Adobe Digital Editions eBook Software Collects User Data and Sends it Back Unencrypted

Adobe’s eBook reader software, Digital Editions 4 has been found to collect user data and eBook metadata and send them to Adobe’s servers unencrypted, according an investigation by The Digital Reader.

“Adobe is not only logging what users are doing, they`re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,” said Nate Hoffelder of The Digital Reader. “This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects.”

The destination server for the plain text data proved to be one of Adobe’s, having assigned the IP address 192.150.16.235 (Whois link). The gathered information included opened eBooks, pages read and their order, title, publisher and other metadata.

The investigation also revealed that the Digital Editions 4 software was scanning the host’s computer hard-drive for eBooks, gathered metadata and sent them to Adobe’s servers.

Adobe replied to the issue and admitted to having collected user data by tracking activity but denied having scanned the host`s computer for eBooks.

“All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers,” Adobe said. “Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user`s library or read/available in any other reader.”

In another statement for Digital Book World, Adobe admitted the unencrypted data transmission poses a security risk and pledged to address the issue in upcoming updates.

This means that Adobe will still be collecting data, only this time they may encrypt it. The bright side is that no one can see what and when you read. The dimmer side is that Adobe will still have your data on read eBooks.