Google’s founders didn’t anticipate that the search engine built on PageRank would one day earn billions of dollars via advertising revenues. Google was founded as a technical achievement with superb market positioning — at the nexus of information demand and supply. It was free and useful, becoming popular quickly. From there, other clever people came on, and have been able to leverage this positioning into the multi-billion-dollar technology and data company now known as Alphabet.

Of the two fundamentally important aspects of business — positioning and execution — it’s arguable that positioning is by far the most important.

dogs digging

We now see some interesting positioning moves by entities with plugins designed to exploit Green OA or address access issues in a virtual, seemingly decentralized way — Unpaywall, Kopernio, and Anywhere Access. There is also the STM community’s effort to improve access, RA21. As a group, these and a few others coming onto the market represent commercial responses to the presence of Sci-Hub, ResearchGate, and Academia.edu. While they have interesting positioning, their execution differs in some key ways.

Kopernio was created by a serial entrepreneur, Jan Reichelt, who co-founded Mendeley. Earlier this year, Kopernio was acquired by Clarivate Analytics for an undisclosed sum, making this two acquisitions for Reichelt in a relatively short period of time. He clearly knows how to create companies others want to buy. (Interestingly, Unpaywall has a licensing deal with Clarivate via Clarivate’s Web of Science. Whether this will continue much longer isn’t clear.)

When Kopernio connects users with articles on a publisher’s site, the articles are placed in the Kopernio PDF frame, eliminating the publisher’s major branding elements. To do this for paywalled content, Kopernio has to acquire the user’s subscription entitlements — if the user is on-campus, the IPs and login information are passed through Kopernio; if the user is off-campus, there is a one-time handshake needed to entitle the off-campus computer, which can include profiling the user’s computer as well as acquiring the access credentials, which are stored in the plugin.

Kopernio makes three promises when you install the plugin:

  1. Turbo charge your literature search.
  2. Jump over paywalls.
  3. Work off campus.

Note that during this process, Kopernio and Clarivate are acquiring user credentials — these are stored in the plugin, and Kopernio asserts they are not transmitted to their servers, but things can change. The terms of use are with KopernioThe Privacy Policy leads to a Clarivate page, which seems a broader catch-all for Clarivate overall and non-specific to Kopernio except when it states, “‘Clarivate Analytics’ includes all the businesses of the Clarivate group, including separate brands like CompuMark and Kopernio.” Both Kopernio and Clarivate are based in the UK, so GDPR rules apply.

Their privacy terms include this clear statement:

We collect personal data directly from you, for example, the contact information and log-in credentials that we use to provide our services to you, and the professional profile details that you choose to enter into our products.

Kopernio struck a deal in July 2018 with Caltech to conduct a pilot with 2,000 Caltech researchers, providing the researchers with one-click access to their entitled content “via the identification of a researcher’s subscription entitlements,” which is a very interesting phrase when it comes to the positioning of Kopernio in the scholarly publishing ecosystem. According to people who know more about this deal, Caltech is getting some of the data Kopernio/Clarivate is gathering during this pilot. An interview request with the relevant Caltech person was not granted in time for this post.

Given that the Kopernio plugin is acquiring not only individual information on users but also access credentials, it has an interesting position, especially as Clarivate is a data company through and through. Kopernio also smacks of the kind of company we’ve become accustomed to online — as Leonid Bershidsky wrote about recently in Bloomberg BusinessWeek:

This is a time when companies whose innovations are more intrusive than useful, more gimmicky than problem-solving, operate with business models that either burn investors’ cash or turn the users into products.

This article, which was about the writer’s reluctant admiration of Apple as “a rock of common sense, sobriety, dignified engineering supremacy, prudent financial and supply chain management, effective marketing, and customer-oriented retailing,” includes this quote from Apple CEO Tim Cook:

If you look at our model, if we can convince you to buy an iPhone or an iPad, we’ll make a little bit of money. You’re not our product.

Not that Kopernio is above using incentives to get more user information. Kopernio Premium is offered as an incentive to users who refer someone else to Kopernio, offering more storage and other features to users who spread the word.

Kopernio’s approach is reminiscent of the industry’s RA21 initiative to create seamless authentication, which recently resolved in a recommendation to pursue a similar browser-based approach to seamless access, but one which claims to preserve user privacy.

Kopernio’s user experience is pretty aggressive. Most plugins install in a sleeping state, and you have to activate them. Kopernio installs in an active state, and begins pinging you as soon as you visit a domain it thinks is relevant. It also can’t be shut off via the plugin once installed, with the user’s only option to go into the browser’s settings to turn it off, or to uninstall it if you don’t want it surveilling you. This approach creates a barrier (probably intentional) to deactivating the plugin.

Kopernio sources articles from controversial venues, including ResearchGate and Academia.edu. It may also use the Unpaywall database, but I couldn’t corroborate this speculation from some of the publishers I spoke with. The copyright controversies with ResearchGate and Academia.edu are well-established. Some publishers are considering blocking Kopernio if their practice of gathering PDFs from these sites doesn’t change. Given how important it is to Clarivate that Web of Science continue to have access to publisher sites and publisher goodwill, it seems these could short conversations. However, in speaking with publishers who have interacted with the leadership of Kopernio, there is a stubborn refusal to modify their approaches, some of which (see Sidebar #1) are questionable on their face.

Unpaywall is run by ImpactStory, a non-profit with stated revenues of $15,058 in 2015 (according to their 990) against expenses of $215,900, so the recently announced grant of $850,000 from the Arcadia Fund matters to their viability. Whether the team’s aim is a long-term one remains unclear, as the reputation of Heather Piwowar and Jason Priem in the market is one of cleverly changing the game as happy warriors. They are another set of serial entrepreneurs, although less financially successful than those behind Kopernio.

Technically, Unpaywall uses relatively brute force tactics to identify Green OA content. With a database they claim approaches 20 million articles, Unpaywall matches the DOI or URI with their database, and when the plugin is activated, Unpaywall will tell users when and where an article can be had for free. The Unpaywall plugin also installs in an activated state, meaning it is in surveillance mode from the moment you install it. However, you can turn Unpaywall off without uninstalling it.

Sidebar #1: As a matter of web manners, Kopernio is pushy and unyielding. From what I can see, once you install Kopernio’s extension in Chrome, you cannot turn it off except by finding the proper browser settings and turning it off there, or by uninstalling it. Otherwise, it is always surveilling you. Unpaywall starts in an activated mode, but you can turn it off without going into third-tier browser menus or uninstalling it. I believe both are overstepping an important boundary by installing activated, but Kopernio goes into my obnoxious zone with its plugin’s practices. 

Ostensibly, Unpaywall represents a great way for publishers who have strong Green OA policies to let users take advantage of these free-to-read articles. After all, publishers are the main providers of Green OA. However, Unpaywall may create the impression that technology has enabled article access, rather than policies, leaving publishers once again without the credit they deserve for liberal access policies. Also, the threat of Green OA has always been blunted by having a disorganized mess of free articles tucked away in unpredictable places, hindering discovery and usage. Unpaywall is organizing this mess, so liberal access policies that once were adopted with little risk might need to be reconsidered.

Unpaywall’s privacy policy is also an interesting read, as they divulge that they acquire personally identifiable information (including the IPs used), and also acknowledge that even if you activate Do Not Track in your browser, they continue to track you (“At this time, ImpactStory does not respond to or alter its practices when it receives a Do Not Track signal from a user’s web browser”). (Note: After publication, Jason Priem commented that their policies are unclear, and that they will be modifying them.) There is no mention of GDPR in their privacy policy (the company is based in the US, in North Carolina). In July 2018, Elsevier announced a deal to integrate Unpaywall into Scopus. It’s unclear if this will be a lasting relationship, or if Elsevier is dancing with Unpaywall to learn its moves before it strikes out on its own. Unpaywall’s founders are devoted to open source solutions, so Elsevier may just port the Unpaywall code at some point in the not-too-distant future. Unpaywall appears to be funding itself via licensing fees around its dataset, as well as via the aforementioned grant.

If Unpaywall is widely adopted, it may portend a shift away from Gold OA, especially if embargoes as practiced now are truly tolerable to non-paying users. But the nagging question will be around the long-term value of a Green OA discovery database, especially one the founders claim is “open.” The founders may only want to shift the market, and may not have long-term commercial goals with Unpaywall. One could imagine this becoming an infrastructure element like the CHORUS API, funded at a far lower but sufficient level by publisher members or a similar community approach. Or Unpaywall may be the first of many such services, and not the best. Just this week, Third Iron introduced LibKey, a very similar PDF finder for Green OA content. Soon, the market may be flooded with these, which means the differentiation will come from marketing and sales, a situation where larger organizations will again prove their positional advantages.

Sidebar #2: Given the two players striking deals around the two most prominent plugins, my speculation that Elsevier and Clarivate are squaring off in the market has been reinforced.

Anywhere Access comes from Digital Science, a property of the Holtzbrinck global conglomerate. Anywhere Access is reminiscent of ReadCube, a product that had trouble moving beyond a few big publishers for a variety of reasons, with a main one being the fact that caching PDFs for optimized delivery is extremely expensive at scale (yes, digital is expensive). To circumvent this problem, Digital Science has taken the browser plugin approach to decipher access rights for the user and present a clickable PDF button with some enhancements to the PDF — light annotation, export options of reference managers, and so forth. Anywhere Access is partially a library play, generating data for libraries around usage, usage problems, and so forth. Anywhere Access doesn’t store PDFs, and promises publishers abilities to price a la carte access, improve user experience, and so forth. Like the others, Anywhere Access gathers a lot of personal information from its users, and users agree to let their information be used (in an aggregated, depersonalized way) by advertising entities.

From an access perspective, we have a few different approaches on the field to consider:

  • Kopernio, which gathers user credentials for a large multi-national company, and which promises to help users “jump paywalls”
  • Unpaywall, which gathers personally identifiable information for a startup working with a large multi-national company, but limited to Green OA content
  • Anywhere Access, which uses library information to present users with a clear, single-click path to the content they have the rights to read via their institutional subscriptions, while offering publishers promises of more usage and pricing controls
  • RA21, a collaborative, non-commercial initiative built with input from the community, which is designed to preserve user privacy, and will work for publishers and libraries of all sizes

Of course, guess which one — the three commercial offerings associated with huge companies, or the one community-collaboration-based — is distrusted and disliked the most, especially by librarians?

If you assume an anti-publisher sentiment, this will help you triangulate on the answer. A startup that finds Green OA content publishers make available, gathers user data, and charges licensing fees? No apparent issue. A large non-publisher corporation using a recent acquisition’s plugin to store end-user data including access credentials to multiple institutions? Librarians apparently are quite happy with Kopernio. A digital-native for-profit start-up associated with a huge global information business and running products that gather reams of user, commercial, citation, and library information? No major controversy yet. A free, privacy-protecting access option created with input from multiple stakeholders and developed by a coalition of publishers? Yes, you guessed it, the last one is the answer. Because it’s associated with publishers, RA21 has faced skepticism, distrust, and disdain from the start.

All of these services are predicated on the subscription model being in place in a substantial way.

There is a common thread to these services — all are predicated on the subscription model being in place in a substantial way. Unpaywall has that assumption in its name, while Kopernio only matters if access credentials need to be managed. Anywhere Access’ core functionality and suite of ride-along services (IP recognition, usage reporting, access errors) only really matter if site licenses exist. Of course, RA21 is explicitly designed to make access to subscription content easier for users, with the inciting moment being the emergence of Sci-Hub — which raises the question, with Sci-Hub still operating, do any of these matter? More to the point, what if someone were to make a plugin as simple and effective as Unpaywall or Kopernio or LibKey or Anywhere Access, and point this at Sci-Hub? Would users defect to this? Would libraries approve? Would publishers sue? The answer to all three may be affirmative. The consequences would be more time spinning our wheels in the mud of uncertainty.

The value of content is not in dispute if you read between the lines. It’s just a matter of how to commercialize that value. Traditional publishers want to take the Apple approach, and sell it directly to the user or their purchasing agent. To make this model more effective, they’ve created RA21, and are rolling it out later this year. Start-ups like Kopernio are taking a different approach, seeking to commercialize access by gleaning access credentials and personal information, mixing the appropriate parts with other corporate offerings at Clarivate, and ratcheting up their service levels and revenues, making the users into the products to some extent. This is the Facebook approach. Then we have Unpaywall, which is a combination of the two, gleaning data from users while licensing its database in a traditional manner, which is akin to the Linux model, complete with a desire to upset the status quo just because they can. Finally, Anywhere Access is seeking to sell to both sides of the market — buyers and sellers — with an offering they claim benefits to both. This is the Amazon approach.

The tensions among these approaches are familiar — privacy, piracy, copyright, threats to publishers, opportunities, user-satisfaction, user exploitation. We’ve seen all this before in various guises with Facebook, Twitter, Amazon, and Google.

Google, mentioned at the outset as having assumed a position relative to content which some feel devalued it (and which definitely commoditized it to some degree), has learned a valuable lesson from some of its experiments — that the value of content is directly related to the value of Google, as noted in a recent Digiday podcast interview with Richard Gingras, VP of News at Google:

The relevance and value of Google search for billions of users is based on the concurrent depth and breadth of the knowledge ecosystem of the web, to the extent it deteriorates, it’s not good for Google search.

The surprising commonality here is that the ultimate value of Kopernio, Unpaywall, Anywhere Access, and RA21 depends on a healthy subscription model. A complete flip to OA means all of these become largely irrelevant, so by extension (pun intended) they are betting against Gold OA. Each is pursuing value aligned with the subscription value of content.

Given the history here, I think we’ll find that of the set, Kopernio will have the most trouble and have to handle the most controversy in the long-term, while RA21 will continue to face the anti-publisher bias that has been cultivated for years in our ecosystem. Anywhere Access has a harder row to hoe, if only because Digital Science has so many offerings, a ReadCube base to migrate, and sales uncertainty to face in two markets. This leaves Unpaywall with the smoothest path forward. But they also have the most uncertain and uninteresting destination, a ride that may be reminiscent of Thelma & Louise. However, given Unpaywall’s founders’ apparent discomfort with or disdain for commercial success, they may just be in it to enjoy the ride.

(Thanks to multiple people — especially AC, MC, and JE — for a great deal of help with this post.)

(Note: An error in my understanding of how the Kopernio plugin works led me to believe user credentials were being stored on the server side of the service. I’ve been reassured by Clarivate that all credentials are encrypted locally in the browser. The post has been modified accordingly. My apologies for the mistake.)

Kent Anderson

Kent Anderson

Kent Anderson is the CEO of RedLink and RedLink Network, a past-President of SSP, and the founder of the Scholarly Kitchen. He has worked as Publisher at AAAS/Science, CEO/Publisher of JBJS, Inc., a publishing executive at the Massachusetts Medical Society, Publishing Director of the New England Journal of Medicine, and Director of Medical Journals at the American Academy of Pediatrics. Opinions on social media or blogs are his own.

Discussion

35 Thoughts on "The New Plugins — What Goals Are the Access Solutions Pursuing?"

Kent, there’s some grave factual errors in the article above, all of which could have been readily avoided if you had taken the time to get in touch with us. We’ll be responding to these inaccuracies point for point shortly. In the meantime we request that you take it down to allow us to provide clarity on each inaccurate fact.

Lisa,

You may recall, I did get in touch with you earlier this week to get help arranging an interview with someone at Caltech. No further information was requested then, and no further assistance from you offered. In addition, the contact with Caltech never materialized, despite having more than enough time to arrange this (in my experience with media issues).

It is also not appropriate to request that a post be taken down. The comments are open. Via email, you have offered no concrete reasons to take the post down, either. If corrections are needed, they will be made. If they are not, they will not be. However, I’m not going to take a post down just on your say-so.

“If corrections are needed, they will be made.”
That’s great to hear. We’ll provide a list.

Wow.

As a mere academic I find this attitude quite troubling. I was able to verify Kent’s claims quite quickly for example, by looking up the terms and conditions on Kopernio’s website. I note that Kopernio links to Clarivate’s website for its privacy policy, so if there are any inaccuracies in the article about how those work together, it is the fault of Kopernio/Clarivate for not having clearly stated policies, not responding to Kent’s enquiries made before the article was posted, and being quick to demand the article being taken down but slow to describe what’s actually wrong with it.

I did not originally take any negative views of Clarivate from reading the article, but after reading these comments I can’t say the same.

Dear Kent, we have taken the time to address your questions, concerns, and statements here: “Our response to Kent Anderson’s Scholarly Kitchen article” https://kopernio.com/media/2018/kent-anderson-scholarly-kitchen-response. We don’t need to agree on all the points, but we wanted to use the opportunity to be able to set out our position. I hope our contributions to this discussions will be appreciated and that our views add further information and transparency to the debate.

I appreciated reading this to understand better how K works. This is the first I recall hearing that K works off an established whitelist (I presume I have just overlooked this – no accusation that you’ve been hiding it!). Is the whitelist available and how is it constructed?

I just finished reading the point-by-point rebuttal to Kent’s post. I did not find it to be useful or illuminating at all. Very disappointing. BTW, Kent did disclose that he works for a company that collects user data, so the Kopernio response, which slyly accuses Kent of bad faith, is off base. I would have expected more from a Clarivate company.

Your response about how Kopernio can be disabled has some problems. Your representative claims it works just as other plugins, including Unpaywall. This is not true. I can disable Unpaywall in the plugin itself, which is normal behavior. I had to see screenshots to learn how to disable the Kopernio plugin, which requires me to go to the Window > Extensions menu in Chrome, find the extension, and then click the button to disable it. This is a concealment of basic functionality that I think does make it harder for users to turn it off. This is a design choice to make it harder to turn the extension off, I believe. And, yes, it was clearly my opinion that the plugin has crossed into the obnoxious zone due to its behavior of arriving activated and then having no deactivation option within the plugin.

As for a conflict of interest, I don’t have one. Remarq PDFs are about annotation, not access (authentication or authorization). RedLink Network is a free service designed to help libraries and publishers collaborate around usage data and access credentials.

Your response is posted in a way that doesn’t allow for any response. I won’t belabor things here, but it’s quite a response, running 4,100+ words, far longer than the original post (2,800+ words).

The people thanked at the bottom of the post were not “quoted” in the post, but rather read drafts, provided advice, or both. Those who mentioned various things reflected in the post are not necessarily the people thanked and identified by initials. I talked with a lot of people.

It seems the major error in the piece is in regard to how you store user credentials. I will correct the post accordingly.

As for the business model, I stand by my speculation that ultimately Kopernio’s commercial value involves making the users into the product. Without wide adoption, and the amount of data generated by those clicks and interactions, what other value is there? It’s not a criticism, just an observation. There are other approaches, and I think that’s yours. I’ll stand by that for the time being.

Ben – I’d like to ask about something I believe to be a factual error in your response relating to the handling of user credentials. Your response contains this statement: “Kopernio can’t and wouldn’t do anything with these credentials other than facilitate legitimate access to researcher’s library subscriptions.”

I believe that claiming Kopernio “can’t” do certain things with user credentials is not accurate. Elsewhere in your response you acknowledge that Kopernio encrypts and stores credentials in users’ browsers. If Kopernio has the ability to encrypt and store user credentials, that implies that Kopernio must also have the ability to decrypt and pass those user credentials on to a user’s home institution, where Kopernio might attempt to log the user into a proxy server, Shibboleth server, etc. in order to “facilitate legitimate access”.

If Kopernio has the above technical capabilities, then I believe Kopernio also has the technical capability to send user credentials to any server, including your own. I am not asserting that Kopernio does this – but I believe the technical capability does exist.

Am I wrong?

I’m not sure I understand your concern here to be honest, nor why Kopernio would even want to do such a thing. I save usernames and passwords in my browser for convenience, which sync across all of my devices so will be stored in a server somewhere. The way it’s set up, the developer can’t and won’t access the passwords, but I expect it would be technically possible to change the code to allow this. The way I see it, Kopernio storing my institutional credentials is really no different. If you’re a tinfoil-hat privacy enthusiast, then I wouldn’t expect you to install any third-party browser plugins that need to scan every webpage to function, whatever their purpose may be; that’s your choice. I personally prefer convenience!

As far as I can tell, Kopernio is a fairly young company and the plugin is still imperfect and under further development. Why is everyone so keen to project conspiracies and loopholes onto it? I’m sure they’ll develop more features in time, and perhaps they’ll find a way to make it work with fewer browser permissions. For me, the convenience outweighs any potential concerns about sinister hypothetical features that may or may not be possible…

One thing to keep in mind is that storing passwords and credentials in the browser is not bulletproof. Last year, an analysis found security flaws in most of the major password managers. (https://thehackernews.com/2017/02/password-manager-apps.html) This is one concern, especially when academic access credentials are being actively sought by Iranian and Russian hackers (https://scholarlykitchen.sspnet.org/2018/03/28/51123/). Remember, these can give access to more than content (https://scholarlykitchen.sspnet.org/2016/05/19/sci-hub-and-academic-identity-theft-an-open-letter-to-university-faculty-everywhere/). So I think this goes beyond dismissing it as “tinfoil-hat” conspiracies.

Just for the record: the service from Digital Science is actually called “Anywhere Access” and not “Access Anywhere”. Although both of these names are previously and currently used by other services (VPN, online banking, etc.), which makes it probably not the most original choice for their brand new brand.

Kent, it’s disappointing that you chose such a hackneyed framing here as RA21 being about publishers vs libraries. If you look at what is actually going on, there are many librarians and even a library community organization like NISO supporting it, while there are also many medium size publishers who fear its implications but are afraid of speaking out. My own view is to fear of the data empires that RA21 is emboldening, as I discussed at length here https://scholarlykitchen.sspnet.org/2018/01/22/identity-everything/

For those interested in the underlying strategic dynamics informing the work around these plugins, which are just the tip of the iceberg, I’ve also written about the vision of truly seamless discovery and access that motivates many of the companies at work here: https://scholarlykitchen.sspnet.org/2018/05/03/supercontinent-scholarly-publishing/

I agree that data ownership and privacy issues should be at the heart of this discussion. User control of their identity and data is essential, which is why examinations like yours are helpful and RA21 is not.

Thanks, Roger. In discussing these plug-ins and RA21 with various publishers and publishing consultants as this piece came together, what you call a “hackneyed framing” emerged as one that many still perceive as a true division of perspectives in the community. For instance, I’ve never perceived NISO as a “library community organization” but rather a multi-stakeholder organization with publishers, vendors, libraries, institutions, and technologists (and others) involved in its activities. And, yes, there are people who are worried about RA21, but the opinions I encountered writing this were about how data ownership and privacy issues are discussed fulsomely and negatively when RA21 comes up, but the other companies and offerings seem to get a pass. That’s one of the points that emerged, and it’s a point of some frustration.

The one proclaims itself a standard approach that everyone will and eventually must follow when IP authentication is retired. The others are tools that are available based on consumer choice, which your piece hopefully helps further information. One is a sort of standard and the others are marketplace offerings. That is the key difference.

And yet it’s interesting that one developed in collaboration with more of the community is getting more flak from parts of that community, even though the others might be more intrusive. I don’t know that it’s relevant whether it’s “sort of standard” or not, because in reality a marketplace offering can become a de facto standard if adopted widely enough (i.e., Google search, QWERTY, MP3, PDF — all marketplace offerings that are de facto standards now).

Kent, you need to follow me on Twitter more closely! Just last week I had an extensive exchange with a group of librarians about our concerns about privacy issues and data tracking by Kopernio.

I’ll keep that in mind. Can you share a link to the exchange for people?

Given how inefficient it can be to try and follow the convo in a branching twitter exchange, I think it’s probably more useful for SK readers if I just summarize:

Concern discussed …. because K installs in active mode (and can’t seem to be disabled only uninstalled), K has access to not just what scholarly articles you access but all websites that you visit (because it is actively scanning for DOIs). So, did you visit a website that is about your religion? A partisan website on a political issue? Access information about a sensitive health or personal issue? All trackable. Not clear how to opt-out or delete your data from the system. Hence, major privacy concerns/questions.

Everyone is talking about privacy and data tracking issues which is good but not the only thing we should be discussing.

The particular inherent issues with RA21, as I see them, are cost and the wide spectrum of technical expertise/support at the libraries of institutions of higher education. Not my distrust of publishers. The RA21 solution was built without taking a closer look at the current state of authentication in academic libraries and pragmatically examining how to solve the issue of secure authentication and ease of use. These are problems publishers, librarians, and users would all love to solve.

Without getting into technical weeds, RA21 would be a “new” authentication system for institutions. This would require funds, both upfront and ongoing. In addition, this project assumes intuitions have the framework (and again funds) to support a new authentication technology. This is simply not the case. The problem is that with the project, already cash strapped institutions are being asked to bear additional straight and support costs. Here in Ohio, we have a handful of institutions that could in theory manage the cost and needed technology (and also have the appropriate relationship with their campus IT in place – but this is another topic for another post). The reality is that the majority of institutions (some large, most medium and all small) would be very hard pressed to implement and maintain such a program.

It is a worthwhile project for sure but the entire community needs to agree to a pragmatic framework that addresses the cost and need for technical expertise. That is where I see frustration. It’s not skepticism.

Fair points well-stated. As mentioned, technology is not cheap, and it will take money into the system for us to continue to improve and evolve it. I think one of the more misleading ideas that took root years ago was that technology is cheap. It’s a proxy for people, and people are not cheap, especially those with the skills we need. Very glad you emphasized and clarified this.

Amy – RA21 is built on top of Shibboleth and SAML, which already has a large installed based in academic institutions across the world. It absolutely does not require “new” authentication technology to be put in place for institutions who already have SAML Identity Providers (IdPs).
Now, of course, not every institution has SAML in place, which is where we think the large installed base of Proxy Servers will help. We expect over time that Proxy Servers will also be able to operate as “SAML bridges” which will enable a smooth transition to RA21 over time as service providers support it.

Hi Chris,
Yes, I understand the technology on which RA21 is built. I happened to survey the OhioLINK membership (120 academic libraries in 91 institutions across Ohio) about their authentication practices (https://www.slideshare.net/BaltimoreNISO/pawlowski-and-beadles-authentication-and-access-of-licensed-content-in-ohio?ref=https://www.niso.org/events/2018/05/digital-libraries-authentication-access-security-information-resources). In Ohio, the large majority of academic libraries are not using SAML or LDAP, they are simply using Patron API (slide 13).

Amy – very interesting; thanks for posting. Would you be open to an offline discussion with some RA21 people? We’ve be interested in understanding more about the challenges you anticipate in adopting SAML.

Kent – Thanks very much for your post. As someone who regularly confronts the irony discussed in your post, I’m grateful that you’ve illuminated the fact that an open, community-driven initiative seeking to develop a free, privacy-preserving access option has faced more public skepticism than the commercial offerings you mention.

Your post did not reference Google’s CASA option, which would seem to fall into the same camp as these other offerings, and also seem have the effect of allowing Google to harvest information about the reading habits of researchers. Was CASA’s omission deliberate?

Hi Ralph. Thanks for the kind comments. Including RA21 was a borderline call here, and some of the people I asked to review the post prior to publication questioned including it. However, I wanted to draw the comparison for some of the reasons you’ve mentioned. I agree, the Google CASA option is another commercial offering that needs a hard look. I don’t disagree with companies gathering data (the company I run gathers data from users, and any online company has to, to an extent), but the amount of data gathered has to be limited and justified. Google is so pervasive — and was recently caught not deactivating location tracking when users explicitly turned it off, which may lead to a major lawsuit (https://www.mercurynews.com/2018/08/20/google-location-tracking-lawsuit-seeks-to-include-virtually-anyone-with-a-phone/) — that CASA merits some careful examination. I just didn’t have the time or space to dive into it. Thanks for raising the issue.

Is there any reason an “open, community-driven initiative seeking to develop a free, privacy-preserving access option” (to quote… regardless of if I agree) shouldn’t face “more public skepticism than the commercial offerings”? Personally, I think our attention should be commensurate to the likelihood of wide-scale adoption and potential impact … and my money is always on projects backed by STM, Elsevier, etc for wide-scale adoption and impact (whether I like it or not).

Hi Kent,

Thank you for including LibKey in the discussion. To clarify a bit, LibKey is not focused just on Green OA content. LibKey is an API based technology that provides one-click access to millions of articles, including both subscribed titles and open access. LibKey is an externalization of a technology integral to our flagship product BrowZine and one that has been developed over the past six years. More information is available in our recent announcement https://thirdiron.com/2018/08/introducinglibkey/

Kent – I’d like to add my thanks for this very timely article, which coincides with publication today of a position statement from RA21 contrasting differences in the approach we’ve taken with the recent crop of what we are terming “Access Broker” services: https://ra21.org/index.php/what-is-ra21/ra21-position-statement-on-access-brokers/

By following an open, community-driven process, RA21 welcomes scrutiny of and feedback on our approach. We are happy to see that the community is now starting to ask some of the same questions of the providers of other solutions.

Thanks, Chris. That’s a good term. I had no idea this would coincide with what you’re doing, but sometimes there’s something in the air.

Hey Kent,
Thanks for discussion of Unpaywall! There’s lots I like about this post, but would appreciate it if you could correct one notable error: Unpaywall does NOT collect personally identifiable information (PII).

Our server does log IP addresses for technical/bugfixing purposes, but these logs are purged after seven days. Moreover, IP addresses are *not* generally considered PII unless they can be linked to other data such as names, emails, user accounts, etc. [1] We don’t have any information of that kind, since Unpaywall requires no name, login, account, or email to use. It’s completely anonymous. In fact, of the tools you cover, I believe Unpaywall is the only one which does not require any kind of credentials or account to use. We don’t do anything special to honor “do not track” requests because we are already “do not track” for all users, all the time.

I can understand how this was unclear based on our privacy policy that you mentioned, and that’s our bad…we’ll modify that document to clarify our policy (the problem is that we were trying to cover multiple different products with one policy which was dumb).

Also, do feel free to get in touch any time you want to write about us, in case you have any questions…I know we don’t agree on everything, but I also know you’re doing your best to be accurate and informative, and we’re always happy to chat with you.
Best,
Jason
[1] https://www.enterprisetimes.co.uk/2016/10/20/ecj-rules-ip-address-is-pii/

PS “happy warrior” may have to go in my email signature…. 😛

Hi Jason. Thanks for the details. I do think you should take a harder look at your privacy statement, as it does describe Personal Information as what you collect, including IP addresses, device information, etc. There is extensive language about how you use Personal Information, as well. So, I think the post is fairly accurate at least as far as your privacy policy goes.

Glad to have inspired you with a new monicker! I’d be honored to have it, as well.

“what if someone were to make a plugin as simple and effective” People already did this! but fortunately/unfortunately this ain’t available in chrome store. But there is a way around to get this running.

Comments are closed.