A couple weeks ago I read an article about how Adobe is spying on its users with Digital Editions 4. Am I the only one who isn’t outraged by this? I actually couldn’t care less.
Before I get into that, here’s some background information from the article:
How is Adobe spying?
Adobe is collecting data from users of Adobe Digital Editions 4, the ePub application. Adobe logs data like: which ebooks have been opened, which pages were read, and supposedly even scanning other books on peoples’ hard drives. Adobe later denied that they scanned other eBooks in the library not being read.
The article also talked about how this data was all being sent in plain text. The author talked about this being a huge security breach and how the data could be easily intercepted by anyone during the transfer.
Why this doesn’t bother me at all
I’m not up in arms about this, I don’t feel like it’s a huge breach of my privacy or security. I’m not outraged. There are three main reasons why:
1. There is no data identifying who I am
At least from what I gathered in the article, all the data being sent is anonymous. Adobe isn’t passing along my full name or my email address. There’s no way to identify the data being sent as mine. So if anonymous data about which pages I’m reading and at what time is sent to Adobe’s servers, why should I care? I’m the only one who knows that’s my data.
2. None of the data is sensitive or private
Even if #1 weren’t the case, I still wouldn’t really care. Adobe isn’t sifting through my private documents or stealing my identity or dumping my passwords. They’re collecting information about the books I have and the pages I’ve read. Who cares? I put that information up on Goodreads.com for the whole world to see anyway. Sure maybe not everyone does that, but I still don’t consider any of this data to be sensitive material.
If it was my email, name, password, IP address, and home address, sure I’d find reason to be pissed. But it’s not. It’s just page numbers and book meta data.
3. It’s not a huge deal that the data is sent “in plain text”
Another one of the big points of the article is that the data is being sent to Adobe’s servers in plain text. Now, I am an advocate of using SSL when transferring private data. I use it on my e-commerce site, which accepts online payments (even though all transactions are processed on PayPal anyway…).
However, that being said, I’m not bothered by the data being transferred in plain text in this instance.
Before forming my opinion, I talked to my husband about it (Coding God, software engineer, degree in computer science, yada yada). His take on this was:
Sending data in plain text is only a problem if Adobe is compromised (which wouldn’t be a result of sending in plain text, just to be clear). If they were compromised, that would be a MUCH bigger problem in itself than the act of sending data in plain text.
The only other way the data could be “taken” is if someone has the ability to perform a man in the middle attack. This attack can be performed in one of two ways:
- An attacker is sharing your network connection. This could occur if you are on your home wifi (or a public wifi) then the attacker also connects to that same wifi network. Then, since they’re on the same network, they could intercept the data.
- Someone who owns a router between you and Adobe could also intercept the data. But this would require that the person be in a data center and actually care about stealing your “private” data about which book pages you’ve read. Highly unlikely.
There are two things to take away from this:
- Even if data is sent in plain text, it’s highly unlikely that the data would be intercepted.
- Even if the data was intercepted, who cares? Refer back to key point #2: none of the data is sensitive or private. What’s the worst that could happen? Someone chuckles at how long it took you to finish your ebook?