Private/Public Collections and Server Code (or server hosting outside US)

Both of these features have been requested before, quite frequently in fact, and I would like to request them again.

I love Zotero, and I would love to contribute to ongoing development. The problem I have with large-scale adoption in my organization is the US Patriot Act. No matter how good your non-disclosure agreement is, the contents of your servers are still subject to the US Patriot Act, which means we can't put any sensitive data on them. I know it makes no difference for organizations located inside the US, but my organization is not.

I've got no problem sharing libraries with references that are in the public domain and I think the community as a whole would certainly benefit from this. I can't do this either because I can't easily separate some records as private and some records as public.

Here's what I'm asking for:

1) In the client, allow sync settings to be changed at the Collection Level, and let users specify a different server for metadata. This change will allow users to keep a private collection and a public collection. This could be implemented in other ways as well, perhaps with a record-level setting, but control at the Collection level seems to make the most sense.

2) Release the server code and/or run a server that is certified to be outside US jurisdiction for organizations that are not located in the US. If there is a server in Canada, for example, it becomes less important for us to run our own server. Another possibility could be strong encryption on the client-side. You'd have to sort out how to sync encrypted data (I'm not even sure whether this would be possible), but if the server never has the keys, this could be enough to address the security problem. We could even collaborate on the public server, by controlling key distribution ourselves.

Does anyone else have any better, more practical ideas, for addressing the US Patriot Act problem faced by organizations located outside the US?
  • I'm not terribly familiar with US Patriot Act and how it applies to organizations outside the US, but I did want to +1 the private collection feature request. Allowing certain collections in a user's library to remain offline, while making available other collections, seems a natural refinement of Zotero's feature set.

    My need for this comes from a division in my personal and professional libraries. I'd like to share some collections with colleagues and keep others to myself which only contain texts for personal enjoyment. I'm sure a lot of folks feel the same way. I'm ignorant of the code required for such a project, but I do hope the development team strongly considers prioritizing this one.

    Anyways, many thanks for a great program!

    Walker
  • If you read through the threads on this both requests are planned -
    releasing the server code is going to happen sooner than more customization in sharing, but devs have confirmed both features are planned.
    There are no reliable ETAs and there aren't going to be, either, so for the time being you'll just have to wait.
  • Let me just weigh into this discussion. I have just released version 2.0 of my phpZoteroWebDAV program which enables users to use their own (or, indeed any) php enabled webserver as a zotero sync target for attachments.
    Version 2.0 also introduces a library view of the synced library and the option of accessing the attachments synced to the own webserver.
    Note though that bibliographic metadata is still synced to zotero.org, so take this into account when deciding whether my program might help you solve your PATRIOT act related concerns.
  • (to avoid misunderstandings with this old thread revived - the Zotero dataserver source code has since been released: https://github.com/zotero/dataserver . It's _much_ harder to implement locally than krueschan's ZoteroWebDAV, so if the latter is sufficient for you needs, I'd strongly recommend going with that. This is just to clarify where developments are on the issues raised in this thread).
Sign In or Register to comment.