Is Adobe's Ebook Reader Spying On What You Read -- And What You Have On Your Computer?
from the and-sending-your-data-in-cleartext-too? dept
Ebooks have many advantages, but as Techdirt has reported in the past, there are dangers too, particularly in a world of devices routinely connected to the Net. Back in 2010, we wrote about how Amazon was remotely uploading information about the user notes and highlights you took on your Kindle. More recently, we reported on how a school was using electronic versions of textbooks to spy on students as they read them. Against that background, you would have thought by now that companies would be sensitive to these kinds of issues. But if Nate Hoffelder is right, there's a big privacy problem with Adobe's Digital Editions 4, its free ebook reading app. Here's what Hoffelder writes on his blog, The Digital Reader:
Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)
Specifically:
Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.
Yes, not only is the app spying on you, but it is sending personal information unencrypted over the Net. And it seems that this is not just about the ebook you are currently reading:
Adobe isn't just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.
These are all serious accusations, and completely unacceptable if confirmed. At the very least, an independent investigation by Ars Technica has now confirmed all of the important details, though Adobe has still stayed silent. However, this also highlights why many people prefer to use pirated editions without DRM, which can be read on any suitable software: not because they're free, but because they're better products in just about every way -- for example, in respecting your privacy.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: digital editions, ebooks, spying, spyware
Companies: adobe
Reader Comments
Subscribe: RSS
View by: Time | Thread
Wait...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Two lessons here
2. The first thing you should do with any eBook you receive is to strip the DRM out of it.
[ link to this | view in chronology ]
Re: Two lessons here
Really, they cry piracy but they can't provide a service for good prices that doesn't screw up the customer at every corner...
[ link to this | view in chronology ]
Re: Re: Two lessons here
As far as buying the printed copy -- this depends on the book. about 75% of the books I buy are technical ones, and I most definitely don't want the paper version of these, because they weight a lot, take up a lot of storage space, and aren't nearly as useful to me as electronic versions (you can't grep a dead tree.)
Nowadays, I prefer to have my recreational reading in electronic form as well, because books are bulky. This was driven home for me the last time I moved and my book collection was one of the larger pain points. Also, it's rather nice to be able to easily carry a half dozen or so books with me at all times. I always have something I feel like reading with me, no matter where I am.
[ link to this | view in chronology ]
Re: Re: Re: Two lessons here
[ link to this | view in chronology ]
Re: Re: Re: Re: Two lessons here
Where this balance lies is completely subjective, of course, so your balance might be different. For example, I don't purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not). eBook DRM doesn't, in my opinion, rise to the same level, so I will continue to buy them (as long as I can remove the DRM -- as soon as I can't do that, I'll stop buying the eBooks).
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Two lessons here
My own purchases stopped dead in 2003 when the mass-lawsuits against Kazaa users began, and over a decade later I'm still boycotting RIAA music. That includes concerts, which the record label usually gets a cut off the top. The RIAA-RADAR site died several years ago, but is there another alternative that redlights RIAA music?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Two lessons here
I take a shortcut, though -- I tend to avoid artists who are signed to a label at all, except for labels that I am already confident in. It works well for me (and giving money directly to the artists who made a work is actually satisfying and makes me happy, where giving that money to a corporation does the opposite.)
[ link to this | view in chronology ]
Re: Re: Re: Re: Two lessons here
OverDrive is used by libraries around the world to make e-books available to their patrons. Usually, it's the ONLY way to get the e-books. However, whether the DRM bit is applied is up to the book publishers, not OverDrive.
So in this case, where do you stop the enablement? I'd say it stops at the point where ADE kicks in, but you'll also want to let your library, OverDrive and the publisher know WHY you chose a different book instead of an ADE restricted version. Otherwise, nothing will change, due to the large number of ignorant (not in an insulting way) people using the service.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Two lessons here
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Two lessons here
[ link to this | view in chronology ]
Re: Re: Re: Two lessons here
Guess what?
[ link to this | view in chronology ]
Re: Re: Re: Re: Two lessons here
If you're implying that removing DRM is pirating, then I disagree: pirating involves the unauthorized distribution of a copyrighted work. Stripping a legally obtained work of DRM does not.
True, stripping the DRM is likely breaking the anti-circumvention clause in the DMCA, but oh well. I'll take my chances. :)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Two lessons here
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Two lessons here
[ link to this | view in chronology ]
Re: Re: Re: Re: Two lessons here
Well, I'm not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I'll do that. I just remove the DRM.
At this point, I have not pirated, but have a fair number of texts, in .txt format. Amazon, google, B&N, Miocroweenie, etc. didn't pay for them, and I have no interntion of letting them know what I have without thme PAYING... which they won't...
But they will sell the world all my information, including my exact location within 30 feet.... to any business ,crooks, scoundrels or, worse, dnc gets it for free...
[ link to this | view in chronology ]
Re: Re: Two lessons here
[ link to this | view in chronology ]
Re: Two lessons here
[ link to this | view in chronology ]
Re: Re: Two lessons here
[ link to this | view in chronology ]
Consider as well Adobe's security history
If Adobe's collecting and storing all of this information, then they're building an extremely attractive target, which is quite likely to fall into the hands of attackers. Perhaps it already has.
[ link to this | view in chronology ]
Re: Consider as well Adobe's security history
signed, OP
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
I don't. I sync my Kindle via the USB cable to Calibre on my computer.
I've never seen the point since my phone already acts as a perfectly fine reader.
I've also used my phone as a reader, but I prefer my Kindle Paperwhite. It's easier on the eyes and is far superior when in direct sunlight.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
I can comfortably see my phone's screen in direct sunlight, although I can't think of a time when I've tried reading an eBook in those conditions so I don't know how well that would work. On the other hand, that's clearly not an important factor for me since I've yet to try it.
In the end, that's the real beauty of a thriving marketplace: we all have different needs, and it's nice that we can all find something that meets them.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I also feel safer with Evince. I've read about a lot of malware using Adobe e-reader exploits to launch their payloads from PDFs.
Best of all, Evince is free as in freedom software and doesn't spy on you.
[ link to this | view in chronology ]
Adobe is a bad company and routinely makes atrocious security decisions but the bit about Amazon is just silly.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Syncing
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
According to Bonnie Dumanis, that is called: "protecting the children", so it is totally ok.
[ link to this | view in chronology ]
This topic should be commemerated in song...
(to the tune ""Every Breath You Take" by THE POLICE - a bit of irony there)
Every book you take
Every move you make
Every DRM you break
Every step you take
I'll be watching you
[ link to this | view in chronology ]
wow... you just figured this out?
Same is true with nook, and a few other 'readers.'
several programs that make readable files of '.txt' files, do same, and always have, when using android...
If you think any of your data located on their servers, is not 'theirs'... you have not really read anything to do with your agreements, with them...
"Free" means your cost is only all your life's information... at cost only means you pay more for them to have it.
[ link to this | view in chronology ]
Re: wow... you just figured this out?
Because Wi-Fi has been turned off since the very beginning...
[ link to this | view in chronology ]
Is anyone really surprised?
Ditto TV viewing. I ASSUME TiVo knows every time I fast forward through a commercial, or press "page down" to hide an ad. That information has value (to someone), think they're going to leave it on the table?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Other Adobe Products Involved?
We just got the word that a lot of Adobe products are going to be free if you work on campus, and very cheap if you want one for a personal machine. I just notified our campus IT security coordinator of this little problem, including asking what other Adobe products might have similar [sarcasm]glitches[/sarcasm]."
I'm curious as to what he's going to say.
[ link to this | view in chronology ]
Re: Other Adobe Products Involved?
[ link to this | view in chronology ]
adobe spying reply
http://the-digital-reader.com/2014/10/07/adobe-responds-reports-spying-half-truths-misleading- statements/#.VDRpCvldWIV
or
http://goo.gl/0vx0Ek
[ link to this | view in chronology ]
Re: adobe spying reply
Ultimately the questions are what are they selling and to whom? All corporates seem so hung up on the concept that 'big data tells us everything' that it might even be getting hard to sell software product licenses a la Adobe (Overdrive etc) if they DON'T give more and more info (this is not an excuse or to be read as condoning it). So many bodies want to 'collect it all' even if they can't figure out what to do with it, like jackdaws stealing shiny objects just because shiny and hoarding is good (just like laying down fat for winter..)
[ link to this | view in chronology ]
No - because it is not on my computer.
[ link to this | view in chronology ]
The feds should open an investigation, look through company emails and meeting minutes until they find the idiot who made the initial decision and arrest them.
[ link to this | view in chronology ]
[ link to this | view in chronology ]