It's not clear how the data collected by Adobe is stored, but it is associated with a unique identifier for each Digital Editions installation that can be associated with an Internet Protocol address when logged. While checking the license data for books in DE’s local library is certainly part of the application’s core functionality, the fact that this data is broadcast in the clear could create a significant privacy issue for readers.
If the reader isn't activated, it uses an anonymous unique ID code generated for each DE installation.īelow is the data transmitted by Digital Editions when we opened an EPUB file of Yotam Ottolenghi’s cookbook, Jerusalem:Ī review of Adobe's terms of use for DE found no mention of the logging feature or how long the data was stored by Adobe. If you've "activated" Digital Editions with an Adobe ID, it uses that information to determine whether a book has been "locked" on another device using the same ID to read it or if the loan has expired. The behavior is part of Adobe's way of managing access to e-books borrowed from a library or "lent" by other users through online bookstores supporting the EPUB book format, such as Barnes & Noble. Those logs are transmitted over an unencrypted HTTP connection back to a server at Adobe-a server with the Domain Name Service hostname “”-as an unencrypted file (the data format of which appears to be JSON). But DE also reports back data on e-books that have been purchased or self-published. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no reply.ĭigital Editions (DE) has been used by many public libraries as a recommended application for patrons wanting to borrow electronic books (particularly with the Overdrive e-book lending system), because it can enforce digital rights management rules on how long a book may be read for. Even worse, the logs are transmitted over the Internet in the clear, allowing anyone who can monitor network traffic (such as the National Security Agency, Internet service providers and cable companies, or others sharing a public Wi-Fi network) to follow along over readers’ shoulders.Īrs has independently verified the logging of e-reader activity with the use of a packet capture tool.
Adobe’s Digital Editions e-book and PDF reader-an application used by thousands of libraries to give patrons access to electronic lending libraries-actively logs and reports every document readers add to their local “library” along with what users do with those files.