{"id":19116,"date":"2022-01-22T11:39:37","date_gmt":"2022-01-22T09:39:37","guid":{"rendered":"https:\/\/www.wjst.de\/blog\/?p=19116"},"modified":"2022-05-31T15:08:41","modified_gmt":"2022-05-31T13:08:41","slug":"personalized-pdfs","status":"publish","type":"post","link":"https:\/\/www.wjst.de\/blog\/sciencesurf\/2022\/01\/personalized-pdfs\/","title":{"rendered":"Personalized PDFs"},"content":{"rendered":"

Scientific publishers are creating now more and more dynamic PDFs. Why do we know? There is an unexpected loading delay of a PDF<\/a> from Routledge<\/a> \/ Taylor & Francis<\/a> group that I observed recently. First I thought about some DDos protection, but is indeed a personalized document.<\/p>\n

\"\"<\/a><\/p>\n

These websites are all being contacted while creating this PDF:<\/p>\n

\"\"<\/a><\/p>\n

Scitrus.com seems to be part of a larger reference organizer network and links to scienceconnect.io. Alexametric.com is the soon to be retired Alexa internet \/ Amazon service. Snap.lidcdn.com forwards to px.ads.linkedin.com, the business social network. Then we have Twitter ads, Cloudflare security and Google Analytics. All major players now know that my IP is interested in COVID-19 research. Did I ever agree to submit my IP and time stamp when looking up a rather crude scientific paper?<\/p>\n

This is\u00a0 exactly what the German DFG already warned us <\/a>about last October<\/p>\n

For some time now, the major academic publishers have been fundamentally changing their business model with significant implications for research: aggregation and the reuse or resale of user traces have become relevant aspects of their business. Some publishers now explicitly regard themselves as information analysis specialists. Their business model is shifting from content provision to data analytics.<\/p><\/blockquote>\n

Another paper<\/a> describes the situation as “Forced marriages and bastards”…<\/p>\n

My question is : Will Francis & Taylor\u00a0 even do more? The structure of PDFs<\/a>\u00a0allows including objects including Javascript<\/a>. When examining “document.pdf” using pdf-parser<\/a>\u00a0 I could not find any javascript or my current IP in clear text.\u00a0 I cannot exclude however that the chopped up IP is stamped somewhere in the document. So I will have try again at a later time point and redo a bitwise analysis. of the same PDF delivered on another day.<\/p>\n

At least the DFG document says that organisations might argue that such software allows for the prosecution of users of shadow libraries. While I have doubts that this is legal, we already see targeted advertisement as I received this PDF from Wiley<\/a> that included an Eppendorf ad.<\/p>\n

\"\"<\/a>
Screenshot 20.1.2022<\/figcaption><\/figure>\n

When I downloaded this document a second time using a different IP it was however identical. Blood\/Elsevier only let’s you even download only after watching a small slideshow…<\/p>\n

\"\"<\/a>
Screenshot 20.1.2022<\/figcaption><\/figure>\n

16.3.2022<\/span><\/p>\n

There is now a frightening document about user tracking in science by @RenkeSiems<\/a> published at https:\/\/www.o-bib.de<\/a><\/p>\n

In recent years, the major science publishers have evolved away from publishing content providers to data analytics businesses. As platform companies, they generate high margins and use this capital to buy up alternative offers emerging from the science community and to expand into other business areas. The goal is to make themselves indispensable in all central processes of science control, so that we should see this as a vendor lock-in, just as it is known from the information sector. To this end, publishers have equipped their platforms with tools for comprehensive user tracking…<\/p><\/blockquote>\n

19.3.2022<\/span><\/p>\n

Finally, I found a Wiley PDF<\/a> that is different when downloaded at the same time using different proxies proxy. Text and layout is identical and even the binary structure when downloading within 5 sec from the same IP. Using a different proxy, however, gives different strings at the end of the document.<\/p>\n

\"\"<\/a>
binary comparison of the same document<\/figcaption><\/figure>\n

So far I don’t know what these strings indicate, 32 letters are too short for something executable, but long enough to store some identifier or geolocation. Frequency analysis<\/a> shows mainly e,d,c,a,f and digits eg hex code. Is it an IP6 IP address<\/a>?<\/p>\n

\r\nGerman Proxy\r\n630d:577e:0c28:fe7c:3934:f08c:6ddb:a93e\r\na3f4:840c:9efe:87b9:af97:df5c:2bf4:d9e6\r\nJapanese Proxy\r\ndb53:6013:615e:902a:805a:815c:229d:20da\r\n7f46:ee57:fa4a:e3a9:33c2:c1db:37e3:ebb8\r\nDutch Proxy\r\nf2a7:8db4:dd89:2c4c:dfeb:d352:87e0:5c18\r\ne606:c2e1:383a:bc21:ef35:58a1:6c54:a991\r\n<\/pre>\n
The length would fit an IP6 address. TBC.<\/p>\n
 <\/p>\n
31.5.2022<\/span><\/p>\n
Learned only today that back in January @json_dirs was able to identify also an hashcode injected by Elsevier. Interesting that “just” exiftool is sufficient for that.<\/p>\n
\n
More fun publisher surveillance:
Elsevier embeds a hash in the PDF metadata that is *unique for each time a PDF is downloaded*, this is a diff  between metadata from two of the same paper. Combined with access timestamps, they can uniquely identify the source of any shared PDFs. pic.twitter.com\/D9KxnXkMVu<\/a><\/p>\n
— jonny saunders (@json_dirs) January 25, 2022<\/a><\/p><\/blockquote>\n