Menu
Adobe begins encrypting user data collected from Digital Editions app

Adobe begins encrypting user data collected from Digital Editions app

The company was criticized for sending data about content to its servers in plain text

Adobe Systems said it is now encrypting data it collects about certain e-books after facing criticism earlier this month for not protecting the data.

The Digital Reader blog reported on Oct. 6 that Adobe's Digital Editions 4 software, used for downloading and reading e-books, sent detailed logs to Adobe describing readers' activity.

Those logs were not sent using SSL/TLS (Secure Sockets Layer/Transport Layer Security), according to the blog. SSL/TLS encrypts data sent between a client and server, designated by "https" in a browser's URL bar.

In a note about Digital Editions posted Thursday, Adobe said it now periodically collects the data "using HTTPS." The change is made in Digital Editions versions 4.0.1 for Mac and Windows.

The Electronic Frontier Foundation contended that sending the data over plain text "undermines decades of efforts by libraries and bookstores to protect the privacy of their patrons and customers" even if Adobe's practice was a mistake.

Without encryption, the plain-text data could be intercepted and read using network analysis tools such as Wireshark if the data was sent to Adobe while a person was using, for example, a public Wi-Fi network.

Adobe maintains the data is necessary to abide by the DRM (digital rights management) restriction on content, which are imposed by publishers and distributors to protect works from piracy.

The data sent to Adobe includes the title and description of a book, the author, language it's written, the date of purchase or download, the distributor ID, the publisher's list price and ISBN (International Standard Book Number).

In some cases, Adobe may record how long a person reads a book, which is used for "metered" pricing models based on the actual time the content is read.

The company also collects other technical metrics, such as the IP address of the device downloading a book, a unique ID assigned to the specific applications being used at the time and a unique ID for the device.

Adobe said it doesn't collected any personally identifiable information, but may share "anonymous aggregated information with eBook providers to enable billing under the applicable pricing model." It said it doesn't collect information about content without DRM restrictions.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags Adobe Systemssecurity

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments