Adobe is working on an update to fix the latest iteration of its e-book reader, which has a gluttonous appetite for readers’ data and the slovenly habit of reporting our reading habits back to Adobe – in plain text.
As The Digital Reader’s Nate Hoffelder first reported on Monday and Ars Technica confirmed, Adobe’s Digital Editions 4 (DE4) e-book app/PDF reader, which is used by thousands of libraries to enable patrons to borrow e-books, actively logs and reports every document that readers add to their devices’ libraries, along with what users do with the files – down to the number of pages they manage to read.
Of course, uploading data about how far a reader’s gotten is integral to synching devices to the furthest point read.
But DE4’s a security and privacy danger because the app sends logs over the internet in plain text, clearly readable by anybody who’s monitoring network traffic to see what users are reading.
As Ars’s Sean Gallagher points out, that can include ISPs, cable companies, people sharing a Wi-Fi network, or the National Security Agency (NSA).
Adobe isn’t the first company to pull the plain text blunder, that’s for sure.
Last November, it emerged that LG, for one, was guilty of doing that with Smart TV data.
A UK blogger discovered in November that his TV was sending data about his family’s viewing habits back to the South Korean manufacturer – again, in plain text.
Adobe responded on Tuesday, admitting that yes, DE4 does track users’ activities, but no, it doesn’t scrape a user’s library or flip through libraries in other readers on a given device, as Hoffelder had wondered might be happening.
This is the statement Adobe put out on the issue:
Adobe says this is the content DE4 collects:
- User ID: The user ID is collected to authenticate the user.
- Device ID: The device ID is collected for digital right management (DRM) purposes since publishers typically restrict the number of devices an eBook or digital publication can be read on.
- Certified App ID: The Certified App ID is collected as part of the DRM workflow to ensure that only certified apps can render a book, reducing DRM hacks and compromised DRM implementations.
- Device IP: The device IP is collected to determine the broad geo-location, since publishers have different pricing models in place depending on the location of the reader purchasing a given eBook or digital publication.
- Duration for Which the Book was Read: This information is collected to facilitate limited or metered pricing models where publishers or distributors charge readers based on the duration a book is read. For example, a reader may borrow a book for a period of 30 days. While some publishers/distributers charge for 30-days from the date of the download, others follow a metered pricing model and charge for the actual time the book is read.
- Percentage of the Book Read: This information is collected to allow publishers to implement subscription models where they can charge based on the percentage of the book read. For example, some publishers charge only a percentage of the full price if only a certain percentage of the book is read.
- Additionally, the following data is provided by the publisher as part of the actual license and DRM for the eBook:
- Date of Purchase/Download
- Distributor ID and Adobe Content Server Operator URL
- Metadata of the Book provided by Publisher (including title, author, publisher list price, ISBN number)
While the transmission of such data might well be, in most/many cases, part of licensing and Adobe’s Digital Rights Management (DRM) efforts, transmitting them in plain text violates many library systems’ privacy policies.
In addition, unencrypted transmission of reader data, paired with the fact that Adobe’s terms of service don’t address the collection of that data, may be in violation of the law, such as the recently passed Reader Privacy Act in New Jersey – Ars reports.
Adobe said in an email that it’s working on a fix for the security hole, but it didn’t give a timeline on when we’ll see it:
In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue. We will notify you when a date for this update has been determined.
4 comments on “Adobe will update e-reader to mop up clear-text data spillage”
Yet another reason why I’m sticking with dead-tree books!
You write “Of course, uploading data about how far a reader’s gotten is integral to synching devices to the furthest point read. ” But Adobe Digital Editions does not currently offer syncing, and if it did, the reader should have a choice to enable or disable this feature, and the info collected should change accordingly. Moreover, Adobe has not explained why it collects info on ebooks released freely with no DRM included (as several reports have indicated that it does). Moreover, several of the data types Adobe says it collects are to support very particular license models (by time borrows; by amount of book read). Such data should only be collected when the book in question actually uses such a model. Beyond that, Adobe has said nothing about how long it retains the data collected, nor who it may share the data with, or for what purposes. The license agreement should spell all of this out in detail, and data should be retained no longer than is required for the purposes that justify its collection.
“Of course, uploading data about how far a reader’s gotten is integral to synching devices to the furthest point read.”
Adobe doesn’t currently offer a means to sync reading position between devices and apps. If they wish to provide that in the future, great, but in the meantime they have no need for storing information on my reading habits.
* As clarification, I’ll add that I’m referring to DRM-free epubs in my collection. I don’t generally buy DRM-encumbered titles. If I were reading DRMed titles, either purchased or borrowed through a subscription, connecting to a licensing server for validation would be expected. There’s no excuse for Adobe collecting information on my reading of legally purchased titles which never had Adobe DRM to begin with, especially with no reading position syncing capability to otherwise justify the transfer of information.