Skip to main content

Adobe is Spying on Users, Collecting Data on Their eBook Libraries

13844066275_2ea2f384e0[1]Adobe has just given us a graphic demonstration of how not to handle security and privacy issues.

A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe’s DRM for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s Epub app, seemed to be sending an awful lot of data to Adobe’s servers.

My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)  Edit: Adobe responded Tuesday night.

Update Timeline

And just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also tested this at my request and saw it with his own eyes.

Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.

I am not joking; Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything.

But wait, there’s more.

Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.

In. Plain. Text.

And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk.

Update: Further testing has revealed that the files being scanned were actually on my ereader, not my HD. I had not used ADE to load the files on to the ereader, and yet the app scanned them, made a list, and uploaded the list to Adobe.

And just to show that I am neither exaggerating nor on drugs, here is proof.

The first file proves that Adobe is tracking users in the app, while the second one shows that Adobe is indexing my ebook collection.

The above two files were generated using data collected by an app called Wireshark. This nifty little app can be used to log all of the information that is sent or received by your computer over a network. Muussler and I both saw that data was being sent to 192.150.16.235, one of Adobe’s IP addresses. Wireshark logged all of the data sent to Adobe, and on request spat out the text files.

3478950798_ac6ae2344e[1]

This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects.

On a technical level, this kind of mistake is not new. Numerous apps have been caught sending data in clear text, and others have been caught scraping data without permission (email address books, for example). What’s more, LG was caught in a very similar privacy violation last November when one of their Smart TVs was shown to be uploading metadata from a user’s private files to LG’s servers – and like Adobe, that data was sent in clear text.

I am sharing these details not to excuse or justify Adobe, but to show you that this was a massively boneheaded stupid mistake that Adobe would have seen coming had they had the brains of a goldfish.

As for the legal aspects, I am still unsure of just how many privacy laws have been violated. Most states have privacy laws about library books, so if this app was installed in a library or used with a library ebook then those laws may have been violated. What’s more, Adobe may have also violated the data protection sections of FERPA, the Family Educational Rights and Privacy Act, and similar laws passed by states like California. (I’m going to have to let a lawyer answer that.)

And then there are the European privacy laws, some of which make US laws look lax.

Speaking of Europe, the Frankfurt Book Fair is coming up later this week. Adobe will be exhibiting at the trade show, and something tells me they will not be having a nice trip. (I for one hope that the senior management is detained for questioning.)

In any case, I would highly recommend that users avoid running Adobe’s apps for the near future – ever again, for that matter. Luckily for us, there are alternatives.

Rather than use Adobe DE 4, I would suggest using an app provided by Amazon, Google, Apple, or Kobo. Amazon uses the Kindle format, and each of the last three ebook platforms uses their own unique DRM and Epub (-ish) file format inside their apps. (While Google and Kobo will let you download an ebook which can be read in Adobe DE, that DRM is not used internally by either Kobo or Google.)

None of those 4 platforms are susceptible to Adobe’s security hole.

Of course, I can’t say for sure whether those platforms are more secure and private than Adobe’s, but I’m sure they will be made more secure in the next few weeks.

images by arturodonateukCWCS

Similar Articles


Comments


fjtorres 6 October, 2014 um 6:24 pm

So, it only looks at epubs?
So it targets Kobo, Google, and Nook, but not Amazon?

Heh.

"Kahn!!!!"

Nate Hoffelder 6 October, 2014 um 6:35 pm

Google doesn’t download apps to your PC, so it’s out. And for all I know it might be able to scrape Kindle files as well.

JM Hatch 8 October, 2014 um 8:54 am

Reception of eBooksStore at launch was mixed. Reviewers noted that it was still glitchy, and that books lacked reviews even for those that were centuries old.[6] Also others remarked that Google touted the EBookStore as "open", but that it was still using Adobe’s Adept eBooks Digital rights management.[7]

https://en.wikipedia.org/wiki/Google_eBooks

Nate Hoffelder 8 October, 2014 um 9:55 am

This is one of those complicated technical points which are difficult to explain.

For one thing, Google doesn’t have a Play Books app for Windows, so you read the ebooks in a web browser. Each ebook is sent in chunks, and is encrypted in Google’s own DRM.

For the record, Google doesn’t use Adobe DRM internally. They will sell you an ebook and let you download an Epub file, but if you read that ebook in a Play Books app you won’t be reading an Epub file; it will be something different:
https://the-digital-reader.com/2014/01/31/google-play-books-doesnt-support-epub-crazy-possibilities/

And so any ebook read inside a Google Play Books app is safe from Adobe’s snooping.

Weird, isn’t it?


fjtorres 6 October, 2014 um 7:42 pm

Nasty thought: are they looking for "disinfected" versions of DRM’ed ebooks?

Timothy Wilhoit 6 October, 2014 um 8:26 pm

I’m not really a tinfoil hat guy but that thought occurred to me as well. There’s absolutely no reason for any program to sift through your computer, especially since permission wasn’t asked. I didn’t have a particularly high opinion of Adobe but this caper has lowered it quite a bit more.

"Adobe DE 4, special SW version! Spyware from a company you (don’t) trust!"


Claude 6 October, 2014 um 8:40 pm

Is it only in Adobe DE 4 or can we see the same thing with earlier version of the software?

Nate Hoffelder 6 October, 2014 um 8:50 pm

I don’t know, but now that I know what to look for I plan to check earlier versions of the app.

Greyhawk 7 October, 2014 um 7:28 am

DE 3 does not do this, we tested DE 3 extensively for exactly that before deploying.

Nate Hoffelder 7 October, 2014 um 7:57 am

I didn’t find this leak in ADE3 either.

I’m not surprised to learn that you tested the app; I am more surprised that Adobe didn’t expect that someone would run security tests on the app and find this issue.


Claude 6 October, 2014 um 8:50 pm

That said, I guess all ebooks sellers are "spying" on their users somehow. They all collect data of what we read. But maybe it’s more "secure".

Brian 7 October, 2014 um 12:03 am

They collect data on books bought from them to some extent or another. Books aren’t bought from Adobe (they aren’t a seller), plus Adobe is collecting info on books not even associated with their app.

Wonder what they ALA will think. They’re pretty big on eBook reader privacy IIRC and most library systems use ADE as a download method.

Glinda Harrison 7 October, 2014 um 3:19 am

I was wondering the same thing about the libraries.

Galen Charlton 7 October, 2014 um 10:43 am

This blew up on library Twitter this morning, and several folks who I know are involved in leadership positions at ALA are now getting the wheels turning. I would expect some sort of statement, at the very least, relatively soon.

Nate Hoffelder 7 October, 2014 um 10:44 am

Who should I contact to get a copy of that statement?

Galen Charlton 7 October, 2014 um 10:53 am

This blew up on library Twitter this morning, and several folks who I know are involved in leadership positions at ALA are now getting the wheels turning. I would expect some sort of statement, at the very least, relatively soon.

Andromeda Yelton 7 October, 2014 um 1:35 pm

I am a member of the board of LITA, the technology division of ALA, and brought this issue to the board this morning. It is also being discussed by ALA Council right now. I suspect there are numerous other groups within ALA that will have an opinion, and that we’ll be wanting to speak with a coordinated voice.

Thank you for bringing this to everyone’s attention. Stay tuned 🙂

Nate Hoffelder 7 October, 2014 um 1:40 pm

Thank you for the heads up.

On an unrelated note, I just posted an article about 3M Cloud Library’s new hardware program. Can you read the post and tell me if my concerns are well founded? Thanks!
https://the-digital-reader.com/2014/10/07/3m-cloud-library-launches-new-hardware-lending-program-nook-glowlight/

Andromeda Yelton 7 October, 2014 um 3:27 pm

I am not an expert in the cases here (I mean, I followed them from a distance, but IANAL), but I would have the same concerns as you, and I would want to consult someone who IS an expert if I were in a decision-making role for a program like this.


Feda 6 October, 2014 um 8:57 pm

The only way to avoid is not to buy DRM infested content.

Nate Hoffelder 6 October, 2014 um 9:18 pm

Except Adobe was indexing my DRM-free content as well.

Feda 7 October, 2014 um 8:50 am

Yes but you would not have the Adobe Digital Editions on your system if it wasn’t for their DRM.

S. J. Pajonas 7 October, 2014 um 2:13 pm

That’s not true. On Mac, there are only a few good ePub readers and Adobe Digital Editions was one of them. I installed it just to proof my ePubs before uploading to B&N, Kobo, etc., not because I had to read something that had DRM on it. Now I have deleted ADE, and I guess I’ll use the iBooks app for the time being.

Jonathan Badger 7 October, 2014 um 3:26 pm

Actually, did you know iBooks on OSX (since Mavericks) can read arbitrary ePub files? I use it all the time despite never purchasing a single ePub from Apple. It’s my favorite OSX ePub reader.

Wrecks 8 October, 2014 um 1:48 pm

Have you tried Calibre yet? It’s an ebook management platform that can let you read ebooks in many formats as well as convert many formats to many other formats.

http://calibre-ebook.com/about

S. J. Pajonas 8 October, 2014 um 2:04 pm

I just use iBooks for proofing now. I use Calibre sometimes to convert files, but I find it frustrating as a user with the way it stores file both inputted and outputted.

derek 8 October, 2014 um 7:40 pm

@wrecks I use calibre probably more than any other single program except my browser, but you still have to use Adobe if you buy DRM books. Nate’s pushing Google and Kobo, but even IF you use Kobo, you use ADE internally (perhaps not with the same "features", but the software — RMSDK — is purchased from Adobe), and I don’t like using either of those in ways that tie me to a platform or vendor. So I download to ADE, and then sideload to my ereader.

I’m a bit surprised that there are people here using ADE 2, still, as mine stopped working (would no longer get a valid authentication from their server) and I was forced to upgrade to ADE 3. So one day, I expect something similar will force me to move to ADE4.

Telling people not to buy DRM books is not a solution: as long as publishers use DRM, not buying DRM books is letting them choose my reading (there aren’t many books that are legally available in both a DRM and non-DRM format). We have to campaign to force them to stop using DRM: preferably by educating authors and agents to stop agreeing to publishing contracts that insist on it.

Nate Hoffelder 8 October, 2014 um 7:56 pm

I was only pushing Kobo because many readers will want ebooks that only come with DRM. I myself strip the DRM.

"even IF you use Kobo, you use ADE internally"

Not really, no. I have been told by a several expert Kobo users that they have 2 rendering engines, one for their own content and one for external Epubs.

Al 14 June, 2022 um 8:37 pm

Hello Derek – I use ADE 2 to this day & Re-Installed & Activated it with My eMail Address on June 12 2022 – I have both ADE 2 & ADE 3 as a saved installer I moved/copied from an old XP-PC so I can go back to either of these legacy versions anytime I need them. I would be willing to provide either or both installers to a platform if needed. ADE 2.0 installer is File Version 2.0.1.0 &
ADE 3.0 installer is File Version 3.0.1.0 – Best of Luck Al !!

derek 8 October, 2014 um 10:43 pm

Kobo’s kepubs use a different rendering engine, but they’re still using Adobe’s RMSDK afaik — which, to be fair, isn’t invading our privacy like ADE4, but still means you’re encumbered by DRM and Adobe’s got their hands on your data.

bangbango 9 October, 2014 um 4:02 am

@derek

Doesn’t kePub use kobo’s own DRM if necessary?

(Because yeah, Kobo manages two formats and two DRM schemes)


Mike J 6 October, 2014 um 9:20 pm

ADE 3.0 is still available on their website. I wonder if that version collects the same info.

Nate Hoffelder 6 October, 2014 um 9:48 pm

I can tell you that ADE2 does not.

Claude 6 October, 2014 um 10:26 pm

Lucky, I still have version 2.

A 16 June, 2022 um 4:09 pm

Hello Nate !! – I use ADE 2 to this day & Re-Installed & Activated it with My eMail Address on June 12 2022 – I have both ADE 2 & ADE 3 as a saved installer(s) I moved/copied from an old XP-PC so I can go back to either of these legacy versions anytime I need them. I would be willing to provide either or both installers to a platform if needed. ADE 2.0 installer is File Version 2.0.1.0 &
ADE 3.0 installer is File Version 3.0.1.0 – Best of Luck Al !!

Al 16 June, 2022 um 4:14 pm

My name is Al – I don’t know why it dropped the L after the A ??? Sorry

Nate Hoffelder 6 October, 2014 um 10:02 pm

ADE3 sends similar minimal amounts of data.

Rob Siders 7 October, 2014 um 6:43 am

2.0 is still available to download from Adobe.

http://www.adobe.com/support/digitaleditions/downloads.html


cakezula 7 October, 2014 um 12:44 am

So what are we supposed to do about .acsm files from our local Libraries? It’s unreal that ADE is the *only* software available for checking books out. UG.

ZiGraves 7 October, 2014 um 10:34 am

A few users further up say that ADE2 & possibly ADE3 don’t have this problem, and that you can still download these older versions from the adobe website – as long as you make sure you use the old versions, you and other students should be okay.

I suggest letting your local libraries know, though, because librarians can be very militant about user privacy and they’ll be well placed to advise or kick up a stink.


Michael 7 October, 2014 um 1:52 am

From my own experimentation, it looks like the best way to thwart this in the short-term is by editing the hosts file and directing adelogs.adobe.com to either 0.0.0.0 or 127.0.0.1. I hope we can expect Adobe to address this issue quickly. I sent them an e-mail about my own concerns a little while ago.

Nate Hoffelder 7 October, 2014 um 7:48 am

Wouldn’t that also tend to block the DRM authentication? It might render ADE4 unusable.

Michael 7 October, 2014 um 11:36 am

No, that’s just the logging server. The licensing server is separate, and fortunately they do communicate with that one over an encrypted connection.

Perhaps this lovely snooping feature was designed to facilitate syncing bookmarks and notes between multiple devices, but if so Adobe never bothered to ask my permission first. Apart from debugging code inadvertently shipped with the final release, that’s the only innocuous use I can think of.

I reinstalled ADE to read the terms, and I can’t find any place such behavior is consented to. Unfortunately I do need ADE 4 installed for the work I do, so for now blocking the connection to the logging server will have to suffice.

Michael 7 October, 2014 um 11:46 am

* "innocuous" in the sense of providing value to some users. Syncing isn’t something I would need or consent to. I expect a company to make clear what data they are collecting and why, and when transmitting approved data to handle it responsibly, not send it in clear text like this.

bangbango 9 October, 2014 um 4:06 am

The way they would be logging bookmarks in this particular case (at X page turn, location Y. at Z, page turn, location A… instead of at last use, location X). Either it is incompetence* or something quite different.

* Could be incompetence. After all, ADE is developed in India on a tiny budget and it seems they are out-sourcing in China (could) and Romania (is for sure).


Name Required 7 October, 2014 um 2:29 am

Congratulations for the scoop Nate.
Looks like your soapbox got a little taller overnight 😉


Big Brother: Adobe Digital Edition späht Nutzer aus, scannt Festplatte 7 October, 2014 um 3:42 am

[…] gemieden haben. Das wird in Zukunft aber wohl nicht mehr so einfach möglich sein, wenn man einem Bericht von The Digital Reader glauben schenken […]


redsun 7 October, 2014 um 4:14 am

May be you made a typo of some sort. An IP-adress starting with 192 is an unroutable, i.e. local(on your computer) ip-adress. But it could be of course that the information is gathered first on your computer and then sent to Adobe.
My guess is that it’s a debugging remnant, left by one of Adobe’s programmers.

Nate Hoffelder 7 October, 2014 um 7:46 am

I don’t think that’s true. If you look up that IP address on thw web you’ll see that it belongs to Adobe. It’s clearly labeled.

Bob W 7 October, 2014 um 7:59 am

192.168.x.x is unroutable.

Steve 7 October, 2014 um 8:26 am

Correct. It’s only the 192.168.0.0/24 subnet that’s for local addresses, not the entire 192.0.0.0/36 subnet.

Nate Hoffelder 7 October, 2014 um 8:30 am

Thanks. This would explain why several of my routers offered an access page in that subnet, right?

FrancisT 7 October, 2014 um 11:22 am

Well strictly speaking 192.0.2.0/24 is also unroutable.

If you look at Adobe’s AS (Autonomous System) they have a number of subnets – http://bgp.he.net/AS44786#_prefixes

I did some other digging and it looks like Adobe has had this domain also resolve to 193.104.215.99 – that looks to be Adobe Europe in Ireland. I’m guessing that’s classic geographical routing to the closest IP so that European data doesn’t leave Europe
Interestingly I did a quick check from Japan and it looks like I have a 50% chance of going to Europe or the US.

In both cases adelogs.adobe.com is CNAMEd to adelogs.wip4.adobe.com and that is the FQDN that can resolv e to one of the two IPs.

Someone upthread worried that blocking "adelogs.adobe.com" would block some of the DRM activation bits of ADE. As far as I can tell from a cursory scan this is unlikely to be the case. Adobe also has hosts like "activate.adobe.com" which seems more likely to be the activation server. Since there is also "update.adobe.com" and "download.adobe.com" and so I I think adelogs really is just a logging server.

If you do want to block all of Adobe then *.wip4.adobe.com would probably work wonders, but I suspect that really WILL break anything you have from Adobe that tries to call home, including, say, flash for update checking.

js 7 October, 2014 um 4:10 pm

According to ARIN:

"Addresses starting with "192.0.2.", "198.51.100.", or "203.0.113." are reserved for use in documentation and sample configurations. They should never be used in a live network configuration. No one has permission to use these addresses on the Internet."

192.0.2.0/24 is reserved for documentation and examples and ARIN tells network operators that they SHOULD block those addresses in their routers, not MUST. The comment from ARIN ends with:

"These blocks are not for local use, and the filters may be used in both local and public contexts."

paul delys 7 October, 2014 um 2:46 pm

Your subnet mask isn’t quite right. 192.168.0.0/16 isn’t publicly routed. In other words, 192.168.anything.anything is a private address.

192.anything except 168.anything.anything is, by convention, a public address.


Miron Schmidt 7 October, 2014 um 4:34 am

Another reason not to buy any books with DRM, ever (as this will bind you to Adobe’s platform). I will uninstall this software as soon as I’m home today, and good riddance.


Joe Blo 7 October, 2014 um 4:41 am

Adobe developers smell of wee.


Simon Wang 7 October, 2014 um 4:53 am

Companies are still thinking they can pull this sort of stunt and here they are getting caught out again. Even better is the 'no comment' from the supplier, I bet they will be coming out with the excuses shortly and they will be lame.

Great work in getting to the bottom of this. In any case, another reason to buy a real book instead of drm ridden ebooks.

derek 7 October, 2014 um 6:54 pm

That’s silly. There are no good reasons to buy (and waste) paper. e-books are fine as long as they have no DRM and don’t need Adobe.


Lennart-pottering 7 October, 2014 um 5:41 am

USE opensource/free softwares always.

www.kde.org


Richard 7 October, 2014 um 5:51 am

Thanks for this Nate.

We have thousands of publisher books on our production workstations, many under non-disclosure agreements. Fortunately we have not yet rolled ADE4 out for testing (because it can’t handle inline images amongst other silly things).

This is a timely warning of corporate irresponsibility. We will ensure our publisher production contacts are all made aware of this. From a production facility perspective this is somewhat intimidating. If someone wants to ADE4 test a book under non-disclosure it will have to be on an isolated workstation modified as Michael mentioned. For us that will become a production services sales feature!

On a last note: It’s one thing that they are sending this private and privileged content back to their servers in clear-text, but really, their JSON sucks. If they are going to steal private information, couldn’t they do it with professional flair and sensible key names rather than this schoolboy code!


Rob Siders 7 October, 2014 um 6:36 am

Post subtitle: Or, Nate tells us what he’s reading.

Interesting list, by the way. 😉

Nate Hoffelder 7 October, 2014 um 10:36 am

Well, no, I told you what I am buying. (And maybe I should have scrubbed that list, LOL.)


Brutal Honesty 7 October, 2014 um 6:42 am

That’s what you get for paying.

The pirate versions don’t do that.

Rob Siders 7 October, 2014 um 7:59 am

It’s not the books that are phoning home. It’s the ereader software, which is a free download, and it’s collecting data on all epubs, regardless of source, on a user’s system.

derek 7 October, 2014 um 6:57 pm

And, one suspects, in line with their comment about "for purposes such as license validation", for checking whether books that shouldn’t be available without DRM exist on your system with the DRM stripped…


Adobe weiß, was du im letzten Sommer gelesen hast » lesen.net 7 October, 2014 um 6:45 am

[…] gemacht wurde die Datensammelwut am gestrigen Dienstag von The Digital Reader. Demnach überträgt Version 4 von Adobe Digital Editions folgende Informationen vom […]


DaveZ 7 October, 2014 um 7:44 am

Does Adobe have a privacy policy and is this covered? Who knows, maybe we all agreed to the tracking.

Nate Hoffelder 7 October, 2014 um 10:35 am

I’ve heard from someone who actually read it that this isn’t covered.

Andromeda Yelton 8 October, 2014 um 12:16 pm

Adobe has a privacy policy, as well as the ADE EULA, and has issued a statement on them: http://www.infodocket.com/2014/10/07/new-and-old-serious-reader-privacy-concerns-both-inside-and-outside-the-library/

I’ve glanced at both and…hell if I know if I agreed to it, honestly. This information isn’t all specifically referenced. You could make a case it’s covered anyway. That case would go against some people’s moral intuitions. I really have no idea.


Name Required 7 October, 2014 um 8:49 am

Install it inside a virtual machine if you have to, with nothing else and no books at all.


Adobe is Spying on Users, Collecting Data on Their eBook Libraries | The Passive Voice | A Lawyer's Thoughts on Authors, Self-Publishing and Traditional Publishing 7 October, 2014 um 9:00 am

[…] More details and evidence at The Digital Reader. […]


Andrew 7 October, 2014 um 9:17 am

Okay, I’m done with Adobe then. Amazon is cheaper than Kobo anyway. Anyone know if Amazon does the same thing?

Nate Hoffelder 7 October, 2014 um 9:22 am

With the ebooks they sell you, yes, but they kinda have to do that so they can sync your reading position across your account. And so far as I know the data is at least obscured (I will be checking).

TheSFReader 7 October, 2014 um 9:30 am

And it’s the retailer that gets the data, not a third party as is the case with Adobe DRM encumbered ebooks.

Adobe is a third party, I wonder how much of the data it shares whith the e-booksellers…

Name Required 7 October, 2014 um 9:23 am

Check their user agreement for Kindle.
You might be very surprised what rights they reserve ;-).

Swâmi Petaramesh 7 October, 2014 um 9:36 am

About Amazon Kindle, you might want to check http://www.defectivebydesign.org/amazon

Al 16 June, 2022 um 6:32 pm

Andrew – I’m with you except for My Public Library uses Adobe Digital Editions for OverDrive Free eBook Reading of Loaned titles so I don’t care if they spy on Library eBooks – I do most of My eReading OFF-LINE anyhow – ePubs I move to My Android Tablets and use Moon+ Reading App for most of Me none-DRM Content – Still the Tablets with Kindle or Nook or even Moon+ are WiFi turned Off for eReading so I’m not to worried about snooping from any app. Cheers !!!


Kaufen, kaufen, kaufen Sie! | Die Töchter Regalias 7 October, 2014 um 9:21 am

[…] Security Praxis, hat heute jemand gepostet, dass die neue Version von Adobe Digital Editions im großen Stil nachhause telefoniert. Das wird zwar gerne mit “wen überrascht’s?” kommentiert, aber das Ausmaß mit […]


Swâmi Petaramesh 7 October, 2014 um 9:33 am

Adobe is (unfortunately) not the only one…

Let’s read the « licence » file displayed by my « Pocketbook Touch Lux 2 » reader (that also comes with AdobeViewer inside, that makes things a little funnier…)

Now Go Read And Despair :

1/ The licence comes in english, which probably makes it plain illegal here in France, coming with a "general public" device that my Grand’Ma can purchase.

2/ It reads : « POCKETBOOK RESERVES THE RIGHT TO AMEND THE TERMS AND CONDITIONS OF THIS LICENSE FROM TIME TO TIME BY PLACING NEW EDITIONS HEREOF AT: http://www.pocketbook-int.com/legal/SLA. EACH NEW EDITION OF THE LICENSE AGREEMENT SHALL COME TO EFFECT AT THE DATE OF PLACEMENT AT THE MENTIONED WEB PAGE AND THIS IS THEREFORE RECOMMENDED THAT YOU PERIODICALLY VISIT THAT PAGE… »

=> Wow. They can change without notice the rights you have to use an hardware device that you have puchased and own ? And you’d be supposed to go and check every other week ? A clause that allows one part to unilaterally modify a contract after it has been "concluded" is most certainly illegal…

3/ But the finest still is to come :

« Information Received. The software will provide Pocketbook with data about your Pocketbook reading device and its interaction with the Service (such as available memory, up-time, log files, and signal strength). The Software will also provide Pocketbook with information related to the Digital Content on your Pocketbook reading device and Supported Devices and your use of it (such as last page read and content archiving). Information provided to Pocketbook, including annotations, bookmarks, notes, highlights, or similar markings you make using your Pocketbook reading device or Reading Application, may be stored on servers that are located outside the country in which you live. […] BY USING THE POCKETBOOK READING DEVICE YOU AUTOMATICALLY ACKNOWLEDGE AND AGREE THAT POCKETBOOK MAY COLLECT, STORE, PROCESS, TRANSMIT, PROVIDE AND/OR SELL ANY INFORMATION AVAILABLE ABOUT YOU AND THE READING DEVICE(S) THAT YOU ARE USING TO ANY THIRD PARTIES. THIS INFORMATION MAY BE USED BY POCKETBOOK AT ITS SOLE DISCRETION FOR ANY LAWFUL PURPOSES AND IN ANY MANNER OTHER THAN PROHIBITED BY APPLICABLE LAWS, WITHOUT LIMITATION.
Pocketbook reading device and software preinstalled or subsequently installed on it provides Pocketbook with details of the Pockebook reading device used by you and certain actions performed by you on it such as: – Orientation of the Pocketbook reading device (portrait or landscape); – the language of Digital Content; – file size in bytes; – DRM type (Adobe, Pocketbook, none); – Digital Content opened for the first time or not; – the application that you use for reading; – time between the opening starts and finishes in milliseconds; – functions of keys; – the interface language; – the reading device model; – the identifier of the Pockebook reading device to establish whether data have been collected from one or different Pocketbook reading devices (not the serial number); – version of software installed;
[…] Your agreement to be bound by these Terms of Use is voluntary and implies your unconditional consent to all and any data processing conditions estyablished herein; […] »


df 7 October, 2014 um 9:55 am

What about apps like Bluefire and axisReader? I know that they are licensed to be compatible with Adobe DRM, but do they have this same problem?

Nate Hoffelder 7 October, 2014 um 10:07 am

I have assurances from one developer that his app does not. I can’t name him here, though; I don’t want his name to get mixed in by mistake.


Ben Hollingum 7 October, 2014 um 10:28 am

Well done bringing this to light, Nate.

Perhaps this fuckup, coming as close as it does to the FBF, will make the big publishing houses reconsider their relationship with Adobe. After all, they’ve been laying on the whole "guardians of the enlightenment" shtick pretty thick recently as part of their fight against Amazon. It will be hard to reconcile that stance with complicity in a system that effectively hands oppressive governments the world over a list of people’s seditious reading habits.


rocketride 7 October, 2014 um 10:54 am

Amazon, Google, Apple and Kobo are listed here as safe(r).

May I assume that B&N Nook devices are using some version of Adobe DRM?

Al 16 June, 2022 um 6:20 pm

RocketRide – The nook app for PC Software Version 1.11.0.4
Says it contains Reader® Mobile technology by Adobe Systems Inc. So I’m assuming that the nook apps on all devices are using Adobe DRM !!!! – Also I have stopped purchasing nook content because they discontinued the PC Desktop Reader platforms & I told Nook B&N that that is why I Will Not be purchasing B&N eBooks after they dropped that option for eReading, I still have All of My Previous B&N Content Converted to Plain-Jane ePub for reading on any device that has an ePub reader…


Galen Charlton 7 October, 2014 um 10:58 am

For the moment, I suggest following @ALALibrary and @oitp on Twitter. A couple individuals to interact with if you have quesitons about the process are @ThatAndromeda and @mciszek.

I’ll also try to remember to post a comment when a statement is released — but note that it may take a couple days or so; ALA is not always the fastest-moving of organizations.


Mikaela 7 October, 2014 um 11:01 am

I am glad I have stayed with ADE 2.0, right now. And that I strip DRM. That said, I am seriously considering ditching ADE and going with Bluefire instead. Especially since they have just launched a Windows version.


Adobe Digital Editions Is Spyware | Mike Cane’s xBlog 7 October, 2014 um 11:29 am

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries […]


Adobe colecteaz? o mul?ime de informa?ii din software-ul pentru eBook-uri – Stiri IT & C 7 October, 2014 um 12:00 pm

[…] pe care le adun? orice companie de software din domeniu. Din cele spuse de Nate Hoffelder de la The Digital Reader, DRM-ul (modulul de verificare al Digital Rights Management) Adobe din ultima versiune Epub, […]


Adobe Digital Editions 3 Probably Safe From Adobe's Spying, Experts Say – The Digital Reader 7 October, 2014 um 12:10 pm

[…] has been some 16 hours since I first broke the news that Adobe was spying on anyone who installed and ran Digital Editions 4, Adobe’s latest and greatest ebook app, […]


Adobe colecteaz? o mul?ime de informa?ii din software-ul pentru eBook-uri | 1iT.ro – Stiri IT, noutati si tehnologie 7 October, 2014 um 12:21 pm

[…] pe care le adun? orice companie de software din domeniu. Din cele spuse de Nate Hoffelder de la The Digital Reader, DRM-ul (modulul de verificare al Digital Rights Management) Adobe din ultima versiune Epub, […]


Paul 7 October, 2014 um 12:27 pm

Thanks for this! I’d love to see a couple screen captures in Wireshark to know what I’m looking for as I scan my own system!


WTFery – Adobe collecting user data via Digital Editions, malicious ebook code, & more. | TymberDalton.com 7 October, 2014 um 12:35 pm

[…] files comes a boneheaded revelation about Adobe’s Digital Editions 4, their epub app. Nate Hoffelder over on The Digital Reader blogged about verifying this privacy breach. The software is scraping info about the ebooks a customer reads, how they read it, in addition to […]


Name (required) 7 October, 2014 um 1:53 pm

Nate, you have just been featured on BoingBoing.net
http://boingboing.net/2014/10/07/adobe-ebook-drm-secretly-build.html

Nate Hoffelder 7 October, 2014 um 1:57 pm

Also, 4Chan.


WTF ADOBE?!? | It's A Binary World 2.0 7 October, 2014 um 2:04 pm

[…] Adobe is doing some pretty despicable stuff – logging EVERY book (whether or not you are using Adobe Digital Editions) and sending it back to a server. (Here’s the guy who first discovered it). […]


Shocking? Major Reader Privacy Concers Both Inside and Outside the Library | LJ INFOdocket 7 October, 2014 um 2:19 pm

[…] 1. Adobe is Spying on Users, Collecting Data on Their eBook Libraries (via The Digital Reader) […]


New and Old: Serious Reader Privacy Concerns Both Inside and Outside the Library | LJ INFOdocket 7 October, 2014 um 2:22 pm

[…] 1. Adobe is Spying on Users, Collecting Data on Their eBook Libraries (via The Digital Reader) […]


Nicolas 7 October, 2014 um 2:26 pm

Let’s send fake data to this ip! A lot of it!

Nate Hoffelder 7 October, 2014 um 2:29 pm

Indeed. Someone on Slashdot suggested encoding death and bomb threats into the data sent to Adobe.

Nicolas 7 October, 2014 um 2:36 pm

Haha
I wouldn’t go that far
But fake data about random and imaginary books that would ruin any big data analysis

Nate Hoffelder 7 October, 2014 um 2:38 pm

I wouldn’t either, but it did make me laugh.


Adobe verzamelt ongevraagd informatie over e-booklezers | Computer kennis en informatie 7 October, 2014 um 3:10 pm

[…] ontdekte een bron van The Digital Reader, dat het verzamelen van data met eigen onderzoek heeft […]


Adobe’s latest ebook software is collecting unencrypted data on users’ reading habits — Gigaom Search 7 October, 2014 um 3:14 pm

[…] breach was first reported by Nate Hoffelder at the Digital Reader on Monday night. Following a tip from a hacker, he used the network tracking app Wireshark and […]


mathew 7 October, 2014 um 3:34 pm

Unfortunately, Google uses Adobe Digital Editions DRM. I’ve downloaded books from Google Play and ended up with acsm files.

Google also sell DRM-free books, but it’s not easy to browse for just those or even determine which books have DRM, so I end up buying from Amazon.

Nate Hoffelder 7 October, 2014 um 3:37 pm

Yes, but Google does not use Adobe DRM internally. They use something else:
https://the-digital-reader.com/2014/01/31/google-play-books-doesnt-support-epub-crazy-possibilities/

That is why I mentioned them.

derek 7 October, 2014 um 7:01 pm

Same with Kobo: you don’t know whether a book you buy is DRM’d until you’ve bought it.

Liz 7 October, 2014 um 10:42 pm

On Kobo, if you save a preview to your library, you can see what type of file it is. It’s usually listed as EPUB (DRM-free) or Adobe DRM EPUB.

derek 8 October, 2014 um 12:24 am

Ah! Good suggestion, though one shouldn’t have to go to so much trouble…

Liz 8 October, 2014 um 2:04 am

Yep. It should be listed as part of the product info on the book page. If only…

TheSFReader 10 October, 2014 um 4:00 am

When I asked them about it at the Paris Book Fair, their answer was roughly "We don’t want to give people reason to fear ebooks due to technical details such as DRM. Anyway, every publisher uses DRM, so…"… 🙁


Adobe Reader privacy/security concerns 7 October, 2014 um 4:29 pm

[…] The new version of Adobe’s popular reader software has significant privacy and security concerns: https://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/ […]


Adobe Digital Editions, un lector de ebooks que envía sin cifrar a sus servidores todo lo que lees | Francisco Unica 7 October, 2014 um 4:43 pm

[…] primera noticia ha saltado en The Digital Reader y Ars Technica lo ha confirmado: Digital Editions envía los libros que has abierto, qué páginas […]


Adobe Privacy & Security Hole – The Creative Librarian 7 October, 2014 um 4:54 pm

[…] – Adobe is Spying on Users, Collecting Data on Their eBook Libraries – The Digital Reader Nate Hoffelder […]


Lilbits (10-07-2014): No wearables from HTC this year – Liliputing 7 October, 2014 um 5:02 pm

[…] Adobe Digital Editions 4 monitors your eBook reading habits, sends unencrypted, plain text data to A… If you’ve downloaded an EPUB from a public library in the United States recently, you’ve probably used Adobe Digital Editions. [The Digital Reader] […]


Feet (and Brains) of Clay | Jason Wilkins 7 October, 2014 um 5:09 pm

[…] the title of this article is enough to get this librarian’s blood a-boiling: “Adobe is Spying on Users, Collecting […]


Robert 7 October, 2014 um 5:14 pm

The first file proves that Adobe is tracking users in the app, while the second one shows that Adobe is indexing my ebook collection.

I’ve pretty-printed the ADE-4 data collector> and the data from adobe files you provide for easier reading.

This data doesn’t look like "user tracking" to me. It looks more like diagnostic data to be used in understanding bugs and crashes. I.e. Adobe isn’t monitoring their users so much as they’re monitoring the behavior of their own application. I know this is arguing semantics – and I’m not saying this data isn’t sensitive – but statements like "Adobe is tracking their users!" may be unfairly representing what’s actually taking place. Odds are this stuff is going into a "bug tracking database" rather than a "user tracking database". Semantics, I know. :-/

The file scanning behavior is interesting, but also debatable. It doesn’t seem that unreasonable for an e-book reader to index a users hard-drive looking for books. I would say it mostly depends on where on your hard-drive it’s looking for those books. There’s no file paths listed in the data you provide though, so I won’t comment further here.

As for sending this data in clear text… technically there’s no personally identifiable information in the files you’ve provided. No email addresses or user IDs, nor credit card information or street addresses – it’s simply generic data about user actions (e.g. "navigated to page") and meta-data about books (title, creator, subject, publisher). Is this sensitive information? Perhaps, but it’s certainly not on the level of bank account credentials or anything like that. Again, debatable.

Galen Charlton 7 October, 2014 um 7:29 pm

This data doesn’t look like “user tracking” to me. It looks more like diagnostic data to be used in understanding bugs and crashes. I.e. Adobe isn’t monitoring their users so much as they’re monitoring the behavior of their own application. I know this is arguing semantics – and I’m not saying this data isn’t sensitive – but statements like “Adobe is tracking their users!” may be unfairly representing what’s actually taking place. Odds are this stuff is going into a “bug tracking database” rather than a “user tracking database”. Semantics, I know. :-/

Who is to say how the odds fall? And even if your scenario is correct and Adobe’s intention was simply to gather data for bug reporting purposes, that at best establishes an upper bound on the magnitude of Adobe’s misbehavior here.

The data is being gathered and sent to Adobe’s servers without explicit consent on the part of the user — not even the public release notes and the license agreement for the software do not seem to give any hint that DE 4.0 is doing this. That’s bad enough: if you don’t need data on user behavior for your software to work, you shouldn’t be collecting it in the first place. And if you do need it — there is no excuse to ever transmit it to the clear.

True, reading data is not bank data — but there are plenty of governments that ban books, censor books, or otherwise have an interest in what their citizens are reading — including, at times, the US. Protecting the freedom to read what one wants — which necessarily includes protecting privacy — is a core professional value of librarians, which is why librarians are among the groups that are rather concerned by this news.

Robert 7 October, 2014 um 8:29 pm

if you don’t need data on user behavior for your software to work, you shouldn’t be collecting it in the first place

And there’s the rub. There are certain categories of problems where it’s extremely helpful to have a log of what [application] activity happened prior to a bug or crash occurring. And often (especially in the case of crashes) there’s no way to gather that data retroactively – meaning the only way to get this data for users that experience such problems is to gather it for all users.

but there are plenty of governments…

Non-sequitur. Adobe is not the Government.

protecting privacy — a core professional value of librarians

From the Adobe Privacy Policy page that the Digital Editions 4.0 Software License Agreement links to (in Sec 14.1.2, "Internet Connectivity and Privacy"), we have the following (This is what you are agreeing to when you install DE4, btw – emphasis mine) …

Adobe websites and applications
We collect information about how you use our websites and applications, including when you use a desktop product feature that takes you online (such as a photo syncing feature). We may collect information that your browser or device typically sends to our servers whenever you visit an Adobe website, or when an Adobe desktop product feature takes you online. For example, your browser or device may tell us your IP address (which may tell us generally where you are located) and the type of browser and device you used. When you visit an Adobe website, your browser may also tell us information such as the page that led you to our website and, if applicable, the search terms you typed into a search engine that led you to our website. Adobe may collect information about how you use our websites and applications by using cookies and similar technologies, and our servers may collect similar information when you are logged in to the website or application. Depending on the website or application, this information may be anonymous (for example, see the Adobe Product Improvement Program) or it may be associated with you (for example, see the Creative Cloud FAQ).

This is what you agree to when you use or install any Adobe product. Even if Adobe is gathering personal information (which hasn’t been established yet), they’re still acting within the bounds of their privacy policy.

derek 8 October, 2014 um 12:32 am

It’s not a non-sequitur to suggest that governments might care what we’re reading. Knowing that Adobe has that information, the Department of Homeland Security may very well ask for it (well, demand it…). Except that, since it’s transmitted in the clear, the NSA already has it.

When they start scanning books outside your ADE library, they are going well beyond the terms of their EULA. And it’s moot anyway if collecting the information they do is illegal where you live: and I’d venture to say that for a private company to collect that much is illegal in most countries.

Ben 8 October, 2014 um 12:43 am

"And often (especially in the case of crashes) there’s no way to gather that data retroactively – meaning the only way to get this data for users that experience such problems is to gather it for all users."

This statement is technically incorrect. Any programmer capable of logging to the network is also able to writing that same log to memory. Plenty of applications will write the last ten to hundred actions to an in-memory journal. If the application triggers a crash handler then resulting crash dump will still contain the journal. Not only does the crash handler get the actions "retroactively" but only sends it if the application crashes instead of continually. A well written crash handler also gets consent from the user while making them aware of what information will be transmitted and why.

What is even more damning is that ADE4 includes cryptography functions as part of it’s DRM. It should have been trivial to encrypt the logging. Instead it is announcing to the entire network what is being read. That means if the device is associated with a public wifi such as at a public library or Starbucks, then anyone that cares to listen is notified of what you are using ADE4 to read. Even if the public wifi itself uses encryption such as WPA, anyone else has the password to join the wifi still gets access to the ADE4 log packets. This is not acceptable even if being able to debug the application and "improve" the customer experience is the goal.

derek 8 October, 2014 um 12:33 pm

Of course, if they’d encrypted the data they were stealing from us, we wouldn’t know what they were stealing!


DTNS 2338 – Turning LED into Gold | Daily Tech News Show 7 October, 2014 um 5:23 pm

[…] article blackandwhitefield submitted from The Digital Reader.com. A hacker recently noticed that Adobe’s e-publishing software seemed to be sending a large amount of data to Adobe’s ser…. Apparently Adobe’s Digital Editions 4 is gathering data on which ebooks that have been […]


Adobe Reader privacy/security concerns 7 October, 2014 um 5:51 pm

[…] new version of Adobe’s popular reader software has significant privacy and security concerns:https://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/ > > Older versions apparently are fine, so maybe hold off on updates until these issues are […]


Adobe Confirms It’s Gathering Ebook Readers’ Data | Digital Book World 7 October, 2014 um 6:04 pm

[…] confirms some details of recent reports by The Digital Reader and Ars Technica that Adobe Digital Editions 4, the latest version of the widely used ebook […]


Adobe Responds to Reports of Their Spying, Offers Half Truths and Misleading Statements – The Digital Reader 7 October, 2014 um 6:54 pm

[…] They may be a day late and a dollar short, but Adobe has finally responded to yesterday’s news that they were using the Digital Editions 4 app to spy on users. […]


Links: Tuesday, October 7th | Love in the Margins 7 October, 2014 um 8:42 pm

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries – If you’re using the most recent version of Adobe Digital Editions – ADE4 – you should read this post about how it’s collecting your data. […]


Adobe suspected of spying on eBook users | e-collage 7 October, 2014 um 8:57 pm

[…] Adobe was flagged by the Digital Reader for tracking and uploading data related to various books opened in DE, such as how long a book has […]


ste williams – Adobe spies on readers: ‘EVERY page you turn, EVERY book you own’ leaked back to base 7 October, 2014 um 9:35 pm

[…] investigation by Nate Hoffelder of The Digital Reader blog showed that ADE 4 was collecting telemetry on which […]


Adobe suspected of spying on eBook users — RT USA 7 October, 2014 um 11:10 pm

[…] Adobe was flagged by the Digital Reader for tracking and uploading data related to various books opened in DE, such as how long a book has […]


Adobe in Massive eBook Readers' Privacy & Security Breach – tbreak.ae 8 October, 2014 um 12:43 am

[…] 4, the company’s latest version of the widely popular ebook platform. Nate Hoffeolder, of The Digital Reader has first posted details about the breach, saying he was tipped to Adobe’s violation by an […]


SIAMO GEEK – Sperimentatori, entusiasti della tecnologia | Il DRM di Adobe spia gli utenti 8 October, 2014 um 2:06 am

[…] Technica e The Digital Reader hanno scoperto che l’ultima versione di Adobe Digital Editions tiene traccia di ogni tipo di […]


Adobe-App spioniert angeblich Leser aus. | Micha Simeon Lips 8 October, 2014 um 3:41 am

[…] Quelle: https://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/#.VDTmdL… […]


I punti non fermi dell’editoria digitale | Tipografia digitale 8 October, 2014 um 4:08 am

[…] Pettarin, che si mescola a feedback sull’operato di IDPF, agli update di Adobe (che spesso assomigliano a degli spyware più che veri update), al lavoro di W3C sulle pubblicazioni digitali (tenuto sempre […]


ITsecurity Daily News: 10/08/2014 | ITsecurityITsecurity 8 October, 2014 um 4:40 am

[…] A brief history of the Adobe book spying story   Nate Hoffelder at The Digital Reader reported Monday, “Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text…   “Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.”   Adobe responded, “All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers… User privacy is very important to Adobe…”   Hoffelder commented, “I don’t know about you, but I don’t see how sending a user’s reading history in clear text over the web could possibly be in line with a privacy policy.”   “Update: [from Digital Book World] Adobe acknowledges that transmitting unencrypted data could pose a security risk: “In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue.” Adobe says further that more information on when that update will be in place and of what it will consist is forthcoming.”   And Adobe used to be such a nice company. The Digital Reader: https://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/ […]


Adobe : des espions cachés dans les DRM des ebooks ! 8 October, 2014 um 4:58 am

[…] problème, mis en avant par The Digital Reader (et relayé par Aldus), repose sur le composant ADE4 (Adobe Digital Edition 4). Il s’agit du […]


Überwachtes eBook-Lesen: Digital Editions 4 sendet persönliche Daten an Adobe-Server | eBook-Fieber.de 8 October, 2014 um 6:03 am

[…] Quelle: The Digital Reader […]


KindleUser 8 October, 2014 um 6:07 am

Amazon’s Kindle does the same thing.

Nate Hoffelder 8 October, 2014 um 7:14 am

What, transmit the user’s reading data in the clear? Upload details about every ebook opened, including ones which aren’t in Amazon’s system?

That is a no to both counts.


Adobe räumt offene Schnüffelei ein, verspricht Patch » lesen.net 8 October, 2014 um 6:08 am

[…] am Montag publizierte Bericht von The Digital Reader schlug hohe Wellen. Neben weltweit Hunderten Tech-Medien griffen auch […]


Adobe Allegedly Spying on eBook Readers — VPN Creative 8 October, 2014 um 6:19 am

[…] Digital Reader and its editor Nate Hoffelder has made the accusation, claiming he was tipped by a ‘hacker’ associate and has confirmed its authenticity after testing. […]


Links 10/8/14 | naked capitalism 8 October, 2014 um 6:55 am

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries The Digital Reader (Olivier L) […]


Adobe: All your data are belong to us #DRM | paula simoes' blog 8 October, 2014 um 7:28 am

[…] Hoffelder told us yesterday that Adobe is collecting data about the ebooks you read through the Digital Editions 4, which was confirmed by several other […]


Adobe Tracking Ebook Readers’ Data | Digital Book World 8 October, 2014 um 8:05 am

[…] reports surfaced this week that Adobe Digital Editions 4, the latest version of the popular ebook platform, […]


Adobe liest mit – eBook-Daten werden übermittelt – Digitale Sicherheit 8 October, 2014 um 9:10 am

[…] ein Profil des Lesers. Es werden weit mehr Daten übertragen, als für Adobe notwendig sind. Wie The Digital Reader schreibt, werden aber nicht nur eBooks aus Adobe Digital Editions von Adobe gescannt und […]


Adobe’s e-book reader sends your logs to Adobe in plain text 8 October, 2014 um 9:10 am

[…] the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no […]


Sarah 8 October, 2014 um 9:45 am

Is this only with Adobe Digital Editions for the desktop? Are readers using the Bluefire Reader app or reading ePub ebooks in a browser affected?

Nate Hoffelder 8 October, 2014 um 9:48 am

It’s just Adobe. Other apps like FBReader and Bluefire, don’t have this issue.


Adobe Digital Editions eBook Software Collects User Data and Sends it Back Unencrypted | HOTforSecurity 8 October, 2014 um 10:10 am

[…] user data and eBook metadata and send them to Adobe’s servers unencrypted, according an investigation by The Digital […]


Sigh 8 October, 2014 um 10:37 am

"I for one hope that the senior management is detained for questioning"

Talk about losing the plot. What kind of psychotic, statist are you??? Get a grip.

Nate Hoffelder 8 October, 2014 um 10:40 am

One who knows how to tell when something is a joke.

derek 8 October, 2014 um 12:35 pm

I could tell it was a joke, too, but surely if Adobe is violating privacy laws (and, imo, they are), somebody should be taken in for questioning? How is that "psychotic" and "statist"?

Nate Hoffelder 8 October, 2014 um 2:05 pm

I have no idea.


EBooks: Adobe-App spioniert angeblich Leser aus » Computer Wissen Information 8 October, 2014 um 10:40 am

[…] unverschlüsselt an Adobe. Das ungewöhnliche Verhalten der Anwendung hat die Seite “The Digital Reader” […]


Addressing data privacy issues around Adobe Digital Editions | Shelf Talk 8 October, 2014 um 10:54 am

[…] – by Jim L. Yesterday, Nate Hoffelder, the editor of The Digital Reader blog reported that the newest version of the Adobe Digital Editions software (ADE 4) appears to be transm…. […]


Verifying our tools; a role for ALA? | Meta Interchange 8 October, 2014 um 10:59 am

[…] came to light on Monday that the latest version of Adobe Digital Editions is sending metadata on ebooks that are […]


Adobe Digital Editions 4 has significant privacy problems | angelahighland.com 8 October, 2014 um 12:50 pm

[…] The Digital Reader, which appears to have been first in breaking the story […]


Free & Clear of Verizon Contract…so what’s the problem? | Eric Michalsen 8 October, 2014 um 1:08 pm

[…] likes looking at your library  (Adobe is tracking users in the app and uploading the data to their […]


Kyle 8 October, 2014 um 1:15 pm

The OverDrive app for libraries recently dropped the Adobe ID sign-up process (thank god). Now you set up an OverDrive account the first time you open the app. But does anyone know if OverDrive is still connected with Adobe or if they are collecting metadata themselves?

Nate Hoffelder 8 October, 2014 um 1:18 pm

And to think, librarians objected to the move. I wonder how many changed their minds after this story broke?

M-Jo Baker 8 October, 2014 um 6:38 pm

Unfortunately some libraries, including mine (Seattle Public Library) are still locked into Adobe Epub editions of all of their ebooks and audiobooks (with a few exceptions). So even though OverDrive has dropped this requirement it may not help?

Nate Hoffelder 8 October, 2014 um 6:42 pm

The earlier versions of Adobe DE don’t spy on you:
https://the-digital-reader.com/2014/10/07/adobe-digital-editions-3-probably-safe-adobes-spying-experts-say/

Version 3 is still downloadable from Adobe.

Kyle 8 October, 2014 um 7:58 pm

Our library (Cottonwood Public Library in Arizona) is the same. I’m curious to know still what OverDrive’s relationship with Adobe is. Does this breach mean that library users using the OverDrive app are having their metadata collected as well?


Adobe schaut beim eBook-Lesen intensiv über Eure Schulter | Mobilegeeks.de | Allgemein, E-Book-Reader, Software 8 October, 2014 um 2:03 pm

[…] die übermittelten Informationen per Wireshark und fand darin enorm viele Details und Metadaten. Liza Daly stellte sogar fest, dass auch importierte EPUB-eBooks ohne DRM-Schutz in der Nutzung analysiert und […]


ADE4 vous espionne encore plus | Quoi lire ? 8 October, 2014 um 3:54 pm

[…] TheDigitalReader nous alerte sur la politique suivie par Adobe avec sa version ADE4. Il serait enfin temps que les éditeurs européens agissent enfin solidairement pour clarifier les conditions dans lesquelles Adobe utilise les données de millions de lecteurs à travers toute l’Europe. C’est aussi à la Commission Européenne de se pencher sur ce problème, tant l’échelle est importante aujourd’hui avec le développement de la lecture numérique dans tous les pays. […]


Cherez 8 October, 2014 um 4:20 pm

Come on people, this is nothing new. All the big companies that make money off of meta data are doing this. What’s even scarier is that some companies that are supposed to be providing security to users are also skimming data without the users knowing it.

Do a Google search on "RSA Security backdoor" or just visit this link:

http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331

Let’s just hope that these companies that are monetizing our usage habits don’t get in bed with the security companies that are supposed to be protecting us! Just imagine the room for trouble if that happens.

derek 8 October, 2014 um 7:46 pm

That’s not true. "all the big companies" certainly track my usage of their websites. They don’t all track my usage of software I’ve installed on my computer without telling me, and the few that do don’t call home in clear-text. And nobody is, legally, scanning my drive to see what other files I have that they may be interested in.


Bluefire Comments on Adobe Spying Scandal: It's Not Our Thing, Baby – The Digital Reader 8 October, 2014 um 6:57 pm

[…] in the wake of the news that Adobe was tracking users’ activities and then uploading the data to their servers without encryption, many ebook users, including […]


Bill Smith 8 October, 2014 um 7:17 pm

There is no reason to do business with Adobe — there are plenty of free ebook readers that do not spy on you: Calibre, FBReader, the Epub reader extension/web app for Firefox, IE and Safari.

Stick to DRM-free books that you can direct download to your computer — Smashwords, Weightless, RobotTradingCompany, RebellionStore, DriveThruFiction, BookViewCafe, and many other small vendors.

The selection on these sites is large and of very high quality…with none of the hassles.

derek 8 October, 2014 um 7:48 pm

The selection of those does NOT generally include anything new by established authors. I’m sorry, but I’m not going to stick to reading books that were published a century ago, or self-published recently by unknowns (though I read a LOT of those), just to make a point.

Nate Hoffelder 8 October, 2014 um 7:58 pm

Considering that Tor Books went DRM-free, and Baen Books has always been DRM-free, that is not at all true.

derek 8 October, 2014 um 10:45 pm

Of course it’s "at all true." That’s two publishers in a niche market. I’m sure there are others, but still the vast majority of books I want to read are only legally available with DRM — and I’m even primarily interested in SF. If you read bestsellers, tough luck.


Adobe ebook DRM secretly builds and transmits a dossier of your reading habits | Rob's Personal Aggregator 8 October, 2014 um 8:06 pm

[…] The Digital Reader via Boing Boing. […]


Pattern Recognition » Blog Archive » Adobe Digital Editions and infoleaks 8 October, 2014 um 11:20 pm

[…] Nate Hoffelder at the Digital Reader broke the story […]


E-book: e se davvero Adobe spiasse i lettori di libri digitali? – Il Fatto Quotidiano 9 October, 2014 um 2:57 am

[…] al dunque. Hoffelder avrebbe scoperto che il software “Digital Editions e-book and PDF reader” registra tut… e spedisce le relative informazioni ad Adobe, casa produttrice dell’applicazione. Una volta […]


Adobe legge dentro a chi legge | Lucatarik Ict Tech Blog and News 9 October, 2014 um 3:52 am

[…] dei lettori di ebook sono certe funzioni integrate nel software Adobe Digital Editions 4. Lo ha dimostrato per primo Nate Hoffelder di The Digital Reader, lo ha confermato un'analisi indipendente di […]


Hinweis zur Nutzung von Adobe Digital Editions Version 4 | UB-Blog 9 October, 2014 um 4:22 am

[…] das Blog The Digital Reader am Montag berichtete, gibt es datenschutzrechtliche Bedenken bei der Nutzung der Software Adobe […]


Adobe legge dentro a chi legge | SecoloNuovo 9 October, 2014 um 5:01 am

[…] dei lettori di ebook sono certe funzioni integrate nel software Adobe Digital Editions 4. Lo ha dimostrato per primo Nate Hoffelder di The Digital Reader, lo ha confermato un'analisi indipendente di Ars […]


Trust, Privacy, Big Data, and e-Book Readers | The Scholarly Kitchen 9 October, 2014 um 5:30 am

[…] collecting and sending data back to Adobe on the e-book usage without any encoding of that data. Nate Hoffelder of The Digital Reader first reported on the issue, followed quickly by Ars Technica. Adobe has subsequently confirmed the […]


Adobe’s e-book reader bespioneerd ons 9 October, 2014 um 6:00 am

[…] werd ontdekt door Nate Hoffelder van The Digital Reader. Ondertussen werkt Adobe aan een update om hetg euvel op te […]


Adobe will update e-reader to mop up clear-text data spillage | Naked Security 9 October, 2014 um 6:49 am

[…] The Digital Reader's Nate Hoffelder first reported on Monday and Ars Technica confirmed, Adobe's Digital Editions 4 (DE4) e-book app/PDF reader, which […]


Timothy Wilhoit 9 October, 2014 um 9:24 am

"Further testing has revealed that the files being scanned were actually on my ereader, not my HD. I had not used ADE to load the files on to the ereader, and yet the app scanned them, made a list, and uploaded the list to Adobe."

What?? Was this an ereader that was previously authorized to ADE or did the program automatically recognize it before it started hoovering data? I’m no computer whiz but that doesn’t sound like a bug. It also doesn’t jive with Adobe’s statement that the program doesn’t phone home with book information unless the book was actually opened by ADE. So did the program get curious, do a Max Headroom thing and say to itself, "Ooh, a cable? I wonder where it leads?"

Nate Hoffelder 9 October, 2014 um 9:31 am

It was not previously authorized to ADE, no. It just happened to be plugged in when I ran one of the test on ADE4.

I’m going to do a post, but at the moment I am working with the EFF to document this and understand it better.


ste williams – Adobe will update e-reader to mop up clear-text data spillage 9 October, 2014 um 9:52 am

[…] The Digital Reader’s Nate Hoffelder first reported on Monday and Ars Technica confirmed, Adobe’s Digital Editions 4 (DE4) e-book app/PDF reader, […]


Privacy Alert: Adobe’s Digital Editions is tracking what you read | Emsisoft Blog 9 October, 2014 um 10:06 am

[…] than you’d want to or expect. Earlier this week, a writer from the eBook community published an article on his blog claiming that the eBook and PDF reading software is logging every single document its […]


Important: Update to Adobe Digital Editions 4 Spying Report | LJ INFOdocket 9 October, 2014 um 10:18 am

[…] has been working with the author of the original report, The Digital Reader’s Nate Hoffelder and others to do more in-depth research about what is or is not going […]


Adobe Spyware Reveals Again the Price of DRM: Your Privacy and Security | Featured Resources 9 October, 2014 um 11:18 am

[…] Two independent reports claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to their local “library,” tracks what happens with those files, and then sends those logs back to the mother-ship, over the Internet, in the clear. In other words, Adobe is not only tracking your reading habits, it’s making it really, really easy for others to do so as well. […]


(Failing to) Protect Patron Privacy | Jenny Arch 9 October, 2014 um 12:29 pm

[…] October 6, Nate Hoffelder wrote a post on The Digital Reader: “Adobe is Spying on Users, Collecting Data on Their eBook Libraries.” (He has updated the post over the past couple days.) Why is this privacy-violating spying […]


Adobe Digital Editions Spies on E-book Readers – Industry Buzz 9 October, 2014 um 12:58 pm

[…] /in plain text/, back to an Adobe IP address. This blatant lack of security was first displayed at The Digital Reader by its author, Nate Hoffelder, and was later confirmed at Ars Technica by its own author, Sean […]


Report: Adobe is Spying on Users, Collecting Data on Their eBook Libraries | Digital Humanities Now 9 October, 2014 um 1:01 pm

[…] Read the whole thing here. […]


Adobe Spyware Reveals (Again) the Price of DRM: Your Privacy and Security | Mountain Finch Post 9 October, 2014 um 1:54 pm

[…] publishing world may finally be facing its “rootkit scandal.” Two independent reports claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to […]


Do you borrow e-books from the library? The new version of Adobe Digital Editions is not secure | Robbins Library Blog 9 October, 2014 um 2:14 pm

[…] “Adobe is Spying on Users, Collecting Data on Their E-book Libraries.” This was the title of an article by Nate Hoffelder at The Digital Reader on October 6, and though there have been updates since then, the privacy breach has not been resolved just yet. […]


Librarians, IT Experts Respond to Adobe Spying Accusations 9 October, 2014 um 3:02 pm

[…] bloggers and journalists, including Nate Hoffelder, who broke the story at The-Digital-Reader.com, described Adobe’s activities as spying. However, to put the matter in perspective, many […]


Links 8/10/2014: A Lot of Linux+AMD News, New ROSA Desktop Is Out | Techrights 9 October, 2014 um 3:02 pm

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries […]


October 2014 Microsoft Patch Tuesday security bulletins | Threatpost | The first stop for security news 9 October, 2014 um 3:23 pm

[…] that it plans to soon patch a privacy hole in its Digital Edition 4 e-reader software. Researcher Nate Hoffelder disclosed earlier this week that data from the e-reader on a user’s reading habits are sent […]


OverDrive’s statement about Adobe Digital Editions privacy concerns | OverDrive Blogs 9 October, 2014 um 5:15 pm

[…] Tuesday morning, OverDrive became aware of the story regarding Adobe collecting user information via the use of their desktop reading software, Adobe […]


E-reader producer allegedly spies on its users | Book Shape 9 October, 2014 um 6:41 pm

[…] According to The Digital Reader, the producer in question is Adobe. […]


Adobe’s E Book Reader: Spying on You. 10 October, 2014 um 6:33 am

[…] From The Digital Reader, HERE. […]


Adobe ADE 4 schendt mogelijk privacy wetgeving | Swink webservicesSwink webservices 10 October, 2014 um 8:46 am

[…] 6 oktober plaatste blogger Nate Hoffelder een bericht over de hoeveelheid gegevens die ADE4 naar servers van Adobe stuurt. De (technologie nieuws-)site Ars Technica heeft dit geverifieerd, en laat duidelijk zien wat voor […]


eReader Privacy Concern Roundup | Field Notes 10 October, 2014 um 9:42 am

[…] Adobe is Spying on their Users, Collecting Data on Their eBook Libraries (the original story from Nate Hoffelder at The Digital Reader) […]


HLS Weekly Round Up | hls 10 October, 2014 um 11:31 am

[…] This isn’t […]


Adobe Digital Editions 4 and eBook Privacy | Skokie Public Library Blogs 10 October, 2014 um 12:44 pm

[…] this week, news emerged that Adobe tracks the unencrypted reading history of those accessing ebooks using the Adobe […]


The Geek’s Reading List – Week of October 10th 2014 | thegeeksreadinglist 10 October, 2014 um 2:16 pm

[…] https://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/ […]


The Control Culture 10 October, 2014 um 4:44 pm

[…] 10/10/2014 – eBook user? Adobe monitors your reading behaviour […]


Losing my Linkspam | Geek Feminism Blog 10 October, 2014 um 6:46 pm

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries | The Digital Reader (October 6): “Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.” […]


Not on a Social Network? You’ve Still Got a Privacy Problem | tactical use of internet for communities 11 October, 2014 um 1:47 pm

[…] Neoliberalism rewards hypocrisy, so why should we be surprised to find that same tendency towards irresponsible behaviour on the Net.  After all the authorities (NSA, BND, DGSE, GCHQ) and the biggest Internet corporations like Google and Facebook are leading as a negative example. Also Adobe is now spying on its users by collecting data on their eBook libraries. […]


Adobe Digital Editions, un lector de ebooks que envía sin cifrar a sus servidores todo lo que lees | el BLOG de FCASTROG 11 October, 2014 um 6:11 pm

[…] primera noticia ha saltado en The Digital Reader y Ars Technica lo ha confirmado: Digital Editions envía los libros que has abierto, qué páginas […]


Adobe’s e-book reader sends your reading logs back to Adobe’s servers. Data is being sent in clear text. – SECURITY INFORM 12 October, 2014 um 7:48 am

[…] which data add to users local library, which pages were read, and in what order. Hoffelder also claimed that the application also scanned the files on his ereader, made a list, and uploaded the list to […]


Dog-Eared & Dispatched: October 12, 2014 – Late Night Library 12 October, 2014 um 8:07 am

[…] 4 (ADE4), the latest update for the popular ereading software, your days of gloating are over: ADE4 collects data not just on the book you are currently reading, but on all books in the digital library on your […]


Adobe leest mee… elke pagina die je omdraait | TripleTwin over Digital Privacy 12 October, 2014 um 9:03 am

[…] onderzoek wees uit dat Adobe’s e-reader software heel wat informatie verzamelt zonder je medeweten. De […]


Adobe Digital Edition 4 te espía sin tu consentimiento | BlogCZ 12 October, 2014 um 10:32 am

[…] y sin advertirlo en los términos de uso, por supuesto. Debemos agradecerle el descubrimiento a un hacker que estudiaba el sistema DRM de Adobe con fines educativos, descubriendo que la última versión del software envía una gran […]


Theoreti.ca » Blog Archive » Adobe is Spying on Users, Collecting Data on Their eBook Libraries 12 October, 2014 um 4:04 pm

[…] Hoffelder on The Digital Reader blog has broken a story about how Adobe is Spying on Users, Collecting Data on Their eBook Libraries. He and Arts Technica report that the Adobe’s Digital Editions 4 send data home about what […]


Alerte au non-respect de la vie privée : Adobe Digital Editions espionne ce que vous lisez | Emsisoft Blog 13 October, 2014 um 7:33 am

[…] En tout début de semaine, un rédacteur faisant partie de la communauté de eBook a publié un article sur son blog où il a déclaré qu’eBook et le logiciel de lecture en PDF se connectaient sur […]


ADE in the Library eBook Data Lifecycle | LITA Blog 13 October, 2014 um 9:53 am

[…] mentioned, there are (at least) three sides to the problem discovered by security researcher Benjamin Daniel Mussler with the way the current version (4) of Adobe Digital Editions (ADE) manages the ebook experience […]


O Privacy, Where Art Thou? | Beyond the Bookshelves 13 October, 2014 um 2:54 pm

[…] in plain text, using unencrypted channels, so just about anyone could access that information. Nate Hoffelder of The Digital Reader made the discovery on October 6, 2014, but the violation is believed to have started with the […]


Free and thinking » Adobe vill veta vad ni läser och när och inte BARA det… – IDG.se – Störst på it-nyheter 13 October, 2014 um 3:36 pm

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries (The Digital Reader) […]


Adobe Responds to ALA on Spying Scandal With Fictitious and Misleading Statements – The Digital Reader 14 October, 2014 um 1:35 pm

[…] The American Library Association reported yesterday that Adobe has responded to the ALA’s concerns about the recent revaluations of Adobe spying on users. […]


Adobe responds to ALA concerns over e-book privacy | PB403 Electronic Publishing 14 October, 2014 um 4:50 pm

[…] has been much concern regarding the recent reports of Adobe Digital Editions (ADE) collecting and sending unencrypted user data back to Adobe for […]


Somerville Public Library Blog » Adobe, Ebooks and Your Privacy 14 October, 2014 um 7:30 pm

[…] various sources reported that the latest version of the program, Digital Editions 4, is guilty of heinous violations of user privacy. Digital Editions 4 sends to Abode servers extensive unencrypted information about what every […]


Possible Data Protection issue with Adobe Digital Editions v4 | Newsam News 15 October, 2014 um 4:23 am

[…] has recently come to our attention that the software used to access some of the Library’s ebook collections, Adobe Digital […]


Nieuws: Bibliotheek waarschuwt e-book lezers voor Adobe – Tzum literair weblog 15 October, 2014 um 8:26 am

[…] Nate Hoffelder van weblog The Digital Reader ontdekte dat de beheersoftware voor e-books verschillende persoonlijke gegevens verzamelt en naar […]


Medienerziehung in der FamilieMeinungsaustausch 2.0 | blogparade | ampersand 16 October, 2014 um 3:37 am

[…] & Zweife am Beispiel Datensicherheit: Sie kennen dich! Sie haben dich! Sie steuern dich! Adobe is Spying on Users,Collecting Data on Their eBook Libraries Was macht ihr mit meinen […]


TopicsOnTech | Adobe’s e-book reader sends your reading logs back to Adobe—in plain text [Updated] 16 October, 2014 um 5:00 am

[…] the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no […]


Library Gazette – Patron Privacy and Adobe Digital Editions: The Situation at ZSR 16 October, 2014 um 11:53 am

[…] week, several library- and tech-world sites reported that Adobe Digital Editions Reader, version 4 (ADE4), was doing two […]


Library Free For All? | CCC’s Beyond the Book 17 October, 2014 um 12:02 am

[…] of the 21st century finds technology may render those ambitions obsolete. As The Digital Reader reported, the latest version of Adobe Digital Editions (ADE) for library collections is able to collect and […]


Ebook Access and Privacy Concerns with Adobe Digital Editions | News 17 October, 2014 um 10:35 am

[…] Information: Adobe is Spying on Users, Collecting Data on Their eBook Libraries “Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what […]


Free Software for NaNoWriMo | writing | 17 October, 2014 um 8:13 pm

[…] NaNoWriMo approaching, I shared a disturbing article about surveillance — “Adobe is Spying on Users, Collecting Data on Their eBook Libraries” on one of the NaNoWriMo boards I visit. This got me an acknowledgement that yes, we are being […]


Adobe Digital Editions 4.0 too lax with reader data – Maple Books 18 October, 2014 um 4:47 pm

[…] a scandal around Adobe recently. Ten days ago, Nate Hoffelder of The Digital Reader revealed that Adobe is collecting user data from its application Adobe Digital Editions. To be precise, a hacker friend of Nate Hoffelder realized that the new version of Adobe’s […]


Ce que le livre numérique va changer au secteur du livre en France | cultures numériques 18 October, 2014 um 6:44 pm

[…] sollicité…) des éditeurs, constructeurs de tablettes, et autres opérateurs de réseaux ? La rumeur selon laquelle Adobe analyserait nos usages illustre bien cette inquiétude que partagent les libraires et leurs […]


Adobe’un E-kitap okuyucu uygulamas? kullan?c? bilgilerini toplay?p firman?n sunucular?na gönderiyor – SECURITY INFORM TR 20 October, 2014 um 7:28 am

[…] ekledi?i kitaplar?n bilgisini toplay?p Adobe’un sunucular?na gönderdi?i ortaya ç?kt?.  Daha da kötüsü, uygulaman?n kullan?c?n?n e-kitap okuyucusunda bulunan dosyalar? taray?p […]


Tech Roundup | LibraryTechTalk 21 October, 2014 um 10:15 am

[…] a new thread of privacy discussions going on surrounding a recent uncovering of user activity data being collected by Adobe Digital Editions soft…. This software is used by most ebook platforms that libraries provide to their patrons. (TU has it […]


Christopher Slager 21 October, 2014 um 3:23 pm

Whoever wrote this piece is officially my favorite journalist. You provided timely an effective updates. You explained to us where you received your information, you provided data and links to further reading. You cited previous work. You corrected yourself when you may have been seen as wrong. The only problem is when I went to see what other work you did on this website you’ve been 404’ed. Please have them reinstate your articles so I can read the rest.

Nate Hoffelder 21 October, 2014 um 3:28 pm

The links work for me, darnit.


Concerning the Adobe Digital Editions Data Log Issues | Eleventh Stack 22 October, 2014 um 5:01 am

[…] Nate Hoffelder at The Digital Reader discovered that Adobe Digital editions is keeping an ongoing record of any items that have checked […]


How Sacred Are Our Patrons’ Privacy Rights? Answer Carefully | Peer to Peer Review 23 October, 2014 um 10:00 am

[…] However, an issue has come up in the meantime that is more timely and urgent, so I’m putting off the “noisy vs. important” column until next time. This month I want to address the issue of patron privacy in the context of the recent revelations about privacy incursions in the latest version of Adobe Digital Editions (ADE)—specifically, the fact that version 4 of the e-reader software gathers highly specific data about individual users’ reading behavior and transmits it, unencrypted and with all identifying information included as well as other data culled from the user’s machine, back to Adobe. (A very useful running summary of the issue and details about how the situation is quickly evolving can be found at the Digital Reader blog.) […]


Adobe Updates Digital Edition, Stops Sharing User Info With the Internet – The Digital Reader 23 October, 2014 um 2:53 pm

[…] bad news is that we don’t know for sure whether Adobe is still spying on users, because (and here’s the okay news) they say that they are now encrypting the data uploaded […]


Adobe begins encrypting user data collected from Digital Editions app | Virus / malware / hacking / security news 24 October, 2014 um 3:17 pm

[…] Digital Reader blog reported on Oct. 6 that Adobe’s Digital Editions 4 software, used for downloading and reading e-books, […]


Am I The Only One Who Doesn't Care About Adobe "Spying"? 25 October, 2014 um 7:00 pm

[…] couple weeks ago I read an article about how Adobe is spying on its users with Digital Editions 4. Am I the only one who isn’t outraged by this? I actually couldn’t care […]


Adobe stoppt Klartext-Spähen bei Digital Editions 26 October, 2014 um 3:59 pm

[…] gesammelt und an Adobe übermittelt. Die Sache wurde kurz vor der Frankfurter Buchmesse von The-Digital-Reader entdeckt und hat sich in der Technikszene schnell verbreitet. Besonders in der Post-Edward-Snowden Ära war […]


“Borrowing a copy of Moby Dick from your public library shouldn’t be a license to scan your cookbook collection.” : Patron Privacy in the Public Library – LIBR 200 Blog Post 5 | The Adventures of an MLIS Student 26 October, 2014 um 10:53 pm

[…] publishing world may finally be facing its “rootkit scandal.” Two independentreports claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to […]


Adobe’s e-book reader sends your reading logs back to Adobe—in plain text [Updated] – Yahusu Technology 28 October, 2014 um 1:48 pm

[…] the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no […]


Adobe schnüffelt | remotehost 30 October, 2014 um 4:11 am

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries […]


Adobe Book Reader Surveillance | SSL and internet security news 30 October, 2014 um 9:09 am

[…] Details. Confirmation. […]


01-15 October 2014 | Privacy News Highlights 30 October, 2014 um 12:27 pm

[…] to address the cleartext data transmission. [NBCNews] [Ars Technica] [The Register] [The Register] [The Digital Reader] A tip from a hacker prompted a journalist to use a network tracking app to discover Adobe Digital […]


Rodger 31 October, 2014 um 8:30 am

I’ve known for years that Adobe is up to no good. I remember the Flash cookies that you couldn’t remove in a decent way.

I removed Flash a couple of years so I don’t know how it’s managed now but for a very long time if you wanted to disable all Flash cookies… wel that wasn’t possible! You could only disable Flash cookies per website (opt-out). But how do you know which websites you will be visiting tomorrow or next week or next year? Well you don’t so by default cookies are created and then you need to disable them per website. And how do you disable them per website? Well by visiting the online Adobe configurator website of course that’s hosted on one of their domains that configures files on YOUR local computer.


What We Can Learn From The Adobe E-Reader Mess | Electronic Frontier Foundation 31 October, 2014 um 9:54 pm

[…] were also able to reproduce the results of the experiment run by The Digital Reader. To perform these tests we again used Wireshark. We plugged a Sony Reader PRS-600 into a computer […]


EFF Confirms Reports of Adobe's Spying, Asks What Can We Learn – The Digital Reader 1 November, 2014 um 6:55 pm

[…] weighed in for the second time on the Adobe spying scandal, offering a belated confirmation of both my initial report as well as a confirmation that Adobe has updated Digital Editions and stopped the […]


Adobe reportedly spying on its users: Data transfer occurs un-encrypted ! – Securethelock 12 November, 2014 um 8:21 am

[…] Earlier this month when this news was out, Nate Hoffelder wrote on his blog, The Digital Reader: […]


Blog do Editor 12 November, 2014 um 12:27 pm

[…] qual livro] também podem ser expostos. Os riscos de tais posturas ficaram claras com o escândalo Adobe Digital Editions – onde padrões de leitura específicos de usuários eram enviados de volta […]


Hondana | From Frankfurt to Recife: Books in 2020 19 November, 2014 um 1:59 pm

[…] data (who read what book) can also be exposed. The risks of such approaches were clear with the Adobe Digital Editions scandal — where user-specific reading patterns were sent back in unencrypted text to a centralized […]


Hondana | De Frankfurt a Recife: Livros em 2020 19 November, 2014 um 2:23 pm

[…] (quem lê qual livro) também podem ser expostos. Os riscos de tais posturas ficaram claras com o escândalo Adobe Digital Editions — onde padrões de leitura específicos de usuários eram enviados de volta em texto sem […]


NJ Gov. Christie Vetoes Reader Privacy Act, Asks for Stronger, Narrower Law – The Digital Reader 23 November, 2014 um 3:29 pm

[…] stronger but narrower. It wouldn’t apply in situations like the recent Adobe Digital Editions privacy breach, but it should be more effective at stopping “unnecessary government intrusion”. I […]


Who’s watching our e-reading behaviour? | Whispering Gums 11 December, 2014 um 2:01 am

[…] in the clear (unencrypted). You can read more about this (with links to even more articles) at the Digital Reader. Adobe, of course, is not the only company gathering reader data. Amazon, says Scholarly Kitchen, […]


Latest news: Adobe's e-reader software now collects less data – News Press 24 December, 2014 um 9:41 am

[…] was criticized in early October after it was discovered Digital Editions collected metadata about e-books on a device, even if the e-books did not have […]


Adobe und EPUB: Licht und Schatten in der Welt der eBook-Tools | digital publishing competence 15 January, 2015 um 5:32 am

[…] wurde bekannt, dass die neue Version von Adobe DE und Reader SDK nicht nur in ungeahntem Umfang Leser- und Nutzungsdaten sammelt (was für sich genommen nicht besonders verwunderlich wäre), sondern diese auch noch […]


Adobe Digital Editions Launches on the iPad ⋆ Ink, Bits, & Pixels 29 January, 2015 um 5:51 pm

[…] slow and clunky. It works, but this wouldn't be my preferred app (even if I hadn't caught Adobe spying on users several months […]


Adobe’un E-kitap okuyucu uygulamas?n?n kullan?c? bilgilerini toplay?p firman?n sunucular?na gönderdi?i ortaya ç?kt? | Güvenlik Bülteni 3 February, 2015 um 6:40 am

[…] ekledi?i kitaplar?n bilgisini toplay?p Adobe’un sunucular?na gönderdi?i ortaya ç?kt?.  Daha da kötüsü, uygulaman?n kullan?c?n?n e-kitap okuyucusunda bulunan dosyalar? taray?p […]


Our Ebooks, Ourselves: What's Happening with Our Ereader Data? – Publishing Trends 12 February, 2015 um 1:02 pm

[…] October of last year, news broke on The Digital Reader that Adobe Digital Editions was taking a significant amount of user data and sending it back to their servers. Adobe Digital Editions (ADE) is a program that allows readers […]


Adobe Digital Editions 4.0.3 Update Adds MathML, Better Support for Audio and Video ⋆ Ink, Bits, & Pixels 12 February, 2015 um 1:10 pm

[…] can download the app from Adobe. Given that previous versions came bundled with free spyware, I am choosing to […]


Our Ebooks, Ourselves: What's Happening with Our Ereader Data? – Publishing Trendsetter 12 February, 2015 um 1:32 pm

[…] October of last year, news broke on The Digital Reader that Adobe Digital Editions was taking a significant amount of user data and sending it back to their servers. Adobe Digital Editions (ADE) is a program that allows readers […]


O Privacy, Where Art Thou? – The Library 18 February, 2015 um 2:21 pm

[…] in plain text, using unencrypted channels, so just about anyone could access that information. Nate Hoffelder of The Digital Reader made the discovery on October 6, 2014, but the violation is believed to have started with the […]


Datenschutz und Adobe Digital Editions | Infobib 3 March, 2015 um 3:14 pm

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries […]


Building Better Library Software with Rabble | Library as Incubator Project 11 March, 2015 um 7:24 am

[…] have become normalized into the common practices of building software. Take, for example, a recent discovery that Adobe’s Digital Editions 4 was scanning users’ ereaders and sending info…. Similarly, most digital lending services build the costs of Digital Rights Management into their […]


Anonymity of office documents – Patriot Darknet | Radio Free Redoubt 30 May, 2015 um 6:52 pm

[…] list all ebook readers and how much data they have been found to keep on you.  Here is a link on Adobe collecting data on users.  Again, the point of all of this is that the US government has “decided” that data […]


Trick Of The Light Rob Thurman Epub | Fix How To 2 July, 2015 um 8:49 pm

[…] Adobe is Spying on Users, Collecting Data on Their eBook … – They collect data on books bought from them to some extent or another. Books aren’t bought from Adobe (they aren’t a seller), plus Adobe is collecting info on … […]


jacqui 13 July, 2015 um 11:09 am

And… I have just had a bizarre conversation with an adobe rep when I called to get a adobe digital publishing quote for developing an ebook we needed to create. They would only give me a price for their service if I gave them the clients name. He said because they might be dealing direct with the client. Firstly where is our data protection if we don’t want to give them the name at this stage we shouldn’t have to its our client not theirs and secondly it leaves you with the feeling that their aim is to leave out the middleman ie the design/web agency and deal direct with the end customer!


» New Privacy Guidelines Encourage Libraries and Vendors to Work Together to Protect Reader Privacy OIF Blog 4 August, 2015 um 12:36 pm

[…] the modern Web, and provide personalized services to library users. The October 2014 revelations disclosing what Adobe’s Digital Editions collects about users and their reading habits brought this gap into center […]


New Privacy Guidelines – Mike Robinson 5 August, 2015 um 7:51 pm

[…] the modern Web, and provide personalized services to library users. The October 2014 revelations disclosing what Adobe’s Digital Editions collects about users and their reading habits brought this gap into center […]


E-book: e se davvero Adobe spiasse i lettori di libri digitali? – Open Tag Team 24 September, 2015 um 7:05 am

[…] al dunque. Hoffelder avrebbe scoperto che il software “Digital Editions e-book and PDF reader” regi… e spedisce le relative informazioni ad Adobe, casa produttrice dell’applicazione. Una volta […]


OASL & OLA | Oregon Association of School Libraries 28 November, 2015 um 8:31 pm

[…] of their books are sold, but how many pages readers actually peruse. Adobe got into trouble for spying on readers in 2014, though the company now collects less […]


OASL & OLA | Oregon Association of School Libraries 28 November, 2015 um 8:31 pm

[…] of their books are sold, but how many pages readers actually peruse. Adobe got into trouble for spying on readers in 2014, though the company now collects less […]


Adobe E-Book-Reader schickt Nutzungsdaten im Klartext nach Hause › ifun.de 8 December, 2015 um 12:04 pm

[…] Thema gemacht hat die Angelegenheit das E-Book-Blog The Digital Reader. Die neueste Version der Adobe-Software protokolliert demnach beispielsweise, welche E-Books im […]


OASL & OLA – Oregon Association of School Libraries 2 January, 2016 um 1:33 pm

[…] of their books are sold, but how many pages readers actually peruse. Adobe got into trouble for spying on readers in 2014, though the company now collects less […]


just what makes me tick | Medienerziehung in der Familie Meinungsaustausch 2.0 | blogparade 25 April, 2016 um 3:34 pm

[…] & Zweife am Beispiel Datensicherheit: Sie kennen dich! Sie haben dich! Sie steuern dich! Adobe is Spying on Users,Collecting Data on Their eBook Libraries Was macht ihr mit meinen […]


Patron Privacy and Adobe Digital Editions: The Situation at ZSR | ZSR Library 15 June, 2016 um 10:30 am

[…] week, several library- and tech-world sites reported that Adobe Digital Editions Reader, version 4 (ADE4), was doing two […]


“Borrowing a copy of Moby Dick from your public library shouldn’t be a license to scan your cookbook collection.” : Patron Privacy in the Public Library – LIBR 200 Blog Post 5 | The Adventures of an MLIS Student 30 October, 2016 um 9:58 pm

[…] publishing world may finally be facing its “rootkit scandal.” Two independent reports claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to […]


The Science of Art: The Role of Big Data in Publishing – PUB401 1 November, 2016 um 9:47 pm

[…] Hoffelder, Nate. “Adobe is Spying on Users, Collecting Data on Their eBook Libraries.” The Digit… […]


monsterjavaguns.com Open Source Creative Podcast #6 – The Blender Market and the “Dreaded” Commercialization of Open Source Tools 12 March, 2017 um 4:15 pm

[…] Adobe Digital Editions 4 dials home with your data… in plain text – There are some boneheaded security and privacy violations being committed by the latest version of Adobe’s ereader software. […]


Recent Links (weekly) | Symesposium 7 May, 2017 um 3:31 am

[…] Adobe is Spying on Users, Collecting Data on Their eBook Libraries | The Digital Reader […]


Microsoft’s Ebook Apocalypse Shows the Dark Side of DRM – Ebooks Legal Stuff – – The Passive Voice 2 July, 2019 um 7:22 pm

[…] Adobe’s copy protection software and other ebooks that did not use Adobe software at all. See this post and related posts on The Digital […]


Digital Locks Can Cost You Your Privacy : Public Knowledge 16 July, 2019 um 1:45 pm

[…] Monday, the Digital Reader revealed (confirmed in detail by Ars Technica here) that Adobe’s ebook reader, Adobe Digital Editions, […]


Les bibliothèques publiques face à la protection des données privées : Saturne dévore ses enfants ? – Économie du document 17 November, 2020 um 10:15 am

[…] De la grande Bibliothèque d’Alexandrie à la « bibliothèque du futur », l’imaginaire de la bibliothèque a forgé au fil du temps les paradigmes de nos sociétés et renouvelé notre manière d’appréhender l’information. La bibliothèque est depuis longtemps considérée comme un lieu de transmission du savoir et une « porte ouverte sur la connaissance ». Selon le Manifeste de l’Unesco (1994), elle prône le développement de la démocratie et la prise de décision en toute indépendance. Avec l’essor de la « civilisation numérique », pour reprendre l’expression de Jean-Louis Roy (président et directeur général de Bibliothèque et Archives nationales du Québec), la technologie a permis de faire circuler l’information de manière plus fluide, plus rapide et plus démocratique. Pensons au livre numérique, à l’accès aux bases de données scientifiques et au wifi par exemple. Les bibliothèques sont aussi devenues, en contrepartie, de précieuses banques d’informations pour leurs fournisseurs. Entre « bien public » et « bien monnayable », les données personnelles des utilisateurs sont rapidement devenues le « nouveau pétrole ». Bien que la charte de BibLib stipule qu’aucune donnée personnelle des citoyens ne peut être collectée, ni transmise à des tiers en dehors des cas explicitement prévus par la loi, les bibliothèques entretiennent toutefois une position ambiguë et paradoxale avec la protection des données. Comment expliquer que 60% des bibliothèques de cégep du Québec utilisent un logiciel qui dirige les usagers vers le site Amazon alors qu’elles pourraient encourager les librairies locales et éduquer les usagers dans une prise de décision éclairée ? Même modus operandi du côté de Kindle. Amazon transforme la lecture en données personnelles en enregistrant l’historique d’usage (titres des documents, heures de lecture, passages surlignés, etc.). Selon l’ActuaLitté, les données recueillies « permettent de dresser le profil très précis d’un lecteur et donc de proposer aux annonceurs des publicités plus ciblées à diffuser, une des principales sources de revenus de la société dirigée par Jeff Bezos. » Que dire du logiciel Adobe Digital Editions qui tire profit du prêt numérique en bibliothèque grâce au digital rights management (DRM), un petit verrou qui contrôle les diverses utilisations du livre, dont le téléchargement, la durée du prêt et le transfert vers un appareil de lecture ? Conçu initialement pour protéger le droit d’auteur, Adobe collecte non seulement les lectures des usagers mais aussi les metadata des autres ebook sur …. […]


Write a Comment