EFF Confirms Reports of Adobe’s Spying

EFF Confirms Reports of Adobe's Spying Adobe Security & Privacy Yesterday the EFF weighed in for the second time on the Adobe spying scandal, offering a belated confirmation of both my initial report as well as a confirmation that Adobe has updated Digital Editions and stopped the spying.

When I first broke the news last month I reported that Adobe was tracking what users were doing inside Adobe DE 4, and that they were also scanning my ebook library and uploading all of the metadata to their servers.

While the tracking was readily confirmed, the scanning was not witnessed by more than a handful of technical experts. Now we can add the EFF to that list. Working from instructions I gave them, the EFF reported that:

We were also able to reproduce the results of the experiment run by The Digital Reader. To perform these tests we again used Wireshark. We plugged a Sony Reader PRS-600 into a computer with ADE installed. When we started ADE with the reader plugged in, we observed ADE sending back data about what has been happening on the reader such as books added and deleted from the reader. Books which were never opened in Adobe Digital Editions.

We were also able to confirm that Adobe Digital Editions gets information from other e-readers that simply have Adobe software installed on them, such as the Sony Reader, Nook, and Boyue. Of course, there may be other readers that are also susceptible.

The EFF goes on to report that they tested the new version of Digital Editions (4.0.1). Their tests went one step further than the other reports I have received; in addition to testing with Wireshark, they also used Fiddler to to track the encrypted data which Adobe was sending to itself. Not only can they report that Adobe is using encryption, the data being sent to Adobe's servers really was limited to only the information required for DRM purposes.

This is what Adobe claimed in their initial response last month, and now it is finally true.

EFF Confirms Reports of Adobe's Spying Adobe Security & Privacy

There's not much new to be said about this story, but the EFF did have a cogent codicil.

Adobe was able to spy on users because they had made their DRM one of the core technologies for the consumer ebook market. And as we know from Cory Doctorow's Law, "Anytime someone puts a lock on something you own, against your wishes, and doesn't give you the key, they're not doing it for your benefit."

Similarly, the EFF proposed a corollary to Doctorow's Law: "Anytime someones collect information about you, without your knowledge and against your wishes, they're not doing it for your benefit."

That is clearly true in the case of Adobe.

image by laverrue

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

6 Comments

  1. fjtorres1 November, 2014

    Within the context of the interoperable epub ecosystem it is pretty clear whose interests they were trying to serve and, naturally enough, it wasn’t really Adobe’s. Which is why they stopped it so readily. They weren’t about to open a vein on their behalf.

    I would add one more quote: “The price of freedom (from intrusion) is constant vigilance.”

    You done good, Nate.

    Reply
  2. TheGreatFilter2 November, 2014

    >>Adobe has updated Digital Editions and stopped the spying.

    Well done, Nate. You did that.

    Reply
  3. DavidW2 November, 2014

    Yes you’re making a difference Nate!!

    Reply
  4. Moriah Jovan2 November, 2014

    Excellent work, Nate.

    Reply
  5. neuse river sailor2 November, 2014

    A little blog beat all the mainstream journalists to the punch. Bravo, Digital Reader!

    Reply
  6. TheSFReader3 November, 2014

    Indeed, congrats Nate, thanks for your vigilance 🙂

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top
%d bloggers like this: