Issue 85: Privacy-busting Journal Article Fingerprints, Fraud in NFTs, Improve Your Life

by  Peter E. Murray  ·   Posted on 
 ·  5 minutes reading time

The middle of February already. Time is flying; I hope you are having fun.

The threads this week:

Feel free to send this newsletter to others you think might be interested in the topics. If you are not already subscribed to DLTJ's Thursday Threads, visit the sign-up page. If you would like a more raw and immediate version of these types of stories, follow me on Mastodon where I post the bookmarks I save. Comments and tips, as always, are welcome.

Privacy-busting Fingerprints in Journal Articles

One of the world’s largest publishers of academic papers said it adds a unique fingerprint to every PDF users download in an attempt to prevent ransomware, not to prevent piracy.

Elsevier defended the practice after an independent researcher discovered the existence of the unique fingerprints and shared their findings on Twitter last week.

“The identifier in the PDF helps to prevent cybersecurity risks to our systems and to those of our customers—there is no metadata, PII [Personal Identifying Information] or personal data captured by these,” an Elsevier spokesperson said in an email to Motherboard. “Fingerprinting in PDFs allows us to identify potential sources of threats so we can inform our customers for them to act upon. This approach is commonly used across the academic publishing industry.”

When asked what risks he was referring to, the spokesperson sent a list of links to news articles about ransomware.

Academic Journal Claims it Fingerprints PDFs for ‘Ransomware,’ Not Surveillance, Motherboard from Vice, 31-Jan-2022

Pretty incredulous...adding unique identifiers to the metadata of each PDF downloaded from Elsevier (the "fingerprint") somehow protects against ransomware. Extraordinary claims require extraordinary proof, and it is not forthcoming from Elsevier. I've seen no follow-ups from Elsevier on this Motherboard article, nor from the researcher that discovered the fingerprinting. Look, if you're employing a technique to go after researchers sharing PDFs of articles, own up to it. I can see why you don't want to, Elsevier...shared articles might cut into that $40-per-article charge you put on non-subscribers. Either way...owning it or lying about it looks bad. I can think of no plausible scenario where fingerprints in PDF files detect, prevent, or help prosecute ransomware.

Fraud in NFTs

[Cameron] Hejazi highlighted three main problems: people selling unauthorised copies of other NFTs [Non-Fungible Tokens], people making NFTs of content which does not belong to them, and people selling sets of NFTs which resemble a security.

He said these issues were "rampant", with users "minting and minting and minting counterfeit digital assets".

"It kept happening. We would ban offending accounts but it was like we're playing a game of whack-a-mole... Every time we would ban one, another one would come up, or three more would come up."

Marketplace suspends most NFT sales, citing 'rampant' fakes and plagiarism, Reuters, 12-Feb-2022

This from the company that "sells tweets": "The U.S.-based Cent executed one of the first known million-dollar NFT sales when it sold the former Twitter CEO's tweet as an NFT last March." Cent seems to be recognized by Twitter with some kind of legitimacy to sell NFTs of tweets. At least to the extent that the CEO of Twitter acknowledged the sale of the tweet. But with everything NFTs, what is it that you are really selling, and is there any way of preventing someone from selling the exact same thing?

Late-breaking addition: on Tuesday, Bloomberg News reported that the winning bid for Melania Trump's NFT came from a cryptocurrency address traced back to the entity that put the item up for sale. That Bloomberg article is behind a paywall, but Motherboard has details as well.

Improve Your Life

  • Always be willing to miss the next train.
  • If you find an item of clothing you love and are certain you will wear for ever, buy three.
  • Don’t get a pet/do get a pet.
100 ways to slightly improve your life without really trying, The Guardian, 1-Jan-2022

From the thoughtful to the practical to the weird. Maybe try one or two this coming week?

Mittens Has a Question

Image of a tweet containing a picture of a black cat pawing the at the screen. On the screen is an image of Todd Carpenter during the NISO-plus conference.

My cat Mittens raising her paw to ask about how cats can participate in the metaverse during the q/a of ⁦@sivavaid⁩’s #NISOplus22 keynote.

"Yes, Mister Carpenter, I have a question for Siva Vaidhyanathan about the role of cats in the metaverse?"

The NISOplus 2022 conference is going on this week, and Tuesday's opening keynote was from Siva Vaidhyanathan: "Welcome to the Metaverse—The Profound Consequences of a Science-Fiction Vision". It was a fascinating, thought-provoking look at how technology has infiltrated our lives and what the current trajectory might hold. Topics that made me think...when was the last time I "logged on"? I mean, I'm constantly connected now. Was it when I replaced dial-up for a DSL connection? Was it when WiFi was added to the home? Was it when I got my first "smartphone"—a Windows CE device that had access to mobile internet? The gradual infusion (or, again, infiltration) of connectivity makes one wonder if some legitimate form of the "metaverse" is already here.