Tuesday, October 7, 2014

Adobe - yet another corporate snooper

I've complained frequently about companies like Facebook and Google invading our privacy by their intensive, intrusive monitoring of our every online activity.  Now comes the news that Adobe Systems is getting in on the act with its Digital Editions software.

A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe’s DRm for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s Epub app, seemed to be sending an awful lot of data to Adobe’s servers.

My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers.

. . .

Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.

I am not joking; Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,

But wait, there’s more.

Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.

In. Plain. Text.

And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk.

. . .

This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects.

. . .

I am sharing these details not to excuse or justify Adobe, but to show you that this was a massively boneheaded stupid mistake that Adobe would have seen coming had they had the brains of a goldfish.

As for the legal aspects, I am still unsure of just how many privacy laws have been violated.

There's more at the link.  Ars Technica has confirmed the information, and provides more details.  Adobe has responded in weaselly fashion, not so much apologizing for doing it as apologizing for being found out, while trying not to admit anything.

I use Digital Editions myself, and like it:  but after this revelation, it's coming off my machine until Adobe scraps their spying activities and shows greater respect for my privacy.  Who the hell do they think they are?


1 comment:

Rolf said...

They think they are a government stooge.

Because they are, just like most other large corporations. The MAN leans on them, saying "sayyyy.... Mighty fine company youse got here.... Be a shame if anything happened to it... "

Me, paranoid? Just because an anti-Obama film maker just got word he's being audited? Coincidence, I'm sure.