Adobe Updates Digital Edition, Stops Sharing User Info With the Internet

Adobe rolled out a new update for their Digital Editions Epub app today, and I have good news, bad news, and okay news.

This is a relatively minor update to the month-old Epub app, and the good news is that it adds a full text search option as well as a new display window for search results.

The bad news is that we don't know for sure whether Adobe is still spying on users, because (and here's the okay news) they say that they are now encrypting the data uploaded to their servers. According to the changelog posted by Adobe, one of the new features is:

Enhanced security for transmitting rights management and licensing validation information. With this latest version of Digital Editions 4.0.1, the data is sent to Adobe in a secure transmission (using HTTPS).

I got the tip from Adobe a couple hours ago, after having run several tests I can confirm that the data uploaded to Adobe's servers is no longer being sent in clear text.

I can't speak as to the quality of the encryption or what data Adobe is collecting, but at least they have taken the basic step of making it difficult for everyone in the world to listen in when that data is sent to Adobe's servers.

Update: I've heard from another tester who identified that Adobe was using SSL, and that it didn't appear to be sending any data at all (for DRM-free ebooks). But if you activate a DRMed ebook Adobe does send a lot of encrypted information. Removing that DRMed ebook stopped the app from sending info.  Thanks, Michael!

Second Update: I have an independent confirmation that Adobe only uploads data after a DRMed ebook has been activated.

For those just tuning in, earlier this month I broke the news that Adobe's newest ebook app was logging users' reading habits and scanning the storage of any attached ereader and uploading that data to Adobe's servers in the clear.

After my initial report was confirmed by Ars Technica, the shit hit the fan. Following criticism from the EFF and from librarians, leading to a partial admission from Adobe that they had been collecting data "in accordance with their privacy policies" (which just goes to show that Techdirt is right; such policies are a joke).

You can find a timeline of events on my original post.

My report has sparked a debate in the ebook world over just what activities are acceptable. Some took the position that Adobe's actions were similar to the conveniences that we take for granted with the major ebook platforms (and web services in general). That would be a good point if not for the fact that Adobe was not providing me with any service which would require collecting that data, much less uploading to their servers.

The best you can say for Adobe is that they might have been intending to provide a syncing service in the future, possibly as part of the iPad app which I have been told is in the works, or as part of the ebook platform which they license to other companies (Kobo, B&N, Pocketbook, and so on). That could be true, but again Adobe was not providing that service and thus did not need to collect the data, much less upload it.

This is less a case of a company screwing up in supporting users than it is one of a major tech company grabbing more user info than is required and then, when they are caught, trying to write it off with a "My bad" and a promise to add encryption.

That is entirely the wrong response. What they should have said was that they would stop the spying, not that they would make it more difficult for the world to listen in.

Unfortunately there's not much that users stop Adobe. This company is too central to the ebook world and that means that we will have to do business with them at some point.

The best the average user can do is to use a firewall or other utility to block Adobe's apps from accessing the web, or possibly use one of the older versions of Adobe DE (which to the best of my knowledge does not collect user data).

Or we could always flee into the welcome embrace of Amazon, but many in the ebook world would call that a fate worse than death. Plus, there is no guarantee that Amazon is not collecting similar data on users.

If anything, this ensuing story has reminded us that there are maony circumstances where privacy is more of a figleaf than a reality. The best we can really hope for is that the services we use won't blab our person details to the world.

image by Soctech

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

17 Comments

  1. puzzled23 October, 2014

    So, Adobe is securely sending nothing?

    Reply
    1. Nate Hoffelder23 October, 2014

      When it comes to DRM-free ebooks, it is sending nothing.

      Reply
  2. neuse river sailor23 October, 2014

    The other option is just not to buy DRM’ed books, or borrow them either. That would be a shame, because a lot of great authors are writing things worth reading these days, but there is enough classic literature in the public domain to last me a lifetime. Last I checked, I can still download from Gutenberg or Univesity of Adelaide without having to install ADE. Plus, there are some real gems to be mined from Smashwords, if you take the time.

    Reply
    1. Feda23 October, 2014

      You can also get DRM Free books from Baen and Tor

      Reply
  3. Andrew23 October, 2014

    Is smashwords entirely DRM free? I’m not a purist, just asking if I have to check each book for DRM.

    Reply
  4. neuse river sailor23 October, 2014

    To the best of my knowledge, Smashwords is completely DRM-free.

    Reply
    1. TheSFReader24 October, 2014

      Ditto. But I’m not sure there is a guarantee on ebooks they distribute and that are sold elsewhere.

      They “support” DRM in their Library partnerships. (But I think it’s quite the only place where I find DRM almost legit)

      Reply
  5. Peter23 October, 2014

    So Adobe’s solution to people discovering ADE is spying on users and sending the results in plaintext is to…encrypt the data, so people know longer know what information is being collected on them?

    Reply
    1. Nate Hoffelder23 October, 2014

      It also looks like Adobe stopped tracking DRM-free ebooks. That is a hell of a lot closer to what they should have been doing in the first place.

      Reply
  6. […] couple hours ago, I saw reports from Library Journal and The Digital Reader that Adobe has released version 4.0.1 of Adobe Digital Editions.  This was something I had […]

    Reply
  7. […] mit. Die Datenübertragung an die Adobe-Server erfolgt nun mittels https. The Digital Reader bestätigt außerdem, infolge des Updates würden nur noch Informationen zu kopiergeschützten eBooks […]

    Reply
  8. […] Library Association issued a statement on October 27, 2014 and Nate Hoffelder of The Digital Reader published an update on the privacy breach on October […]

    Reply
  9. […] Digital Editions 4.0.1 is released, and does not spy on users. […]

    Reply
  10. […] offering a belated confirmation of both my initial report as well as a confirmation that Adobe has updated Digital Editions and stopped the […]

    Reply
  11. […] have been telling me for about 3 months now that Adobe was going to release a Digital Editions app for the iPad, and that app showed up in […]

    Reply
  12. […] Adobe musste denn auch relativ schnell zurückrudern, räumte die Vorwürfe ein und stellte einen entsprechenden Patch zur Verfügung. Neben den reinen Fakten empfehle ich zur Lektüre dazu den Hintergrund-Artikel von Eric Hellman […]

    Reply
  13. […] Library Association issued a statement on October 27, 2014 and Nate Hoffelder of The Digital Reader published an update on the privacy breach on October […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top