Adobe is the latest company to admit they’re spying “collecting information from the user” via one of their products: Adobe Digital Editions 4, the company’s latest version of the widely popular ebook platform.
Nate Hoffeolder, of The Digital Reader has first posted details about the breach, saying he was tipped to Adobe’s violation by an acquaintance “examining Adobe’s DRm for educational purposes when they noticed that Digital Editions 4…seemed to be sending an awful lot of data to Adobe’s servers.”
Adobe is said to be gathering extensive data about its users’ ebook reading habits including how long the book has been read for, what percentage of the book has been read and more. All the data including the book’s title, publisher and metadata is being sent through to Adobe’s servers in non-encrypted format. What’s even creepier is that Adobe also seems to be tracking individual users’ computers by gathering metadata from all ebooks stored on a hard drive and uploading the data onto Adobe’s servers.
The last detail however remains unclear as other users report their library isn’t being scanned, instead what appears to be happening is whenever an ebook is opened via ADE4, its details are sent to Adobe along with any previously opened ebooks. In a statement, Adobe admitted to gathering data from users as well as tracking their activities, but hasn’t addressed any of the other concerns. According to the statement:
Indeed, the privacy policy states Adobe can collect both personally identifiable and non-identifiable information, so the company isn’t breaking any terms users haven’t agreed to. And whilst DE4 isn’t necessarily sending across names, email addresses and other personal user data over the inter web, people are still wondering how “sending user info in clear text over the web could possibly be in line with a privacy policy”? An Adobe spokesperson has since said “In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue.”
It is unclear whether Adobe’s earlier version of Digital Editions are subject to the same extensive user data gathering and whether it is transmitting user data via clear text. Are you using ADE4 for your reading pleasures? What do you think of this breach? Are you using another software to read your ebooks? If so, do you think that software, say Apple’s iBooks, is also collecting and transmitting user information in a similar fashion? Does it matter?
