It has been some 16 hours since I first broke the news that Adobe was spying on anyone who installed and ran Digital Editions 4, Adobe’s latest and greatest ebook app, and while I still do not have a response from Adobe I do have some new information to share.
I have followed up on this story and looked into the earlier versions of Digital Editions, just to see how long Adobe may have been spying on users. After testing DE2 and DE3 I can report, and others can confirm, that neither app appears to be tracking my reading habits nor uploading details about my ebook library.
The older apps do send some information to Adobe, but the data packet is small enough that it can’t hold much more than info required to authorize the DRM. So if you need one of Adobe’s apps, you do have safer options than DE4.
Adobe DE 3 can be downloaded from the Adobe website.
While the news about the older versions of Adobe DE is not enough to get me to use an Adobe app again, I thought this information could prove useful for librarians, teachers, and industry pros. Speaking of which, my story yesterday is taking on a life of its own and it turns out to have ramifications which I hadn’t considered.
This isn’t just a privacy violation any more; now there are concerns about how this breach would violate NDAs. According to Richard Pipe of Infogrid Pacific:
We have thousands of publisher books on our production workstations, many under non-disclosure agreements. Fortunately we have not yet rolled ADE4 out for testing (because it can’t handle inline images amongst other silly things).
This is a timely warning of corporate irresponsibility. We will ensure our publisher production contacts are all made aware of this. From a production facility perspective this is somewhat intimidating. If someone wants to ADE4 test a book under non-disclosure it will have to be on an isolated workstation modified as Michael mentioned. For us that will become a production services sales feature!
I didn’t directly discuss this need for security in my post yesterday, but it was at the back of my mind. It was safe to assume that someone’s corporate IT dept would run security tests on the new app before deploying it, so Adobe should have known that this privacy and security breach would have been caught and likely publicized.
In any case, if you are looking for an alternative to Adobe Digital Editions, the older versions still work. But if you wish to avoid Adobe entirely, as I plan to do, you could try competing apps like Bluefire Reader for Windows.
Independently developed by Bluefire, this app was released earlier this year. I’ve run it through the same check that revealed Adobe’s spying, and so far as I can tell it does not spy on you. (Adobe has made me so paranoid that I am still double checking this.)
Bluefire does offer the feature of syncing your reading position between the Windows app and Bluefire’s apps for Android and iOS, so you can expect them to send at least some info back to their servers, but that feature is optional and this app does not require that you log in.
To be fair to Adobe, all of the major ebook platforms offer the option of syncing your reading position, and that does require that information be uploaded to their servers. But one would also expect that the info is transmitted in a secure manner, and not left visible to all and sundry.
Speaking of syncing options, Adobe might have been tracking the reading position with plans to offer a sync option of their own. I am told they have an Adobe DE iPad app in the works, and I can see that syncing between the PC app and the iPad app would be a useful feature.
However, this still does not excuse the lack of security, nor does it excuse the fact that Adobe scanned my ebook library and uploaded the metadata. That is beyond the pale.
image by nolifebeforecoffee