There are evil lawyers involved.
Somebody has gotta simplify that agreement so it can actually be read!
Adobe confirmed its Digital Editions software insecurely phones home your ebook reading history to Adobe – to thwart piracy. And the company insisted the secret snooping is covered in its terms and conditions. Version 4 of the application makes a note of every page read, and when, in the digital tomes it accesses, and then …
"Hoffelder claimed Digital Editions 4 slurped and leaked the metadata of all the ebooks on his system – not just the ones read using the application. Adobe said this shouldn't possible, but has its developers checking again to make sure this isn't a bug."
I'm sure it was just a rogue engine... programmer!
Yeah, the one time when it almost certainly *isn't* a "bug", Adobe would like you to believe it is.
Or it was a rogue staff member they didn't know anything about, honest guv, and he's been sent on a special re-education course where he'll be taught that It's Bad To Insert Spyware Into Your Apps... even if your boss told you to do it^w^w^w^w^w^w^w^w^w and prove he's learned his lesson by completing a special multiple choice quiz that even an 8-year-old could get the right answers to.
Back when I could still see & PDF's weren't a *total* worthless pile of shite, I'd always listed Adobe Reader in the Firewall as Blocked & no connections allowed in either direction. It doesn't need to phone home, and I don't want it replying to anyone phoning in. It manually updated when I manually grabbed the latest version, ripped out the old, & installed the new.
Now that I can't see & PDF's are as useful as nipples on a rock, I don't even have it installed. But if I did, it would *still* be Blocked by the Firewall for the exact same reasons.
Do yourself, your friends, family, coworkers, & customers a massive favor & Stop Using Adobe. That includes Flash, PDF, and everything else. There are better ways, better programs, and better solutions.
If Adobe is the answer, the question was probably "Whom sucks harder than a nuclear powered hooker?"
This isn't about Adobe Reader, it's about Adobe Digital Editions
Nevertheless, my trust in the company vanished entirely after reading this article. I'm going to delete all Adobe software from the computers I have control over, as much as feasible (it may be that removing Flash plugins from the home computers could cause too much domestic disturbance...).
it may be that removing Flash plugins from the home computers could cause too much domestic disturbance...
It's OK & relatively painless to do this, you just have to make Chrome the default browser, then delete everything Adobe from your PC/Mac. On PC you can D/L "foxit" & keep it updated, Mac has Preview for pdf's. http://www.foxitsoftware.com/downloads/
Chrome has the built-in (& always updated) Flash-Pepper player, keep checking "about Chrome" in order to update the browser itself. Uncheck all the spyware that Chrome offers {chrome://settings/ show Advanced Settings} then de-select the following: [If you need the protections then you can get this functionality free in OpenDNS without giving all your data to the Google Bubble]
[NO]Use a web service to help resolve navigation errors
[NO]Use a prediction service to help complete searches and URLs typed in the address bar or the app launcher search box
[NO]Predict network actions to improve page load performance
[NO]Automatically report details of possible security incidents to Google
[NO]Enable phishing and malware protection
[NO]Use a web service to help resolve spelling errors
[NO]Automatically send usage statistics and crash reports to Google
[NO]Send a "Do Not Track" request with your browsing traffic
[NO]Enable "Ok Google" to start a voice search
add Ghostery extensions to all browsers, [Select All (1600+!!!) Trackers, Select "Enable tracker library auto-updating" but do not select "Enable Ghostrank"]
and remember to only use Gmail from your Firefox browser!
this works fine for me, family haven't yet noticed that they are in an Adobe-free environment!
This isn't about Adobe Reader, it's about Adobe Digital Editions...
Well, the product in question is Digital Editions, but the article is concerned more broadly with Adobe, their actions and their responses which seem to be designed solely too deflect and mislead.
For friends and family, I have advocated ditching Reader because it is attacked enough to essentially qualify as malware in its own right. I was further encouraged to avoid their products when they moved to a subscription based program for their Creative Suite. I viewed this as milking it for all it was worth and am not interested in contributing to the Buy an Exec a Yacht charity program. This revelation was another nail in the proverbial coffin from my perspective, but the box had to be pulled out of the ground before the nail could be pounded in.
Next question: do other e-book reading applications and e-book readers also report home in the same manner?
After discovering a small, light, coherent interfaced and above all, totally free tool called Paint.NET, The Gimp was ripped off my PC, beaten with a nailbar to make it release it's grip, got dragged out the back, given a good kicking for good measure then was summarily executed and dumped in a ditch.
I cannot express my loathing for Gimp, it's almost has intense as my loathing for that other freeware application, Photoshop*
*What does that keygen.exe do again?
DRM is just plain anti-consumer.
Rights are well and good - essential, really. The problem is in the view that any measure that is there to MANAGE (enforce) those rights is acceptable - as if preventing 'piracy' is sufficient justification for anything*. Unfortunately for the consumer, these measures are almost inevitably invasive.
Any system that requires your computer to transmit information about what you are doing back to home base should be illegal.
I am not required to tell a record label every time I play a CD, nor am I required to tell a movie studio every time I watch their film or what parts I skip or when I pause, nor am I required to tell a publisher when and where I read a book or what chapters took the longest to read or if I skipped ahead to the end first.
These groups (publishers, record labels and movie studios) keep wringing their hands and crying that digital media should be treated just the same as 'traditional' media - claiming (for instance) that each and every upload/download of a movie/song is equivalent to the full retail price of the content. This has seen truly outrages damages being sought.
In claiming the equivalence of digital media to 'traditional' media, these groups of course only do so in those circumstances where it is advantageous to them. If it's equivalence they seek then let's start with removal of all 'phone home' DRM, because Virgin sure as hell doesn't know that I have listened to Mezzanine a hundred or so times or that I always skip track 6 on Heligoland. Nor does Universal know that it took me three goes to get through Mulholland Drive, or that, while I have watched every episode of 30 Rock, I haven't managed to get through even the first season of Suits.
They don't know that, while I snapped up Galactica, I passed on Caprica (though they can probably guess that . . .).
That's all a bit of a rant, as is my wont, and I am not sure my point was lucid or even relevant but I feel better anyway. That's El Reg - you're always there to listen . . .
* - Much like 'but terrorism!' is seen as justification for anything from our governments.
but this implies as does the previous article that you download and read while connected the 'Net. Obviously there's a flle being kept somewhere on the PC... assuming it's a PC. Can we kill it? Overwrite with maybe a porn movie? Or random characters? I'm thinking fun and games instead of block and forget as they might change the server it goes to put that in a "software" update.
I don't use e-books. My books are paper and I'm waiting for someone to tell me I have to pay something everytime I re-read one.
@Mark 85
Quite possibly, although it could be stored in such a way as to be inside the program files themselves or not readily extractable save when it actually transmits the data.
Moreover, now that this is found out, perhaps it will be stored and transmitted in a more secure fashion but one that is much harder to tamper with or prevent.
to randomly send millions of books read
Hush now. There's noi need for that sort of thing.
I intend to tell them all about my recent history of reading the book "Adobe are a bunch of fuckwits" many hundreds of times. And I turn the pages a lot...
Vic.
I generally block Adobe calling home at my firewall (just in case). But I've got this nasty impression that if it happens when you open a DRM pdf and the little darling won't be able to shake hands with daddy, it will promptly stick a middle (?) finger at you and close. So firewalling won't work. Well, no problem for me, I don't buy drm-locked files, but yes, it might be a bit irritable to those who do. Are there any current drm tools available (no links please!), or is just mentioning such a terrorist idea as drm-stripping in public, AD 2014 - "streng verboten"?
I'm not at all convinced one vague paragraph in the EULA covers that level of spying. It only it says "communicate with Adobe", it doesn't say anything about the content of that communication. Or even hint that it collects or reports data on your reading habits. I think a reasonable person would understand that paragraph to mean it only sends as much information as needed for one of the purposes mentioned. So reporting individual pages or reading time is totally unexpected behavior except in the (highly unlikely) event the particular book you're reading had a license where that mattered. And it shouldn't report anything at all on DRM-free eBooks.
And that's without getting into the allegations that it sends data on books you're not even reading with it or fact that sending it unencrypted is inexcusable. You'd think even from an evil corporate perspective they'd want this encrypted in transit.
Just a random idea off the top of my head... it would be sweet to have a modular, updateable firewall system, that I could put on my router at home or work, which would intercept these "phones home". It would send me, the owner of that information and the tattling device it came from, an email with a full report. Perhaps with some anonymizing function that tells the publisher "Just reading page 129 of War and Peace again! Send OK certificate so device doesn't lock!"
@J__M__M; "The title, by the way, is called "Fuck You Adobe, You Fucking Suck"."
Would I be correct in assuming that this magnum opus consists of nothing but the book title itself, repeated over and over, and over again, across the book's entire 700-page length, in a variety of increasingly-psychotic layouts?
I'd like to see the bit where Shelly Duvall comes across your neatly-typed manuscript.
@Michael Strorm
Incidentally, I read somewhere that Kubrik had Duvall do take after take until she was mentally strung-out and exhausted. He also made his secretary type ALL the pages of that manuscript - day after day, by hand. (No photocopying.)
To be charged on the basis of the time spent reading a book.
That's an interesting one. A tax on slow readers.
This is REALLY going to promote the electronic versions of the "Early Learners" series!!!
Epic fail, and no messing. Obviously the twit responsible for this bull shit should be taken out and shot. - (this is my personal, humble opinion and the author accepts no liability for twits that ARE actually taken out and shot.)
I could buy an e-book in the UK at a flat rate. Take it on holiday to Spain and get an unexpected bill for the % of the book that I read, or the leisurely holiday time I spend reading it because the pricing model is different there.
Is Adobe NUTS?
Some greedy bean counter clearly hasn't thought this through.
Mines the one that had the e-book of 1984 in the pocket which Amazon removed.
- or vice versa. Buy a cheap e-book in Spain (or wherever) then come to the UK to read it and pay no more for it because the model is different. - this is epic facepalm territory here.
Adobe are actually doing a lot of interesting work on the future internet standards, especially the digital signatures, {stuff like: PAdES (PDF Advanced Electronic Signatures)} although I was told by a lawyer that some Adobe staff really do work for the NSA, but luckily I didn't believe him, I'm sure he was joking. For all I know he might have meant the NSA
I have never met the Adobe management so I can't verify your statement either!
Books in my e-reader - with one exception that I bought just to see how it worked - are *all* scans of paper books I also own.
EPUB and Kobo. One of my Kobo readers is also about to do double duty as a navigation aid - XCSoar http://www.xcsoar.org/hardware/ - can you do that with the Adobe reader?
Actually, I think Kobo is using the Adobe Digital Editions DRM system, so it is probably just as screwed.
I personally use Kindles where de-DRM is easy and if it will ever start getting difficult - Amazon can kiss goodbye to my custom. Kindle has an option where it reports the page you are on to their server so that you could synch to it if you read the same book using another Kindle, but it can be switched off (which I invariably do).
Also, I normally keep my Kindles in offline ("airplane") mode and none of them has ever complained. So far. Just like with DRM, if this ever changes - out goes the Kindle, but I think Jeff Bezos knows this and he won't do it.
Adobe, on the other hand, is staffed and run by voyeuristic control freaks - you can see it designed into all of their software. They are pushing hard the always-require-connection-home always-ask-daddy's-permission model in every area - licensing, DRM etc. They would claim it is the evil publishers that demand it from them but that's crap - they are the culprits.
for a domestic router which effectively runs off a whitelist to prevent dodgy apps phoning home.
At the end of the day, I'd guess 80% of netizens probably access <1% of the net. Facebook, email, news, banking, shopping, Amazon, eBay, Twitter and a handful of other sites.
Much safer to risk some inconvenience, than allow unfettered access to the web.
Almost a reverse net version of a Truecall box .....
That EULA certainly wouldn't stand up in the UK courts against the data protection act. They admit they are transmitting a user id which is connected to billing information. They therefore need explicit and informed concent given they are collecting and processing *sensitive* personal data for at least some users. Sensitive because page and chapter reading statistics give very precise details of what part of a medical text book, guide to obscure religious rituals, sexual handbook someone is interested in, and therefore what medical conditions, religious views or sexual life they may have.
A terrible shame indeed - but I wouldn't regard myself as a ne'er-do-well for drowning Adobe's servers with garbage. I think there's some sort of moral obligation here to do exactly that.
The trick, as I think I've mentioned on here before, would be to generate a flood of traffic that appears to be legit, but which wouldn't amount to a DDos attack. The idea would be to get Adobe jizzing in their pants at the sight of all that lovely data coming in, without realising that it's nearly all random junk.
I think this might be worth looking into properly. The sooner the likes of Adobe are given a resounding DIAF for this sort of crap, the better.
Unfortunately there are still sites out there with Flash and some of these are essential to the daily functioning of some people. While it's all very macho to just ban Flash, in many instances it's just not that simple.
There are several government web sites I know of that some of my clients need day-to-day that rely on Flash. They literally couldn't do their jobs without them and thus without Flash. In some instances you can sandbox some VMs for this and mitigate the security risks but not always as it depends on budget.
Sometimes you've just got to explain the risks, take some backups and trust to fate.
"While some publishers/distributers charge for 30-days from the date of the download, others follow a metered pricing model and charge for the actual time the book is read."
Whaaaaaa? So in theory they support a pricing model where a book will cost more to people who read more slowly. Wow!
The Software may cause Customer’s Computer, without notice, to automatically connect to the Internet and to communicate with an Adobe website or Adobe domain for purposes such as license validation and providing Customer with additional information, features, or functionality."
Most users would probably take this to mean license validation with regards to the reader software rather than feeding back what/how/when/where something is being read.
Obviously the ambiguity is intentional to avoid declaring what kind of snooping license validation it does for the actual content being read.
As a result, the cause of DRM in music was set back significantly and music companies backed away from using it on CDs. Purely digital downloads rarely use the technology these days. It's possible Adobe's decision could have a similar effect for the written word.
One can hope that it does have that effect, but in reality, that's not the effect I'm hoping for. I'm hoping that it has the effect of users staying away from all Adobe software like the plague that it has become.
John Warnock, your company has become a pariah; right up there with Symantec, Facebook, and numerous others. How did you let this happen?
I am planning to use this spyware as the basis of a complaint to the Secretary of State requesting that he gives permission for stripping Adobe DRM.
Clearly this is unacceptable behaviour by ADE, and ADE is the only (legal) way to read books I have purchased which are infected with Adobe DRM. There is nothing in the purchasing of the books which involves me agreeing to spyware. Also, it is well known that there is software easily available to remove Adobe DRM. So, the SoS clearly must give permission for that software to be used so that people can safely exercise their rights to read the books they have purchased.
This is exactly the sort of case of unacceptable TPMs for which the law gives the SoS the ability to grant permission to circumvent a particular TPM.
Well thanks, Adobe! As if it wasn't hard enough to stop my customers' IT departments throwing a fit about your piece of shit software and its staunch inability to handle an unattended silent install, now you go and throw this fucking curveball in there. Digital Editions just gets worse with each update, and I really wish that publishers would stop using Adobe DRM as the standard.
AC because there'll be a few men among you that will shortly be giving me grief over this.
I would not purchase any DRM-infected product where I cannot strip off the DRM and have a clean file to use. The couple ebooks I've gotten, they were available DRM-free so of course I got that; some have a obvious watermark (the back page has my name on it!) and I wouldn't be surprised if there weren't a hidden watermark or two. It's fully effective -- I can use these files with whatever software and hardware I'd like, since they are DRM-free. But, a pirate's going to have problems getting anyone to supply them with content to pirate when the purchaser's name is on it!