LISTSERV - LIBLICENSE-L Archives

LIBLICENSE-L Archives

LibLicense-L Discussion Forum

LIBLICENSE-L@LISTSERV.CRL.EDU

	LISTSERV Archives
	LIBLICENSE-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Book publishing privacy policies redux: Don't AddThis
From:	LIBLICENSE <[log in to unmask]>
Reply To:	LibLicense-L Discussion Forum <[log in to unmask]>
Date:	Thu, 14 Aug 2014 02:05:47 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (77 lines)

From: Eric Hellman <[log in to unmask]>
Date: Wed, 13 Aug 2014 12:54:03 -0400

As a followup to this thread from february, I note that "AddThis", one
of the third party services used by University of Chicago Press (and
many others), turns out to be notorious for "Canvas Fingerprinting";
its social share function has been recently described as a
Trojan-horse tracking device. It uses a javascript fingerprinting
method that tracks you even if you have cookies turned off!

Here's the article from ProPublica:

http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block

And a follow-on discussion from Princeton CITP:

https://freedom-to-tinker.com/blog/englehardt/the-hidden-perils-of-cookie-syncing/

Back in February, I chose University of Chicago Press to look at
pretty much at random; so please don't single them out, as I'm sure
many publishers and even many libraries make use of AddThis. But I
hope lots of organizations take a second look at the third party
services they use to see if they're routinely giving away the
user-privacy store.

Eric

Eric Hellman
President, Gluejar.Inc.
Founder, Unglue.it https://unglue.it/
http://go-to-hellman.blogspot.com/
twitter: @gluejar

On Feb 4, 2014, at 6:46 PM, LIBLICENSE <[log in to unmask]> wrote:

From: Eric Hellman <[log in to unmask]>
Date: Tue, 4 Feb 2014 09:48:53 -0500

Joe,

You need to learn how to use Chrome's Developer tools. I'm willing to
bet that there aren't any university presses in the US that aren't
using cookies in some way, although perhaps they don't realize that
they're doing it.

As a representative example (not to pick on them, or anything)
University of Chicago Press uses Google Analytics on its web site,
which uses 4 cookies to track users across the website. It also uses
"scorecard research" which sets 3 more cookies. It uses previews from
google books- 10 more cookies. It uses "Addthis.com". Another 12
cookies. If I add to the shopping cart, I get 12 cookies from
uchicago.edu itself.

So yeah, the people you've been talking to have no clue about cookies.

Eric

Eric Hellman
President, Gluejar.Inc.
Founder, Unglue.it https://unglue.it/
http://go-to-hellman.blogspot.com/
twitter: @gluejar

On Feb 2, 2014, at 6:27 PM, LIBLICENSE <[log in to unmask]> wrote:

One hypothesis I had when I started out was that U. presses could have
trouble selling D2C because of privacy policies of the parent
institutions (that is, commercial organizations have fewer scruples
about collecting user data).  Now I am beginning to think I formulated
this question all wrong.  It's my understanding,  based on a number of
interviews with U. press personnel, that presses collect little user
data and don't distribute it often or widely.  I have stumbled on no
academic book publisher yet that places cookies on users' computers,
which significantly reduces the amount of information a publisher
could collect.  Have I simply been talking to the wrong people?

ATOM RSS1 RSS2

LISTSERV.CRL.EDU