[ArsTechnica] Adobe’s e-book reader sends your reading logs back to Adobe—in plain text

Posted on


Adobe’s Digital Editions e-book and PDF reader—an application used by thousands of libraries to give patrons access to electronic lending libraries—actively logs and reports every document readers add to their local “library” along with what users do with those files. Even worse, the logs are transmitted over the Internet in the clear, allowing anyone who can monitor network traffic (such as the National Security Agency, Internet service providers and cable companies, or others sharing a public Wi-Fi network) to follow along over readers’ shoulders. […]

DE [ndlqdn: Digital Edition] reported back each EPUB document opened and the navigation within the document, recording each page number viewed in a stream of activity data back to an application called “datacollector.” The XML data is logged locally by the application, and then transmitted each time the application is opened—likely as part of Adobe’s DRM enforcement within DE. No data was transmitted for PDF documents opened. […]

http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/