Update October 23: Adobe has released an updated version of their Adobe Digital Editions 4 software. Users are encouraged to download and use the updated version which has a patch to address the security issues identified earlier. Thanks to Ryerson University Library and Archives for the update.
- Adobe has also updated (and made more explicit) their privacy statement.
- Read Adobe' Security bulletin here.
Update Oct 14: This issue affects ePUB titles opened in Adobe Digital Editions only. It does not affect DRM-protected titles currently available on Scholars Portal Books, which are available exclusively in PDF.
[While Scholars Portal content is not affected by this issue, we recognize that recommending ADE for our own content will mean it is more likely to be used with other content, for example public library ePUBs.]
It has come to our attention that Adobe Digital Editions (ADE) 4 Reader, software used to access some e-books in the Libraries’ collections, has been logging data on the books used with this application (and possibly other e-books already downloaded on the devices of users) and sending the information in an unencrypted form to Adobe servers. This poses a security risk since unencrypted data may be open to interception.
ADE Reader is the most commonly used desktop application for accessing e-books that contain Adobe’s digital rights management (DRM) software. The Adobe DRM is used by many booksellers and online library lending services such as Overdrive, ebrary, and Scholars Portal.
Adobe DRM is only used for those e-books that require enforcement of single user restrictions. The vast majority of our e-book titles do not require the use of the ADE Reader. These titles can be identified by the label “Borrow this E-Book” that appears above the cover page image for the book. The label “Read this Book” indicates that users will not need any such software.
We recommend that users with concerns about the operation of the new ADE 4 Reader:
- Uninstall the ADE 4 Reader if you have downloaded this version of the software on your computer or device.
- Use older versions of the ADE Reader which do not communicate activity to Adobe. The ADE 3 Reader, for instance, does not communicate with Adobe except to validate the license to unlock the DRM protected book. ADE 3 Reader is available for download at this address: http://www.adobe.com/support/digitaleditions/downloads.html
- If you have an iOS or Android device, use tablet-based reader apps such as Overdrive or Bluefire Reader. These apps can unlock e-books protected with the Adobe DRM but do not communicate reading data to Adobe.
E-book borrowing pages will be updated to make users aware of this issue and of their reading options. Our consortium, Scholars Portal, is also reaching out to our vendors to express our concerns about the behaviour of the ADE 4 Reader.
If you have concerns please contact Adam Taves (taves@yorku.ca or 416-736-5601).