Adobe suspected of spying on eBook users

8 Oct, 2014 00:24 / Updated 10 years ago

Software giant Adobe has been accused of spying on individuals who use its Digital Editions e-book and PDF reader. The practice allegedly includes mining for data on users PCs, yet Adobe has denied acting beyond the user license agreement.

On Tuesday, the allegation that Digital Edition (DE) software logs and uploads user data to its servers was verified by Ars Technica and a competing software developer at Safari Books. This process is also notable because it’s done transparently over the internet, meaning individuals, internet corporations, and government departments like the National Security Agency can easily intercept the information.

Whether or not the company also monitors user hard drives in general has yet to be confirmed.

“It's not clear how the data collected by Adobe is stored, but it is associated with a unique identifier for each Digital Editions installation that can be associated with an Internet Protocol address when logged,” Sean Gallagher wrote at Ars Technica. “And the fact that the data is broadcast in the clear by Digital Editions is directly in conflict with the privacy guidelines of many library systems, which closely guard readers' book loan data.”

Originally, Adobe was flagged by the Digital Reader for tracking and uploading data related to various books opened in DE, such as how long a book has been activated or opened, or what pages have been read.

“Adobe is gathering data on the eBooks that have been opened, which pages were read, and in what order,” Nate Hoffelder wrote at the website. “All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.”

“Adobe is not only logging what users are doing,” he continued, “they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything.”

I can confirm that AD4 (OSX) is sending reading data even for non-DRMed EPUBs. Can’t confirm it searching my drive. pic.twitter.com/5MaUYQWKOi

— Liza Daly (@liza) October 7, 2014

If that wasn’t enough, Hoffelder claimed that Adobe’s tracking systems are exploring data even beyond the DE reader, scanning users’ computer hard drives and collecting and uploading metadata related to every e-book in the system – whether they were opened in DE or not.

As previously mentioned, this last accusation has not been verified.

“Adobe Digital Editions does not scan your entire computer looking for files that it knows how to open, it needs to be explicitly told about EPUB or PDF files that you would like it to know about,” an Adobe tech support employee wrote earlier this year in response to a question on the community forum.

Utilized by thousands of libraries in order to lend out books digitally, DE’s tracking of activation times would allow libraries to know when a particular lending period has run its course. However, DE is not just tracking borrowed books. It’s also keeping tabs on purchased titles as well.

“We are looking at this, and very concerned about this,” said Deorah Caldwell-Stone, the deputy director of the American Library Association's Office for Intellectual Freedom, to Ars Technica. If the data being uploaded over the internet is related to library lending, “we would want this information encrypted and private,” she added.

Meanwhile, Adobe said that “all information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers.”

“Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.”

“In terms of the unsecure transmission of the collected data, Adobe is in the process of working on an update to address this issue," the spokesperson said in an email to Ars Technica. “We will notify you when a date for this update has been determined."