Adobe Updates Digital Edition, Stops Sharing User Info With the Internet
Adobe rolled out a new update for their Digital Editions Epub app today, and I have good news, bad news, and okay news.
This is a relatively minor update to the month-old Epub app, and the good news is that it adds a full text search option as well as a new display window for search results.
The bad news is that we don’t know for sure whether Adobe is still spying on users, because (and here’s the okay news) they say that they are now encrypting the data uploaded to their servers. According to the changelog posted by Adobe, one of the new features is:
Enhanced security for transmitting rights management and licensing validation information. With this latest version of Digital Editions 4.0.1, the data is sent to Adobe in a secure transmission (using HTTPS).
I got the tip from Adobe a couple hours ago, after having run several tests I can confirm that the data uploaded to Adobe’s servers is no longer being sent in clear text.
I can’t speak as to the quality of the encryption or what data Adobe is collecting, but at least they have taken the basic step of making it difficult for everyone in the world to listen in when that data is sent to Adobe’s servers.
Update: I’ve heard from another tester who identified that Adobe was using SSL, and that it didn’t appear to be sending any data at all (for DRM-free ebooks). But if you activate a DRMed ebook Adobe does send a lot of encrypted information. Removing that DRMed ebook stopped the app from sending info. Thanks, Michael!
Second Update: I have an independent confirmation that Adobe only uploads data after a DRMed ebook has been activated.
For those just tuning in, earlier this month I broke the news that Adobe’s newest ebook app was logging users' reading habits and scanning the storage of any attached ereader and uploading that data to Adobe’s servers in the clear.
After my initial report was confirmed by Ars Technica, the shit hit the fan. Following criticism from the EFF and from librarians, leading to a partial admission from Adobe that they had been collecting data "in accordance with their privacy policies" (which just goes to show that Techdirt is right; such policies are a joke).
You can find a timeline of events on my original post.
My report has sparked a debate in the ebook world over just what activities are acceptable. Some took the position that Adobe’s actions were similar to the conveniences that we take for granted with the major ebook platforms (and web services in general). That would be a good point if not for the fact that Adobe was not providing me with any service which would require collecting that data, much less uploading to their servers.
The best you can say for Adobe is that they might have been intending to provide a syncing service in the future, possibly as part of the iPad app which I have been told is in the works, or as part of the ebook platform which they license to other companies (Kobo, B&N, Pocketbook, and so on). That could be true, but again Adobe was not providing that service and thus did not need to collect the data, much less upload it.
This is less a case of a company screwing up in supporting users than it is one of a major tech company grabbing more user info than is required and then, when they are caught, trying to write it off with a "My bad" and a promise to add encryption.
That is entirely the wrong response. What they should have said was that they would stop the spying, not that they would make it more difficult for the world to listen in.
Unfortunately there’s not much that users stop Adobe. This company is too central to the ebook world and that means that we will have to do business with them at some point.
The best the average user can do is to use a firewall or other utility to block Adobe’s apps from accessing the web, or possibly use one of the older versions of Adobe DE (which to the best of my knowledge does not collect user data).
Or we could always flee into the welcome embrace of Amazon, but many in the ebook world would call that a fate worse than death. Plus, there is no guarantee that Amazon is not collecting similar data on users.
If anything, this ensuing story has reminded us that there are maony circumstances where privacy is more of a figleaf than a reality. The best we can really hope for is that the services we use won’t blab our person details to the world.
image by Soctech
Comments
puzzled October 23, 2014 um 4:26 pm
So, Adobe is securely sending nothing?
Nate Hoffelder October 23, 2014 um 5:14 pm
When it comes to DRM-free ebooks, it is sending nothing.
neuse river sailor October 23, 2014 um 4:38 pm
The other option is just not to buy DRM’ed books, or borrow them either. That would be a shame, because a lot of great authors are writing things worth reading these days, but there is enough classic literature in the public domain to last me a lifetime. Last I checked, I can still download from Gutenberg or Univesity of Adelaide without having to install ADE. Plus, there are some real gems to be mined from Smashwords, if you take the time.
Feda October 23, 2014 um 7:12 pm
You can also get DRM Free books from Baen and Tor
Andrew October 23, 2014 um 4:44 pm
Is smashwords entirely DRM free? I’m not a purist, just asking if I have to check each book for DRM.
neuse river sailor October 23, 2014 um 4:47 pm
To the best of my knowledge, Smashwords is completely DRM-free.
TheSFReader October 24, 2014 um 4:37 am
Ditto. But I’m not sure there is a guarantee on ebooks they distribute and that are sold elsewhere.
They "support" DRM in their Library partnerships. (But I think it’s quite the only place where I find DRM almost legit)
Peter October 23, 2014 um 8:55 pm
So Adobe’s solution to people discovering ADE is spying on users and sending the results in plaintext is to…encrypt the data, so people know longer know what information is being collected on them?
Nate Hoffelder October 23, 2014 um 9:11 pm
It also looks like Adobe stopped tracking DRM-free ebooks. That is a hell of a lot closer to what they should have been doing in the first place.
Testing Adobe Digital Editions 4.0.1 | Meta Interchange October 23, 2014 um 9:25 pm
[…] couple hours ago, I saw reports from Library Journal and The Digital Reader that Adobe has released version 4.0.1 of Adobe Digital Editions. This was something I had […]
Adobe schließt Sicherheitslücke bei Digital Editions » lesen.net October 27, 2014 um 5:42 am
[…] mit. Die Datenübertragung an die Adobe-Server erfolgt nun mittels https. The Digital Reader bestätigt außerdem, infolge des Updates würden nur noch Informationen zu kopiergeschützten eBooks […]
O Privacy, Where Art Thou? | Beyond the Bookshelves October 29, 2014 um 11:05 am
[…] Library Association issued a statement on October 27, 2014 and Nate Hoffelder of The Digital Reader published an update on the privacy breach on October […]
Adobe is Spying on Users, Collecting Data on Their eBook Libraries – The Digital Reader October 31, 2014 um 9:58 pm
[…] Digital Editions 4.0.1 is released, and does not spy on users. […]
EFF Confirms Reports of Adobe's Spying – The Digital Reader November 1, 2014 um 7:05 pm
[…] offering a belated confirmation of both my initial report as well as a confirmation that Adobe has updated Digital Editions and stopped the […]
Adobe Digital Editions Launches on the iPad ⋆ Ink, Bits, & Pixels January 29, 2015 um 10:29 am
[…] have been telling me for about 3 months now that Adobe was going to release a Digital Editions app for the iPad, and that app showed up in […]
Adobe und EPUB: Licht und Schatten in der Welt der eBook-Tools | digital publishing competence February 18, 2015 um 7:59 am
[…] Adobe musste denn auch relativ schnell zurückrudern, räumte die Vorwürfe ein und stellte einen entsprechenden Patch zur Verfügung. Neben den reinen Fakten empfehle ich zur Lektüre dazu den Hintergrund-Artikel von Eric Hellman […]
O Privacy, Where Art Thou? – The Library February 18, 2015 um 2:21 pm
[…] Library Association issued a statement on October 27, 2014 and Nate Hoffelder of The Digital Reader published an update on the privacy breach on October […]