About LibKey Nomad Safari Security Warnings

While installing LibKey Nomad on Mac, you will be asked to "Always Allow on Every Website..."



When you do this you may see a message like the below appear with an extra warning about the sensitive information that the extension could potentially read and alter.


Unfortunately, Safari does not allow developers to be more specific about what types of data is being read or what types of data is being sent to our servers.

In order for LibKey Nomad to automatically activate on websites while browsing the web, Nomad does need to be able to analyze the website that you are on and in cases where Nomad provides an in-line enhancement like PubMed or Wikipedia, it does need to be able to alter the webpage by adding the Nomad buttons within the context of these websites.  It is these behaviors which enhances the researcher's experience in getting to full text content quickly and easily.

However, we understand your privacy is important to you and we have no interest in gathering any information that is not necessary to perform the task that Nomad sets out to do.  In order to do this, Nomad:

1) Only analyzes the contents of the webpage for a DOI or PMID if the domain of the page the user is viewing matches a list of domains which are embedded into the Nomad extension code. This means Nomad never processes the contents of a web page unless its web domain matches a domain in Nomad's list of scholarly sites (like http://sciencedirect.com , http://wiley.com , http://wikipedia.org , etc.). Nomad will not execute its webpage parsing scripts within the browser if the domain doesn't match. Importantly, no information about your browsing behavior is EVER uploaded to our server for analysis, recording or processing.

2) If the domain is a match, then the local scripts in the extension look for a DOI and if it finds one, then a query is sent to the LibKey API with the following information: DOI or PMID of the article and the Third Iron Library ID (identifying which organization you belong to). Our systems use this information to locate access options for the article, and then responds appropriately indicating if full text is available, which then causes the extension to display a button on the screen. All parsing is done locally within the browser and only the simple article identifier and Library ID is transmitted to our server.

These procedures were formulated to keep the user's browsing history private and to minimize personal information from being sent to our servers. We regret that web browsers don't have a mechanism that allows Nomad to both work with library proxies and access the numerous scholarly publishing websites that it is able to enhance without causing additional security concerns. This is why Safari has painted all applications that provide this type of user benefit with such a broad brush, so we wanted to explain in detail what is happening behind the scenes within Nomad.

If you have further questions, please contact us at support@thirdiron.com.


Feedback and Knowledge Base