Is Adobe's Ebook Reader Spying On What You Read -- And What You Have On Your Computer?

from the and-sending-your-data-in-cleartext-too? dept

Tue, Oct 7th 2014 10:12am — Glyn Moody

Ebooks have many advantages, but as Techdirt has reported in the past, there are dangers too, particularly in a world of devices routinely connected to the Net. Back in 2010, we wrote about how Amazon was remotely uploading information about the user notes and highlights you took on your Kindle. More recently, we reported on how a school was using electronic versions of textbooks to spy on students as they read them. Against that background, you would have thought by now that companies would be sensitive to these kinds of issues. But if Nate Hoffelder is right, there's a big privacy problem with Adobe's Digital Editions 4, its free ebook reading app. Here's what Hoffelder writes on his blog, The Digital Reader:

Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)

Specifically: Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.
Yes, not only is the app spying on you, but it is sending personal information unencrypted over the Net. And it seems that this is not just about the ebook you are currently reading: Adobe isn't just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.
These are all serious accusations, and completely unacceptable if confirmed. At the very least, an independent investigation by Ars Technica has now confirmed all of the important details, though Adobe has still stayed silent. However, this also highlights why many people prefer to use pirated editions without DRM, which can be read on any suitable software: not because they're free, but because they're better products in just about every way -- for example, in respecting your privacy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: digital editions, ebooks, spying, spyware
Companies: adobe

52 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 7 Oct 2014 @ 10:13am

They're just checking to see if you're reading 1984.

Wait...
[ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 10:30am

Proprietary software: Because we can.
[ link to this | view in chronology ]
John Fenderson (profile), 7 Oct 2014 @ 10:30am

Two lessons here
1. Stop using Adobe software. Their stuff has been consistently awful for a very, very long time. Everyone should have leard this by now.

2. The first thing you should do with any eBook you receive is to strip the DRM out of it.
[ link to this | view in chronology ]
- Ninja (profile), 7 Oct 2014 @ 10:45am
  
  Re: Two lessons here
  Or, you know, download it DRM free already and buy the printed version that's usually cheaper and more pleasant to read at home.
  
  Really, they cry piracy but they can't provide a service for good prices that doesn't screw up the customer at every corner...
  [ link to this | view in chronology ]
  - John Fenderson (profile), 7 Oct 2014 @ 11:05am
    
    Re: Re: Two lessons here
    Well, I'm not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I'll do that. I just remove the DRM.
    
    As far as buying the printed copy -- this depends on the book. about 75% of the books I buy are technical ones, and I most definitely don't want the paper version of these, because they weight a lot, take up a lot of storage space, and aren't nearly as useful to me as electronic versions (you can't grep a dead tree.)
    
    Nowadays, I prefer to have my recreational reading in electronic form as well, because books are bulky. This was driven home for me the last time I moved and my book collection was one of the larger pain points. Also, it's rather nice to be able to easily carry a half dozen or so books with me at all times. I always have something I feel like reading with me, no matter where I am.
    [ link to this | view in chronology ]
    - Anonymous Coward, 7 Oct 2014 @ 11:08am
      
      Re: Re: Re: Two lessons here
      If you buy DRM, you support DRM. If you don't want to support DRM, don't enable companies that use it.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 7 Oct 2014 @ 11:35am
        
        Re: Re: Re: Re: Two lessons here
        True enough, and I am a strong advocate of "voting with your dollars." However, a balance must be struck. If I really avoided buying everything that is connected to something I object to, then I would be unable to buy almost anything.
        
        Where this balance lies is completely subjective, of course, so your balance might be different. For example, I don't purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not). eBook DRM doesn't, in my opinion, rise to the same level, so I will continue to buy them (as long as I can remove the DRM -- as soon as I can't do that, I'll stop buying the eBooks).
        [ link to this | view in chronology ]
        
        Anonymous Coward, 7 Oct 2014 @ 12:29pm
        
        Re: Re: Re: Re: Re: Two lessons here
        "I don't purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not)."
        
        My own purchases stopped dead in 2003 when the mass-lawsuits against Kazaa users began, and over a decade later I'm still boycotting RIAA music. That includes concerts, which the record label usually gets a cut off the top. The RIAA-RADAR site died several years ago, but is there another alternative that redlights RIAA music?
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 7 Oct 2014 @ 12:42pm
        
        Re: Re: Re: Re: Re: Re: Two lessons here
        I'm not aware of anything as good as RIAA-RADAR, but the majority of the time you can suss out who is a member of RIAA or not through an hour or two of searching the internet.
        
        I take a shortcut, though -- I tend to avoid artists who are signed to a label at all, except for labels that I am already confident in. It works well for me (and giving money directly to the artists who made a work is actually satisfying and makes me happy, where giving that money to a corporation does the opposite.)
        [ link to this | view in chronology ]
      - Anonymous Coward, 7 Oct 2014 @ 2:59pm
        
        Re: Re: Re: Re: Two lessons here
        The tricky bit here is that the major user of Adobe Digital Editions 4 isn't the Adobe eBook reader -- it's OverDrive.
        
        OverDrive is used by libraries around the world to make e-books available to their patrons. Usually, it's the ONLY way to get the e-books. However, whether the DRM bit is applied is up to the book publishers, not OverDrive.
        
        So in this case, where do you stop the enablement? I'd say it stops at the point where ADE kicks in, but you'll also want to let your library, OverDrive and the publisher know WHY you chose a different book instead of an ADE restricted version. Otherwise, nothing will change, due to the large number of ignorant (not in an insulting way) people using the service.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 7 Oct 2014 @ 3:32pm
        
        Re: Re: Re: Re: Re: Two lessons here
        Since publishers would love nothing more than to see every library close up shop, I doubt that this sort pressure would have the effect you want in this case. The publishers will just tell the libraries "tough".
        [ link to this | view in chronology ]
        
        M. Alan Thomas II (profile), 8 Oct 2014 @ 12:32am
        
        Re: Re: Re: Re: Re: Re: Two lessons here
        The publishers can say whatever the fuck they want; every state in the country has library privacy laws and the good ones—mine included—cover this. Amazon took heat for similar activity with regards to OverDrive and Kindle ebook lending, and it worked. Why? Giant corporations accused of being untrustworthy vs. the one near-universally loved governmental function fronted by a profession that oozes public trust does not go well for the corporations.
        [ link to this | view in chronology ]
    - orbitalinsertion (profile), 7 Oct 2014 @ 1:40pm
      
      Re: Re: Re: Two lessons here
      Well, I'm not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I'll do that. I just remove the DRM.
      
      Guess what?
      [ link to this | view in chronology ]
      - John Fenderson (profile), 7 Oct 2014 @ 2:30pm
        
        Re: Re: Re: Re: Two lessons here
        I give up, what?
        
        If you're implying that removing DRM is pirating, then I disagree: pirating involves the unauthorized distribution of a copyrighted work. Stripping a legally obtained work of DRM does not.
        
        True, stripping the DRM is likely breaking the anti-circumvention clause in the DMCA, but oh well. I'll take my chances. :)
        [ link to this | view in chronology ]
        
        That One Guy (profile), 7 Oct 2014 @ 3:49pm
        
        Re: Re: Re: Re: Re: Two lessons here
        I think the point was that pirating or DRM stripping, you're still breaking the law either way, and those that bought the law likely see no real difference between the two actions.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 8 Oct 2014 @ 8:06am
        
        Re: Re: Re: Re: Re: Re: Two lessons here
        Ah, I see. That doesn't really factor into my thinking because the reason I don't pirate has nothing to do with it being against the law. I couldn't care less what the people who bought the law think.
        [ link to this | view in chronology ]
      - the old rang, 15 Oct 2014 @ 1:22pm
        
        Re: Re: Re: Re: Two lessons here
        Re: Re: Re: Two lessons here
        Well, I'm not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I'll do that. I just remove the DRM.
        
        At this point, I have not pirated, but have a fair number of texts, in .txt format. Amazon, google, B&N, Miocroweenie, etc. didn't pay for them, and I have no interntion of letting them know what I have without thme PAYING... which they won't...
        
        But they will sell the world all my information, including my exact location within 30 feet.... to any business ,crooks, scoundrels or, worse, dnc gets it for free...
        [ link to this | view in chronology ]
  - Ellie (profile), 7 Oct 2014 @ 11:30am
    
    Re: Re: Two lessons here
    Adobe is probably tracking reading speed, bookmarks etc. just like AMZN did. I used Adobe Digital Editions, the free e-reader using EPUB (?) format. It was good, but not better than any others. This sounds like the best option to me:
    buy the printed version that's usually cheaper and more pleasant to read at home.
    I don't like messing with DRM.
    [ link to this | view in chronology ]
- art guerrilla (profile), 7 Oct 2014 @ 11:08am
  
  Re: Two lessons here
  just to remind kampers: calibre is your friend...
  [ link to this | view in chronology ]
  - ChurchHatesTucker (profile), 7 Oct 2014 @ 11:15am
    
    Re: Re: Two lessons here
    It scans Calibre libraries too.
    [ link to this | view in chronology ]
Rich Kulawiec, 7 Oct 2014 @ 10:48am

Consider as well Adobe's security history
It wasn't that long that they had a security/privacy disaster: Adobe Breach Impacted At Least 38 Million Users

If Adobe's collecting and storing all of this information, then they're building an extremely attractive target, which is quite likely to fall into the hands of attackers. Perhaps it already has.
[ link to this | view in chronology ]
- Nate, 7 Oct 2014 @ 10:54am
  
  Re: Consider as well Adobe's security history
  Ouch. That is going to make a good follow up post.
  
  signed, OP
  [ link to this | view in chronology ]
Zos (profile), 7 Oct 2014 @ 10:53am

hmm makes me wonder about amazon unlimited? the deal with amazons new library according to a few author and publisher friends, is that they get paid when someone reads ten percent of the book.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Oct 2014 @ 11:34am
  
  Re:
  Yes, as I noted in a comment below, a ton of very useful Amazon Kindle functionality (community highlighting, book syncing, the Amazon Unlimited author payment contract) is ONLY possible by syncing data with a central server. It's pretty different from sending all this info in plaintext and snooping on your computer.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 7 Oct 2014 @ 11:38am
    
    Re: Re:
    I suppose if those features are valuable to you then that's a good reason to use their reader. If none of those features are of any value to you (they certainly aren't to me), then the reader should be avoided entirely.
    [ link to this | view in chronology ]
    - That One Guy (profile), 7 Oct 2014 @ 12:26pm
      
      Re: Re: Re:
      Or you can just put the device on airplane mode and leave it that way.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 7 Oct 2014 @ 12:44pm
        
        Re: Re: Re: Re:
        Don't you have to use WiFi to get the titles on the device? I don't know, as I've never used a dedicated reader -- I've never seen the point since my phone already acts as a perfectly fine reader.
        [ link to this | view in chronology ]
        
        That One Guy (profile), 7 Oct 2014 @ 1:34pm
        
        Re: Re: Re: Re: Re:
        You don't have to no, if you buy something from their ebook marketplace(something I generally avoid, given prices and ninja DRM) you can download it to your computer and transfer it to the Kindle via USB cable.
        [ link to this | view in chronology ]
        
        Gwiz (profile), 7 Oct 2014 @ 1:44pm
        
        Re: Re: Re: Re: Re:
        Don't you have to use WiFi to get the titles on the device?
        
        I don't. I sync my Kindle via the USB cable to Calibre on my computer.
        
        I've never seen the point since my phone already acts as a perfectly fine reader.
        
        I've also used my phone as a reader, but I prefer my Kindle Paperwhite. It's easier on the eyes and is far superior when in direct sunlight.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 7 Oct 2014 @ 2:37pm
        
        Re: Re: Re: Re: Re: Re:
        I've used my daughter's Kindle, but honestly I prefer the display on my phone. It's easier for my tired old eyes to read.
        
        I can comfortably see my phone's screen in direct sunlight, although I can't think of a time when I've tried reading an eBook in those conditions so I don't know how well that would work. On the other hand, that's clearly not an important factor for me since I've yet to try it.
        
        In the end, that's the real beauty of a thriving marketplace: we all have different needs, and it's nice that we can all find something that meets them.
        [ link to this | view in chronology ]
        
        Adam, 2 Feb 2022 @ 10:12am
        
        Re: Re: Re: Re: Re: Re:
        2 words ..."Project Sidewalk" Ty..gnight...mic drop...
        [ link to this | view in chronology ]
    - Zos (profile), 8 Oct 2014 @ 7:09am
      
      Re: Re: Re:
      that's...tricky. i want authors i enjoy to get a piece, that's why i began using amazon unlimited, rather than just grabbing them from my favorite download site.
      [ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 10:56am

They are just following the example of the US government, gathering everything they think may be interesting. The NSA will quite like this, because it is not encrypted so they can just gather it as it flies past.
[ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 11:01am

I like Evince as my digital document reader. There's a cool option that allows inverting colors. So the background is black and the text is white. A black background is much easier on my eyes.

I also feel safer with Evince. I've read about a lot of malware using Adobe e-reader exploits to launch their payloads from PDFs.

Best of all, Evince is free as in freedom software and doesn't spy on you.
[ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 11:12am

The Amazon highlighting thing is a feature, it's not like they hide it. By default any Kindle app will underline a passage that a certain threshold of other readers have highlighted, making note-taking much simpler. Plus, Kindle books automatically sync across devices - I'm extremely curious how the author thinks this could be accomplished without sending data back to a central server.

Adobe is a bad company and routinely makes atrocious security decisions but the bit about Amazon is just silly.
[ link to this | view in chronology ]
- John Fenderson (profile), 7 Oct 2014 @ 12:15pm
  
  Re:
  Adobe's a terrible company, but Amazon's not exactly a paragon of virtue themselves.
  [ link to this | view in chronology ]
- David E. Siegel, 10 Oct 2014 @ 5:30pm
  
  Re: Syncing
  Syncing can't be accomplished without sending at least a bookmark and a user ID to a central server, but Adobe DE doesn't currently offer Syncing, and not everyone wants it from kindle. It should be a user option where available, and if syncing turned off there is no need to send this sort of usage data anywhere.
  [ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 11:12am

I'm sure they will scream that this somehow is different, but isn't every installation of this product a violation of the CFAA?
[ link to this | view in chronology ]
- Eric Stein, 7 Oct 2014 @ 1:16pm
  
  Re:
  It's not like Adobe's an individual - they're working for the machine, so they get a pass. I'm sure they'll get around to prosecuting Adobe as soon as they're done with Microsuck and AP&P. If you're screwin' the public, well, you get the idear. Them public screwin' passes, they're not available to individuals.
  [ link to this | view in chronology ]
Michael, 7 Oct 2014 @ 11:38am

Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.

According to Bonnie Dumanis, that is called: "protecting the children", so it is totally ok.
[ link to this | view in chronology ]
Stan (profile), 7 Oct 2014 @ 11:54am

This topic should be commemerated in song...
... so here it is.

(to the tune ""Every Breath You Take" by THE POLICE - a bit of irony there)

Every book you take
Every move you make
Every DRM you break
Every step you take
I'll be watching you
[ link to this | view in chronology ]
the old rang, 7 Oct 2014 @ 12:05pm

wow... you just figured this out?
Nothing goes into Amazon's readers without them knowing (hence, no ssd cards)...

Same is true with nook, and a few other 'readers.'

several programs that make readable files of '.txt' files, do same, and always have, when using android...

If you think any of your data located on their servers, is not 'theirs'... you have not really read anything to do with your agreements, with them...

"Free" means your cost is only all your life's information... at cost only means you pay more for them to have it.
[ link to this | view in chronology ]
- Albert Maurice, 7 Oct 2014 @ 2:21pm
  
  Re: wow... you just figured this out?
  Amazon knows nothing about anything that is on my Kindle.
  
  Because Wi-Fi has been turned off since the very beginning...
  [ link to this | view in chronology ]
scotts13 (profile), 7 Oct 2014 @ 12:21pm

Is anyone really surprised?
I always assumed that every action I took - how fast I read, what pages were skipped, whether I finished the book, if I deleted the file afterward - was monitored. They do because they can.

Ditto TV viewing. I ASSUME TiVo knows every time I fast forward through a commercial, or press "page down" to hide an ad. That information has value (to someone), think they're going to leave it on the table?
[ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 1:03pm

if the accusations prove to be correct, i hope Adobe is prepared for court action! why is it, anyway, that companies have to spy on customers? they want the products bought and used and the number of sales was always able to be worked out before computers were even a single thought. what this behavior shows is how lazy the sellers have become. even when a short while ago it was found that LG was spying on customers who had purchased their TVs with built in wifi. you would think that companies/manufacturers would stop the practice. it seems that what actually happens is they try to be more subversive!
[ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 1:54pm

Other Adobe Products Involved?
Nate mentioned FERPAin his article. Where I work, you violate that you lose your job. No excuses, no exceptions, no mercy.

We just got the word that a lot of Adobe products are going to be free if you work on campus, and very cheap if you want one for a personal machine. I just notified our campus IT security coordinator of this little problem, including asking what other Adobe products might have similar [sarcasm]glitches[/sarcasm]."

I'm curious as to what he's going to say.
[ link to this | view in chronology ]
- Rich Kulawiec, 7 Oct 2014 @ 2:49pm
  
  Re: Other Adobe Products Involved?
  Hmmm. That's an interesting point. Maybe this would be a good time to ask "How does this Adobe spyware know the difference between a book and some other document that happens to be in the same format?"
  [ link to this | view in chronology ]
David Blevins, 7 Oct 2014 @ 4:40pm

adobe spying reply
Here's their reply:

http://the-digital-reader.com/2014/10/07/adobe-responds-reports-spying-half-truths-misleading- statements/#.VDRpCvldWIV

or

http://goo.gl/0vx0Ek
[ link to this | view in chronology ]
- Anonymous Coward, 7 Oct 2014 @ 5:15pm
  
  Re: adobe spying reply
  Marketing weasel-speak.
  
  Ultimately the questions are what are they selling and to whom? All corporates seem so hung up on the concept that 'big data tells us everything' that it might even be getting hard to sell software product licenses a la Adobe (Overdrive etc) if they DON'T give more and more info (this is not an excuse or to be read as condoning it). So many bodies want to 'collect it all' even if they can't figure out what to do with it, like jackdaws stealing shiny objects just because shiny and hoarding is good (just like laying down fat for winter..)
  [ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 5:32pm

Is Adobe's Ebook Reader Spying On What You Read -- And What You Have On Your Computer?

No - because it is not on my computer.
[ link to this | view in chronology ]
Anonymous Coward, 7 Oct 2014 @ 11:58pm

Honestly, someone should be arrested for this. If I wrote a program, convinced you to install it and then continued to pull data off your machine without your permission it would labelled as hacking (which is incorrect) and I'd be convicted. Why should they be above the law?

The feds should open an investigation, look through company emails and meeting minutes until they find the idiot who made the initial decision and arrest them.
[ link to this | view in chronology ]
Anonymous Coward, 8 Oct 2014 @ 4:28am

Do not trust proprietary software, use FOSS.
[ link to this | view in chronology ]