Update to Adobe Digital Editions Now Online (Version 4.01) & Privacy Policy Updated

Here’s a formal statement from Adobe announcing an update to Digital Editions.
Now, today’s statement from Adobe.

The Digital Editions 4 software update (Digital Editions 4.0.1), which addresses the collection and transmission of certain usage data in clear text,* is now available. With this latest version of Digital Editions 4, the data is sent to Adobe via secure transmission (using HTTPS).
Adobe Digital Editions 4 users are receiving an update notification via the auto-update mechanism built into the product. The latest version of the product can also be downloaded from the Adobe Digital Editions download page. *It is important to point out that while it is correct that prior to the update, certain usage data was transmitted in clear text, Adobe did not transmit or store the actual user ID or device ID in clear text. Even prior to the update, both the user ID and device ID were obfuscated by assigning unique values (“GUIDs”), which were collected and stored in place of the user ID and device ID.
Note also that while all data collection in Adobe Digital Editions 4 has been in line with the end user license agreement and the Adobe Privacy Policy, recent discussions made it clear that we could be more explicit. We therefore added a dedicated page to the Adobe Privacy Policy, which highlights the collection and use of data in Adobe Digital Editions in greater detail and which is more easily accessible to the user directly from the product download page.

• Adobe Digital Editions 4.0.1 Security Bulletin (APSB14-25)
• Adobe Digital Editions product download site
• Adobe Digital Editions page in Adobe Privacy Policy

What About OPAC Searching?

It’s worth noting (as we’ve done before) that many library OPACs transmit the searches users run over the Internet/wi-fi without encryption. Using one or more free wi-fi monitoring tools (let alone more sophisticated tools like a gov agency might use)  and a very small amount of education it’s very easy to see the searches using are conducting. This can happen on a library’s wi-fi network, at Starbucks, on a wi-fi equipped network, etc. Moreover, these searches can be seen with the unique MAC address of the computer or device conducting the search. Plus, monitoring other wi-fi traffic from the searcher it’s quite possible to learn a specific name (along with the MAC address) and other info. To be clear, most OPACs encrypt services like reserves, holds, etc. if the user is logged in. We’re talking about what happens when the user is not logged-in. More here.
 

Filed under: Data Files, Libraries, News, Patrons and Users