Search


  • Categories


  • Archives

    « Home

    Ars Technica: Adobe’s e-book reader sends your reading logs back to Adobe—in plain text

    Ars Technica reports on a privacy and security issue concerning ebooks and Adobe’s popular Digital Editions ebooks and PDF reader (which is used by many libraries):

    Adobe’s Digital Editions e-book and PDF reader—an application used by thousands of libraries to give patrons access to electronic lending libraries—actively logs and reports every document readers add to their local “library” along with what users do with those files. Even worse, the logs are transmitted over the Internet in the clear, allowing anyone who can monitor network traffic (such as the National Security Agency, Internet service providers and cable companies, or others sharing a public Wi-Fi network) to follow along over readers’ shoulders.

    Ars has independently verified the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no reply. […]

    A review of Adobe’s terms of use for DE found no mention of the logging feature or how long the data was stored by Adobe. While checking the license data for books in DE’s local library is certainly part of the application’s core functionality, the fact that this data is broadcast in the clear could create a significant privacy issue for readers. It’s not clear how the data collected by Adobe is stored, but it is associated with a unique identifier for each Digital Editions installation that can be associated with an Internet Protocol address when logged. And the fact that the data is broadcast in the clear by Digital Editions is directly in conflict with the privacy guidelines of many library systems, which closely guard readers’ book loan data. […]

    Update, 6:23 PM ET: An Adobe spokesperson now says the company is working on an update.

    Leave a Reply