Over the last year, EBSCO’s product team, in collaboration with NISO and the ALA Core Federated Authentication Committee, fostered several conversations about new privacy features rolling out to major browsers (such as Google Chrome, Apple Safari, Mozilla Firefox, and others). At that time, we shared some questions and concerns about whether these changes would impact how library patrons access electronic resources.
Nearly a year later, we’d like to share where these questions and concerns stand today based on what we have learned in conversations with the research community. Read on for updates.
1. Major browsers have deployed, or plan to deploy, enhanced features to help users protect their data privacy on the web.
This takeaway remains consistent nearly a year after EBSCO’s last blog post on this topic. Browser vendors such as Apple (Safari), Google (Chrome), Mozilla (Firefox), and Microsoft (Edge) are introducing new features to their browsers that provide enhanced data and privacy protection on the web.
At this time last year, some changes were yet to be scheduled for rollout to browsers. Now, some of these changes are available for users who opt-in or are in beta testing and scheduled for release to all users of a given browser.
Changes to browsers are targeting mechanisms commonly used for tracking users’ activities across websites. The most frequently mentioned features are as follows:
Blocking third-party cookies
- Apple Safari – default feature
- Mozilla Firefox – default feature
- Microsoft Edge – opt-in feature
- Google Chrome – beta feature; blocked in one percent of all Chrome browsers, default deployment estimated for 2025
Hiding the user’s IP address
- Apple Safari – opt-in feature
- Mozilla Firefox – opt-in feature
- Microsoft Edge – opt-in feature
- Google Chrome – in development; deployment estimated for 2025
Disabling link decoration by dropping certain URL parameters
- Apple Safari – default feature
- Mozilla Firefox – default feature
- Microsoft Edge – opt-in feature
- Google Chrome – beta feature; available for opt-in
Disabling bounce tracking to obscure a user’s activity across multiple websites
- Apple Safari – opt-in feature
- Mozilla Firefox – default feature
- Microsoft Edge – opt-in feature
- Google Chrome – default feature for any users with Third Party Cookie blocking enabled
2. EBSCO’s discussions with libraries have begun to focus on “hide my IP address” features in major browsers because these could potentially break access to electronic resources.
Which of the browser changes will most impact my library’s patron experiences? This is a tough question to answer because all libraries are different! Each organization uses a different combination of electronic resources, SaaS products, and authentication methods to enable their patrons’ optimal research experience. That said, EBSCO’s product team has narrowed the focus to one change that has the potential to break access to electronic resources: Hiding the user’s IP address.
Where IP obfuscation features are ready to be enabled—such as using Safari’s Private Relay feature—we can test how they impact the user experience. After testing, we can confirm that enabling IP obfuscation in Safari will disable the ability to access electronic resources using on-site IP authorization, where the incoming user is physically located in the library, on campus, or in the office and is granted access to a resource based on their IP address.
EBSCO’s data indicates that 63 percent of all successful access to our platform uses on-site IP access. This is a significant amount of traffic that could potentially break if – or when – IP obfuscation features are more widely deployed to major browsers and enabled by end users.
Furthermore, EBSCO’s data also indicates that some EBSCO customers use on-site IP access and do not have a remote authentication method enabled. Patrons of these institutions who enable their browser’s IP obfuscation will be unable to access electronic resources if no alternate authentication method is configured to “fall back to” when IP access fails.
3. EBSCO's product and technical teams have reviewed the current platform functionality and taken steps to ensure browser changes will not impact our products' core functions.
Although IP obfuscation features are a front-of-mind concern, EBSCO teams have assessed the potential impact of blocking third-party cookies, link decoration, and bounce tracking and have taken steps to mitigate or resolve risk.
- Third-party cookies are often used to "remember" a user's prior selection or preference or to integrate functionalities from disparate web domains. EBSCO's authentication does not rely on third-party cookies, and EBSCO continues to monitor changes rolling out to browsers to avoid impact on core product functionality.
- Link decoration is a tracking mechanism wherein a parameter is added to a URL that allows a user to be tracked across different websites. EBSCO does not use link decoration in our products. However, there has been some concern that complex URL formats used to access electronic resources could be "caught" in link decoration blocking mechanisms. Fortunately, some browser vendors have begun to share examples of link decoration that their mechanisms will block, and to date, these examples have not resembled commonly used e-resource linking.
- Bounce tracking uses additional mechanisms to track users who navigate between websites. Blocking bounce tracking may shorten sessions, especially when using specific authentication methods. However, at this time, bounce tracking blocking does not appear to present any hard obstacles to access.
EBSCO continues to communicate and listen for updates from browser vendors as well as organizations across the research community.
4. We may not see a significant impact from these browser changes, but we are monitoring timelines for Google Chrome’s rollout due to its nearly ubiquitous usage.
EBSCO’s data indicates that about 70 percent of sessions in our platform use some version of Google Chrome. As a result, we expect to see the true impact of browser changes when those changes deploy to Chrome browsers.
Although IP obfuscation is available to test in Apple Safari and Mozilla Firefox, we cannot measure or observe how often their features impact IP access because there are opt-in features. With the proliferation of “Hide My IP” browser features, it is unlikely that issues will appear as a sudden outage. It is more likely that the impact of these features will appear as a decline in the usage of library content and services over time.
Google provides some insight into its roadmap and timelines at its Privacy Sandbox. Its IP Protection feature is in development and slated for deployment to Chrome browsers in 2025. Some documentation indicates that Chrome’s IP Protection may not block all on-site IP access, but this has not yet been confirmed. Currently, our community’s discussion about this feature relies upon our ability to test it out in Safari and Firefox.
5. EBSCO, along with other community and industry organizations, recommends the adoption of remote authentication methods that will not be impacted by the obfuscation of on-site IP addresses.
If your library or institution relies heavily on on-site IP access, EBSCO recommends your team identify and set up an alternate/remote authentication method in EBSCOadmin or EBSCO Experience Manager. A step-by-step process can be found on this EBSCO Connect page, and EBSCO’s support experts are here to advise and facilitate the process.
In last year’s webinar and conference presentations, single sign-on has been identified as a standard, stable access method that does not rely on a user’s physical location.