In today's Holy Shit are you KIDDING? news comes a story first reported on Monday by Nate Hoffelder at The Digital Reader: Adobe Digital Editions v4 is gathering data on what you read and sending that information back to Adobe.
No. Really.
Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.
I am not joking; Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,
But wait, there’s more.
Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.
In. Plain. Text.
And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in Calibre and every Epub ebook I happen to have sitting on my hard disk
That sound you hear right now is a million trillion librarians saying, I BEG YOUR PARDON?
Oh, no, wait, it gets better. As in, I needed more side eye before I continued with the linking.
Ars Technica confirmed everything Nate reported:
Ars has independently verified the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no reply.
A commenter named Robert pointed out the Adobe terms of service do allow for the information collection, though Nate responds that the tramsmission of that data in plain text is a larger issue that is not answered by Adobe's statement nor by the terms of service.
Adobe responded yesterday with the following statement, which was communicated to Digital Book World, and not to Nate, who wrote:
“They won’t admit to scraping my library, but they did admit to tracking a user’s activities. Adobe claims that it was covered by the their privacy policy and by the TOS for the app:
Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them. All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers. Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.
I don’t know about you, but I don’t see how sending a user’s reading history in clear text over the web could possibly be in line with a privacy policy.”
Adobe also stated later yesterday that an update is in the works, as reported at Ars Technica:
Update, 6:23 PM ET: An Adobe spokesperson now says the company is working on an update. “In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue,” the spokesperson said in an email to Ars Technica. “We will notify you when a date for this update has been determined.”
That sounds like a really good idea, Adobesy. Thanks!
As Robin at DearAuthor pointed out, this could have some very uncomfortable repercussions for Adobe:
Adobe is massively violating your privacy by keeping track of what you read, then further imperiling your security by having that information travel unencrypted to spy central. There is also concern that this activity violates the Reader Privacy Act recently enacted in New Jersey.
Nate reports that Adobe Digital Editions 4 is the only one that seems to be transmitting large packets of information back to Adobe HQ, and earlier editions of ADE, such as DE2 and DE3, are not doing so:
The older apps do send some information to Adobe, but the data packet is small enough that it can’t hold much more than info required to authorize the DRM. So if you need one of Adobe’s apps, you do have safer options than DE4….
While the news about the older versions of Adobe DE is not enough to get me to use an Adobe app again, I thought this information could prove useful for librarians, teachers, and industry pros. Speaking of which, my story yesterday is taking on a life of its own and it turns out to have ramifications which I hadn’t considered.
Nate also suggested Bluefire Reader for Windows as an alternative option to ADE.
If you'd like to know which version of Adobe Digital Editions is hanging out with you presently, here's how you figure that out. It took me a few minutes to find all the relevant clickity parts so here are some screen caps.
Step one! Open Adobe Digital Editions. I know, I know, it's annoying. If it wants to update itself, say no and tell it to sit in the corner and think about what it's done.
Step two! Cut a hole in the box! Kidding. These are screencaps from my Mac (OSX 10.7), fyi. Yours may look slightly different.
Look for the Library dropdown box. At the bottom of that menu should be the About Adobe Digital Editions option. That's the one you want.
Click that (obviously). You'll get a screen with some scrolling text, and your version of ADE should be immediately beneath the main text:
As you can see, I'm running version 1.7, and I'll be honest, I'm amazed it still works.
The picking up of data is one thing – and seems to be covered under their terms of service, which users agree to when they install the software. But the transmission of all of that data in plain text, and the transmission of data about other ebooks on an individuals hard drive as Nate reported, that's a whole other problem. Nate highlighted other individuals examining the possible problems, including people who have access to books because they've signed an NDA (non-disclosure agreement). Adobe's transmission of data about those books may violate that NDA.
That sound you hear is likely many, many readers and librarians giving Adobe the biggest side eye the world has ever seen.
Its power may be equal to the Phylicia Rashad side eye, which, as you know, is the most powerful side eye in the known universe.
…
Ready for some more fun and less side-eye inducing information? Good, me too.
Jaye Wells tweeted this link from Genrify which identifies books on a quadrant labeled Urban Fantasy vs Paranormal Romance:
When I was in charge of ordering paperbacks for a library, I was forced to care about this issue, as I would be the one that would decide whether a book went on the “ROMANCE” spinner or the “SF/FANTASY” spinner. And believe it or not I found it surprisingly difficult at times. Sometimes I would violently disagree with the way the publisher had chosen to market a series. Maybe it was a book that had a cover and a subject heading that screamed romance and I thought it would appeal as much (or more) to fantasy fans. Maybe the book was all moody urban fantasy on the outside but all steamy romance between the covers. It was then that I started to think about these books all living on more of a spectrum: all books that shared a real-world, present day fantasy landscape and almost always included a crime/puzzle/mystery plot line.
Seriously, go look at their magnificent graphic illustrating their quadrant. It's fantastic.
And their genre blender is fun, too. Select two genres, get a list of suggestions!
…
And finally, in objectification news, NYC taxi drivers were a bit put out that the fire department does their own calendar, so here's your Taxi Driver Calendar, sent to me by Elizabeth S, who wrote:
Puppy Guy and Tire Jack Guy #1 are actually pretty cute (Tire Jack Guy#2 not so much). And then you scroll down farther and OMG THERE'S ONE READING A ROMANCE NOVEL! Looks like a Fern Michaels old skool highlander romance to me. But seriously – a NYC cabbie reading a romance novel! I love that! Had to pass it on.
Distractify reports:
The NYC Taxi Drivers calendar was first created last year by photographer Shannon McLaughlin. Now, with its second calendar being published, McLaughlin says, “This year’s calendar features three returning All-Stars and 10 new drivers, and debuts our first ever husband and wife driving duo….
A portion of each calendar's sale will go to University Settlement, a nonprofit social service agency in the Lower East Side that helps over 30,000 immigrants and workers every year. The calendar is now available to purchase online.
As far as I know, Governor Christie has not signed the NJ law, which I think is badly drafted.
http://go-to-hellman.blogspot.com/2014/09/emergency-governor-christie-could-turn.html
http://go-to-hellman.blogspot.com/2014/09/online-bookstores-to-face-stringent.html
Romance reader that I am (meaning, I’ll read anything and everything that catches my interest), my first thought was… why not have a combined PNR/UF spinner? (Or is that heresy?)
Also, it’s not the first time I’ve said this, but fuck you very much ADE!
Wow! I’m so thrilled you liked the Paranormal Romance/Urban Fantasy chart . Thanks for the mention!
WHAT. WHAT. Whaaaaaat.
While I’m so appalled at Adobe, I’m also so impressed/thankful that blogs like this and reader communities and librarians are all disseminating this information and trying to DO something about it. I’m so glad the reading community is active and letter-write-y. Is there anything individuals can do, other than disconnect from Adobe DE?
My public library uses Adobe DE to lend out some ebooks, but now I may resort to reading using the Overdrive web interface on my computer, instead. Ughhhh, Adobe DE. Why?!
The genre blender is fun and made great recommendations.
I’m pretty sure Amazon’s tracking algorithms are doing the same thing. They’re also using those tracking algorithms to accuse readers of horrible things and taking their reviews away if they review too much on a particular author or publisher. I’m talking about everyday readers, not professional reviewers.
yeah, they’ve taken away more than 20 of my reviews.
In the discussion of Adobe’s behind-the-curtain antics, some people noted that Adobe keeps being given a pass on the same kind of misbehavior that was stopped in other companies—-like when Microsoft was checked when it tried to force customers to disregard competing web browsers. For whatever reason, folks just don’t seem to react when it’s about Adobe. It will be interesting to see how this plays out, since this time we’re talking about invasive data collection.
ms bookjunkie: library cataloging decisions are always hairier than simply where do you shelve it: has to be changed in the online catalog, new labels, train staff about new shelving area. Still, I would have read the SHIT out of a PNR/UF spinner as a library user! 🙂
LML: Thanks!
OMG!
The first thing I did when I read this, was have a look at what ADE version I have. Definitely not ADE4 – if it had been, I would immediately have deinstalled it!
Not that I use that reader much – I have it mainly because I used to buy some books in that format, and getting rid of it won’t be a loss at all.
Fuck you, Adobe! *gives company the one-finger salute*
I wish I could just dump all the Adobe programs on my system, but I can’t because I need it for too many applications. It’s a vivid illustration of what happens when companies are allowed to monopolize. Argh!
Just yesterday I installed a program called PeerBlock 1.2, and then started trying to research some of the IP addresses it was blocking from accessing my computer. One of them indeed belonged to Adobe. Another belonged to my online banking, so I had to unblock that one. But the sheer number and variety of blocking actions is rather alarming. Who are all these entities and what do they want with me??
I really I hate it when corporations use the ol’ “but you agreed to this as part of the terms & conditions”. I may not read every clause before I click to agree, but I expect a certain degree of moral responsibility on their part as well. Somewhere in the midst of all that legal gobbled-gook they might well have told me that I’m required to give up my firstborn child but no one would see that as acceptable either.
PS. The NYC Cabbie calendar link was hilarious!!
PPS. And THANK YOU for the Alan Rickman gif …he looks so young and adorable!
I just had to know what the cabbie was reading; so, after a bit of sleuthing:
Highland Ecstasy by Mary Burkhardt.
It’s a Kensington title from 1997; could be good.
You can apparently get previous versions of ADE via the adobe website, and both 2 and 3 aren’t sending the same volume of data. If you read through all the various posts and links and so on, you’ll find that it’s not been perfectly duplicated yet. Specifically, they haven’t been able to recreate the ‘all ur books are belong to us’ scrape of the drive, but they are definitely sending things as plain text, and some of it is questionable (deleted files, files that you opened in ADE but that don’t have DRM, etc).
It’s also apparently not the case with apps like Bluefire Reader and google play—they have been verified to not be collecting and sending (this much plain text) info.
Holy crappoly. I wonder what the NSA thinks of historical erotic romance, coz if you scrape my library be prepared to fan yer sweet self!
“if you scrape my library be prepared to fan yer sweet self”
I just choked on my coffee.
Lenore, that’s probably why they were looking at your library.
I’m not surprised but I’m still disgusted. Everyone mines your data, even if they say they aren’t doing it. It’s creepy when I do some sort of search and immediately that ‘thing’ I searched for shows up on sidebars in Google, Facebook, and everywhere else. Nothing is safe.