Adobe proposes an eBook reader called Digital Editions. Current version is 4. So far, so good.
Unfortunately, on 7 October, the website “The Digital Reader” reported that Digital Editions 4.0 collected information about the reading usage. The announced gathered data were eBooks that were stored in the reader, eBooks that have been opened, pages that were read, and the order. This information was sent back to the server adelogs.adobe.com in the CLEAR. Thus, this version had two issues regarding privacy:
- It collected information without informing the end user.
- It sent personal information in the clear. Any sniffer could extract this information.
Obviously this answer is not satisfactory. Last week, Adobe published a revised version 4.0.1 that sent back the information using SSL. Furthermore, in a note published on October 23, 2014, Adobe listed the collected information:
- User ID
- Device ID
- App ID
- Device IP
- Identification of the book
- Duration for which the book was read
- Percentage of the book read
The information is collected only for DRM protected eBooks. The aim of this data gathering is used for potential clearing house. Some business models of publishers may be based on the actual consumption.
The lesson is that technologists never learn from the past errors. It is not anymore acceptable that private information is sent over the Internet in the clear. HTTPS is an easy solution to transfer secure data and servers scale properly in our days.