Adobe Updates Digital Edition, Stops Sharing User Info With the Internet

102270156_9df8e81154[1]Adobe rolled out a new update for their Digital Editions Epub app today, and I have good news, bad news, and okay news. This is a relatively minor update to the month-old Epub app, and the good news is that it adds a full text search option as well as a new display window for search results.

The bad news is that we don't know for sure whether Adobe is still spying on users, because (and here's the okay news) they say that they are now encrypting the data uploaded to their servers. According to the changelog posted by Adobe, one of the new features is:

Enhanced security for transmitting rights management and licensing validation information. With this latest version of Digital Editions 4.0.1, the data is sent to Adobe in a secure transmission (using HTTPS).

I got the tip from Adobe a couple hours ago, after having run several tests I can confirm that the data uploaded to Adobe's servers is no longer being sent in clear text.

I can't speak as to the quality of the encryption or what data Adobe is collecting, but at least they have taken the basic step of making it difficult for everyone in the world to listen in when that data is sent to Adobe's servers.

Update: I've heard from another tester who identified that Adobe was using SSL, and that it didn't appear to be sending any data at all (for DRM-free ebooks). But if you activate a DRMed ebook Adobe does send a lot of encrypted information. Removing that DRMed ebook stopped the app from sending info.  Thanks, Michael!

Second Update: I have an independent confirmation that Adobe only uploads data after a DRMed ebook has been activated.

For those just tuning in, earlier this month I broke the news that Adobe's newest ebook app was logging users' reading habits and scanning the storage of any attached ereader and uploading that data to Adobe's servers in the clear.

After my initial report was confirmed by Ars Technica, the shit hit the fan. Following criticism from the EFF and from librarians, leading to a partial admission from Adobe that they had been collecting data "in accordance with their privacy policies" (which just goes to show that Techdirt is right; such policies are a joke).

You can find a timeline of events on my original post.

My report has sparked a debate in the ebook world over just what activities are acceptable. Some took the position that Adobe's actions were similar to the conveniences that we take for granted with the major ebook platforms (and web services in general). That would be a good point if not for the fact that Adobe was not providing me with any service which would require collecting that data, much less uploading to their servers.

The best you can say for Adobe is that they might have been intending to provide a syncing service in the future, possibly as part of the iPad app which I have been told is in the works, or as part of the ebook platform which they license to other companies (Kobo, B&N, Pocketbook, and so on). That could be true, but again Adobe was not providing that service and thus did not need to collect the data, much less upload it.

This is less a case of a company screwing up in supporting users than it is one of a major tech company grabbing more user info than is required and then, when they are caught, trying to write it off with a "My bad" and a promise to add encryption.

That is entirely the wrong response. What they should have said was that they would stop the spying, not that they would make it more difficult for the world to listen in.

Unfortunately there's not much that users stop Adobe. This company is too central to the ebook world and that means that we will have to do business with them at some point.

The best the average user can do is to use a firewall or other utility to block Adobe's apps from accessing the web, or possibly use one of the older versions of Adobe DE (which to the best of my knowledge does not collect user data).

Or we could always flee into the welcome embrace of Amazon, but many in the ebook world would call that a fate worse than death. Plus, there is no guarantee that Amazon is not collecting similar data on users.

If anything, this ensuing story has reminded us that there are maony circumstances where privacy is more of a figleaf than a reality. The best we can really hope for is that the services we use won't blab our person details to the world.

image by Soctech

About Nate Hoffelder (10960 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader: "I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

9 Comments on Adobe Updates Digital Edition, Stops Sharing User Info With the Internet

  1. So, Adobe is securely sending nothing?

  2. The other option is just not to buy DRM’ed books, or borrow them either. That would be a shame, because a lot of great authors are writing things worth reading these days, but there is enough classic literature in the public domain to last me a lifetime. Last I checked, I can still download from Gutenberg or Univesity of Adelaide without having to install ADE. Plus, there are some real gems to be mined from Smashwords, if you take the time.

  3. Is smashwords entirely DRM free? I’m not a purist, just asking if I have to check each book for DRM.

  4. To the best of my knowledge, Smashwords is completely DRM-free.

    • Ditto. But I’m not sure there is a guarantee on ebooks they distribute and that are sold elsewhere.

      They “support” DRM in their Library partnerships. (But I think it’s quite the only place where I find DRM almost legit)

  5. So Adobe’s solution to people discovering ADE is spying on users and sending the results in plaintext is to…encrypt the data, so people know longer know what information is being collected on them?

8 Trackbacks & Pingbacks

  1. Testing Adobe Digital Editions 4.0.1 | Meta Interchange
  2. Adobe schließt Sicherheitslücke bei Digital Editions » lesen.net
  3. O Privacy, Where Art Thou? | Beyond the Bookshelves
  4. Adobe is Spying on Users, Collecting Data on Their eBook Libraries - The Digital Reader
  5. EFF Confirms Reports of Adobe's Spying - The Digital Reader
  6. Adobe Digital Editions Launches on the iPad ⋆ Ink, Bits, & Pixels
  7. Adobe und EPUB: Licht und Schatten in der Welt der eBook-Tools | digital publishing competence
  8. O Privacy, Where Art Thou? - The Library

Leave a comment

Your email address will not be published.


*