Which SSL Reviews

HTTPS

Adobe Begins Data Encryption Following an Uproar

October 30, 2014 | By Editor 

Summary

U.S. multinational Adobe Systems announced on October 23, 2014 that it has started encrypting data it collects of certain e-Books.
Following severe criticisms from users earlier this month for failing to protect information, the firm decided to encrypt user data collected from its Digital Edition 4 application.

Released on September 8, 2014, the Digital Edition 4 , the latest version of Adobe’s Epub application, demonstrates how not to handle privacy and security issues.

Adobe is Now Encrypting User Data

According to a report, published on October 6, Adobe’s Digital Editions 4 app, used for downloading and reading e-Books, had sent detailed logs to Adobe detailing readers’ activity.

The logs were neither sent using Secure Socket Layer (SSL) nor Transport Layer Security (TLS) according to the Digital Reader blog. SSL/TLS is a security protocol that encrypts data sent between a server and client and, is designated by “HTTPS” in a Web browser’s address bar.

According to a note about Digital Editions 4 posted on Thursday, Adobe Systems has said it now periodically collects data using HTTPS. The change has been made in the Digital Editions versions 4 for Windows and Mac.

The Electronic Frontier Foundation (EFF) opined that transmitting data as plain text only undermines the efforts by bookstores and libraries to guard the privacy of their customers.  Calling Adobe’s practice a huge mistake, EFF contended that the survival of bookstores and libraries rely on how well they can safeguard the security and privacy of patrons.

When data is sent without encryption, the plain-text could be potentially intercepted and read by hackers. Cyber criminals use a wide variety of network analysis tools to siphon data sent to  Adobe, while a person is using the app.  For example, a public  wireless network.

Adobe maintains that data is necessary to comply by the Digital Rights Management (DRM) restriction on content that is imposed by publishers and distributors to secure works from piracy. The details sent to Adobe include:

  • the title of the book title
  • description of the book
  • the author,
  • the language it is written,
  • the purchase or download date,
  • the ID of the distributor,
  • the list price of publisher, and
  • the International Standard Book Number (ISBN)

Adobe, in some cases, may record the time taken for a person to read a book. It uses the information for metered pricing models, depending on the actual time taken to read the content.

The corporate also collects other important tech aspects, such as

  • the IP address of the device that downloads a book,
  • the unique ID designated to the specific apps used at the time, and
  • the unique ID of the device.

Adobe Systems has said that it has neither collected nor will collect any personally identifiable data.

However, the firm may share anonymous aggregated data with e-Book providers to enable them bill under the applicable pricing model. The California-based firm also added it does not collect data about content that are not bound by DRM restrictions.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in HTTPS

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory