Can Readcube (Macmillan's fauxpen access client) snoop on readers?

Prof. Henry Rzepa recounts his recent experience with installing and running Macmillan’s Readcube; a device to allow DRM’ed access to read-only scholarly literature. [I have not used it myself (and will not) but trust Henry absolutely to give an accurate account. Moreover Henry is not a scaremonger.  He looks for the unusual, and probes relentlessly, but if he was happy he would have said so.
Readcube is (I assume) closed source software so we don’t know how it works (and if you try to disassemble it you might end up in criminal court as it’s a DRM machine). It appears that you have to install it on your machine and also grant it privileges.
/pmr/2014/12/03/natures-fauxpen-access-leaves-me-very-sad-and-very-angry/#comment-473323

Re ReadCube and harvesting. I thought I might spend a few minutes carefully going through its application preferences searching for anonymity flags or other controls on what information might be sent by the program whilst it is open. I could not find any. I was looking for eg the type of setting in eg the Chrome browser “Send a do not track request with your browsing traffic”, the Safari “Ask websites not to track me” or Firefox “Tell sites that I do not want to be tracked”.
One might presume then that ReadCube and their greater organisation probably WILL be informed that a particular article has been loaded, along with its title etc. It would be an act of trust that eg the IP address being used has not been tracked. This information of course is not limited just to a particular publisher’s journal, but presumably to all content from multiple publishers loaded into ReadCube. Thus when I pointed ReadCube at a folder to see what it might do, I noticed entrained in that folder were flight boarding passes (yes I know they should not have been there), lecture notes, research progress reports, theatre tickets, and even the risk of a bank statement etc. Most of the digital-detritus of modern life! A lot of it inadvertent. All of course no doubt anonymised by ReadCube before statistical processing (a process controlled by an algorithm we know nothing about).
PS After a little effort, I managed to bulk-delete all the bulk-autoloaded entries in my ReadCube library, but probably not before any harvested metadata had been sent.

PMR: This worries me greatly. Why should Readcube be looking at client-side disks in the first place?? I’ll wait for other informed comments (I can’t investigate myself as I would almost certainly have to sign away rights to Macmillan). By I ask them:
(a) has ANY independent body certified that Readcube is “safe” to use or do we just “trust Macmillan”
(b) has ANY independent body certified that Macmillan’s use of community data adheres to acceptable standards.
 
 
 

This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to Can Readcube (Macmillan's fauxpen access client) snoop on readers?

  1. Forest Angstrom says:

    The general polemic rhetoric of the recent strong of blog posts aside, I have a couple real concerns with this post.
    { (a) has ANY independent body certified that Readcube is “safe” to use or do we just “trust Macmillan” }
    This is an absurd argument. ReadCube’s desktop software is more of an EndNote competitor than anything else. Do you ask the same of Thomson Reuters when you go to make citations in a paper?
    { (b) has ANY independent body certified that Macmillan’s use of community data adheres to acceptable standards. }
    Do you use Spotify? Facebook? LinkedIn? any modern web service? Are they publicly certified by independent bodies? It’s software, not pharma, there’s no FDA. Read the Privacy Policy, and don’t use the software/features if you don’t like it. Simple as that. Can’t have it both ways.

    • pm286 says:

      The general polemic rhetoric of the recent strong of blog posts aside, I have a couple real concerns with this post.
      >>{ (a) has ANY independent body certified that Readcube is “safe” to use or do we just “trust Macmillan” }
      This is an absurd argument. ReadCube’s desktop software is more of an EndNote competitor than anything else. Do you ask the same of Thomson Reuters when you go to make citations in a paper?
      Absolutely YES. I have no confidence in the transparancy or repeatability of citation analysis
      >>{ (b) has ANY independent body certified that Macmillan’s use of community data adheres to acceptable standards. }
      >>Do you use Spotify?
      NO
      >> Facebook?
      NO
      >> LinkedIn?
      NO
      >>any modern web service? Are they publicly certified by independent bodies? It’s software, not pharma, there’s no FDA.
      I argue there should be. We are carrying out our required work (science) with bodies in which we are asked to put absolutely trust.
      I don’t have to use Facebook and don’t. I do have to Use Macmillan, Mendeley, etc. Ad remember that it’s our material they are using
      >> Read the Privacy Policy, and don’t use the software/features if you don’t like it.
      Increasingly universities are mandating the use of Macmillan and Elsevier software.
      >>Simple as that. Can’t have it both ways.
      We spend nearly 20 billion with this industry. We have a right to be satisfied it functions securely.

Leave a Reply

Your email address will not be published. Required fields are marked *