Adobe Digital Editions allegedly scanning PCs, uploading logs to servers

Adobe Digital Editions is allegedly 'spying' by scanning PCs for any and all e-books -- even ones that have nothing to do with the app -- before uploading logs to an Adobe server.

Maria Elena (Creative Commons BY or BY-SA)

Although a quick search for “Adobe spying” brings up about 986,000 results, the latest spying accusations involve Adobe Digital Editions 4 purportedly scanning users’ PCs for any and all e-books before uploading the logs to Adobe servers.

An unnamed “hacker” tipped off Nate Hoffelder at The Digital Reader that the Adobe Digital Editions 4 (DE4) app is tracking users and uploading the data – in the clear—to Adobe servers. This was confirmed by Hoffelder and “Benjamin Mussler, the security researcher who found the security hole on”

“Adobe is gathering data on the e-books that have been opened, which pages were read, and in what order,” Hoffelder wrote. “All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.” But don’t assume the only e-books being indexed are those opened in DE4, since Hoffelder added:

Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the e-books sitting on my hard disk, and uploading that data to Adobe’s servers.

And just to be clear, this includes not just e-books I opened in DE4, but also e-books I store in calibre and every Epub e-book I happen to have sitting on my hard disk.

After looking over Adobe Digital Editions tech specs, FAQs and overview, one listed DE4 “feature” states, “Organize your digital publications and manage devices with Adobe Digital Editions with options to create custom bookshelves sorted by title, author, and publisher.” But still, that’s not anywhere close to granting the app permission to scan your computer for any e-book you own.

Hoffelder also posted two forms of “proof” collected via Wireshark before claiming that he and Mussler observed the logs being sent to the Adobe IP of, a server that Whois traced to Kansas.

As I was reading this, I was thinking about how much it sounded like what LG was accused of about a year ago. Ironically, Hoffelder mentioned it as well. Last November, an LG Smart TV owner discovered LG was collecting data from his USB-connected device and uploading to its servers. LG originally claimed its terms and conditions allowed the snooping behavior, so I went hunting for a similar Adobe loophole.

Adobe’s privacy policy lists numerous ways it will use information collected about users, including for market research and reducing fraud and software piracy. Adobe’s end-user license agreement includes disclaimers of warranties and limits of liability.

Since Adobe chose not to reply to Hoffelder’s questions, I called Adobe tech support to see if I could get answers; however Adobe Digital Editions wasn’t supported via a phone call. Users are encouraged to seek help via Adobe forums. Searching the Digital Editions forum turned up a post from Dec. 2012 asking why Digital Editions was scanning e-books that have nothing to do with the app. But that didn’t have an answer for Hoffelder’s question.

Another post from August 2014 was answered, “Adobe Digital Editions does not scan your entire computer looking for files that it knows how to open, it needs to be explicitly told about EPUB or PDF files that you would like it to know about.”

In the end, the issue probably boils down to DRM. Regarding Adobe and DRM, way back in 2007 when some users noticed Reader wouldn’t open e-books and instead required installing DE, one very upset user said, “From now on, if I want to have a digital book on my computer, I will purchase a paper book, rip it apart, scan it, recycle the paper, make a CD of it, and read it off my hard drive with an application other than Adobe.”

Copyright © 2014 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)