of the user to get proxy access. > > On Tue, Sep 4, 2018 at 9:32 AM, Harper, Cynthia <[log in to unmask]> wrote: > > > Is there a browser extension that does meet data privacy concerns > > adequately (or even well)? Your recommendations welcome. > > Cindy Harper > > > > -----Original Message----- > > From: Code for Libraries <[log in to unmask]> On Behalf Of Eric > > Hellman > > Sent: Friday, August 31, 2018 1:15 PM > > To: [log in to unmask] > > Subject: Re: [CODE4LIB] Lean Library Security Concerns > > > > Wow. Lean Library seems to be sloppily implemented, has a privacy policy > > that says that big dutch companies that acquire them receive ALL the user > > data, and the word "collect" doesn't mean what they think it means. The > > icing on the cake is that their T&C forbid us from reverse engineering > > their code to see what it really does. > > > > From their "privacy policy": > > We may disclose the information we obtain: > > If Lean Library is involved in a merger, acquisition or sale of all or a > > portion of its Please note that you will be notified by either email or a > > prominent notice on our website of any changes in ownership or uses of > this > > information. > > from their T&C > > No Reverse Engineering and the like.User nor Licensee may, or may cause > or > > permit any of its employees or any third party to, modify, adapt, > > translate, reverse engineer, decompile, disassemble, translate or create > > derivative works based on the Service without the prior written consent > of > > Licensor, which Licensor may withhold in its sole discretion. > > > > Any librarian that pays to hand users over to LL as it presents itself > > today needs to reflect on their life choices. > > > > Having said that, (and having been involved in browser extension > projects) > > I think LL would be super valuable if done right, with all the i's dotted > > and t's crossed. > > > > That would mean building independent code review and privacy and data > > audits of ops into LL's contracts. Remember that giving a company > > phone-back access to a browser extension gives that company (and anyone > > with the power or craft to compel that company) to see everything a user > > does online, credit card numbers, browsing behavior, passwords, > EVERYTHING! > > Libraries need to examine their potential legal liability for their > > patron's catastrophic security loss if they recommend installation of > this > > product (as presented today.) > > > > If anyone needs technical backup on this, please don't hesitate to > contact > > me. > > > > Eric Hellman > > President, Free Ebook Foundation > > Founder, Unglue.it https://unglue.it/ > > https://go-to-hellman.blogspot.com/ > > twitter: @gluejar > > > > > On Aug 21, 2018, at 6:04 PM, Tammy Wolf <[log in to unmask]> wrote: > > > > > > I just wondered if anyone else on this list reviewed Lean > Library<mailto: > > https://www.leanlibrary.com/> and had any security and/or privacy > > concerns. > > > > > > Here is what our Director of Security had to say, > > > > > > "I can confirm that browsing activity is sent to lean library. Attached > > is an example screenshot showing the POST when visiting a URL on > > reddit.com. And if you visit https://app.leanlibrary.com/? > > r=api/api/institutes it's trivial to see info about all subscribers of > > lean library. > > > > > > Also, there are Repeated Pings to capture user IP Address. This was > also > > verified during the session capture. This occurs via > > https://app.leanlibrary.com/?r=api/api/getIp." > > > > > > Our Security Director goes on to say the following: > > > > > > "Of course this is also a question of consent. Any users of the plugin > > should first have to consent to the privacy policy: > > https://www.leanlibrary.com/privacy-policy/item181 - which would be in > > conflict with deploying this automatically to lab computers. I have some > > issues with the privacy policy itself as well. It states: > > > > > > What information does Lean Library and The Extension NOT obtain? > > > Your security and privacy is our biggest priority. We are only > > interested in information or data that can help us deliver the best > > experience possible in saving you time while and optimizing your academic > > research. Therefore, The Extension does not store any information for > other > > browsing activity such as activity on non-database webpage urls. > > > Maybe they aren't technically "storing" the fact that I visited a URL > on > > reddit.com, but that visit still went to their server and was captured / > > analyzed *somehow*. It would be more accurate for them to say that they > > analyze all sites you visit to determine whether they are academic in > > nature, or something. But that would be a red flag." > > > > > > Thoughts? > > > > > > Tammy Allgood Wolf > > > Director of Discovery Services > > > ASU Library > > > Arizona State University > > > 480-965-1797 > > > <leanlibrary-postrequest.jpg> > > >