Prof. Henry Rzepa recounts his recent experience with installing and running Macmillan's Readcube; a device to allow DRM'ed access to read-only scholarly literature. [I have not used it myself (and will not) but trust Henry absolutely to give an accurate account. Moreover Henry is not a scaremonger. He looks for the unusual, and probes relentlessly, but if he was happy he would have said so.
Readcube is (I assume) closed source software so we don't know how it works (and if you try to disassemble it you might end up in criminal court as it's a DRM machine). It appears that you have to install it on your machine and also grant it privileges.
Re ReadCube and harvesting. I thought I might spend a few minutes carefully going through its application preferences searching for anonymity flags or other controls on what information might be sent by the program whilst it is open. I could not find any. I was looking for eg the type of setting in eg the Chrome browser "Send a do not track request with your browsing traffic", the Safari "Ask websites not to track me" or Firefox "Tell sites that I do not want to be tracked".
One might presume then that ReadCube and their greater organisation probably WILL be informed that a particular article has been loaded, along with its title etc. It would be an act of trust that eg the IP address being used has not been tracked. This information of course is not limited just to a particular publisher's journal, but presumably to all content from multiple publishers loaded into ReadCube. Thus when I pointed ReadCube at a folder to see what it might do, I noticed entrained in that folder were flight boarding passes (yes I know they should not have been there), lecture notes, research progress reports, theatre tickets, and even the risk of a bank statement etc. Most of the digital-detritus of modern life! A lot of it inadvertent. All of course no doubt anonymised by ReadCube before statistical processing (a process controlled by an algorithm we know nothing about).
PS After a little effort, I managed to bulk-delete all the bulk-autoloaded entries in my ReadCube library, but probably not before any harvested metadata had been sent.
PMR: This worries me greatly. Why should Readcube be looking at client-side disks in the first place?? I'll wait for other informed comments (I can't investigate myself as I would almost certainly have to sign away rights to Macmillan). By I ask them:
(a) has ANY independent body certified that Readcube is "safe" to use or do we just "trust Macmillan"
(b) has ANY independent body certified that Macmillan's use of community data adheres to acceptable standards.