Adobe's Half-Assed Response To Spying On All Your eBooks
from the that's-not-gonna-do-it dept
Yesterday, we mentioned the reports kicked off by Nate Hoffelder's research that Adobe was spying on your ebook reading efforts and (even worse) sending the details as unencrypted plaintext. Adobe took its sweet time, but finally responded late last night (obnoxiously, Adobe refused to respond directly to Hoffelder at all, despite the fact that he broke the story). Here's Adobe's mealy-mouthed response that was clearly worked over by a (poorly trained) crisis PR team:Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them. All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers. Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.Some of the research into what's going on contradicts the claims of it only looking at books "currently being read," but even if that's true, it doesn't make the snooping any less disturbing. And while it may be true that Adobe has not violated its privacy policy (though, that's arguable), it really just highlights the stupidity of the concept of privacy policies. As we've noted in the past, the only way you get in trouble on privacy is if you violate your own privacy policy. And thus, the incentives are to write a policy that says "we collect absolutely everything, and do whatever we want with it, nyah, nyah, nyah," because that way you won't ever violate it. Since no one reads the policy anyway, and most people assume having a "policy" means protecting privacy (even if it says the opposite), privacy policies (and laws that require them) are often counterproductive. This situation appears to be a perfect example of that in action.
Either way, the response is tone deaf in the extreme. Even if it's "in line" with the privacy policy, does that make it right or acceptable? Adobe makes no effort to respond to the concerns about this snooping on reading habits -- which can be quite revealing. It makes no effort to respond to the serious problems of sending this info in plaintext, creating a massive security hole for private information.
While Adobe has told some that it is working on an update to "address" the issue of transmitting the data in plaintext, it's a bit late in the process to be recognizing that's an issue. The Ars Technica article notes that this may, in fact, violate New Jersey's Reader Privacy Act. EFF wonders about the similar California Reader Privacy Act and whether or not Adobe's efforts here completely undermine that law.
Since Adobe's Digital Editions are commonly used by libraries (my local library uses it, which I've used to take out ebooks), it really raises some serious questions for those libraries. Librarians have a history of strongly standing up for the protection of reader privacy. In fact, for all the talk we've had recently about Section 215 of the PATRIOT Act and how the NSA abuses it, when it was first passed, the people who protested the loudest were the librarians, who feared that it would be used to collect records on what books people were reading! Some people even referred to it as the "library records" provision (even though it was eventually twisted into much more).
And yet, here we are, a decade or so later, and Adobe has completely undermined this kind of trust and privacy which libraries pride themselves on. And, even worse, it's all in the name of some crappy DRM that publishers demand. Librarians and readers should be up in arms over this, and looking for alternatives. Adobe should stop with the bullshit crisis PR response and admit that they screwed up and that the product needs to change to better protect the privacy of individuals and their reading habits.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: copyright, digital reader, drm, ebooks, encryption, libraries, privacy, snooping
Companies: adobe
Reader Comments
Subscribe: RSS
View by: Time | Thread
Piracy: letting you choose what to do, where to do and when to do whatever you want with your legally-bought, drm-ridden content.
[ link to this | view in thread ]
"solely for purposes such as"? What does that mean? Isn't that a bit like saying "up to 50% off and more"? They have given us two reasons and left it open to AS MANY MORE REASONS AS THEY WANT. Nice.
Not to mention, I don't care why you are f***ing me, I care THAT you are f***ing me.
[ link to this | view in thread ]
...Okay, who am I kidding. When I say "cafeteria" I mean "on the toilet."
[ link to this | view in thread ]
Hey, hey, relax. Adobe is only spying on everything you do, not everything you could do! Just think, they could totally have their program go through your entire hard drive and collect information on everything in it to facilitate more comprehensive anti-piracy measures (not Adobe (TM) DRM'd? You'd best prove you ain't pirating!) instead, so isn't this current solution much better?
Oh, and don't worry, as they've only talked about hypothetical examples ("purposes such as"), they can leave the door open to discussing deals with advertis *cough* partners to put ... uhh ... consumer-relevant information on a convenient sidebar. This will obviously benefit consumers since they'll get to learn about additional goods while enjoying their book.
[ link to this | view in thread ]
Re:
Also, note that they are going to take care of the encryption issue, which only means we REALLY won't know what all kinds of information they are sending home. I'm starting to fail to see how this is better.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
"it's a feature not a bug"
Well, since it's intentional, it's technically a feature. However, in terms of effect, I consider it a bug of the showstopper variety. If it were a feature, it would be op-in, not silently always on.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
Is it worth the invasion of privacy involved, like feeding your reading habits straight to the NSA?
[ link to this | view in thread ]
"William Shakespeare - Hamlet) ; DROP TABLE Books ; --.epub"
[ link to this | view in thread ]
Re: Re:
Also, many libraries' digital collections contain Adobe DRM protected works. If your library were sending your reading habits to a third party, would your solution be "avoid the public library like the plague"?
[ link to this | view in thread ]
DRM...?
"msg_NavigatedToPage": {
"Navigated To Page": {
"atTime":1412619383042,
"PageNumber":8,
"TotalPages":9}}},
Also:
{"atTime":1412619397026,"userID":"","operatorURL":"","licenseURL":"","distrib utorID":"","resourceID":"","fulfillmentID":""}}},
{"msg_DocumentScanned":{"Document Scanned":{"atTime":1412619397026,"Title":"Getting Started with Adobe Digital Editions 4.0","Creator":"Adobe Systems Incorporated","Subject":"Getting Started","Description":"","Publisher":"Adobe Systems Incorporated","Contributor":"","Date":"2012-06-05T07:00:00+00:00","Language":"en","Format":"","Type" :"","Identifier":"","Source":"","Relation":"","Coverage":"","Rights":""}}},
Contains no identifying information or anything that could prove that the owner purchased the book, unless the author removed values for userID, licenseURL, etc, because those fields are blank. Not that it would matter, because it's all sent in the clear, anyone could just spoof it.
[ link to this | view in thread ]
Re: Re: Re:
Missed that. My bad.
"If your library were sending your reading habits to a third party, would your solution be "avoid the public library like the plague"?"
No, that's just silly. Why throw the baby out with the bathwater? Personally, I'd just remove the DRM and use a different reader. Or, if I couldn't do that for some reason, I'd simply not check out those digital works.
[ link to this | view in thread ]
✤ According to Fox 31 news and CBS, 33 million Adobe user credentials were stolen. The hack went on to effect other places such as Facebook, leaving many security sites to recommend a changing of passwords once it was patched.
✤ Adobe's source code was hacked into and stolen.
✤ One of the easiest ways to obtain passwords was by third party data passage without encryption, still part of the problem with Adobe software after all these years.
✤ Many security sites were recommending that removal of Adobe software was needed for your computer and on line security.
This has been going on for many years. I long ago gave up on Abode as being anything but an invitation to be hacked if it was on your computer. So all this 'in the clear' is not something new nor something just revealed. It is their method of operation and has been for ages. This is why data being passed in the clear is such an issue.
[ link to this | view in thread ]
PUBLIC SERVICE ANNOUNCEMENT
Privacy policies do not protect the consumer. They protect the company.
[ link to this | view in thread ]
I've been looking for an alternative for seven years now, and the alternative is: let's call a spade a spade. Give DRM a legal status to match reality: it's a hacking tool, nothing but malware, and creating and distributing it should be subject to the exact same legal restrictions as viruses, trojans, etc.
[ link to this | view in thread ]
Re: PUBLIC SERVICE ANNOUNCEMENT
There is a legal theory that contract ambiguities should be resolved in favor of the party who did not write the contract, but this is a) risky to rely on and 2) no help if there is no ambiguity.
[ link to this | view in thread ]
Re: Re: Re: Re:
So, yeah, I think it's time for a lawsuit.
[ link to this | view in thread ]
DRM urgently needs to abolished in public libraries. Publishers should never have been allowed to have this much control over a public resource.
[ link to this | view in thread ]
Re: Re: Re:
And so without any oversight at all they could snarf up the entire listing of connected devices, plus any content they choose, and send them encrypted so that no-one will be able to verify whether they do what they say they do.
[ link to this | view in thread ]
Re:
Even if it's encrypted, the amount of information collected still a violation of privacy. Any data transferred should be the absolute minimum necessary. There is no reason reading behavior should be tracked.
[ link to this | view in thread ]
Re: Re:
As someone pointed out (somewhere..) some licensing deals relate payment to number of pages read. I am going to guess that knowing which pages is possibly used to allow publishers to see which pages are most popular/least popular and they could make a case for knowing which parts of a book are least popular might help them improve it (eg custom produced textbooks) (all statistics aggregated and anonymous). Which arguably has some merit if informed consent is given.
[ link to this | view in thread ]
NJ Privacy laws
http://go-to-hellman.blogspot.com/2014/09/online-bookstores-to-face-stringent.html
http://go-to-hellm an.blogspot.com/2014/09/emergency-governor-christie-could-turn.html
Nonetheless, there are library records privacy laws in place in NJ that should apply.
EFF is misleading; I don't think the California Reader Privacy Act applies to this case, though the CA library records privacy law Cal Gov Code § 6267 should make this illegal.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Not true. Libraries can continue to to have actual, physical books. Those are DRM-free. As I said, my response would be to break the DRM and, failing that, to avoid checking out digital books. Admittedly, not a huge change for me since I've never "checked out" a digital book from the library anyway.
[ link to this | view in thread ]
Re:
That's why this is bullshit.
[ link to this | view in thread ]
Re: Re: Re: Re:
"better than the status quo" is not the same as "acceptable".
[ link to this | view in thread ]
Shotty software, always bad PR, inflated prices for certain countries, etc. Why haven't they been on the Consumerist list for Corst Company in America yet? They'd be a good contender.
Years ago I was mad that Flash was being killed on mobile. Adobe took a hit with that. Now I look at Adobe and am glad they are where they are. Their DRM has always sucked, and they obviously don't care. They seem to have the corporate mentality of Electronic Arts.
If anything, this should make people hate privacy policies, it should make people read them, and it should make people really think twice about using programs they would guess have no reason to, "phone home".
[ link to this | view in thread ]
Thank you for using our cable tv box
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Unlike you, the only books I've checked out of the library in the past two years are ebooks.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Game theory?
Just because a relative few currently have the ability unshackle themselves from the current restrictions doesn't mean the masses who lack that capacity deserve to suffer for that lack of knowledge/ability.
The attitude of "It's ok if I support companies that utilize DRM because I know where to find the information to break the current set of locks" is ultimately self-defeating.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
I've been removing Adobe PDF Reader and installing Foxit on other's computers since a long time too, over 9 years. I think it's obvious that Adobe is a useless company, Premiere? I'll take Avidemux/Handbrake even Transmaggedon instead. Virtualdub and its forks can also work with all recent codecs. You got to be a fool or forced into it by a school to buy Adobe products.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Please show me where I've said anything remotely close to this.
[ link to this | view in thread ]
Re:
I'd suggest using an older version (you can get them from OldApps.com).
Personally, I'm still on v3.0 from 2008. The installer is one tenth the size of the newest version (3.7 vs 36 MB), and there are no ads or extraneous crap. Just a fast, simple, lightweight PDF reader.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Game theory?
I never said it was OK. I said it's not a battle I choose to fight right now. I can't fight them all at the same time, after all.
[ link to this | view in thread ]
[ link to this | view in thread ]
I've been avoiding it all along, it's an unfortunate fact that it acquired Macromedia and screwed up all its product, including Flash. But then, I only allow Flash on youtube...
mates, search for alternatives!
[ link to this | view in thread ]