What browsers might LibKey Nomad work on and which are not officially supported by Third Iron?
In theory, any browser built on Chromium should be compatible with LibKey Nomad, however, because these browsers are rapidly developing, they are not officially supported.
Are there any security risks for my users in using Nomad? How and when is data transferred to your servers?
LibKey Nomad is designed to meet contemporary privacy and security standards. The key elements to the security of LibKey Nomad are:
- There are no user accounts involved so we never ask for any personal information from the user.
- The LibKey Nomad scripts within the extension only execute on supported publisher pages and on a few select domains such as PubMed and Wikipedia in order to deliver unique enhancements to each site.
- We do not cache user credentials for the SSO, proxy servers, etc. Remote access is governed solely by the existing remote authentication system at your institution. LibKey Nomad only forwards to those services and they then otherwise function as normal.
- LibKey Nomad runs scripts in the browser that looks for unique article identifiers (DOI or PMID) for the article, sends the identifier information to our LibKey API service. The API returns linking information to forward the user to the article of interest via your existing authentication routes. The Nomad browser extension handles all token requesting/issuing to provide authentication to this endpoint.
- LibKey Nomad is CORB compliant (More information on CORB).
LibKey Nomad may also interface with the non-profit OADOI project
to check for the existence of OA alternatives to articles.
Selecting an institution is as simple as downloading the application from the Chrome Extension Store and then selecting your subscribed institution when prompted. Visibility of any particular library is determined by the institution's subscription status with Third Iron. Additionally, institutions may elect to not make Nomad available to their users.
When I install the extension I'm warned by Google Chrome that the extension can "Read and change all your data on the websites you visit". This sounds concerning. What does this mean?
LibKey Nomad can see and change pages on any site, but it only takes action when it is within an allowed list of domains known to the LibKey Nomad browser extension that is made up of hundreds of publishers and discovery platforms. If the domain is in the approved list, Nomad may alter the appearance of the website by inserting download links, links to BrowZine, and cover images as appropriate. The only data sent to the Third Iron server in this process includes the affiliated Library's LibKey ID, an API Key, a DOI and/or PMID, and the requesting IP. This IP is used only for standard web server log data and when determining authentication requirements.
Where can I read more about the benefits of LibKey Nomad for researchers?
Additional Questions or Concerns?