Print

Print


In the past when that's happened it's just been a line in the manifest that
needs updating. A nudge to Godmar usually would do the trick. But as far as
active updating not much has been going on there.

On Tue, Sep 4, 2018 at 11:48 AM, Mark Sandford <[log in to unmask]>
wrote:

> Sadly when I last I checked, Libx doesn't work in newer Firefox versions.
> No word that I can find on if it's being updated or not.
>
> -------
> Mark Sandford
> Systems Librarian
> Assistant Professor in the Libraries
> Colgate University Libraries
>
>
>
> On Tue, Sep 4, 2018 at 10:45 AM, Andreas Orphanides <[log in to unmask]>
> wrote:
>
> > LibX is still kicking and as far as I know it does all its work
> in-browser
> > (though I can't attest this with certainty). Does require more knowledge
> > and work on the part of the user to get proxy access.
> >
> > On Tue, Sep 4, 2018 at 9:32 AM, Harper, Cynthia <[log in to unmask]> wrote:
> >
> > > Is there a browser extension that does meet data privacy concerns
> > > adequately (or even well)? Your recommendations welcome.
> > > Cindy Harper
> > >
> > > -----Original Message-----
> > > From: Code for Libraries <[log in to unmask]> On Behalf Of Eric
> > > Hellman
> > > Sent: Friday, August 31, 2018 1:15 PM
> > > To: [log in to unmask]
> > > Subject: Re: [CODE4LIB] Lean Library Security Concerns
> > >
> > > Wow. Lean Library seems to be sloppily implemented, has a privacy
> policy
> > > that says that big dutch companies that acquire them receive ALL the
> user
> > > data, and the word "collect" doesn't mean what they think it means. The
> > > icing on the cake is that their T&C forbid us from reverse engineering
> > > their code to see what it really does.
> > >
> > > From their "privacy policy":
> > > We may disclose the information we obtain:
> > > If Lean Library is involved in a merger, acquisition or sale of all or
> a
> > > portion of its Please note that you will be notified by either email
> or a
> > > prominent notice on our website of any changes in ownership or uses of
> > this
> > > information.
> > > from their T&C
> > > No Reverse Engineering and the like.User nor Licensee may, or may cause
> > or
> > > permit any of its employees or any third party to, modify, adapt,
> > > translate, reverse engineer, decompile, disassemble, translate or
> create
> > > derivative works based on the Service without the prior written consent
> > of
> > > Licensor, which Licensor may withhold in its sole discretion.
> > >
> > > Any librarian that pays to hand users over to LL as it presents itself
> > > today needs to reflect on their life choices.
> > >
> > > Having said that, (and having been involved in browser extension
> > projects)
> > > I think LL would be super valuable if done right, with all the i's
> dotted
> > > and t's crossed.
> > >
> > > That would mean building independent code review and privacy and data
> > > audits of ops into LL's contracts. Remember that giving a company
> > > phone-back access to a browser extension gives that company (and anyone
> > > with the power or craft to compel that company) to see everything a
> user
> > > does online, credit card numbers, browsing behavior, passwords,
> > EVERYTHING!
> > > Libraries need to examine their potential legal liability for their
> > > patron's catastrophic security loss if they recommend installation of
> > this
> > > product (as presented today.)
> > >
> > > If anyone needs technical backup on this, please don't hesitate to
> > contact
> > > me.
> > >
> > > Eric Hellman
> > > President, Free Ebook Foundation
> > > Founder, Unglue.it https://unglue.it/
> > > https://go-to-hellman.blogspot.com/
> > > twitter: @gluejar
> > >
> > > > On Aug 21, 2018, at 6:04 PM, Tammy Wolf <[log in to unmask]>
> wrote:
> > > >
> > > > I just wondered if anyone else on this list reviewed Lean
> > Library<mailto:
> > > https://www.leanlibrary.com/> and had any security and/or privacy
> > > concerns.
> > > >
> > > > Here is what our Director of Security had to say,
> > > >
> > > > "I can confirm that browsing activity is sent to lean library.
> Attached
> > > is an example screenshot showing the POST when visiting a URL on
> > > reddit.com. And if you visit https://app.leanlibrary.com/?
> > > r=api/api/institutes it's trivial to see info about all subscribers of
> > > lean library.
> > > >
> > > > Also, there are Repeated Pings to capture user IP Address. This was
> > also
> > > verified during the session capture. This occurs via
> > > https://app.leanlibrary.com/?r=api/api/getIp."
> > > >
> > > > Our Security Director goes on to say the following:
> > > >
> > > > "Of course this is also a question of consent. Any users of the
> plugin
> > > should first have to consent to the privacy policy:
> > > https://www.leanlibrary.com/privacy-policy/item181 - which would be in
> > > conflict with deploying this automatically to lab computers. I have
> some
> > > issues with the privacy policy itself as well. It states:
> > > >
> > > > What information does Lean Library and The Extension NOT obtain?
> > > > Your security and privacy is our biggest priority. We are only
> > > interested in information or data that can help us deliver the best
> > > experience possible in saving you time while and optimizing your
> academic
> > > research. Therefore, The Extension does not store any information for
> > other
> > > browsing activity such as activity on non-database webpage urls.
> > > > Maybe they aren't technically "storing" the fact that I visited a URL
> > on
> > > reddit.com, but that visit still went to their server and was
> captured /
> > > analyzed *somehow*. It would be more accurate for them to say that they
> > > analyze all sites you visit to determine whether they are academic in
> > > nature, or something. But that would be a red flag."
> > > >
> > > > Thoughts?
> > > >
> > > > Tammy Allgood Wolf
> > > > Director of Discovery Services
> > > > ASU Library
> > > > Arizona State University
> > > > 480-965-1797
> > > > <leanlibrary-postrequest.jpg>
> > >
> >
>