The bad news is that we don't know for sure whether Adobe is still spying on users, because (and here's the okay news) they say that they are now encrypting the data uploaded to their servers. According to the changelog posted by Adobe, one of the new features is:
Enhanced security for transmitting rights management and licensing validation information. With this latest version of Digital Editions 4.0.1, the data is sent to Adobe in a secure transmission (using HTTPS).
I got the tip from Adobe a couple hours ago, after having run several tests I can confirm that the data uploaded to Adobe's servers is no longer being sent in clear text.
I can't speak as to the quality of the encryption or what data Adobe is collecting, but at least they have taken the basic step of making it difficult for everyone in the world to listen in when that data is sent to Adobe's servers.
Update: I've heard from another tester who identified that Adobe was using SSL, and that it didn't appear to be sending any data at all (for DRM-free ebooks). But if you activate a DRMed ebook Adobe does send a lot of encrypted information. Removing that DRMed ebook stopped the app from sending info. Thanks, Michael!
Second Update: I have an independent confirmation that Adobe only uploads data after a DRMed ebook has been activated.
For those just tuning in, earlier this month I broke the news that Adobe's newest ebook app was logging users' reading habits and scanning the storage of any attached ereader and uploading that data to Adobe's servers in the clear.
After my initial report was confirmed by Ars Technica, the shit hit the fan. Following criticism from the EFF and from librarians, leading to a partial admission from Adobe that they had been collecting data "in accordance with their privacy policies" (which just goes to show that Techdirt is right; such policies are a joke).
You can find a timeline of events on my original post.
My report has sparked a debate in the ebook world over just what activities are acceptable. Some took the position that Adobe's actions were similar to the conveniences that we take for granted with the major ebook platforms (and web services in general). That would be a good point if not for the fact that Adobe was not providing me with any service which would require collecting that data, much less uploading to their servers.
The best you can say for Adobe is that they might have been intending to provide a syncing service in the future, possibly as part of the iPad app which I have been told is in the works, or as part of the ebook platform which they license to other companies (Kobo, B&N, Pocketbook, and so on). That could be true, but again Adobe was not providing that service and thus did not need to collect the data, much less upload it.
This is less a case of a company screwing up in supporting users than it is one of a major tech company grabbing more user info than is required and then, when they are caught, trying to write it off with a "My bad" and a promise to add encryption.
That is entirely the wrong response. What they should have said was that they would stop the spying, not that they would make it more difficult for the world to listen in.
Unfortunately there's not much that users stop Adobe. This company is too central to the ebook world and that means that we will have to do business with them at some point.
The best the average user can do is to use a firewall or other utility to block Adobe's apps from accessing the web, or possibly use one of the older versions of Adobe DE (which to the best of my knowledge does not collect user data).
Or we could always flee into the welcome embrace of Amazon, but many in the ebook world would call that a fate worse than death. Plus, there is no guarantee that Amazon is not collecting similar data on users.
If anything, this ensuing story has reminded us that there are maony circumstances where privacy is more of a figleaf than a reality. The best we can really hope for is that the services we use won't blab our person details to the world.
image by Soctech