Zotero Connector Wants To Read and Change Data in Chrome?

EmmyTFT
Hi Zotero people.

I have downloaded Zotero Standalone with no issues. When I try and add the Chrome plugin Zotero Connector to directly capture webpages, I get the following pop-up warning:
'Add "Zotero Connector"? It can:
Read and change all your data on the websites you visit.'

Can you tell me what it means by 'read and change all your data'? I am reluctant to accept and install the Connector as this doesn't seem like something I want Zotero to do. So I haven't been able to start capturing webpages yet and populating my files.

Hope you can help,
Thanks.
  • adamsmith
    Zotero needs to be able to read data (i.e. the information displayed) on a webpage to be able to determine whether or not to display the URL bar icon and obviously, once you've clicked the icon, read and save the metadata to Zotero.

    Since Zotero does need to execute javascript code for that, it could theoretically alter what you see on a webpage, though it never will.

    Note, though, that this "Zotero" is the local version of the add-on. None of that is every seen by anyone but you (though Chrome, of course, can't know that, so it's right to mention that).
  • EmmyTFT
    Ok, but is Zotero tracking the information of all websites visited in the browser, and collecting that info somewhere, regardless of whether the page info is captured for Zotero libraries?
  • adamsmith
    of course not, no.
  • aurimas
    Privacy policy is outlined here https://www.zotero.org/support/terms/privacy though I think it's a little inaccurate when taking into account connectors (like the chrome extension), since connectors, in the absence of Zotero Standalone, communicate directly with Zotero.org to retrieve translator code as needed and, AFAIK, that cannot be disabled. So, since Zotero.org logs the IP address when requesting translator and it knows what translator you are requesting it could, in the extreme case, put the two together to know to some degree what websites a particular IP visits (given that Zotero has a translator for it). Of course this is quite limited by the fact that some translators are generic for multiple sites, we only have translators for a handful of websites, and that translators are cached locally for the session and not looked up in Zotero.org each time. In this case, there is very limited information that Zotero would be "tracking" and it couldn't function without these features. The policy, however, should not state that this can be disabled.

    I also don't recall how and if connectors report translator errors (in the absence of standalone). That would include more information, though, IIRC, nothing identifiable. I don't think you can disable that.
  • adamsmith
    (Just note that, while all true, everything aurimas writes only applies to the special case of using Connectors without Zotero Standalone, which isn't something we'd recommend if you can avoid it in the first place. Also, to be clear, he just outlines what's technically possible, not the data that Zotero actually collects.)
  • aurimas
    I think there are other possible privacy issues worth mentioning that should be made clear to the user. (These apply to all browsers)

    Using Retrieve Metadata and lookup by identifier features send user-entered data (via keyboard or from PDF) to third-party websites, like Google, worldcat, LoC, etc.

    Some translators (e.g. Amazon) may send similar data (e.g. ISBNs, URLs, etc) to third party services (e.g. WorldCat) in order to retrieve more metadata.

    IP addresses of the user, of course, are sent with those requests.

    All of the data that is being sent to third party services is subject to privacy policies established by those services, which the user may not be aware of or have agreed to.

    Also, some legislation (I believe European Union) requires displaying a notice to the user when a website sets browser cookies. When third party services are involved in the background (more commonly in Firefox), these cookies get set, but the user never sees the notice, since they never see the web page. Not sure if any websites we currently use are actually subject to this legislation though and whether that actually violates any laws anyway.
Sign In or Register to comment.