Yesterday the EFF weighed in for the second time on the Adobe spying scandal, offering a belated confirmation of both my initial report as well as a confirmation that Adobe has updated Digital Editions and stopped the spying.
When I first broke the news last month I reported that Adobe was tracking what users were doing inside Adobe DE 4, and that they were also scanning my ebook library and uploading all of the metadata to their servers.
While the tracking was readily confirmed, the scanning was not witnessed by more than a handful of technical experts. Now we can add the EFF to that list. Working from instructions I gave them, the EFF reported that:
We were also able to reproduce the results of the experiment run by The Digital Reader. To perform these tests we again used Wireshark. We plugged a Sony Reader PRS-600 into a computer with ADE installed. When we started ADE with the reader plugged in, we observed ADE sending back data about what has been happening on the reader such as books added and deleted from the reader. Books which were never opened in Adobe Digital Editions.
We were also able to confirm that Adobe Digital Editions gets information from other e-readers that simply have Adobe software installed on them, such as the Sony Reader, Nook, and Boyue. Of course, there may be other readers that are also susceptible.
The EFF goes on to report that they tested the new version of Digital Editions (4.0.1). Their tests went one step further than the other reports I have received; in addition to testing with Wireshark, they also used Fiddler to to track the encrypted data which Adobe was sending to itself. Not only can they report that Adobe is using encryption, the data being sent to Adobe's servers really was limited to only the information required for DRM purposes.
This is what Adobe claimed in their initial response last month, and now it is finally true.
There's not much new to be said about this story, but the EFF did have a cogent codicil.
Adobe was able to spy on users because they had made their DRM one of the core technologies for the consumer ebook market. And as we know from Cory Doctorow's Law, "Anytime someone puts a lock on something you own, against your wishes, and doesn't give you the key, they're not doing it for your benefit."
Similarly, the EFF proposed a corollary to Doctorow's Law: "Anytime someones collect information about you, without your knowledge and against your wishes, they're not doing it for your benefit."
That is clearly true in the case of Adobe.
image by laverrue