

The latest version of Adobe's Digital Editions, a DRM system widely used for ebooks, gathers enormous amounts of sensitive personal information about its users' reading habits and transmits them, in the clear, to Adobe.

Nate Hoffelder at The Digital Reader used a network monitor to watch what Digital Editions 4 did after he installed it, and caught the software exfiltrating an unencrypted file containing an index of all the books in his library to Adobe. Adobe did not respond to Hoffelder's request for comments. Hoffelder has supplied a copy of the file that DE4 built and transmitted from his computer. It should be pretty straightforward to replicate this on your own computer if you'd like to verify Hoffelder's findings.

My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.) And just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also tested this at my request and saw it with his own eyes. Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe's server in clear text. I am not joking; Adobe is not only logging what users are doing, they're also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,



Adobe is Spying on Users, Collecting Data on Their eBook Libraries [Nate Hoffelder/The Digital Reader]