Tracking: German Research Foundation warns of “publishing Trojans”


The Committee for Scientific Literature Supply and Information Systems (AWBI) of the German Research Foundation (DFG) is sounding the alarm because of the increasingly aggressive “practices of digital tracking of scientific activities”. Scientific publishers are increasingly opening up data analysis as a business area. This “private knowledge industry” stands in contrast to the freedom of science.

The aggregation and resale of usage data have developed into relevant aspects of the activities of specialist publishers, writes the AWBI in one Data tracking paper for digital scientific resources. In doing so, personalized profiles, access and usage measurements as well as information on the length of stay at information sources would be tracked by researchers, for example during literature research, i.e. recorded and stored.

One means used for this is said to be Trojans, “which libraries are offered in connection with discounts for other services”. The spy software to be installed in the libraries collects biometric data such as typing speed and type of mouse movement in order to “personalize users despite the use of proxy servers and VPN tunnels”.

According to the authors, the Scholarly Networks Security Initiative (SNSI), founded by the major scientific publishers Elsevier and Springer Nature, serves this purpose. They argue that such spyware can be used to identify and legally prosecute users of “shadow libraries” such as Sci-Hub, LibGen, UbuWeb and AAARG. The “publishing trojans”, however, undermined the security of university networks and thus potentially exposed the institutes to “attacks of all kinds”.

According to the report, the portfolio of publishers for microtargeting and spying on users is enriched by trackers for page visits, “audience tools for aggregating various data sources into profiles” and so-called fingerprinters, which could also identify users who actually do not want to be tracked based on their browser settings. There are also tools for real-time auctioning of user data.

The instruments that intrude deeply into privacy mostly came from third-party providers such as Google and Facebook, as well as from specialized companies such as the big data platform BlueKai, which belongs to Oracle, according to the paper. In the case of providers such as the credit agency Acxiom alias LiveRamp, it is possible to synchronize online and offline life, since they also have data on purchases, driving licenses, TV consumption, electoral rolls and delinquencies.

In the real-time auctions of user data, according to the authors, a large amount of individual information such as localization data, IP number, device information and much more can be transmitted and linked to an identifier in order to reliably identify people without setting a cookie. The search for open ports on third-party computers and in networks is also often practiced in order to then smuggle in malicious or monitoring software under the pretext of fraud prevention or tracking.

“An example that has become public is the company ThreatMetrix, which, according to its own information, can identify 4.5 billion devices,” writes the DFG committee. She belongs to LexisNexis Risk Solutions, which in turn is part of the UK RELX group. Their solution is implemented on Elsevier’s ScienceDirect platform, for example, and thus at another RELX subsidiary. But even those who read articles in the magazine “Nature” are dealing with more than 70 trackers. Those affected would largely be kept in the dark about all of this.

“This creates extensive data collections on the scientific activities of individual and entire institutions in commercial hands,” complains the AWBI. This development could significantly interfere with the anonymity of researchers, which is fundamentally guaranteed under data protection law, and make scientific institutions jointly responsible for the violation of the right to informational self-determination, the authors criticized.

The tracking could also potentially promote “data abuse and scientific espionage” and could lead to personal discrimination against academics. There is also the risk that the tapped and collected mountains of information would be accessible to foreign governments and authoritarian regimes. The AWBI therefore sees the science organizations as challenged. You should ensure that the collection and use of data is not only legal, but also “based on ethical values”, if necessary.


To home page