Details about the extent of the Adobe security snoop into
individual’s reading habits and harvesting of data is becoming clearer and the arrogance adopted by
them over what is personal data would appear to many to raise the question as
to whether they are fit to manage many services digital content.
There explanation of what they monitor conveys no remiss and
some would say carries the usual ‘read the small print’ caveat and even more
interestingly appears to blame publishers and others for asking for those controls
even though many appear to be naïve to the fact that the controls are not only
enforced locally but that the information about them is sent back to Adobe to
harvest.
The information has been confirmed by a number of sources to
be unencrypted and therefore open to potentially many parties to read or intercept
which in this day and age beggars belief and is clearly any responsibility or
care. Their privacy statement can be found at Adobe
Privacy Policy and interestingly under
‘Is my Personal Information Secure?’ states:
‘We understand that the security of
your personal information is important. We provide reasonable administrative,
technical, and physical security controls to protect your personal information.
However, despite our efforts, no security controls are 100% effective and Adobe
cannot ensure or warrant the security of your personal information’.
We all understand that many services such as Kindle,
Overdrive, etc synchronise our reading such to assist our being able to
continue to start where we left off. We respect that there is a wealth of
information that goes with that. But these transfers are secured and not open
and remain within their walled gardens. Anything that resides in Adobe’s
Digital Editions 4 library appears fair game to Adobe snooping and data
harvesting, even documents and non DRM ebooks!
Adobe may now find itself under pressure from large library services
and others to explain their approach and given their ACS4/5 history, the solid umbilical
cord to ADE and their apparent approach to ‘act first think later’, some may now
be prompted to look at alternative options. However that in itself is not an easy
route. It is also clear that this is not an old data harvesting feature but
only applicable to ADE4 and probably tied to the ACS5 features they are desperate
to get adopted by all.
It is sobering to think that they know and send via an open
stream;
·
Unique User ID which aligns to registration
·
Device ID to restrict number of devices re DRM
·
Certified App ID to ensure only certified apps
(licenced sales and rentals)
·
Device IP to determine geo-block
·
Duration of reading to meter reading against
certain licences
·
Percentage of the Book Read to enable publishers
to align to subscription models and determine if the book has been ‘read’
·
Date of Purchase/Download
·
Distributor ID and Adobe Content Server Operator
URL
·
Metadata provided by Publisher (title, author, publisher
list price, ISBN number etc)
It is also reasonable to ask why the new controls aren’t performed
at a local level by ADE4 and why the data has to go back to the mothership at
all. Surely if the publisher states x, y and z rules these can be enforced locally
and the only validation required is at the offset to stamp the file as genuine?
Perhaps that’s too simple and perhaps Abobe feel that would loosen their tight
control and not give them that rich seam of data that they could………
Digital Reader: Adobe
Responds to Reports of Their Spying, Offers Half Truths and Misleading
Statements
Go To Hellman : Correcting Information on the Adobe Privacy Gusher
Copyright and Technology: Adobe’s Latest E-Book Misstep: This Time, It’s Not the DRM
ALA News: Adobe responds to ALA on Egregious Data Breach
Copyright and Technology: Adobe’s Latest E-Book Misstep: This Time, It’s Not the DRM
ALA News: Adobe responds to ALA on Egregious Data Breach
2 comments:
Except this Privacy Policy/EULA is not presented (as obvious links for example) when you download this app, the licence you ACCEPT in the installer doesn't contains those two, which means it is illegal in a large number of countries.
I suspect this will prove a typical tech-media feeding frenzy. Keep in mind:
1. I once talked to someone at Adobe about what I hated about its reader. He agreed but pointed out that the reader was free. The development costs were paid for by publishers, obsessed with features such as DRM. They were the ones who had to be pleased.
2. I'm not sure there's all that much difference between what Adobe is doing and what both Apple and Amazon do with their ebook readers. All track what we're reading remotely. They have to do that to synch between devices. And while I can bypass Apple servers to read a document with iBooks, by far the easiest way to get an ebook onto my Kindle or into a Kindle app is through Amazon's servers. And Amazon makes it very easy to store that document on their servers.
In the end, I suspect this will prove to be like bending and the new iPhones, a tempest in a teapot. A little user good sense can easily correct any potential problems.
Post a Comment