Is Adobe's Ebook Reader Spying On What You Read — And What You Have On Your Computer?
from the and-sending-your-data-in-cleartext-too? dept
Ebooks have many advantages, but as Techdirt has reported in the past, there are dangers too, particularly in a world of devices routinely connected to the Net. Back in 2010, we wrote about how Amazon was remotely uploading information about the user notes and highlights you took on your Kindle. More recently, we reported on how a school was using electronic versions of textbooks to spy on students as they read them. Against that background, you would have thought by now that companies would be sensitive to these kinds of issues. But if Nate Hoffelder is right, there’s a big privacy problem with Adobe’s Digital Editions 4, its free ebook reading app. Here’s what Hoffelder writes on his blog, The Digital Reader:
Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)
Specifically:
Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe?s server in clear text.
Yes, not only is the app spying on you, but it is sending personal information unencrypted over the Net. And it seems that this is not just about the ebook you are currently reading:
Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe?s servers.
These are all serious accusations, and completely unacceptable if confirmed. At the very least, an independent investigation by Ars Technica has now confirmed all of the important details, though Adobe has still stayed silent. However, this also highlights why many people prefer to use pirated editions without DRM, which can be read on any suitable software: not because they’re free, but because they’re better products in just about every way — for example, in respecting your privacy.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: digital editions, ebooks, spying, spyware
Companies: adobe
Comments on “Is Adobe's Ebook Reader Spying On What You Read — And What You Have On Your Computer?”
They’re just checking to see if you’re reading 1984.
Wait…
Proprietary software: Because we can.
Two lessons here
1. Stop using Adobe software. Their stuff has been consistently awful for a very, very long time. Everyone should have leard this by now.
2. The first thing you should do with any eBook you receive is to strip the DRM out of it.
Re: Two lessons here
Or, you know, download it DRM free already and buy the printed version that’s usually cheaper and more pleasant to read at home.
Really, they cry piracy but they can’t provide a service for good prices that doesn’t screw up the customer at every corner…
Re: Re: Two lessons here
Well, I’m not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I’ll do that. I just remove the DRM.
As far as buying the printed copy — this depends on the book. about 75% of the books I buy are technical ones, and I most definitely don’t want the paper version of these, because they weight a lot, take up a lot of storage space, and aren’t nearly as useful to me as electronic versions (you can’t grep a dead tree.)
Nowadays, I prefer to have my recreational reading in electronic form as well, because books are bulky. This was driven home for me the last time I moved and my book collection was one of the larger pain points. Also, it’s rather nice to be able to easily carry a half dozen or so books with me at all times. I always have something I feel like reading with me, no matter where I am.
Re: Re: Re: Two lessons here
If you buy DRM, you support DRM. If you don’t want to support DRM, don’t enable companies that use it.
Re: Re: Re:2 Two lessons here
True enough, and I am a strong advocate of “voting with your dollars.” However, a balance must be struck. If I really avoided buying everything that is connected to something I object to, then I would be unable to buy almost anything.
Where this balance lies is completely subjective, of course, so your balance might be different. For example, I don’t purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not). eBook DRM doesn’t, in my opinion, rise to the same level, so I will continue to buy them (as long as I can remove the DRM — as soon as I can’t do that, I’ll stop buying the eBooks).
Re: Re: Re:3 Two lessons here
“I don’t purchase music made by RIAA member labels because I think that the danger posed by RIAA is tremendous and affects us all (whether we listen to music or not).”
My own purchases stopped dead in 2003 when the mass-lawsuits against Kazaa users began, and over a decade later I’m still boycotting RIAA music. That includes concerts, which the record label usually gets a cut off the top. The RIAA-RADAR site died several years ago, but is there another alternative that redlights RIAA music?
Re: Re: Re:4 Two lessons here
I’m not aware of anything as good as RIAA-RADAR, but the majority of the time you can suss out who is a member of RIAA or not through an hour or two of searching the internet.
I take a shortcut, though — I tend to avoid artists who are signed to a label at all, except for labels that I am already confident in. It works well for me (and giving money directly to the artists who made a work is actually satisfying and makes me happy, where giving that money to a corporation does the opposite.)
Re: Re: Re:2 Two lessons here
The tricky bit here is that the major user of Adobe Digital Editions 4 isn’t the Adobe eBook reader — it’s OverDrive.
OverDrive is used by libraries around the world to make e-books available to their patrons. Usually, it’s the ONLY way to get the e-books. However, whether the DRM bit is applied is up to the book publishers, not OverDrive.
So in this case, where do you stop the enablement? I’d say it stops at the point where ADE kicks in, but you’ll also want to let your library, OverDrive and the publisher know WHY you chose a different book instead of an ADE restricted version. Otherwise, nothing will change, due to the large number of ignorant (not in an insulting way) people using the service.
Re: Re: Re:3 Two lessons here
Since publishers would love nothing more than to see every library close up shop, I doubt that this sort pressure would have the effect you want in this case. The publishers will just tell the libraries “tough”.
Re: Re: Re:4 Two lessons here
The publishers can say whatever the fuck they want; every state in the country has library privacy laws and the good ones—mine included—cover this. Amazon took heat for similar activity with regards to OverDrive and Kindle ebook lending, and it worked. Why? Giant corporations accused of being untrustworthy vs. the one near-universally loved governmental function fronted by a profession that oozes public trust does not go well for the corporations.
Re: Re: Re: Two lessons here
Guess what?
Re: Re: Re:2 Two lessons here
I give up, what?
If you’re implying that removing DRM is pirating, then I disagree: pirating involves the unauthorized distribution of a copyrighted work. Stripping a legally obtained work of DRM does not.
True, stripping the DRM is likely breaking the anti-circumvention clause in the DMCA, but oh well. I’ll take my chances. 🙂
Re: Re: Re:3 Two lessons here
I think the point was that pirating or DRM stripping, you’re still breaking the law either way, and those that bought the law likely see no real difference between the two actions.
Re: Re: Re:4 Two lessons here
Ah, I see. That doesn’t really factor into my thinking because the reason I don’t pirate has nothing to do with it being against the law. I couldn’t care less what the people who bought the law think.
Re: Re: Re:2 Two lessons here
Re: Re: Re: Two lessons here
Well, I’m not going to pirate, so if the only legitimate way to get an eBook I really want is with DRM, I’ll do that. I just remove the DRM.
At this point, I have not pirated, but have a fair number of texts, in .txt format. Amazon, google, B&N, Miocroweenie, etc. didn’t pay for them, and I have no interntion of letting them know what I have without thme PAYING… which they won’t…
But they will sell the world all my information, including my exact location within 30 feet…. to any business ,crooks, scoundrels or, worse, dnc gets it for free…
Re: Re: Two lessons here
Adobe is probably tracking reading speed, bookmarks etc. just like AMZN did. I used Adobe Digital Editions, the free e-reader using EPUB (?) format. It was good, but not better than any others. This sounds like the best option to me:
I don’t like messing with DRM.
Re: Two lessons here
just to remind kampers: calibre is your friend…
Re: Re: Two lessons here
It scans Calibre libraries too.
Consider as well Adobe's security history
It wasn’t that long that they had a security/privacy disaster: Adobe Breach Impacted At Least 38 Million Users
If Adobe’s collecting and storing all of this information, then they’re building an extremely attractive target, which is quite likely to fall into the hands of attackers. Perhaps it already has.
Re: Consider as well Adobe's security history
Ouch. That is going to make a good follow up post.
signed, OP
hmm makes me wonder about amazon unlimited? the deal with amazons new library according to a few author and publisher friends, is that they get paid when someone reads ten percent of the book.
Re: Re:
Yes, as I noted in a comment below, a ton of very useful Amazon Kindle functionality (community highlighting, book syncing, the Amazon Unlimited author payment contract) is ONLY possible by syncing data with a central server. It’s pretty different from sending all this info in plaintext and snooping on your computer.
Re: Re: Re:
I suppose if those features are valuable to you then that’s a good reason to use their reader. If none of those features are of any value to you (they certainly aren’t to me), then the reader should be avoided entirely.
Re: Re: Re: Re:
Or you can just put the device on airplane mode and leave it that way.
Re: Re: Re:2 Re:
Don’t you have to use WiFi to get the titles on the device? I don’t know, as I’ve never used a dedicated reader — I’ve never seen the point since my phone already acts as a perfectly fine reader.
Re: Re: Re:3 Re:
You don’t have to no, if you buy something from their ebook marketplace(something I generally avoid, given prices and ninja DRM) you can download it to your computer and transfer it to the Kindle via USB cable.
Re: Re: Re:3 Re:
Don’t you have to use WiFi to get the titles on the device?
I don’t. I sync my Kindle via the USB cable to Calibre on my computer.
I’ve never seen the point since my phone already acts as a perfectly fine reader.
I’ve also used my phone as a reader, but I prefer my Kindle Paperwhite. It’s easier on the eyes and is far superior when in direct sunlight.
Re: Re: Re:4 Re:
I’ve used my daughter’s Kindle, but honestly I prefer the display on my phone. It’s easier for my tired old eyes to read.
I can comfortably see my phone’s screen in direct sunlight, although I can’t think of a time when I’ve tried reading an eBook in those conditions so I don’t know how well that would work. On the other hand, that’s clearly not an important factor for me since I’ve yet to try it.
In the end, that’s the real beauty of a thriving marketplace: we all have different needs, and it’s nice that we can all find something that meets them.
Re: Re: Re:4 Re:
2 words …”Project Sidewalk”
Ty..gnight…mic drop…
Re: Re: Re: Re:
that’s…tricky. i want authors i enjoy to get a piece, that’s why i began using amazon unlimited, rather than just grabbing them from my favorite download site.
They are just following the example of the US government, gathering everything they think may be interesting. The NSA will quite like this, because it is not encrypted so they can just gather it as it flies past.
I like Evince as my digital document reader. There’s a cool option that allows inverting colors. So the background is black and the text is white. A black background is much easier on my eyes.
I also feel safer with Evince. I’ve read about a lot of malware using Adobe e-reader exploits to launch their payloads from PDFs.
Best of all, Evince is free as in freedom software and doesn’t spy on you.
The Amazon highlighting thing is a feature, it’s not like they hide it. By default any Kindle app will underline a passage that a certain threshold of other readers have highlighted, making note-taking much simpler. Plus, Kindle books automatically sync across devices – I’m extremely curious how the author thinks this could be accomplished without sending data back to a central server.
Adobe is a bad company and routinely makes atrocious security decisions but the bit about Amazon is just silly.
Re: Re:
Adobe’s a terrible company, but Amazon’s not exactly a paragon of virtue themselves.
Re: Syncing
Syncing can’t be accomplished without sending at least a bookmark and a user ID to a central server, but Adobe DE doesn’t currently offer Syncing, and not everyone wants it from kindle. It should be a user option where available, and if syncing turned off there is no need to send this sort of usage data anywhere.
I’m sure they will scream that this somehow is different, but isn’t every installation of this product a violation of the CFAA?
Re: Re:
It’s not like Adobe’s an individual – they’re working for the machine, so they get a pass. I’m sure they’ll get around to prosecuting Adobe as soon as they’re done with Microsuck and AP&P. If you’re screwin’ the public, well, you get the idear. Them public screwin’ passes, they’re not available to individuals.
Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.
According to Bonnie Dumanis, that is called: “protecting the children”, so it is totally ok.
This topic should be commemerated in song...
… so here it is.
(to the tune “”Every Breath You Take” by THE POLICE – a bit of irony there)
Every book you take
Every move you make
Every DRM you break
Every step you take
I’ll be watching you
wow... you just figured this out?
Nothing goes into Amazon’s readers without them knowing (hence, no ssd cards)…
Same is true with nook, and a few other ‘readers.’
several programs that make readable files of ‘.txt’ files, do same, and always have, when using android…
If you think any of your data located on their servers, is not ‘theirs’… you have not really read anything to do with your agreements, with them…
“Free” means your cost is only all your life’s information… at cost only means you pay more for them to have it.
Re: wow... you just figured this out?
Amazon knows nothing about anything that is on my Kindle.
Because Wi-Fi has been turned off since the very beginning…
Is anyone really surprised?
I always assumed that every action I took – how fast I read, what pages were skipped, whether I finished the book, if I deleted the file afterward – was monitored. They do because they can.
Ditto TV viewing. I ASSUME TiVo knows every time I fast forward through a commercial, or press “page down” to hide an ad. That information has value (to someone), think they’re going to leave it on the table?
if the accusations prove to be correct, i hope Adobe is prepared for court action! why is it, anyway, that companies have to spy on customers? they want the products bought and used and the number of sales was always able to be worked out before computers were even a single thought. what this behavior shows is how lazy the sellers have become. even when a short while ago it was found that LG was spying on customers who had purchased their TVs with built in wifi. you would think that companies/manufacturers would stop the practice. it seems that what actually happens is they try to be more subversive!
Other Adobe Products Involved?
Nate mentioned FERPAin his article. Where I work, you violate that you lose your job. No excuses, no exceptions, no mercy.
We just got the word that a lot of Adobe products are going to be free if you work on campus, and very cheap if you want one for a personal machine. I just notified our campus IT security coordinator of this little problem, including asking what other Adobe products might have similar [sarcasm]glitches[/sarcasm].”
I’m curious as to what he’s going to say.
Re: Other Adobe Products Involved?
Hmmm. That’s an interesting point. Maybe this would be a good time to ask “How does this Adobe spyware know the difference between a book and some other document that happens to be in the same format?”
adobe spying reply
Here’s their reply:
http://the-digital-reader.com/2014/10/07/adobe-responds-reports-spying-half-truths-misleading-statements/#.VDRpCvldWIV
or
http://goo.gl/0vx0Ek
Re: adobe spying reply
Marketing weasel-speak.
Ultimately the questions are what are they selling and to whom? All corporates seem so hung up on the concept that ‘big data tells us everything’ that it might even be getting hard to sell software product licenses a la Adobe (Overdrive etc) if they DON’T give more and more info (this is not an excuse or to be read as condoning it). So many bodies want to ‘collect it all’ even if they can’t figure out what to do with it, like jackdaws stealing shiny objects just because shiny and hoarding is good (just like laying down fat for winter..)
Is Adobe’s Ebook Reader Spying On What You Read — And What You Have On Your Computer?
No – because it is not on my computer.
Honestly, someone should be arrested for this. If I wrote a program, convinced you to install it and then continued to pull data off your machine without your permission it would labelled as hacking (which is incorrect) and I’d be convicted. Why should they be above the law?
The feds should open an investigation, look through company emails and meeting minutes until they find the idiot who made the initial decision and arrest them.
Do not trust proprietary software, use FOSS.