U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Privacy Concerns with Adobe Digital Editions 4.0 and E-book borrowing

10/18/20149 years ago

caution sign The information on this page may be outdated as it was published 9 years ago.

If you use Adobe Digital Editions 4.0 with Overdrive on your computer or laptop, you may be interested in recent news about possible security breaches.

It has been confirmed that the latest version of Adobe, Adobe Digital Editions 4.0, has been tracking reader’s data to an extent not consistent with the American Library Association’s guidelines on privacy for readers. This concerning lapse in privacy began with the release of ADE 4.0 in early September. Data- your book’s title, author, publisher, year of publication, subject, and description, as well as information about each page read- may have been transmitted to Adobe in plain (unencrypted) text via an unsecured channel over the Internet.

According to OverDrive: “It is our understanding that the reported issue involves Adobe Digital Editions 4 (ADE), which is not used as part of the OverDrive app.” This breach does not affect their apps for Android or iOS. It only involves the console which is installed on computers and laptops.

What is ADE for? A Digital Rights Management (DRM) system is required by e-book publishers. On a practical level, if there were no reading data tracked at all, each time a reader opened an e-book on a different device, the reader would have to actively remember the page where they left off and navigate there unaided. The problem with the current Adobe Digital Edition (4.0) is that it tracks significantly more data than the minimum necessary and transmits it in a manner which is vulnerable to monitoring by third parties over the Internet.

ALA President Courtney Young has stated:

“People expect and deserve that their reading activities remain private, and libraries closely guard the confidentiality of library users’ records.... The unencrypted online transmission of library reader data is not only egregious, it sidesteps state laws around the country that protect the privacy of library reading records. Further, this affects more than library users; it is a gross privacy violation for ALL users of Adobe Digital Editions 4.”

Adobe responded:

“Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices- whether they purchase or borrow them. All information collected from the user is collected for purposes such as license validation and to facilitate the implementation of different licensing models by publishers and distributors. Additionally, Adobe Digital Editions is designed to collect this information solely for eBooks opened in Adobe Digital Editions or stored in the Adobe Digital Editions library directory, and not for any other eBook on the user’s computer. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy.”

The Minuteman Library Network offers the suggestion that OverDrive users try out the Overdrive Read option when available. Overdrive Read allows the reader to read e-books directly in their browser.

Further Reading: