After uproar, Adobe begins encrypting user data collected from Digital Editions app

adobe logo
Credit: Midiman via Flickr/Creative Commons

Adobe Systems said Thursday it is now encrypting data it collects about certain ebooks after facing criticism earlier this month for not protecting the data.

The Digital Reader blog reported on Oct. 6 that Adobe’s Digital Editions 4 software, used for downloading and reading ebooks, sent detailed logs to Adobe describing readers’ activity.

Those logs were not sent using SSL/TLS (Secure Sockets Layer/Transport Layer Security), according to the blog. SSL/TLS encrypts data sent between a client and server, designated by “https” in a browser’s URL bar.

In a note about Digital Editions posted Thursday, Adobe said it now periodically collects the data “using HTTPS.” The change is made in Digital Editions versions 4.0.1 for Mac and Windows.

The Electronic Frontier Foundation contended that sending the data over plain text “undermines decades of efforts by libraries and bookstores to protect the privacy of their patrons and customers” even if Adobe’s practice was a mistake.

Without encryption, the plain-text data could be intercepted and read using network analysis tools such as Wireshark if the data was sent to Adobe while a person was using, for example, a public Wi-Fi network.

Adobe maintains the data is necessary to abide by the DRM (digital rights management) restriction on content, which are imposed by publishers and distributors to protect works from piracy.

The data sent to Adobe includes the title and description of a book, the author, language it’s written, the date of purchase or download, the distributor ID, the publisher’s list price and ISBN (International Standard Book Number).

In some cases, Adobe may record how long a person reads a book, which is used for “metered” pricing models based on the actual time the content is read.

The company also collects other technical metrics, such as the IP address of the device downloading a book, a unique ID assigned to the specific applications being used at the time and a unique ID for the device.

Adobe said it doesn’t collected any personally identifiable information, but may share “anonymous aggregated information with eBook providers to enable billing under the applicable pricing model.” It said it doesn’t collect information about content without DRM restrictions.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.