Adobe Encrypts User’s eBook Data

Wednesday, October 29, 2014 @ 09:10 AM gHale


All information gathered from Adobe’s ebook reading software Digital Editions will end up encrypted when it goes to its servers.

The application collects the data in order to comply with the DRM (digital rights management) policies that protect copyright holders against piracy.

RELATED STORIES
Adobe Views Readers’ Information
Patch Issued, but Flash Hole Exploited
Adobe Fixes Flash Bugs
Patch Tuesday Fixes 3 Zero Days

“Adobe uses the information collected about the eBook you have opened in Adobe Digital Editions software to ensure it is being viewed in accordance with the type of DRM license that accompanies that eBook. The type of license is determined by the eBook provider,” the company said.

Earlier this month it was a slightly different and less secure scenario, where the program would collect details about books it opened and would deliver them to one of its servers called adelogs.adobe.com.

Nate Hoffelder of The Digital Reader blog said Digital Editions 4 also scanned the storage unit in search for other books and shared the data with Adobe.

An analysis of the traffic to the Adelog sever revealed the information ended up uploaded in an insecure manner, allowing a third party to intercept and access it in plain text.

Adobe disclosed the type of information it hauls from the users of Digital Editions, also explaining its use.

Apart from unique values required for the purpose of authentication and identification of the user and the device, the company also retrieves the IP address at the time of purchasing an ebook, duration of reading the text, amount of the ebook read, as well as details included by the providers of the ebook.

Regarding the reading duration, “this information may be collected to facilitate limited or metered pricing models entered into between eBook providers, such as publishers and distributors,” Adobe said.

The company explains in by some models, publishers can charge libraries for lending an ebook to an individual either since the time of the borrowing or since the reader actually picks up the book and reads it.

One important detail is information taken from the user now goes to its servers via a secure connection. This eliminates the risk of anyone intercepting the traffic and the information accessed by a third-party.

Adobe said none of the data collected is personally identifiable and that it may share some of it with ebook providers.



Leave a Reply

You must be logged in to post a comment.