Issue 85: Privacy-busting Journal Article Fingerprints, Fraud in NFTs, Improve Your Life

Issue 85: Privacy-busting Journal Article Fingerprints, Fraud in NFTs, Improve Your Life

The middle of February already.
Time is flying; I hope you are having fun.
The threads this week:
Privacy-busting Fingerprints in Journal Articles
Fraud in NFTs
Improve Your Life
Feel free to send this newsletter to others you think might be interested in the topics. If you are not already subscribed to
DLTJ’s Thursday Threads
, visit the
sign-up page
.
If you would like a more raw and immediate version of these types of stories,
follow me on
Mastodon
where I post the bookmarks I save. Comments and tips, as always, are welcome.
Privacy-busting Fingerprints in Journal Articles
One of the world’s largest publishers of academic papers said it adds a unique fingerprint to every PDF users download in an attempt to prevent ransomware, not to prevent piracy.
Elsevier defended the practice after an independent researcher discovered the existence of the unique fingerprints and shared their findings on Twitter last week.
“The identifier in the PDF helps to prevent cybersecurity risks to our systems and to those of our customers—there is no metadata, PII [Personal Identifying Information] or personal data captured by these,” an Elsevier spokesperson said in an email to Motherboard. “Fingerprinting in PDFs allows us to identify potential sources of threats so we can inform our customers for them to act upon. This approach is commonly used across the academic publishing industry.”
When asked what risks he was referring to, the spokesperson sent a list of links to news articles about ransomware.
—
Academic Journal Claims it Fingerprints PDFs for ‘Ransomware,’ Not Surveillance
, Motherboard from Vice, 31-Jan-2022
Pretty incredulous…adding unique identifiers to the metadata of each PDF downloaded from Elsevier (the «fingerprint») somehow protects against ransomware.
Extraordinary claims require extraordinary proof, and it is not forthcoming from Elsevier.
I’ve seen no follow-ups from Elsevier on this Motherboard article, nor from the researcher that
discovered the fingerprinting
.
Look, if you’re employing a technique to go after researchers sharing PDFs of articles, own up to it.
I can see why you don’t want to, Elsevier…shared articles might cut into that $40-per-article charge you put on non-subscribers.
Either way…owning it or lying about it looks bad.
I can think of no plausible scenario where fingerprints in PDF files detect, prevent, or help prosecute ransomware.
Fraud in NFTs
[Cameron] Hejazi highlighted three main problems: people selling unauthorised copies of other NFTs [Non-Fungible Tokens], people making NFTs of content which does not belong to them, and people selling sets of NFTs which resemble a security.
He said these issues were «rampant», with users «minting and minting and minting counterfeit digital assets».
«It kept happening. We would ban offending accounts but it was like we’re playing a game of whack-a-mole… Every time we …