You have likely encountered changing privacy protections across the web — maybe that login you previously saved doesn’t recognize you, or maybe you’ve come across news that suggests Apple’s policy changes are likely to undermine ad-driven platforms like Meta and Google search. When it comes to adapting to new privacy protections coming into our web browsers, Heather Flanagan, co-chair of the W3C Federated Identity Working Group and “translator of geek to human,” says publishers need to be prepared. “Identity providers (or institutional subscribers, in this case), will have a part to play, but the onus will largely fall to service and content providers,” Flanagan predicts.
Our digital ecosystem for scholarly publishing is already feeling the impacts of these new privacy protocols, proving once again that our industry is not immune to commercial impacts from changes to mainstream tech providers. Apple, Google, Mozilla, and others are rolling out a series of changes to browser and device functionality, largely in response to market demands and user expectations, as well as consumer protection policies, like General Data Protection Regulation (GDPR), and legislation that enforces compliance with web accessibility standards.
These changes are bound to disrupt various methods of off-campus authentication for institutional subscribers, therefore risking lost usage and causing frustration for users. Browser privacy changes are also likely to break current modes of online advertising, society member access, and other aspects of the scholarly user experience, like personalization features. In this post, we outline what changes our community should be aware of and how we can prepare to mitigate the impacts on our partners and institutional customers.
Cookies and trackers
Perhaps the biggest area of change is for those browser features that monitor user activity across sites — for example, the features that result in seeing an ad in your news feed for the same pair of shoes you were just eyeing on your favorite retail site. In the scholarly world, this means that data-driven authentication and personalization tools, such as “more like this” article recommendations, could be affected. Ensuring user privacy in ecommerce transactions is a primary motivation behind intercepting these features, in particular bounce trackers, browser fingerprinting, and 3rd party cookies.
While Google has announced that such changes will not be fully rolled out for the Chrome browser and Android devices until 2023, Apple has been cracking down on 3rd party cookies for some time. Apple has been particularly focused on privacy for mobile browsing and their protocols now apply to Safari and any other browser used on an iPhone or iPad. And, the open-source player in the field, Mozilla’s FireFox has released new and enhanced privacy features to just about every update of the last few years. Many of these changes are already disrupting how many of us engage with enterprise software, like Microsoft Teams and Salesforce.
For all providers, in order to reduce the ways in which web services are tracking and recording data about users, key information like IP (internet protocol) addresses — seen as personally identifiable information — will be encrypted or otherwise obscured in the authentication workflow. That means any IP-based method of access control is at risk — such as proxy servers, a popular solution for off-campus access. Services using local browser storage to remember user identities, like SeamlessAccess, have already begun breaking. This spells further demise for IP as a means to authorization for institutional subscriptions and experts predict that libraries and publishers will see an increasing number of access systems failures over the next 2-3 years.
Identity management
For many institutional subscribers, content access is made possible via federated identity systems, which ensure a degree of privacy for users but also entail the sort of data sharing across sites that will be blocked by many browsers. Most of us have experienced federated identity when we use our Google or Facebook account to log into another service or app. In the scholarly communications ecosystem, federated identity standards and software enable off-campus access to resources licensed by an institution, which is considered the identity provider.
Identity management systems were designed to streamline the authentication experience; however, experts point out that current systems for institutional access were built on top of outdated web technology and are at risk of abuse. Because federated identity systems rely on data sharing across two or more organizations, their ability to function relies on the type of browser features that are being blocked. And, if browsers block those features that allow readers to gain access to a publisher database via their institutional identities, library and publisher service teams will face a deluge of broken links and frustrated users.
In the “Access Apocalypse?” panel discussion earlier this year, experts like Jason Griffey of NISO encouraged libraries and publishers to work together to prepare for these changing browser protocols on scholarly communications. Where libraries serve as identity providers and publishers are providing content services, we each hold key pieces of this puzzle and we must join forces in order to get a comprehensive view of the impact of these changes to how we engage with the mainstream web. This sort of collaborative effort should begin with evaluating our current systems and practices for areas of risk and educating our peers who are supporting users, developing websites, and enabling authorization licensed resources.
Some unknowns
While many of these privacy changes are already rolling out, there is quite a bit we don’t yet know for certain about knock-on effects for scholarly communications. Publishers are not currently at the table in setting browser protocols and web standards, so there are yawning gaps in what developers can test and what industry use cases receive attention from mainstream providers. Therefore, there are likely hundreds of situations that have not been considered as these new settings are released and they will only become apparent when users experience new roadblocks in their workflows.
These privacy changes have largely been focused on consumer experiences — or, in our industry, scholarly reader experiences — which means many use cases are not currently being considered. Without publisher voices in governance systems like the W3C, we’re unsure how authorship, reviewer, or editorial workflows will be impacted by these changes. At the time of writing this post, we are not aware of what accommodations are being made to support accessibility settings for those who rely on screen readers, keyboard controls, or other assistive technologies. This is a critical juncture for scholarly content and service providers to raise awareness and prepare to respond to these shifts in how everyone interacts with web-enabled systems.
Publisher action plan
Get involved – The easiest way for publishers to engage with these technological shifts is to participate in the relevant governance processes. This means joining W3C or NISO committees, contributing industry use cases, and amplifying the voices of those with a vested interest in digital scholarship. Unifying these voices could be even more impactful, by lobbying organizations like STM or SSP to serve as a cross-publisher representative within standards-setting bodies.
Develop a tech strategy – On a technological front, if your content platforms do not currently support single-sign on methods, then now is the time! Setting a strategy to move incrementally away from IP-based authentication is an investment in sustainable scholarly infrastructure. And, in the meantime, it makes good sense to leverage your platform and usage reports as an instrument for measuring potential impacts of browser changes.
Enroll market-facing teams – When it comes to operational plans, publishers should be preparing their sales, marketing, and customer service teams for an increasing number of system failures. In particular, those looking after the design of your web pages, user experience, identity management, and authentication should be given extra bandwidth to attend to these changes and help mitigate the commercial impacts. Establishing internal experts or a task force can help raise awareness and prepare cross-functional teams to respond to customer concern.
Inform your customers – On the communications front, it’s perhaps most important to prepare your institutional customers for the breakdown of expected browser features and authentication. Share knowledge via FAQ pages, webinars, and videos, and draw on the existing industry expertise dedicated to supporting scholarly access controls. We recommend surveying libraries and other institutional customers regarding their current infrastructure, so publishers are aware of all potential pitfalls. Setting up a dedicated channel for reporting access failures or broken links can both offer an organization some vital market data on how these changes are impacting your business as well as a channel for supporting effective access to licensed resources.
Utilizing Scholarly SEO
Scholarly publishing is not among the industries or consumer experiences considered by the engineers at Apple, Google, etc. But these impending browser privacy protections don’t have to adversely affect the performance of your organization and your reputation with libraries, users, and other consumers. Maverick has assembled a global team of Scholarly SEO experts who can help translate the inner workings of the mainstream web for the nuances of scholarly communications. Together, we can navigate these complex issues and develop a plan that mitigates negative impacts on your operations and users’ experiences. Maverick associates are happy to meet and describe how the Scholarly SEO program can help sustain your digital products and services. To arrange a meeting, contact lettie@maverick-os.com or info@maverick-os.com.
Download Maverick’s Scholarly SEO service sheet.
By Lettie Y. Conrad, Maverick Senior Associate, Product Research and Development
Lettie Y. Conrad, Ph.D., is an independent researcher and consultant with a passion for human-centric methods of product R&D. She has developed a specialty in driving efficient and effective information experiences in scholarly communications and works with a global portfolio of technology and content providers to deliver optimum user engagement with publishing platforms. She serves as North American Editor for Learned Publishing and is a ‘chef’ with the SSP’s The Scholarly Kitchen blog.