Here’s a formal statement from Adobe announcing an update to Digital Editions.
Now, today’s statement from Adobe.
The Digital Editions 4 software update (Digital Editions 4.0.1), which addresses the collection and transmission of certain usage data in clear text,* is now available. With this latest version of Digital Editions 4, the data is sent to Adobe via secure transmission (using HTTPS).
Adobe Digital Editions 4 users are receiving an update notification via the auto-update mechanism built into the product. The latest version of the product can also be downloaded from the Adobe Digital Editions download page. *It is important to point out that while it is correct that prior to the update, certain usage data was transmitted in clear text, Adobe did not transmit or store the actual user ID or device ID in clear text. Even prior to the update, both the user ID and device ID were obfuscated by assigning unique values (“GUIDs”), which were collected and stored in place of the user ID and device ID.
- Adobe Digital Editions 4.0.1 Security Bulletin (APSB14-25)
- Adobe Digital Editions product download site
What About OPAC Searching?
It’s worth noting (as we’ve done before) that many library OPACs transmit the searches users run over the Internet/wi-fi without encryption. Using one or more free wi-fi monitoring tools (let alone more sophisticated tools like a gov agency might use) and a very small amount of education it’s very easy to see the searches using are conducting. This can happen on a library’s wi-fi network, at Starbucks, on a wi-fi equipped network, etc. Moreover, these searches can be seen with the unique MAC address of the computer or device conducting the search. Plus, monitoring other wi-fi traffic from the searcher it’s quite possible to learn a specific name (along with the MAC address) and other info. To be clear, most OPACs encrypt services like reserves, holds, etc. if the user is logged in. We’re talking about what happens when the user is not logged-in. More here.