How problematic is this?

Someone at Berkeley Law has set up a really nice virtual library (on reproductive justice) based on a Zotero group

One of the things they do is to provide full text access to PDFs via the API, as on this page:

and it looks like the way they do that is by providing the api call including the private key, openly exposed on the page. Two questions about that:
1. From a security point of view, how much of an issue is that? I suppose they can (and hopefully have) restricted that key to read only access to that group. So that should be fine?
2. How worried are you about the copyright issue here, since technically Zotero is now hosting freely downloadable copyrighted material?

I'm asking mainly because I think this is a great example of the type of thing Zotero can be used for innovatively, but I'd like to be sure that it's actually "presentable" before promoting it as an example.
  • edited April 25, 2014
    I sent them a note — thanks. It's a great example of Zotero usage, but yes, exposing the download links directly isn't acceptable. The best way for them to do this would be to fetch the files on-demand from their server using those download URLs, cache the files for a while, and then serve them from their server. The end result would be identical, just with their own URLs instead of Zotero API URLs.

    (It's not so much a copyright issue — we don't know that this is unauthorized usage unless someone sends us a take-down notice — but this approach circumvents our public file-sharing policy.)
Sign In or Register to comment.