Adobe even logs what you read in Digital Editions’ instruction manual.

Adobe’s Digital Editions e-book and PDF reader—an application used by thousands of libraries to give patrons access to electronic lending libraries—actively logs and reports every document readers add to their local “library” along with what users do with those files. Even worse, the logs are transmitted over the Internet in the clear, allowing anyone who can monitor network traffic (such as the National Security Agency, Internet service providers and cable companies, or others sharing a public Wi-Fi network) to follow along over readers’ shoulders.

Ars has independently verified the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no reply. Ars has also reached out to Adobe for comment with no response.

Digital Editions (DE) has been used by many public libraries as a recommended application for patrons wanting to borrow electronic books, because it can enforce digital rights management rules on how long a book may be read for. But DE also reports back data on e-books that have been purchased or self-published. Those logs are transmitted over an unencrypted HTTP connection back to a server at Adobe—a server with the Domain Name Service hostname “”—as an unencrypted XML file.

The behavior is part of Adobe’s way of managing access to e-books borrowed from a library or “lent” by other users through online bookstores supporting the EPUB book format, such as Barnes & Noble. If you’ve “activated” Digital Editions with an Adobe ID, it uses that information to determine whether a book has been “locked” on another device using the same ID to read it or if the loan has expired. If the reader isn’t activated, it uses an anonymous unique ID code generated for each DE installation.

Below is the data transmitted by Digital Editions when we opened an EPUB file of Yotam Ottolenghi’s cookbook, Jerusalem:

Enlarge / This is what Adobe knows about my choice in culinary reading—broadcast in plain text by Digital Editions.

DE reported back each EPUB document opened and the navigation within the document, recording each page number viewed in a stream of activity data back to an application called “datacollector.” The XML data is logged locally by the application, and then transmitted each time the application is opened—likely as part of Adobe’s DRM enforcement within DE. No data was transmitted for PDF documents opened.

A review of Adobe’s terms of use for DE found no mention of the logging feature or how long the data was stored by Adobe. While checking the license data for books in DE’s local library is certainly part of the application’s core functionality, the fact that this data is broadcast in the clear could create a significant privacy issue for readers. It’s not clear how the data collected by Adobe is stored, but it is associated with a unique identifier for each Digital Editions installation that can be associated with an Internet Protocol address when logged. And the fact that the data is broadcast in the clear by Digital Editions is directly in conflict with the privacy guidelines of many library systems, which closely guard readers’ book loan data.

Ars has contacted the American Library Association for comment as well as Adobe, and we will update this story as more information becomes available.