On the subtle dangers of exporting a document with Paperpile-generated references

Continuing the discussion from Disable PDF Links/Bibliography Control:

I wanted to follow on that earlier thread that I still think the current approach to manually removing Paperpile references is suboptimal and in fact is dangerous.

It is not impossible that the author of the document forgets about doing this explicit export (especially since there is no clear indication in the document that references are linked, unless one does a mouse over). Once this happens and the document is “out in the wild”, there is no way to restrict access to the linked references (other than manually removing all linked references from Paperpile, I guess). As a result:

  • it then becomes possible for the recipient of the document to learn the identity of the reference owner (real name is conveniently provided by Paperpile on the linked reference page!). Considering that many of the users in the Paperpile community are academics, this can reveal the identity of the author and create problems in the blinded review process.

  • it is then even possible to Edit or Delete the linked reference that does not belong to the link recipient!

The screenshot below was taken for the linked bibliography item opened in “Incognito” mode:

How can this possibly be a feature?!! Makes absolutely no sense to me!

I’ve just realized that this very scenario happened to me, while working on a paper submission. Two of my previous submissions of the papers, which were supposed to be double-blinded, had links in the PDF document bibliography references that could be used to learn my name, because I did not realize this was a “feature” of Paperpile, and did not even think about exporting a clean copy! This motivated me to write this separate post/thread.

Not sure if the Paperpile folks want to address this (if they don’t, I think it is just a matter of time this can become a big problem), so Paperpile users - beware of this subtlety!

I would suggest to the Paperpile team to have a global setting that disables URLs in the bibliography list for all documents created, or ideally introduce granular control over who can access linked references on a per-document basis.

Thanks for bringing it up. The situation is similar to authors submitting a Word document and forgetting to remove the meta-data with the user information or even comments that should not be read by reviewers. Clearly something one needs to be aware of.

However, this behavior is by design and is the core of our collaborative model. I follows the very common sharing paradigm “everyone with the link”.

How can this possibly be a feature?!! Makes absolutely no sense to me!

This feature is for the authors not for the readers. The authors need to have access to the references (also authors who don’t have a Paperpile subscription).

To submit a clean document without private links, we’ve added a way to remove those links. I agree we should find a way to document this behavior more clearly. We have planned a new knowledgebase with more documenation and will address this issue there.

I don’t agree this is a common sharing paradigm. A common sharing paradigm is implemented in products like Google Drive and Dropbox, where the owner controls who can access the link. In my opinion, you implement a very non-conventional paradigm.

I disagree.

When a document is proof-read, it is not obvious that the references are linked, and what they link to - they show up as plain text. I used other reference managers in the past, and I don’t think any other one does this.

In any case, these are my personal opinions. Having being burned, I hope I will not repeat my own mistake in the future, and I will warn my colleagues about this (those people I talked to were taken by complete surprise about this feature).

[quote=“stefan, post:2, topic:1063”]
We have planned a new knowledgebase with more documenation and will address this issue there.

Stephan, accept it - users tend not to read documentation or knowledge bases (here’s a fun read for you). For issues of such importance, you need to communicate the information more efficiently.

As a quick workaround, you could automatically generate a disclaimer text and put it right before the references list stating that the references are linked and of the implied dangers.

I agree we should communicate this better. Still there are many reasons including technical ones why we need those links. They are not optional.

Once you realize that the references are linked you are in control who you share it with so I think the “anyone with a link” model still applies.