What’s more, LG was caught in a very similar privacy violation last November when one of their Smart TVs was shown to be uploading metadata from a user’s private files to LG’s servers – and like Adobe, that data was sent in clear text. Numerous apps have been caught sending data in clear text, and others have been caught scraping data without permission (email address books, for example). On a technical level, this kind of mistake is not new. This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects. Wireshark logged all of the data sent to Adobe, and on request spat out the text files. ![]() This nifty little app can be used to log all of the information that is sent or received by your computer over a network. Muussler and I both saw that data was being sent to 192.150.16.235, one of Adobe’s IP addresses. The above two files were generated using data collected by an app called Wireshark. ![]() The first file proves that Adobe is tracking users in the app, while the second one shows that Adobe is indexing my ebook collection. I had not used ADE to load the files on to the ereader, and yet the app scanned them, made a list, and uploaded the list to Adobe.Īnd just to show that I am neither exaggerating nor on drugs, here is proof. Update: Further testing has revealed that the files being scanned were actually on my ereader, not my HD. I am not joking Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything.Īdobe isn’t just tracking what users are doing in DE4 this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.Īnd just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk. The EFF confirms all of my initial report.Īnd just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on, has also tested this at my request and saw it with his own eyes.Īdobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.Digital Editions 4.0.1 is released, and does not spy on users.Adobe responds to the ALA (and what I’ve learned since this story broke). ![]() Tests show that earlier versions of Adobe DE don’t spy on users.A second confirmation comes in from Liza Daly of Safari Books.Ars Technica independently confirms many details.(Adobe was contacted in advance of publication, but declined to respond.) Edit: Adobe responded Tuesday night. My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. That anonymous acquaintance was examining Adobe’s DRM for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s Epub app, seemed to be sending an awful lot of data to Adobe’s servers. Adobe has just given us a graphic demonstration of how not to handle security and privacy issues.Ī hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe.
0 Comments
Leave a Reply. |