Adobe reportadly spying on its users: Data transfer occurs un-encrypted !

Status
Not open for further replies.

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Adobe recently introduced Digital Editions app version 4, and it is supposedly doing a lot more than serving its purpose of letting people read eBooks on their computers. It’s doing a bit of spying, and reporting to Adobe about its findings in plain-text data. The company has modified its Digital Editions 4 desktop ebook reader to now encrypt the data it secretly sends back to headquarters – data that details a user’s reading habits reported the The Register.

Earlier this month when this news was out, Nate Hoffelder wrote on his blog, The Digital Reader:

Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text. Adobe isn’t just tracking what users are doing in Digital Edition4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.

Another thing is that the app is not only spying on the users, but also sending personal information that too in unencrypted form over the net. And it seems that it is not just about the ebook that they are reading. Adobe’s privacy policy lists several ways in which it uses information collected about users, including market research and endeavors to reduce software piracy and fraud. End-user license agreements also lists the disclaimers of limits of liability and warranties.

Adobe had confirmed that the latest version of the widely used ebook platform is gatheringextensive data on its users’ ebook reading habits. The company also confirmed that those data gathering practices are indeed in place. A spokesperson for Adobe said in a statement:

“Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them, All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers. Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy”.


After the accusing done over the company, Adobe admitted that transmitting unencrypted data could pose a security risk: “In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue.” Adobe further said that moreinformation on when that update will be in place and of what it will consist is forthcoming. Adobe enumerated that the data that it collected included user ID, device ID, certified app ID, device IP, duration for which the book was read, percentage of the book read etc..

Adobe claims that the user agreements governing versions 3 and 4 do not differ with respect to user data. An Adobe spokesperson said, “while additional product capabilities were added in version 4 to facilitate additional publisher requirements and business models, the end user license agreement and privacy policy did not require changes. The information collected from the user in version 3 and the version 4 is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers.”

Adobe accepted that such information was needed to enforce publishers’ anti-piracy measures, digital rights management (DRM). The company has also set up a web page to explain exactly what data it takes and why. It also insists that “If an ebook does not have any DRM associated with it, then no information is collected.”

Recently, Adobe rolled out a new update, it adds a full text search option as well as a new display window for search results. Even though we are still not sure whether Adobe is spying on users, there is one thing which has improved the situation is that, Adobe is now encrypting the data uploaded to their servers. According to the changelog posted by Adobe, the data is sent to Adobe in a secure transmission.
 

Anupam

Level 21
Verified
Well-known
Jul 7, 2014
1,017
who needs adobe :p
Foxit reader all the way.. google chrome does not need Adobe Player too to pay videos. So no adobe products.
 
Last edited:
Y

yigido

Thanks Petrovic, for usefull post (Adobe tracking on us) ;) I am using another PDF viewer (opensource), even it saves me some malwares that looks like Adobe icon PDFs ;)
 
  • Like
Reactions: Petrovic

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Thanks Petrovic, for usefull post (Adobe tracking on us) ;) I am using another PDF viewer (opensource), even it saves me some malwares that looks like Adobe icon PDFs ;)
i use only adobe flash player:D
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Not surprise, but you cannot prevent to use Adobe products due to being useful like Photoshop, Dreamweaver and Flash player. ;)

Perhaps when use those product you cannot notice or bother those tactics.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top