Addressing data privacy issues around Adobe Digital Editions

— by Jim L.

Yesterday, Nate Hoffelder, the editor of The Digital Reader blog reported that the newest version of the Adobe Digital Editions software (ADE 4) appears to be transmitting data about eBooks back to Adobe’s servers.

The Library’s primary eBook distributor, OverDrive, uses Adobe’s Digital Rights Management software to help enforce the rules that publishers require to permit libraries to lend eBooks. The Adobe Digital Editions (ADE) application is used to setup Adobe IDs, which are required for you to borrow and read library eBooks. Often, the process of setting up and configuring an Adobe ID happens while you’re checking out your first library eBook and rarely needs to be repeated.

ADE can also be used to manage your eBook collection and even to read eBooks. A friend of Hoffelder’s discovered that ADE version 4 gathers and transmits data in plain text about eBooks that have been opened, which pages were read, and in what order. Hoffelder’s article includes samples of data captures and screenshots that seem to bear this out.

According to another source, this issue appears to only affect users who use ADE on a desktop computer for reading and managing eBooks. If users use the OverDrive app or an e-reader device to actually read eBooks, it does not appear that they are affected.

The Amazon Kindle suite (apps, readers, etc.) is not affected because Amazon doesn’t use ADE.

The Seattle Public Library values our patrons’ right to privacy, and we have expressed concern and alarm to OverDrive, and asked them to advocate on our behalf. We will be contacting Adobe directly to demand that they address this violation of user privacy immediately.

OverDrive tweeted today: “We are aware of the Adobe article and we are reviewing the situation. We will comment in full when we have additional information.”

This afternoon, Adobe confirmed that it is gathering eBook readers’ data and issued a statement:

“All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers. Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.”

If you are concerned about this, you can either not upgrade to ADE 4 or simply not use ADE to manage your eBook libraries or to read eBooks. You may also download and install ADE version 3, which appears to not engage in this practice.

Again, if you have ever used ADE just to create an Adobe ID for use with OverDrive but otherwise you use OverDrive (or other eReader) to actually read the eBooks, you should not be affected.

Hoffelder’s original article noted that ADE may be sending data about eBooks managed by other applications, too, but that claim remains unconfirmed and has been explicitly denied by Adobe.

Updated 11am, 10/8/2014

The Seattle Public Library has written to our primary eBook provider, OverDrive, and asked for their assistance advocating for libraries on this matter.

Link to letter:

Posted by Jim Loter, Director of Information Technology at The Seattle Public Library


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s