Is Adobe's Ebook Reader Spying On What You Read -- And What You Have On Your Computer?

from the and-sending-your-data-in-cleartext-too? dept

Ebooks have many advantages, but as Techdirt has reported in the past, there are dangers too, particularly in a world of devices routinely connected to the Net. Back in 2010, we wrote about how Amazon was remotely uploading information about the user notes and highlights you took on your Kindle. More recently, we reported on how a school was using electronic versions of textbooks to spy on students as they read them. Against that background, you would have thought by now that companies would be sensitive to these kinds of issues. But if Nate Hoffelder is right, there's a big privacy problem with Adobe's Digital Editions 4, its free ebook reading app. Here's what Hoffelder writes on his blog, The Digital Reader:

Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)
Specifically:
Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.
Yes, not only is the app spying on you, but it is sending personal information unencrypted over the Net. And it seems that this is not just about the ebook you are currently reading:
Adobe isn't just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.
These are all serious accusations, and completely unacceptable if confirmed. At the very least, an independent investigation by Ars Technica has now confirmed all of the important details, though Adobe has still stayed silent. However, this also highlights why many people prefer to use pirated editions without DRM, which can be read on any suitable software: not because they're free, but because they're better products in just about every way -- for example, in respecting your privacy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 7 Oct 2014 @ 10:13am

    They're just checking to see if you're reading 1984.

    Wait...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 10:30am

    Proprietary software: Because we can.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 7 Oct 2014 @ 10:30am

    Two lessons here

    1. Stop using Adobe software. Their stuff has been consistently awful for a very, very long time. Everyone should have leard this by now.

    2. The first thing you should do with any eBook you receive is to strip the DRM out of it.

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 7 Oct 2014 @ 10:45am

      Re: Two lessons here

      Or, you know, download it DRM free already and buy the printed version that's usually cheaper and more pleasant to read at home.

      Really, they cry piracy but they can't provide a service for good prices that doesn't screw up the customer at every corner...

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 7 Oct 2014 @ 11:05am

        Re: Re: Two lessons here

        Well, I'm not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I'll do that. I just remove the DRM.

        As far as buying the printed copy -- this depends on the book. about 75% of the books I buy are technical ones, and I most definitely don't want the paper version of these, because they weight a lot, take up a lot of storage space, and aren't nearly as useful to me as electronic versions (you can't grep a dead tree.)

        Nowadays, I prefer to have my recreational reading in electronic form as well, because books are bulky. This was driven home for me the last time I moved and my book collection was one of the larger pain points. Also, it's rather nice to be able to easily carry a half dozen or so books with me at all times. I always have something I feel like reading with me, no matter where I am.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Oct 2014 @ 11:08am

          Re: Re: Re: Two lessons here

          If you buy DRM, you support DRM. If you don't want to support DRM, don't enable companies that use it.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 7 Oct 2014 @ 11:35am

            Re: Re: Re: Re: Two lessons here

            True enough, and I am a strong advocate of "voting with your dollars." However, a balance must be struck. If I really avoided buying everything that is connected to something I object to, then I would be unable to buy almost anything.

            Where this balance lies is completely subjective, of course, so your balance might be different. For example, I don't purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not). eBook DRM doesn't, in my opinion, rise to the same level, so I will continue to buy them (as long as I can remove the DRM -- as soon as I can't do that, I'll stop buying the eBooks).

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 7 Oct 2014 @ 12:29pm

              Re: Re: Re: Re: Re: Two lessons here

              "I don't purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not)."

              My own purchases stopped dead in 2003 when the mass-lawsuits against Kazaa users began, and over a decade later I'm still boycotting RIAA music. That includes concerts, which the record label usually gets a cut off the top. The RIAA-RADAR site died several years ago, but is there another alternative that redlights RIAA music?

              reply to this | link to this | view in chronology ]

              • icon
                John Fenderson (profile), 7 Oct 2014 @ 12:42pm

                Re: Re: Re: Re: Re: Re: Two lessons here

                I'm not aware of anything as good as RIAA-RADAR, but the majority of the time you can suss out who is a member of RIAA or not through an hour or two of searching the internet.

                I take a shortcut, though -- I tend to avoid artists who are signed to a label at all, except for labels that I am already confident in. It works well for me (and giving money directly to the artists who made a work is actually satisfying and makes me happy, where giving that money to a corporation does the opposite.)

                reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 7 Oct 2014 @ 2:59pm

            Re: Re: Re: Re: Two lessons here

            The tricky bit here is that the major user of Adobe Digital Editions 4 isn't the Adobe eBook reader -- it's OverDrive.

            OverDrive is used by libraries around the world to make e-books available to their patrons. Usually, it's the ONLY way to get the e-books. However, whether the DRM bit is applied is up to the book publishers, not OverDrive.

            So in this case, where do you stop the enablement? I'd say it stops at the point where ADE kicks in, but you'll also want to let your library, OverDrive and the publisher know WHY you chose a different book instead of an ADE restricted version. Otherwise, nothing will change, due to the large number of ignorant (not in an insulting way) people using the service.

            reply to this | link to this | view in chronology ]

            • icon
              John Fenderson (profile), 7 Oct 2014 @ 3:32pm

              Re: Re: Re: Re: Re: Two lessons here

              Since publishers would love nothing more than to see every library close up shop, I doubt that this sort pressure would have the effect you want in this case. The publishers will just tell the libraries "tough".

              reply to this | link to this | view in chronology ]

              • icon
                M. Alan Thomas II (profile), 8 Oct 2014 @ 12:32am

                Re: Re: Re: Re: Re: Re: Two lessons here

                The publishers can say whatever the fuck they want; every state in the country has library privacy laws and the good ones—mine included—cover this. Amazon took heat for similar activity with regards to OverDrive and Kindle ebook lending, and it worked. Why? Giant corporations accused of being untrustworthy vs. the one near-universally loved governmental function fronted by a profession that oozes public trust does not go well for the corporations.

                reply to this | link to this | view in chronology ]

        • icon
          orbitalinsertion (profile), 7 Oct 2014 @ 1:40pm

          Re: Re: Re: Two lessons here

          Well, I'm not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I'll do that. I just remove the DRM.


          Guess what?

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 7 Oct 2014 @ 2:30pm

            Re: Re: Re: Re: Two lessons here

            I give up, what?

            If you're implying that removing DRM is pirating, then I disagree: pirating involves the unauthorized distribution of a copyrighted work. Stripping a legally obtained work of DRM does not.

            True, stripping the DRM is likely breaking the anti-circumvention clause in the DMCA, but oh well. I'll take my chances. :)

            reply to this | link to this | view in chronology ]

            • icon
              That One Guy (profile), 7 Oct 2014 @ 3:49pm

              Re: Re: Re: Re: Re: Two lessons here

              I think the point was that pirating or DRM stripping, you're still breaking the law either way, and those that bought the law likely see no real difference between the two actions.

              reply to this | link to this | view in chronology ]

              • icon
                John Fenderson (profile), 8 Oct 2014 @ 8:06am

                Re: Re: Re: Re: Re: Re: Two lessons here

                Ah, I see. That doesn't really factor into my thinking because the reason I don't pirate has nothing to do with it being against the law. I couldn't care less what the people who bought the law think.

                reply to this | link to this | view in chronology ]

          • identicon
            the old rang, 15 Oct 2014 @ 1:22pm

            Re: Re: Re: Re: Two lessons here

            Re: Re: Re: Two lessons here
            Well, I'm not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I'll do that. I just remove the DRM.



            At this point, I have not pirated, but have a fair number of texts, in .txt format. Amazon, google, B&N, Miocroweenie, etc. didn't pay for them, and I have no interntion of letting them know what I have without thme PAYING... which they won't...

            But they will sell the world all my information, including my exact location within 30 feet.... to any business ,crooks, scoundrels or, worse, dnc gets it for free...

            reply to this | link to this | view in chronology ]

      • icon
        Ellie (profile), 7 Oct 2014 @ 11:30am

        Re: Re: Two lessons here

        Adobe is probably tracking reading speed, bookmarks etc. just like AMZN did. I used Adobe Digital Editions, the free e-reader using EPUB (?) format. It was good, but not better than any others. This sounds like the best option to me:
        buy the printed version that's usually cheaper and more pleasant to read at home.
        I don't like messing with DRM.

        reply to this | link to this | view in chronology ]

    • icon
      art guerrilla (profile), 7 Oct 2014 @ 11:08am

      Re: Two lessons here

      just to remind kampers: calibre is your friend...

      reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 7 Oct 2014 @ 10:48am

    Consider as well Adobe's security history

    It wasn't that long that they had a security/privacy disaster: Adobe Breach Impacted At Least 38 Million Users

    If Adobe's collecting and storing all of this information, then they're building an extremely attractive target, which is quite likely to fall into the hands of attackers. Perhaps it already has.

    reply to this | link to this | view in chronology ]

  • icon
    Zos (profile), 7 Oct 2014 @ 10:53am

    hmm makes me wonder about amazon unlimited? the deal with amazons new library according to a few author and publisher friends, is that they get paid when someone reads ten percent of the book.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Oct 2014 @ 11:34am

      Re:

      Yes, as I noted in a comment below, a ton of very useful Amazon Kindle functionality (community highlighting, book syncing, the Amazon Unlimited author payment contract) is ONLY possible by syncing data with a central server. It's pretty different from sending all this info in plaintext and snooping on your computer.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 7 Oct 2014 @ 11:38am

        Re: Re:

        I suppose if those features are valuable to you then that's a good reason to use their reader. If none of those features are of any value to you (they certainly aren't to me), then the reader should be avoided entirely.

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 7 Oct 2014 @ 12:26pm

          Re: Re: Re:

          Or you can just put the device on airplane mode and leave it that way.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 7 Oct 2014 @ 12:44pm

            Re: Re: Re: Re:

            Don't you have to use WiFi to get the titles on the device? I don't know, as I've never used a dedicated reader -- I've never seen the point since my phone already acts as a perfectly fine reader.

            reply to this | link to this | view in chronology ]

            • icon
              That One Guy (profile), 7 Oct 2014 @ 1:34pm

              Re: Re: Re: Re: Re:

              You don't have to no, if you buy something from their ebook marketplace(something I generally avoid, given prices and ninja DRM) you can download it to your computer and transfer it to the Kindle via USB cable.

              reply to this | link to this | view in chronology ]

            • icon
              Gwiz (profile), 7 Oct 2014 @ 1:44pm

              Re: Re: Re: Re: Re:

              Don't you have to use WiFi to get the titles on the device?

              I don't. I sync my Kindle via the USB cable to Calibre on my computer.



              I've never seen the point since my phone already acts as a perfectly fine reader.

              I've also used my phone as a reader, but I prefer my Kindle Paperwhite. It's easier on the eyes and is far superior when in direct sunlight.

              reply to this | link to this | view in chronology ]

              • icon
                John Fenderson (profile), 7 Oct 2014 @ 2:37pm

                Re: Re: Re: Re: Re: Re:

                I've used my daughter's Kindle, but honestly I prefer the display on my phone. It's easier for my tired old eyes to read.

                I can comfortably see my phone's screen in direct sunlight, although I can't think of a time when I've tried reading an eBook in those conditions so I don't know how well that would work. On the other hand, that's clearly not an important factor for me since I've yet to try it.

                In the end, that's the real beauty of a thriving marketplace: we all have different needs, and it's nice that we can all find something that meets them.

                reply to this | link to this | view in chronology ]

        • icon
          Zos (profile), 8 Oct 2014 @ 7:09am

          Re: Re: Re:

          that's...tricky. i want authors i enjoy to get a piece, that's why i began using amazon unlimited, rather than just grabbing them from my favorite download site.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 10:56am

    They are just following the example of the US government, gathering everything they think may be interesting. The NSA will quite like this, because it is not encrypted so they can just gather it as it flies past.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 11:01am

    I like Evince as my digital document reader. There's a cool option that allows inverting colors. So the background is black and the text is white. A black background is much easier on my eyes.

    I also feel safer with Evince. I've read about a lot of malware using Adobe e-reader exploits to launch their payloads from PDFs.

    Best of all, Evince is free as in freedom software and doesn't spy on you.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 11:12am

    The Amazon highlighting thing is a feature, it's not like they hide it. By default any Kindle app will underline a passage that a certain threshold of other readers have highlighted, making note-taking much simpler. Plus, Kindle books automatically sync across devices - I'm extremely curious how the author thinks this could be accomplished without sending data back to a central server.

    Adobe is a bad company and routinely makes atrocious security decisions but the bit about Amazon is just silly.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 7 Oct 2014 @ 12:15pm

      Re:

      Adobe's a terrible company, but Amazon's not exactly a paragon of virtue themselves.

      reply to this | link to this | view in chronology ]

    • identicon
      David E. Siegel, 10 Oct 2014 @ 5:30pm

      Re: Syncing

      Syncing can't be accomplished without sending at least a bookmark and a user ID to a central server, but Adobe DE doesn't currently offer Syncing, and not everyone wants it from kindle. It should be a user option where available, and if syncing turned off there is no need to send this sort of usage data anywhere.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 11:12am

    I'm sure they will scream that this somehow is different, but isn't every installation of this product a violation of the CFAA?

    reply to this | link to this | view in chronology ]

    • identicon
      Eric Stein, 7 Oct 2014 @ 1:16pm

      Re:

      It's not like Adobe's an individual - they're working for the machine, so they get a pass. I'm sure they'll get around to prosecuting Adobe as soon as they're done with Microsuck and AP&P. If you're screwin' the public, well, you get the idear. Them public screwin' passes, they're not available to individuals.

      reply to this | link to this | view in chronology ]

  • identicon
    Michael, 7 Oct 2014 @ 11:38am

    Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.

    According to Bonnie Dumanis, that is called: "protecting the children", so it is totally ok.

    reply to this | link to this | view in chronology ]

  • icon
    Stan (profile), 7 Oct 2014 @ 11:54am

    This topic should be commemerated in song...

    ... so here it is.

    (to the tune ""Every Breath You Take" by THE POLICE - a bit of irony there)

    Every book you take
    Every move you make
    Every DRM you break
    Every step you take
    I'll be watching you

    reply to this | link to this | view in chronology ]

  • identicon
    the old rang, 7 Oct 2014 @ 12:05pm

    wow... you just figured this out?

    Nothing goes into Amazon's readers without them knowing (hence, no ssd cards)...

    Same is true with nook, and a few other 'readers.'

    several programs that make readable files of '.txt' files, do same, and always have, when using android...

    If you think any of your data located on their servers, is not 'theirs'... you have not really read anything to do with your agreements, with them...

    "Free" means your cost is only all your life's information... at cost only means you pay more for them to have it.

    reply to this | link to this | view in chronology ]

    • identicon
      Albert Maurice, 7 Oct 2014 @ 2:21pm

      Re: wow... you just figured this out?

      Amazon knows nothing about anything that is on my Kindle.

      Because Wi-Fi has been turned off since the very beginning...

      reply to this | link to this | view in chronology ]

  • icon
    scotts13 (profile), 7 Oct 2014 @ 12:21pm

    Is anyone really surprised?

    I always assumed that every action I took - how fast I read, what pages were skipped, whether I finished the book, if I deleted the file afterward - was monitored. They do because they can.

    Ditto TV viewing. I ASSUME TiVo knows every time I fast forward through a commercial, or press "page down" to hide an ad. That information has value (to someone), think they're going to leave it on the table?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 1:03pm

    if the accusations prove to be correct, i hope Adobe is prepared for court action! why is it, anyway, that companies have to spy on customers? they want the products bought and used and the number of sales was always able to be worked out before computers were even a single thought. what this behavior shows is how lazy the sellers have become. even when a short while ago it was found that LG was spying on customers who had purchased their TVs with built in wifi. you would think that companies/manufacturers would stop the practice. it seems that what actually happens is they try to be more subversive!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 1:54pm

    Other Adobe Products Involved?

    Nate mentioned FERPAin his article. Where I work, you violate that you lose your job. No excuses, no exceptions, no mercy.

    We just got the word that a lot of Adobe products are going to be free if you work on campus, and very cheap if you want one for a personal machine. I just notified our campus IT security coordinator of this little problem, including asking what other Adobe products might have similar [sarcasm]glitches[/sarcasm]."

    I'm curious as to what he's going to say.

    reply to this | link to this | view in chronology ]

    • identicon
      Rich Kulawiec, 7 Oct 2014 @ 2:49pm

      Re: Other Adobe Products Involved?

      Hmmm. That's an interesting point. Maybe this would be a good time to ask "How does this Adobe spyware know the difference between a book and some other document that happens to be in the same format?"

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Oct 2014 @ 5:15pm

      Re: adobe spying reply

      Marketing weasel-speak.

      Ultimately the questions are what are they selling and to whom? All corporates seem so hung up on the concept that 'big data tells us everything' that it might even be getting hard to sell software product licenses a la Adobe (Overdrive etc) if they DON'T give more and more info (this is not an excuse or to be read as condoning it). So many bodies want to 'collect it all' even if they can't figure out what to do with it, like jackdaws stealing shiny objects just because shiny and hoarding is good (just like laying down fat for winter..)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 5:32pm

    Is Adobe's Ebook Reader Spying On What You Read -- And What You Have On Your Computer?

    No - because it is not on my computer.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Oct 2014 @ 11:58pm

    Honestly, someone should be arrested for this. If I wrote a program, convinced you to install it and then continued to pull data off your machine without your permission it would labelled as hacking (which is incorrect) and I'd be convicted. Why should they be above the law?

    The feds should open an investigation, look through company emails and meeting minutes until they find the idiot who made the initial decision and arrest them.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Oct 2014 @ 4:28am

    Do not trust proprietary software, use FOSS.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.