Details about the extent of the Adobe security snoop into
individual’s reading habits and harvesting of data is becoming clearer and the arrogance adopted by
them over what is personal data would appear to many to raise the question as
to whether they are fit to manage many services digital content.
There explanation of what they monitor conveys no remiss and
some would say carries the usual ‘read the small print’ caveat and even more
interestingly appears to blame publishers and others for asking for those controls
even though many appear to be naïve to the fact that the controls are not only
enforced locally but that the information about them is sent back to Adobe to
harvest.
The information has been confirmed by a number of sources to
be unencrypted and therefore open to potentially many parties to read or intercept
which in this day and age beggars belief and is clearly any responsibility or
care. Their privacy statement can be found at Adobe
Privacy Policy and interestingly under
‘Is my Personal Information Secure?’ states:
‘We understand that the security of
your personal information is important. We provide reasonable administrative,
technical, and physical security controls to protect your personal information.
However, despite our efforts, no security controls are 100% effective and Adobe
cannot ensure or warrant the security of your personal information’.
We all understand that many services such as Kindle,
Overdrive, etc synchronise our reading such to assist our being able to
continue to start where we left off. We respect that there is a wealth of
information that goes with that. But these transfers are secured and not open
and remain within their walled gardens. Anything that resides in Adobe’s
Digital Editions 4 library appears fair game to Adobe snooping and data
harvesting, even documents and non DRM ebooks!
Adobe may now find itself under pressure from large library services
and others to explain their approach and given their ACS4/5 history, the solid umbilical
cord to ADE and their apparent approach to ‘act first think later’, some may now
be prompted to look at alternative options. However that in itself is not an easy
route. It is also clear that this is not an old data harvesting feature but
only applicable to ADE4 and probably tied to the ACS5 features they are desperate
to get adopted by all.
It is sobering to think that they know and send via an open
stream;
·
Unique User ID which aligns to registration
·
Device ID to restrict number of devices re DRM
·
Certified App ID to ensure only certified apps
(licenced sales and rentals)
·
Device IP to determine geo-block
·
Duration of reading to meter reading against
certain licences
·
Percentage of the Book Read to enable publishers
to align to subscription models and determine if the book has been ‘read’
·
Date of Purchase/Download
·
Distributor ID and Adobe Content Server Operator
URL
·
Metadata provided by Publisher (title, author, publisher
list price, ISBN number etc)
It is also reasonable to ask why the new controls aren’t performed
at a local level by ADE4 and why the data has to go back to the mothership at
all. Surely if the publisher states x, y and z rules these can be enforced locally
and the only validation required is at the offset to stamp the file as genuine?
Perhaps that’s too simple and perhaps Abobe feel that would loosen their tight
control and not give them that rich seam of data that they could………
Digital Reader: Adobe
Responds to Reports of Their Spying, Offers Half Truths and Misleading
Statements
Go To Hellman : Correcting Information on the Adobe Privacy Gusher
Copyright and Technology: Adobe’s Latest E-Book Misstep: This Time, It’s Not the DRM
ALA News: Adobe responds to ALA on Egregious Data Breach
Copyright and Technology: Adobe’s Latest E-Book Misstep: This Time, It’s Not the DRM
ALA News: Adobe responds to ALA on Egregious Data Breach
