Adobe Digital Editions 4 spying on users
October 7, 2014 10:47 AM   Subscribe

Adobe's Digital Editions 4 Epub app is spying on users by collecting data on all of the epub books on a users system and transmitting that data in plain text. Adobe's index of epub data includes title, publisher, and other metadata about the book. Digital Editions 4 also collects and transmits if the ebook has been opened, which pages were read, and in what order.

Arstechnica coverage and follow up noting previous versions of the epub software does not appear to be spying on users.
posted by zenon (81 comments total) 20 users marked this as a favorite
 
Well, that's fucked up.
posted by truex at 10:52 AM on October 7, 2014 [4 favorites]


is the "plain text" the bad part, or is it just proof that adobe doesn't even know how to be sneaky when being sneaky?
posted by rebent at 10:55 AM on October 7, 2014 [3 favorites]


"The fact that you're being super creepy and evil is infuriating enough. But then you're so bad at it."
posted by middleclasstool at 11:00 AM on October 7, 2014 [26 favorites]


Why do all the good seemingly caring companies turn into evil pieces of invasive crap? Google...adobe.... I personally think Apple started off evil but maybe them too. Ugh. Just do what you do well and keep raking it in. You don't to expand into evil marketing crap. Don't get it, which is why I'm not rich, I guess.
posted by umberto at 11:01 AM on October 7, 2014


"Why do all the good seemingly caring companies turn into evil pieces of invasive crap?"

Adobe was ever good?
posted by I-baLL at 11:02 AM on October 7, 2014 [23 favorites]


The plain text makes it worse - not only can adobe see everything you read, so can every server in between you and Adobe.

I vowed to never give Adobe another penny of my money after they caused a security researcher to go to jail for his security research into Adobe's products. That was 13 years ago.
posted by el io at 11:03 AM on October 7, 2014 [11 favorites]


is the "plain text" the bad part, or is it just proof that adobe doesn't even know how to be sneaky when being sneaky?

It's bad. It means they're going to invade your privacy and they don't care if they make it easier for others to.
posted by ChurchHatesTucker at 11:03 AM on October 7, 2014 [2 favorites]


Well on the bright side, it looks like it ought to be relatively easy to render this system completely useless by flooding it with bogus data.
posted by aubilenon at 11:05 AM on October 7, 2014 [2 favorites]


Just do what you do well and keep raking it in. You don't to expand into evil marketing crap. Don't get it, which is why I'm not rich, I guess.

Wall street demands >15% growth at all times. Once you completely dominate a market you have to become evil to ensure continued growth. If you just stay the same and rake in profits you are underperforming.
posted by overhauser at 11:05 AM on October 7, 2014 [12 favorites]


The plain text makes it worse - not only can adobe see everything you read, so can every server in between you and Adobe.


More than that -- not only books you open, but books you simply have on your computer:

And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk.
posted by cjelli at 11:07 AM on October 7, 2014 [2 favorites]


So ... anyone want to take some bets on what shitty excuse Adobe coughs up this time around?

I am hedging 50/50 between "uh, that was totally just a debug flag that we left on in the final build! oops!" and "that? we didn't develop that! we farmed the whole thing out to some guys in India! don't look at us!" Maybe both.
posted by Kadin2048 at 11:11 AM on October 7, 2014 [3 favorites]


not only books you open, but books you simply have on your computer

I wonder if it also reports on whether those books have DRM or have had DRM removed.
posted by suelac at 11:13 AM on October 7, 2014 [3 favorites]


I have this theory that Adobe and Quark have a secret agreement to take turns alienating their user base.
posted by ZenMasterThis at 11:13 AM on October 7, 2014 [6 favorites]


is the "plain text" the bad part, or is it just proof that adobe doesn't even know how to be sneaky when being sneaky?

It's bad from beginning to end - invade your privacy, collect data without your knowledge/consent, and then send that data in such a way that it can be read by anyone? It's all such an incredible insult I'm not sure where to start.
posted by nubs at 11:14 AM on October 7, 2014


Apparently they're indexing files that aren't contained/ organized by this program, too. It's scraping all epubs everywhere on the system.

So that's a problem.

I wonder if there's detailed session or token data sent to them as well. What if people start supporting out faked data to them? That's the kind of thing I might worry about if I were a software engineer at Adobe.
posted by boo_radley at 11:17 AM on October 7, 2014 [2 favorites]


The correct thing to do is set aside a little time from your protein-folding CPU usage to brutally hammer their servers with almost-correct garbage, over and over, in a relentless torrent. "Why, yes, I do happen to have a file called AdobeFacePlantsIntoABucketOfUnwashedAnuses.epub on my system!"
posted by adipocere at 11:24 AM on October 7, 2014 [9 favorites]


I have this theory that Adobe and Quark have a secret agreement to take turns alienating their user base.

And somehow Quark managed to end up on the worse side of that deal either way you look at it.
posted by ChurchHatesTucker at 11:28 AM on October 7, 2014


Adobe was ever good?

Yes, back around Illstrator 8
posted by Brandon Blatcher at 11:36 AM on October 7, 2014 [5 favorites]


Wow, this is unbelievably scummy, particularly because so many libraries use ADE for their ebook "borrowing" — this software has been legally trojan-horsed onto a lot of end users' computers by DRM requirements. And doing this kind of nonconsensual data-collection on a user's entire system is pretty straightforwardly criminal, I'd think. Perhaps it's naive even to consider it a possibility, but I hope it becomes politically viable to prosecute corporate computer crime as well as "hacking."
posted by RogerB at 11:39 AM on October 7, 2014 [8 favorites]


The server Adobe is using to collect everyone epub book data is separate from the licensing one so you can edit your hosts file and direct adelogs.adobe.com to either 0.0.0.0 or 127.0.0.1. Credit: Michael.
posted by zenon at 11:39 AM on October 7, 2014 [25 favorites]


Well, guess I am not updating ADE from 2.0 unless it ever forces me and then I need to figure out how to stop this. (Like other people have mentioned, I use it for library books and also to keep local copies of books I buy from, eg, Kobo.)
posted by jeather at 11:41 AM on October 7, 2014 [1 favorite]


Remember folks, pirating copyrighted material still makes you deh debil. No matter how badly those who play nicely are screwed by the profit centers (that pay the piracy punishment centers). No matter what, there is no acceptable reason on Earth to ever, ever not make Adobe, Disney, et al richer.

(Exempted: Downloads of MP3s from artists websites and CDs at the back of concerts. Don't be a dick.)
posted by IAmBroom at 11:43 AM on October 7, 2014


So ADE 2.0 is OK?
posted by Obscure Reference at 11:44 AM on October 7, 2014


The thing is, if I were just to pirate all my books -- easy enough to do -- no one would be spying on me, I wouldn't have to go through stupid DRM contortions, I wouldn't suddenly find that my bookseller has blocked downloading the ebooks to my computer because they changed the file type. It's like nothing at all was learned from the music industry.


ADE 2.0 and 3.0 do not do this, the reports say. (3.0 has some new DRM stuff going on.)
posted by jeather at 11:47 AM on October 7, 2014 [6 favorites]


http://www.adobe.com/security.html

At Adobe, the security of your digital experiences is our priority. From our rigorous internal software development process and tools to our cross-functional incident response team, we strive to be proactive, nimble, and accurate in all aspects of security.

They have a stock photo of business people holing a MacBook with the logo removed, so it must be true!
posted by OwlBoy at 11:58 AM on October 7, 2014 [4 favorites]


~Adobe was ever good?
~Yes, back around Illstrator 8


I was about to post the same thing. After Illy8, things seemed to go far off the rails.

Honestly, this doesn't surprise me in the least. We live in an age where "If we can do it, we will" seems to be the corporate mantra. It certainly makes one wonder what's going on under the hood of Abobe's Creative Cloud scheme. A boatload of corporate and/or persnal information is put into various Adobe-app-made documents.
posted by Thorzdad at 12:07 PM on October 7, 2014


Time to start renaming all my epub files:
A_Farewell_to_Adobe.pub
Of_Mice_and_Adobe.pub
Crime_and_Adobe.pub
The_Scarlet_Adobe.pub
Alexander_and_the_Terrible_Horrible_No_Good_Very_Bad_Adobe.pub
posted by BigHeartedGuy at 12:12 PM on October 7, 2014 [7 favorites]


With the recent announcement of Photoshop for Chromebooks, you can see what future Adobe probably envisions for all of their products. And then we'll never have any idea of what information Adobe collects from their users.
posted by honestcoyote at 12:18 PM on October 7, 2014


It's been years and I still haven't found a single reason to regret my decision to avoid all ereaders and stick with actual real paper books, one of the hallmarks of civilization.
posted by Justinian at 12:19 PM on October 7, 2014 [6 favorites]


we strive to be proactive, nimble, lithe, lissome, supple, sinuous, dexterous, elastic, malleable, and ductile in all aspects of security, with a +7 bonus to our Prestidigitation feat.
posted by Sticherbeast at 12:21 PM on October 7, 2014 [2 favorites]


Why do all the good seemingly caring companies turn into evil pieces of invasive crap?

They don't care. They never did. At some point, it may have been beneficial to give that impression, but that's hardly the same thing.

You are a revenue stream and a data point. Nothing more. Despite recent legal rulings, corporations are not people — and they don't give a shit about you.
posted by Dark Messiah at 12:22 PM on October 7, 2014 [4 favorites]


Justinian: "one of the hallmarks of civilization."

along with plumbing and sewers. Synergy!
posted by boo_radley at 12:26 PM on October 7, 2014 [3 favorites]


this is unbelievably scummy, particularly because so many libraries use ADE for their ebook "borrowing"

Yes, pretty much every library in the US requires their members to install this software to use ebooks. Even the non-Overdrive ebook lending systems like Enki are build on top of Adobe ebook DRM.
posted by ryanrs at 12:38 PM on October 7, 2014 [7 favorites]


Truly ridiculous.

"Adobe is currently looking into this issue and I will share a statement with you as soon as possible."

That's the statement I have from them currently. I'll update here if I hear anything else.
posted by BlackLeotardFront at 12:54 PM on October 7, 2014 [2 favorites]


So then, what do I need to nuke on my machine? Walk me though this. I will not borrow library books now to avoid the snooping.
posted by jadepearl at 12:55 PM on October 7, 2014


They have a stock photo of business people holing a MacBook

With what?
posted by ROU_Xenophobe at 1:00 PM on October 7, 2014 [3 favorites]


So then, what do I need to nuke on my machine? Walk me though this. I will not borrow library books now to avoid the snooping.

If you have ADE 2, you don't need to do anything. If you have ADE 4, uninstall it and install ADE 2.0.1 which doesn't scan your hard drive.
posted by jeather at 1:02 PM on October 7, 2014 [4 favorites]


So, the plaintext part is stupid. As far as the other bits go, they aren't completely unreasonable, though I'm not absolving Adobe of anything nefarious, I'm just saying that it may be somewhat understandable.

1) Scanning - Lots of apps do this. Picasa/Lightroom/iPhoto all scan for photos. iTunes and other music players can for MP3s.

2) Pages read - Amazon attempts to sync your position on all devices, so it would need the last page read, Adobe may attempt to do the same.

3) Metadata - I'm sure that they try to keep track of what is popular, what books are being read and which ones get abandoned. I'm sure publishers would pay to know this. One would hope this is aggregated and anonymized.

What I'm saying is that there are reasonable rationales for doing this, and it's hard to know if it's just sloppiness or actual overreach at this point.
posted by CheeseDigestsAll at 1:11 PM on October 7, 2014


On the other hand, ADE is an important part of the ebook piracy workflow, so maybe they are snooping on that.
posted by ryanrs at 1:15 PM on October 7, 2014


A decade ago there would have been calls for a boycott and federal lawsuits. Now we just assume this shit is par for the course.
posted by phooky at 1:20 PM on October 7, 2014 [2 favorites]


I find myself wondering at the odds of NSA involvement or, at least, awareness.
posted by truex at 1:21 PM on October 7, 2014 [1 favorite]


Scanning - Lots of apps do this. Picasa/Lightroom/iPhoto all scan for photos. iTunes and other music players can for MP3s.

Usually it offers to do this, not does it automatically and then secretly sends all the information about every MP3 you have on your computer to a server.
posted by jeather at 1:33 PM on October 7, 2014 [10 favorites]


If you weren't previously aware, it's not just Adobe collecting this information. Amazon is also collecting this information on books that you check out at the library and read on your Kindle device or app. When my kid was reading a library book on her iPad and then later wanted to read it again in the car after forgetting to bring her iPad, I handed her my phone and the book "magically" opened to the exact page she was reading on the iPad. It's this creepy data collection that makes that magic happen, but it also let's Amazon know which pages you turn to most often every time you pick up Fifty Shades of Grey.
posted by Toekneesan at 1:49 PM on October 7, 2014 [1 favorite]


From Adobe:

“Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them. All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers. Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.”

For more background:
For example, Adobe Digital Editions collects the following information:
· User ID: The user ID is collected to authenticate the user.
· Device ID: The device ID is collected for digital rights management (DRM) purposes since publishers typically restrict the number of devices an eBook or digital publication can be read on.
· Certified App ID: The Certified App ID is collected as part of the DRM workflow to ensure that only certified apps can render a book, reducing DRM hacks and compromised DRM implementations.
· Device IP: The device IP is collected to determine the broad geo-location, since publishers have different pricing models in place depending on the location of the reader purchasing a given eBook or digital publication.
· Duration for Which the Book was Read: This information is collected to facilitate limited or metered pricing models where publishers or distributors charge readers based on the duration a book is read. For example, a reader may borrow a book for a period of 30 days. While some publishers/distributers charge for 30-days from the date of the download, others follow a metered pricing model and charge for the actual time the book is read.
· Percentage of the Book Read: This information is collected to allow publishers to implement subscription models where they can charge based on the percentage of the book read. For example, some publishers charge only a percentage of the full price if only a certain percentage of the book is read.
· Additionally, the following data is provided by the publisher as part of the actual license and DRM for the eBook:
o Date of Purchase/Download
o Distributor ID and Adobe Content Server Operator URL
o Metadata of the Book provided by Publisher (including title, author, publisher list price, ISBN number)



They haven't gotten back to me about the plaintext thing. Collecting all that info is one thing, transmitting it in the clear is another entirely.
posted by BlackLeotardFront at 1:54 PM on October 7, 2014 [3 favorites]


DRM-free and privacy invasion-free ebook tools:

Calibre for ebook management.
fbreader for reading.
posted by Poldo at 2:23 PM on October 7, 2014 [7 favorites]


From Adobe:

That's the same boilerplate their spokesperson sent to Ars, and parts of it are, assuming Ars's reporting is correct, completely, transparently false. (E.g. "this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader.")

It's this creepy data collection that makes that magic happen

You're talking about a much more narrowly limited kind of "creepy data collection" than these articles show ADE to be doing. And I don't believe the Kindle (device) even does this at all with ebooks added to it manually (or using Calibre), though please correct me if I'm wrong.
posted by RogerB at 2:32 PM on October 7, 2014 [2 favorites]


is in line with the end user license agreement and the Adobe Privacy Policy.

Ahhh... So that's pretty simple.... Lets go to that policy...

http://www.adobe.com/ca/privacy/policy.html.

But that policy also refers to the EULA... So privacy may be impacted by the EULA. Okay. This might be the general EULA. Fonts of course are impacted by another EULA mentioned in the original EULA.

Obviously (from the general EULA link) "New Additional Terms may be added from time to time." So that's a thing.

Now, will they share this information that they colllect? Well, according the the privacy policy link - maybe. "Adobe may also share your personal information: When you agreed to the sharing." I assume when they say "you agreed" they mean that in one of their EULAs, privacy statements or other legal documents that may be in PDF form or in an about box or somewhere on their website. Mind you they can update their EULA at any point, which you agree to (or quit using their product). So "you agreed" is somewhat vague. I assume they have an army of lawyers that wrote all this shit though, so it probably has some basis in contract law somewhere.

tldr; you agreed to everything they are doing, whatever that may be, so why all the fuss?
posted by el io at 2:44 PM on October 7, 2014


Honestly, the contracts everyone who uses Adobe products agree to are easily understandable.*

*For any competent professor at a top-notch law school specializing in both contract law and privacy law.
posted by el io at 2:46 PM on October 7, 2014


It's been years and I still haven't found a single reason to regret my decision to avoid all ereaders and stick with actual real paper books, one of the hallmarks of civilization.

I keep the books I can't live without in paper form just in case civilization collapses and I want to read them one more time before the culling, but having a device that's lighter than a paperback that I can put pretty much any book on no matter where I am and has a backlight is just too damn convenient. It's the fact that we can mass distribute the words that are the hallmark, not the physical books, IMO.

I was looking into the library thing but hadn't gotten around to installing the adobe software. I guess I'll make do without.
posted by Huck500 at 3:12 PM on October 7, 2014 [3 favorites]


If you want an ebook management software solution not laden down with bad stuff, ya'll should check out Calibre if you're not already familiar with it.

It's incredible. Not the best UI, but it has a very active community and is updating all of the time.
posted by el io at 3:15 PM on October 7, 2014 [3 favorites]


.txt files FTW.
posted by jfuller at 3:46 PM on October 7, 2014 [1 favorite]


Ain't rocket science folks : Don't trust closed source software. Duh!

We've previously discussed the rather singular advantages of ebook, Justinian, very nice for travel too. I do buy paper books that I actually use however, well the paper form is pleasant. And sadly the ebook readers with better user interfaces make themselves useless by not doing djvu files.
posted by jeffburdges at 4:02 PM on October 7, 2014 [2 favorites]


...so...what happens to all this data that is stored someplace?

Where's the story about how it was "sold" to some marketing company (spammer)?
posted by CrowGoat at 4:31 PM on October 7, 2014


Adobe products have been phoning home undisclosed info for some time now (at least since CS1). There are lists of Adobe servers all over the web. Every time I've upgraded - I'm officially done at CS5 - the first order of business has been to update the hosts file and set up new firewall rules to keep everything local. I wouldn't trust Adobe as far as I could throw them.
posted by Benny Andajetz at 5:05 PM on October 7, 2014


True, but that's usual and understood; here they've exceeded authorized access to peoples' computers and violated some laws in so doing, I think.
posted by sebastienbailard at 5:11 PM on October 7, 2014



Starting Nmap 6.45 ( http://nmap.org ) at 2014-10-07 20:10 EDT
Nmap scan report for adelogs.adobe.com (192.150.16.235)
Host is up (0.063s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https

posted by mikelieman at 5:11 PM on October 7, 2014


Just the last stuff Adobe sent me, first is same as Ars got:

"In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue. We will notify you when a date for this update has been determined."

...

"The product team assured us that the information is solely collected for the eBook currently being read by the user (and not for any other eBook in the user’s library or read/available in any other reader). Given the test results you cite, Adobe is looking into this again to make sure the software works as intended/designed."

Nothing from them on how long the data is stored or what they need data on non-Adobe-licensed books for, and so on.
posted by BlackLeotardFront at 5:38 PM on October 7, 2014


...or why they're new to HTTPS.
posted by nev at 5:40 PM on October 7, 2014 [2 favorites]


The product team assured us

Right, obviously it's not like Adobe is lying about this, just the product team. Maybe they've gone rogue.
posted by RogerB at 5:45 PM on October 7, 2014 [1 favorite]


This is appalling, and damaging to their interests on so many levels. What could they even do with the information that could be of benefit to them? Sue possible ebook pirates?
In my family I have or have had several palmpilots, kindles and kobos plus ipads/iphones that I read from.
I am certainly not going to purchase items that are restricted in the platforms I can read them on, so my first order of business when I buy something from the Kobo store is to strip the shitty ADE DRM.
Which requires that I have ADE installed, so I can legitimately decrypt the purchased file to read it.
Search my hard drive and phone home and it is just easier for me to skip having ADE installed - which means no more purchasing ADE DRM books. Adobe can do the explaining to Kobo why they just lost a customer.
posted by bystander at 5:52 PM on October 7, 2014 [1 favorite]


Interesting silver lining to this that was recently pointed out to me -- and I mean, aside from the obvious schadenfreude-colored lining of having Adobe, which is one of the shittiest tech companies around, have one of its most offensively user-hostile products explode in its face -- is that this makes it really hard for Adobe to pull the plug on earlier versions of ADE.

I mean, their plan has clearly been for a while to force everyone to upgrade off of ADE2 and ADE3 to the newer version. But now they're going to have a rather difficult time of that.

And that's a Good Thing, because installing ADE 2 plus Calibre and the DeDRM plugin is the easiest way to strip the Digital Editions DRM off of Adobe ebooks. AFAIK this process is broken with ADE4, and that's probably one of the big reasons why Adobe wanted to push everyone to the new version and sunset the old ones. But it's quite trivial with the old versions. (DRM is, of course, defective by design and will always be broken, but some of the latest schemes are hard enough to break that they seem to have temporarily outpaced the interest of the Internet masses to defeat them. Cf. Amazon's Kindle Fire and book-rental DRM in particular.)

So if you are stuck with some crappy Digital Editions based ebook-borrowing system, this certainly isn't going to suddenly make it less of a turd, but it at least it will probably slow Adobe down from forcing you to replace it with their newer and less de-DRMable turd.
posted by Kadin2048 at 6:19 PM on October 7, 2014 [1 favorite]


Ain't rocket science folks : Don't trust closed source software. Duh!

Don't trust open source software either.
posted by pravit at 7:38 PM on October 7, 2014


... Apparently I'm still running ADE 1.7.1. Is the Mac version numbering different? I don't appear to have upgraded it since sometime in 2010, so I guess the number sounds reasonable.
posted by asperity at 9:16 PM on October 7, 2014


Don't trust software.
posted by el io at 9:22 PM on October 7, 2014


Don't trust.
posted by boo_radley at 9:38 PM on October 7, 2014


Don't.
posted by aubilenon at 10:02 PM on October 7, 2014


Do.
posted by asperity at 10:05 PM on October 7, 2014 [1 favorite]


D.
posted by Grangousier at 10:16 PM on October 7, 2014 [1 favorite]


We donno if heartbleed and shellshock were NSA plants, pravit, but at least it's tricky to design well concealed bugs. Adobe intentionally built and maintained active spyware. In other words, we can trust that almost everyone involved with open source software has fundamentally good intentions, while Adobe demonstrates that close source software is frequently malicious throughout the design process, even expensive close source software.

Adobe Responds to Reports of Their Spying, Offers Half Truths and Misleading Statements
posted by jeffburdges at 11:42 PM on October 7, 2014


No-one seems able to confirm that it scans and sends data about books that aren't in ADE's library - but it definitely sends a complete history about all books ever opened in ADE, including subsequently deleted ones.

Librarians have a long history of trying to protect confidentiality of readers. And for good reason; for example, in the 80's the FBI wanted librarians to give them detailed reading records, so they could investigate readers of 'suspicious' books and what diplomats were reading. The Patriot act resulted in Jessamyn's famous warrant canary. It's not hard to imagine modern day witch hunts for readers of books thought to be 'terrorist related'.

Given this history, there are various state laws protecting the reading records of patrons, so they're only supposed to be available with a warrant; or via the Patriot act to the FBI. Now Adobe is not only recording your entire borrowing history from libraries that use ADE for ebooks, including the overdrive system, but is broadcasting it in the clear every time you use the app. If that isn't illegal under the current laws protecting lending records, it's opening the door for law enforcement to go to adobe for those records instead of the library, and likely no warrant even required.

One can only hope adobe gets slapped down hard for this by the libraries, because it's hard to have faith that the legal system will.
posted by ArkhanJG at 12:16 AM on October 8, 2014 [1 favorite]


Wow, poor form on Adobe in their response. I mean, they didn't even throw anyone under the bus and beg forgiveness. They're gonna regret that. That's covered in like the first day of Corporate Fuckups 101.

This part was a particularly nice touch, though:
All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers.
There are so many things to like in this sentence.

Okay, first there's the obvious — the "implementation of different business models" is such a nice passive-voice phrase; it's not spying on your users, it's merely, uh, facilitating the implementation of a spying-based business model! I think everyone should mull over for a while the process involved in believing that to be a justification. It boils down to: if you can make money from it, it's gotta be okay, right?

Also: publishers! Think of the publishers! You might hate us, but you don't hate publishers, right? (If I were a publisher, I'd be concerned that I'm being led dangerously close to the edge of the road as the bus is approaching.)

And the best part, if you really parse that sentence, they're not even 100% saying that all information is used for license validation and "licensing models". The information is collected for "purposes such as", and then they give two examples, namely license validation and the whole 'facilitating the business models' shit. But those are merely two examples! What is the information really being collected for? "Purposes." Purposes such as licensing validation, but certainly not limited to, the ones noted. Hummm.

Anyway, they seem to be doubling down with that statement. Bold move.

And then:
Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader.
Yeah, so if we had any questions that they were still in the "denial" stage of the corporate Kübler-Ross model, well, here we have it. A flat-out denial. Always good to get these things down on the record.

Given the dancing around the "purposes" angle that they went through earlier, it's interesting that they just flatly came out and denied this part. Assuming that the Ars tests weren't just wrong somehow, I think this is where you're eventually going to see the quelle horreur certainly-we-didn't-mean-for-it-to-do-that debug flag excuse, if it turns out that yes actually it does do that.

Interesting that they want to draw such a bright line there: sure, we spy on everything you read, for indistinct purposes that we're only going to hint at, but certainly we're not taking notes on everything else in your library. As though the fact they do the first thing doesn't make it pretty suspect that they're the sort of people who would totally in fact do the second.
posted by Kadin2048 at 7:21 AM on October 8, 2014 [4 favorites]


And sadly the ebook readers with better user interfaces make themselves useless by not doing djvu files.

I'm all for supporting more file types, but useless? I've never personally run into a djvu file, so...
posted by Huck500 at 10:43 AM on October 8, 2014 [1 favorite]


Topaz does pretty much what djvu does, and is more widely supported.
posted by ChurchHatesTucker at 11:13 AM on October 8, 2014


DjVu is, in my experience, very rare outside of closed document management system environments where its used for internal storage. It's technically very elegant but is so sparsely implemented that I can't see it really catching on.

Its best use case is for scanned documents but the world has basically decided that PDFs are "good enough" for scanned-doc interchange. And of course the companies with closed-off ecosystems prefer proprietary formats because they're proprietary; DjVu's openness isn't an advantage there.
posted by Kadin2048 at 11:48 AM on October 8, 2014


DjVu is considered the best choice for ebooks created by scanning printed books. Internet archive uses it for example. Very commonly used for distributing ebooks online, distributing textbooks outside the west, etc. Appears that my ebook library has around 10% DjVu files, 55% PDF files, and 35% epub, mobi, etc., that's original downloads without any conversions.

In practice, there are often PDFs available for download that don't take up that much more space than the available DjVu, either because the DjVu was compressed poorly or the pdf was compressed exceedingly well. I've found that pdf2djvu commonly reduces ebook file sizes maybe threefold, while djvu2pdf blows em' up threefold too, but maybe that's those specific tools. I'd love a pdf2djvu-like tool that avoided blowing up the file size.

I've honestly never seen a Topaz file, but apparently they're "like IW44 which is a simplified subset of DjVu". Amazon is afaik the only company that uses Topaz, but Amazon is never your best option for ebooks.
posted by jeffburdges at 12:19 PM on October 8, 2014 [1 favorite]


The server Adobe is using to collect everyone epub book data is separate from the licensing one so you can edit your hosts file and direct adelogs.adobe.com to either 0.0.0.0 or 127.0.0.1. Credit: Michael.

A good overall hosts file can be found here.
posted by stbalbach at 7:22 PM on October 8, 2014


Or even better is HostsMan app.
posted by stbalbach at 7:58 PM on October 8, 2014


No-one seems able to confirm that it scans and sends data about books that aren't in ADE's library - but it definitely sends a complete history about all books ever opened in ADE, including subsequently deleted ones.

I've been playing around with this, and this morning was able to confirm that that if an ebook reader that can be recognized as a device by ADE is connected to a computer running ADE, that ADE can send information about the books on that device in the clear. The books do not have to be imported into ADE's library for this to happen.

Here's a (self-)link to a gist with some more details.

This has been getting a lot of attention in library-land. Some posts worth reading include: posted by metaquarry at 12:19 PM on October 9, 2014 [7 favorites]


From our consortium on this issue:

In anticipation of us receiving still more queries, we’re sharing information about an issue the most recent version of Adobe Digital Editions (ADE 4.0). There’s a longer version with links below if you are interested in lots of details, but here’s the short version. ADE is (as you know) the program that lets users open Adobe ePub eBooks on computers. 4.0 has been proven to be sharing data about customer eBook usage (titles read, even pages read and in what order) with Adobe. Adobe says this is part of DRM and the data is not shared or used except in enforcing licensing.

Overdrive is aware and has not yet commented other than to admit being aware.

It’s important to realize that this will affect few of our customers. Be reassuring if anyone asks. Most of them have not adopted the relatively new 4.0, which is only needed for library eBooks on computers and for Nook eInk device transfer.

They will not be affected if they use a tablet, or phone, or Kindle library eBook users will not be affected, or even older editions of ADE.

Many libraries are in touch with their eBook vendors (Overdrive, in our case) to ask that the vendors advocate for us with Adobe for patron privacy; libraries are also expressing their concern to Adobe directly.

If customers are using ADE 4.0 and are concerned suggest that they uninstall 4.0 and get an earlier version of ADE (still available) until Adobe has complied with libraries’ legitimate concerns about privacy.

Adobe has guaranteed that the data harvested is private, but we in libraries don’t think that’s good enough. We’ll keep you updated.

posted by zakur at 11:55 AM on October 10, 2014 [1 favorite]


Statements by the American Library Association and the Canadian Library Association (PDF) on Adobe Digital Editions 4.
posted by metaquarry at 10:45 AM on October 15, 2014


Adobe has now released version 4.0.1 of Digital Editions, along with a privacy statement just for ADE.

I fired up Wireshark and ran it through its paces. It's now using HTTPS, so it's no longer open to casual interception. It also didn't send anything at all to the logging server while I was opening books that were already in ADE or retrieving an ebook I borrowed from my local library's OverDrive subscription. It did contact the logging server when I downloaded an ebook I purchased from Kobo.

In other words, it seems better, assuming ADE isn't cheating and sending the entire list of ebooks in the encrypted message. However, some of the licensing scenarios in Adobe's explanation of how they're using the data give me pause -- particularly the one about distribution of ebooks via libraries using metered pricing.
posted by metaquarry at 7:08 PM on October 23, 2014 [2 favorites]


« Older The insane conspiracy theories of Naomi Wolf   |   Meet the Mumbles Train, the very first fare-based... Newer »


This thread has been archived and is closed to new comments