Is Adobe's Ebook Reader Spying On What You Read — And What You Have On Your Computer?

from the and-sending-your-data-in-cleartext-too? dept

Ebooks have many advantages, but as Techdirt has reported in the past, there are dangers too, particularly in a world of devices routinely connected to the Net. Back in 2010, we wrote about how Amazon was remotely uploading information about the user notes and highlights you took on your Kindle. More recently, we reported on how a school was using electronic versions of textbooks to spy on students as they read them. Against that background, you would have thought by now that companies would be sensitive to these kinds of issues. But if Nate Hoffelder is right, there’s a big privacy problem with Adobe’s Digital Editions 4, its free ebook reading app. Here’s what Hoffelder writes on his blog, The Digital Reader:

Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)

Specifically:

Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe?s server in clear text.

Yes, not only is the app spying on you, but it is sending personal information unencrypted over the Net. And it seems that this is not just about the ebook you are currently reading:

Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe?s servers.

These are all serious accusations, and completely unacceptable if confirmed. At the very least, an independent investigation by Ars Technica has now confirmed all of the important details, though Adobe has still stayed silent. However, this also highlights why many people prefer to use pirated editions without DRM, which can be read on any suitable software: not because they’re free, but because they’re better products in just about every way — for example, in respecting your privacy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , ,
Companies: adobe

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Is Adobe's Ebook Reader Spying On What You Read — And What You Have On Your Computer?”

Subscribe: RSS Leave a comment
52 Comments
John Fenderson (profile) says:

Re: Re: Two lessons here

Well, I’m not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I’ll do that. I just remove the DRM.

As far as buying the printed copy — this depends on the book. about 75% of the books I buy are technical ones, and I most definitely don’t want the paper version of these, because they weight a lot, take up a lot of storage space, and aren’t nearly as useful to me as electronic versions (you can’t grep a dead tree.)

Nowadays, I prefer to have my recreational reading in electronic form as well, because books are bulky. This was driven home for me the last time I moved and my book collection was one of the larger pain points. Also, it’s rather nice to be able to easily carry a half dozen or so books with me at all times. I always have something I feel like reading with me, no matter where I am.

John Fenderson (profile) says:

Re: Re: Re:2 Two lessons here

True enough, and I am a strong advocate of “voting with your dollars.” However, a balance must be struck. If I really avoided buying everything that is connected to something I object to, then I would be unable to buy almost anything.

Where this balance lies is completely subjective, of course, so your balance might be different. For example, I don’t purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not). eBook DRM doesn’t, in my opinion, rise to the same level, so I will continue to buy them (as long as I can remove the DRM — as soon as I can’t do that, I’ll stop buying the eBooks).

Anonymous Coward says:

Re: Re: Re:3 Two lessons here

“I don’t purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not).”

My own purchases stopped dead in 2003 when the mass-lawsuits against Kazaa users began, and over a decade later I’m still boycotting RIAA music. That includes concerts, which the record label usually gets a cut off the top. The RIAA-RADAR site died several years ago, but is there another alternative that redlights RIAA music?

John Fenderson (profile) says:

Re: Re: Re:4 Two lessons here

I’m not aware of anything as good as RIAA-RADAR, but the majority of the time you can suss out who is a member of RIAA or not through an hour or two of searching the internet.

I take a shortcut, though — I tend to avoid artists who are signed to a label at all, except for labels that I am already confident in. It works well for me (and giving money directly to the artists who made a work is actually satisfying and makes me happy, where giving that money to a corporation does the opposite.)

Anonymous Coward says:

Re: Re: Re:2 Two lessons here

The tricky bit here is that the major user of Adobe Digital Editions 4 isn’t the Adobe eBook reader — it’s OverDrive.

OverDrive is used by libraries around the world to make e-books available to their patrons. Usually, it’s the ONLY way to get the e-books. However, whether the DRM bit is applied is up to the book publishers, not OverDrive.

So in this case, where do you stop the enablement? I’d say it stops at the point where ADE kicks in, but you’ll also want to let your library, OverDrive and the publisher know WHY you chose a different book instead of an ADE restricted version. Otherwise, nothing will change, due to the large number of ignorant (not in an insulting way) people using the service.

M. Alan Thomas II (profile) says:

Re: Re: Re:4 Two lessons here

The publishers can say whatever the fuck they want; every state in the country has library privacy laws and the good ones—mine included—cover this. Amazon took heat for similar activity with regards to OverDrive and Kindle ebook lending, and it worked. Why? Giant corporations accused of being untrustworthy vs. the one near-universally loved governmental function fronted by a profession that oozes public trust does not go well for the corporations.

John Fenderson (profile) says:

Re: Re: Re:2 Two lessons here

I give up, what?

If you’re implying that removing DRM is pirating, then I disagree: pirating involves the unauthorized distribution of a copyrighted work. Stripping a legally obtained work of DRM does not.

True, stripping the DRM is likely breaking the anti-circumvention clause in the DMCA, but oh well. I’ll take my chances. 🙂

the old rang (profile) says:

Re: Re: Re:2 Two lessons here

Re: Re: Re: Two lessons here
Well, I’m not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I’ll do that. I just remove the DRM.

At this point, I have not pirated, but have a fair number of texts, in .txt format. Amazon, google, B&N, Miocroweenie, etc. didn’t pay for them, and I have no interntion of letting them know what I have without thme PAYING… which they won’t…

But they will sell the world all my information, including my exact location within 30 feet…. to any business ,crooks, scoundrels or, worse, dnc gets it for free…

Ellie (profile) says:

Re: Re: Two lessons here

Adobe is probably tracking reading speed, bookmarks etc. just like AMZN did. I used Adobe Digital Editions, the free e-reader using EPUB (?) format. It was good, but not better than any others. This sounds like the best option to me:

buy the printed version that’s usually cheaper and more pleasant to read at home.

I don’t like messing with DRM.

Rich Kulawiec (profile) says:

Consider as well Adobe's security history

It wasn’t that long that they had a security/privacy disaster: Adobe Breach Impacted At Least 38 Million Users

If Adobe’s collecting and storing all of this information, then they’re building an extremely attractive target, which is quite likely to fall into the hands of attackers. Perhaps it already has.

Anonymous Coward says:

Re: Re:

Yes, as I noted in a comment below, a ton of very useful Amazon Kindle functionality (community highlighting, book syncing, the Amazon Unlimited author payment contract) is ONLY possible by syncing data with a central server. It’s pretty different from sending all this info in plaintext and snooping on your computer.

Gwiz (profile) says:

Re: Re: Re:3 Re:

Don’t you have to use WiFi to get the titles on the device?

I don’t. I sync my Kindle via the USB cable to Calibre on my computer.

I’ve never seen the point since my phone already acts as a perfectly fine reader.

I’ve also used my phone as a reader, but I prefer my Kindle Paperwhite. It’s easier on the eyes and is far superior when in direct sunlight.

John Fenderson (profile) says:

Re: Re: Re:4 Re:

I’ve used my daughter’s Kindle, but honestly I prefer the display on my phone. It’s easier for my tired old eyes to read.

I can comfortably see my phone’s screen in direct sunlight, although I can’t think of a time when I’ve tried reading an eBook in those conditions so I don’t know how well that would work. On the other hand, that’s clearly not an important factor for me since I’ve yet to try it.

In the end, that’s the real beauty of a thriving marketplace: we all have different needs, and it’s nice that we can all find something that meets them.

Anonymous Coward says:

I like Evince as my digital document reader. There’s a cool option that allows inverting colors. So the background is black and the text is white. A black background is much easier on my eyes.

I also feel safer with Evince. I’ve read about a lot of malware using Adobe e-reader exploits to launch their payloads from PDFs.

Best of all, Evince is free as in freedom software and doesn’t spy on you.

Anonymous Coward says:

The Amazon highlighting thing is a feature, it’s not like they hide it. By default any Kindle app will underline a passage that a certain threshold of other readers have highlighted, making note-taking much simpler. Plus, Kindle books automatically sync across devices – I’m extremely curious how the author thinks this could be accomplished without sending data back to a central server.

Adobe is a bad company and routinely makes atrocious security decisions but the bit about Amazon is just silly.

David E. Siegel says:

Re: Syncing

Syncing can’t be accomplished without sending at least a bookmark and a user ID to a central server, but Adobe DE doesn’t currently offer Syncing, and not everyone wants it from kindle. It should be a user option where available, and if syncing turned off there is no need to send this sort of usage data anywhere.

the old rang (profile) says:

wow... you just figured this out?

Nothing goes into Amazon’s readers without them knowing (hence, no ssd cards)…

Same is true with nook, and a few other ‘readers.’

several programs that make readable files of ‘.txt’ files, do same, and always have, when using android…

If you think any of your data located on their servers, is not ‘theirs’… you have not really read anything to do with your agreements, with them…

“Free” means your cost is only all your life’s information… at cost only means you pay more for them to have it.

scotts13 (profile) says:

Is anyone really surprised?

I always assumed that every action I took – how fast I read, what pages were skipped, whether I finished the book, if I deleted the file afterward – was monitored. They do because they can.

Ditto TV viewing. I ASSUME TiVo knows every time I fast forward through a commercial, or press “page down” to hide an ad. That information has value (to someone), think they’re going to leave it on the table?

Anonymous Coward says:

if the accusations prove to be correct, i hope Adobe is prepared for court action! why is it, anyway, that companies have to spy on customers? they want the products bought and used and the number of sales was always able to be worked out before computers were even a single thought. what this behavior shows is how lazy the sellers have become. even when a short while ago it was found that LG was spying on customers who had purchased their TVs with built in wifi. you would think that companies/manufacturers would stop the practice. it seems that what actually happens is they try to be more subversive!

Anonymous Coward says:

Other Adobe Products Involved?

Nate mentioned FERPAin his article. Where I work, you violate that you lose your job. No excuses, no exceptions, no mercy.

We just got the word that a lot of Adobe products are going to be free if you work on campus, and very cheap if you want one for a personal machine. I just notified our campus IT security coordinator of this little problem, including asking what other Adobe products might have similar [sarcasm]glitches[/sarcasm].”

I’m curious as to what he’s going to say.

Anonymous Coward says:

Re: adobe spying reply

Marketing weasel-speak.

Ultimately the questions are what are they selling and to whom? All corporates seem so hung up on the concept that ‘big data tells us everything’ that it might even be getting hard to sell software product licenses a la Adobe (Overdrive etc) if they DON’T give more and more info (this is not an excuse or to be read as condoning it). So many bodies want to ‘collect it all’ even if they can’t figure out what to do with it, like jackdaws stealing shiny objects just because shiny and hoarding is good (just like laying down fat for winter..)

Anonymous Coward says:

Honestly, someone should be arrested for this. If I wrote a program, convinced you to install it and then continued to pull data off your machine without your permission it would labelled as hacking (which is incorrect) and I’d be convicted. Why should they be above the law?

The feds should open an investigation, look through company emails and meeting minutes until they find the idiot who made the initial decision and arrest them.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »