Adobe has released a software update for Adobe Digital Editions 4 that addresses the privacy concerns raised in our original post, below. Adobe now encrypts all data that is transmitted from Adobe Digital Editions to Adobe servers. Patrons who use Adobe Digital Editions are recommended to upgrade to the newest version immediately.
For more information on how Adobe collects and transfers data, please consult their privacy statement.
For more information on the update:
- “Update to Adobe Digital Editions.” Library Journal. 23 October 2014.
- “Adobe Updates Digital Edition, Stops Sharing User Info With the Internet.” The Digital Reader. 23 October 2014.
- “Testing Adobe Digital Editions 4.0.1.” Meta Interchange. 23 October 2014.
It has recently come to our attention that a software vulnerability exists within Adobe Digital Editions, the software that is used by the Ryerson Library to access many of the library’s ebooks. Adobe Digital Editions has been logging data on the books used with this application and other ebooks that have already been downloaded on the devices of library users. This information is being uploaded in plain text to Adobe servers, and is being sent without any encryption, meaning that book logging data is potentially open to interception by anyone with a moderate level of technical skill. Note that this vulnerability seems to be limited to Digital Editions 4, the most recent version of the software. As far as can be detected, Digital Editions 2 and 3 are unaffected. Ryerson is investigating and we will keep you updated on how this may affect you.
The Ryerson Library provides access to thousands of ebooks. All can be read online; however, due to DRM (digital rights management) restrictions, if a user chooses to download a book to a device for offline reading, they must use Adobe Digital Editions. This is a condition of purchase that has been unavoidable for all libraries providing ebook content.
If you are concerned about your right to privacy, we recommend that you uninstall Adobe Digital Editions 4 from all of your devices immediately. You can still read ebook content online, install Adobe Digital Editions 3, or you can follow up with your liaison librarian about options for print alternatives.
The Library values our users’ right to privacy, and we have expressed concern and alarm to our ebook vendor, and asked them to advocate on our behalf. We are investigating whether Adobe’s actions are a violation of provincial privacy laws and will be contacting Adobe directly to demand that they address this vulnerability immediately. The Library has passed this information on to the Heather Driscoll, Ryerson’s Information & Privacy Officer, who will make the determination whether a privacy violation has occurred and act accordingly. We will keep you updated as more information becomes available.