— by Jim L.
Yesterday, Nate Hoffelder, the editor of The Digital Reader blog reported that the newest version of the Adobe Digital Editions software (ADE 4) appears to be transmitting data about eBooks back to Adobe’s servers.
The Library’s primary eBook distributor, OverDrive, uses Adobe’s Digital Rights Management software to help enforce the rules that publishers require to permit libraries to lend eBooks. The Adobe Digital Editions (ADE) application is used to setup Adobe IDs, which are required for you to borrow and read library eBooks. Often, the process of setting up and configuring an Adobe ID happens while you’re checking out your first library eBook and rarely needs to be repeated.
ADE can also be used to manage your eBook collection and even to read eBooks. A friend of Hoffelder’s discovered that ADE version 4 gathers and transmits data in plain text about eBooks that have been opened, which pages were read, and in what order. Hoffelder’s article includes samples of data captures and screenshots that seem to bear this out.
According to another source, this issue appears to only affect users who use ADE on a desktop computer for reading and managing eBooks. If users use the OverDrive app or an e-reader device to actually read eBooks, it does not appear that they are affected.
The Amazon Kindle suite (apps, readers, etc.) is not affected because Amazon doesn’t use ADE.
The Seattle Public Library values our patrons’ right to privacy, and we have expressed concern and alarm to OverDrive, and asked them to advocate on our behalf. We will be contacting Adobe directly to demand that they address this violation of user privacy immediately.
OverDrive tweeted today: “We are aware of the Adobe article and we are reviewing the situation. We will comment in full when we have additional information.”
This afternoon, Adobe confirmed that it is gathering eBook readers’ data and issued a statement:
If you are concerned about this, you can either not upgrade to ADE 4 or simply not use ADE to manage your eBook libraries or to read eBooks. You may also download and install ADE version 3, which appears to not engage in this practice.
Again, if you have ever used ADE just to create an Adobe ID for use with OverDrive but otherwise you use OverDrive (or other eReader) to actually read the eBooks, you should not be affected.
Hoffelder’s original article noted that ADE may be sending data about eBooks managed by other applications, too, but that claim remains unconfirmed and has been explicitly denied by Adobe.
Updated 11am, 10/8/2014
The Seattle Public Library has written to our primary eBook provider, OverDrive, and asked for their assistance advocating for libraries on this matter.
Link to letter: http://bit.ly/SPLadobeissue
Posted by Jim Loter, Director of Information Technology at The Seattle Public Library