Adobe Discovers Encryption, Cuts Back On Its eBook Snooping A Bit
from the drm-is-bad,-mmkay? dept
The whole DRM for ebooks effort is still pretty braindead all around. It's amazing to me that everyone hasn't realized what the music industry figured out years ago (after many earlier years of kicking and screaming): DRM doesn't help the creators or the copyright holders in the slightest. It pisses off end users and tends to help give platform providers a dominant position by creating lock-in with their users. Time and time again we see copyright holders demanding DRM, not realizing that this demand actually gives all the leverage to the platform provider. And, of course, there are all the technical problems with DRM, from making "purchased" content disappear once DRM servers are turned off, to making it more difficult to actually use legitimately authorized content, to the fact that DRM tends to lead to privacy and security problems as well.A few weeks ago, Nate Hoffelder discovered that Adobe's ebook reader, Digital Editions 4, was spying on your ebooks, collecting a ton of information about them, and then uploading it all to Adobe's servers in an unencrypted format, potentially revealing a lot of information about users of the product. Adobe came out with a ridiculously mealy-mouthed response that clearly had been worked over by a crisis team PR person, when what it should have done is say, "Uh, we screwed up."
Now, a couple of weeks later, Adobe has quietly updated Digital Edition, complete with encryption... and with greatly reduced snooping. It no longer does anything on non-DRM'd ebooks, only contacting the server for DRM'd books (which, as explained, is a dumb idea, but...). So, Adobe has corrected the egregious errors of its original snooping (though, frankly, the company should also (1) apologize to the public and (2) thank Hoffelder for pointing out the company's crappy practices).
Hoffelder goes even further, arguing that what Adobe should really do is stop the data collection entirely:
This is less a case of a company screwing up in supporting users than it is one of a major tech company grabbing more user info than is required and then, when they are caught, trying to write it off with a “My bad” and a promise to add encryption.From all appearances, the real problem here is... DRM. Adobe's designed a DRM system that requires a server check-in to make it work. This is dumb for a variety of reasons, and also means that when -- inevitably -- the server goes away, those "purchased" works are likely to disappear as well.
That is entirely the wrong response. What they should have said was that they would stop the spying, not that they would make it more difficult for the world to listen in.
Filed Under: digital editions, drm, ebooks, encryption
Companies: adobe