Following in the wake of the news that Adobe was tracking users' activities and then uploading the data to their servers without encryption, many ebook users, including librarians, readers, and even those in the digital publishing industry are wondering just how safe other Epub apps actually are.
At the request of several readers, I checked with Bluefire, one of the leading developers of Adobe compatible Epub apps. Bluefire makes an reading app for Android, iDevices, and Windows, but they use a very different standard when it comes to privacy:
We have been asked if we perform similar data collection in our free Bluefire Reader apps. The answer is No. While our apps are built on Adobe Reader Mobile SDK (RMSDK) versions 9 and 10, we are not aware of similar data collection by Adobe in these SDKs.
We do support an optional Bluefire developed sync feature that (when enabled by the user) sends anonymous, encrypted data to our servers. This data is used to sync the user’s reading location across the user’s activated reading devices. We also collect a limited amount of anonymous aggregated usage information. All of this is spelled out in our “Terms and Conditions” and “Privacy” statements.
We want you, our users, to know that we respect and value your privacy. While it is true that some technologies (like page location sync) require the transmission of user data, we believe that it is essential to implement these services in a manner that respects and protects the privacy of our users. We believe that our current apps meet this standard.
For those just tuning in, on Monday I broke the news that the latest version of Adobe Digital Editions was logging my reading activities and uploading the data to their servers in clear text. This feature, which has not been found in earlier versions of Adobe DE, was added for no clear reason. It involved collecting detailed into on everything a reader was doing inside of an ebook, including pages read, ebooks opened, and more.
Adobe defended the tracking with the claim that the data was "collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers". I'll leave it up to you to decide whether knowing which pages had been read will help with that purpose.
As for me, I will simply remind you that the data was sent in the clear.