(no title)
goatkarma | 6 years ago
Phishing scams are used to obtain the credentials of university accounts which are then used via a proxy on Scihub to obtain the requested article (it's quite clever..they seem to often silently proxy institution's Ezproxy with the phished credentials) . The same credentials given to Scihub are often not just used by Scihub, and are then used for further phishing or hacking by other third parties, causing harm to the phishing victim.
Having said that, library software providers and journal platforms should be looking at Scihub and learning from it. Users want an easy to use platform with minimal fuss or hoops to jump through.
Of course, this is just a tiny piece of the much larger problem of the rotten unsustainable commercial journal publishing ecosystem..
ovi256|6 years ago
Especially the gratuitously cruel "credentials given to Scihub are often not just used by Scihub, and are then used for further phishing or hacking by other third parties".
goatkarma|6 years ago
Not sure what sort of proof you want? "Gratuitously cruel" is quite an emotive description! The simplest example is the same phished accounts used by Scihub were also used to send more phishing emails to university and non-university email addresses.
Hopefully you'll see below from my other responses, I'm not here to turn people against SH (I admire it and what they did technically with creating their own proxy on too of other University proxies is really clever stuff!), but the access to articles need to come from somewhere, and I'm just pointing out my experience from working at a university (who I'm sure is sick of paying millions PA for resource access!).
matsemann|6 years ago
goatkarma|6 years ago
Random unaffiliated Scihub users in China contacting our University IT helpdesk after the phished accounts Scihub was using to proxy an article had reached it's EZproxy download limit and the 'you have been blocked' message they receive instructed them to contact our helpdesk!
Tepix|6 years ago
goatkarma|6 years ago
Here's the first Google link. It's far too alarmist but should at least give the gist. https://scholarlykitchen.sspnet.org/2018/09/18/guest-post-th...
One other point I missed that we have to often deal with : when phished accounts are used to mass-download PDFs, many publisher sites auto-block the IP of the requester, which in this case is the University's Ezproxy server. This then means no user at the university can access the resource till the block is lifted (or they could just use Scihub in the meantime :~D ).
cjslep|6 years ago
If you bothered to read TFA, you'd have realized this statement was already addressed by TFA's point on publishers mistaking Sci-Hub's appeal as "simple to use" like single sign-on. Which makes me question your credibility.
goatkarma|6 years ago
My perspective is from the University side of things so can only speak for that rather than from the perspective of users who do not have access to the content at all.
I've spoken to users who workflow consists of googling the article title to get the DOI, then putting that DOI into Scihub to get the PDF, without even going near the University's library system. Most of the time the Library actually has an electronic copy, but the process to get them, even with SSO, is laborious and confusing. Just look at the SSO login screens for different publishers sites : some say 'sign in with single sign on', others say 'institutional login', or 'Shibboleth login' etc. How are University users expected to jump through these hoops when the can search for the title or DOI and get the PDF instantly?