Adobe Confirms It’s Gathering Ebook Readers’ Data

This post has been updated with new information.

Adobe confirms some details of recent reports by The Digital Reader and Ars Technica that Adobe Digital Editions 4, the latest version of the widely used ebook platform, is gathering extensive data on its users’ ebook reading habits.

According to Nate Hoffelder at The Digital Reader, “Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order.”

Reached for comment, Adobe confirms that those data gathering practices are indeed in place. “Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them,” Adobe said in a statement this afternoon. The statement continues:

All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers. Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.

Update: Hoffelder reported that Adobe Digital Editions appeared to be gathering information on his entire ebook library, not just the titles viewed through Adobe Digital Editions. In a follow-up communication with Adobe, which included the file Hoffelder posted to support this suspicion, the company reiterated its earlier statement that “information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader.”

According to the latest reports, that data appears to be delivering to Adobe’s servers as clear text, raising concerns that third parties could easily gain access to it.

Update: Adobe acknowledges that transmitting unencrypted data could pose a security risk: “In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue.” Adobe says further that more information on when that update will be in place and of what it will consist is forthcoming.

In its statement this afternoon, Adobe enumerates the data it gathers through Adobe Digital Editions:

  • User ID: The user ID is collected to authenticate the user.
  • Device ID: The device ID is collected for digital right management (DRM) purposes since publishers typically restrict the number of devices an eBook or digital publication can be read on.
  • Certified App ID: The Certified App ID is collected as part of the DRM workflow to ensure that only certified apps can render a book, reducing DRM hacks and compromised DRM implementations.
  • Device IP: The device IP is collected to determine the broad geo-location, since publishers have different pricing models in place depending on the location of the reader purchasing a given eBook or digital publication.
  • Duration for Which the Book was Read: This information is collected to facilitate limited or metered pricing models where publishers or distributors charge readers based on the duration a book is read. For example, a reader may borrow a book for a period of 30 days. While some publishers/distributers charge for 30-days from the date of the download, others follow a metered pricing model and charge for the actual time the book is read.
  • Percentage of the Book Read: This information is collected to allow publishers to implement subscription models where they can charge based on the percentage of the book read. For example, some publishers charge only a percentage of the full price if only a certain percentage of the book is read.
  • Additionally, the following data is provided by the publisher as part of the actual license and DRM for the eBook:
    • Date of Purchase/Download
    • Distributor ID and Adobe Content Server Operator URL
    • Metadata of the Book provided by Publisher (including title, author, publisher list price, ISBN number)

Adobe Digital Editions is used by a range of ebook readers, including publishers and library patrons. While Adobe contends its data tracking practices are within the bounds of its user agreements and privacy policy, the scope of the program appears to come as a surprise to many.

Adobe has been contacted for clarification and additional information, including whether Adobe Digital Editions 4, which was launched on September 8, is the only version of the platform that’s subject to the data gathering program Adobe outlined today. Earlier versions so far appear to be unaffected. We will update this post as more information becomes available.

Update: Adobe did not directly address reports that previous versions of the platform are not subject to data gathering, but it claims that the user agreements governing versions 3 and 4 do not differ with respect to user data. An Adobe spokesperson said, “while additional product capabilities were added in version 4 to facilitate additional publisher requirements and business models, the end user license agreement and privacy policy did not require changes. The information collected from the user in version 3 AND version 4 is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers.”

7 thoughts on “Adobe Confirms It’s Gathering Ebook Readers’ Data

  1. Michael

    “The information collected from the user in version 3 AND version 4 is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers.”

    If that were so, there would be no reason to indiscriminately send info on non-DRMed books. If someone buys a DRM-free epub at Smashwords and opens it in Adobe Digital Editions, it should be none of Adobe’s business what that person is reading.

    Reply
  2. Christian

    Why does this surprise anyone. For years now we have been pushing the potential value of the immense data that can and is being collected in order to make a “better mouse trap” in all areas of the publishing world. Many of us are in the business, directly or indirectly, to keep publishing alive and this is one of many tools to do that. Get over it or cut the digital cord completely.

    Reply
  3. Elizabeth Burton

    I have two words for you: “subscription services.”

    Many of not all of the subscription services pay authors based on how much of a book is read. In order to do that, the ebook file would have to provide just this kind of data.

    Reply
    1. Michael

      I have no problem with that. But sending information on files that aren’t related to subscriptions or other DRMed purchases is unnecessary.

      Reply
  4. Denis

    Unencrypted data allowed faster disclosure of what they are doing. That was a security measure, how can’t you see it?

    Reply
  5. Rob W

    I was mildly disturbed by this, but then I realized the reality of today is that anything we do on anything connected to a network that is connected to the internet has ABSOLUTELY NO EXPECTATION OF PRIVACY. Everything on the net can be monitored, everything that is encrypted can be decrypted (eventually), and the way people make money on the internet is by selling their users information. You’d have to be a moron to do anything criminal or questionably ethical on today’s internet, and if you’re not doing anything illegal or questionably ethical, why do you care about privacy anyway?

    Reply
  6. ramesh rathibandala

    Hi, we are looking for a data entry processing projects, ebook conversation project works. Any required about this projects please contact us. Thank you.

    Reply

COMMENT

Your email address will not be published. Required fields are marked *


*