So is this alleging that adobe is doing this via a rootkit? From what I understand this story came from a Snowden revelation. If so, how dated is the info? And is this info relevant to 64 bit systems, Windows 7&8 and how does it get passed Windows and Apple firewalls, or 3rd party ones, unless whitelisted to send info in clear text?
Afaik, this is new, this didn't come from Snowden revelations, there is no rootkit, 64 bit does not matter. It's just the Adobe "Digital Editions" e-book software that looks for EPUB files(including DRM-free ones) and uploads them to Adobe. So unless you have a firewall in interactive/whitelisting mode that doesn't automatically trust digital signatures and/or has a trusted publishers list that includes Adobe, it is not blocked. http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/ http://arstechnica.com/security/201...our-reading-logs-back-to-adobe-in-plain-text/
Just to be clear, this doesn't apply to plain Adobe Reader, right? It's just the "Digital Editions" e-book software. Also, from a comment to the Ars article, I get that it just looks in the library, and doesn't scan all disks.
In what they reported, it applies to their Epub reader, it only transmitted stuff relating to the application library. Whether it scanned the rest of the disks (e.g. for infringement) - we simply don't know. While Epub was pretty much Adobe's baby, it is an open standard, and they have no right inspecting DRM-free stuff regardless of where it is. Of course there is DRM pdf format, but this article didn't seem to cover that. And had they taken even moderate 101 precautions to use encrypted transmission, we wouldn't even know this much. I do not agree with the notion that, had they transmitted the stuff encrypted then everything would be OK - not with me, thank you very much. They have no right to inspect my documents outside what has specifically been downloaded under DRM, and even then, only for that purpose. Which is also why I never run any of this DRM rubbish on any of my real machines with real data. It's all VM and sandboxed if I "have" to do it at all. Incidentally, there is no such thing as "plain" Adobe Reader, the way you get that without the bloat and the bugs and the dangerous functionality, is by 3rd party lightweight readers.
I'm rather more perverse about that. If it's possible to buy something anonymously using Bitcoin, and if there's no DRM involved, I'm happy to do that. Otherwise, I'll get a free version, or do without. Right. Evince Document Viewer for me
I felt that the EFF were too sanguine here - the fact it's now https means that we have no idea what they're sending back, could be anything. The only "comfort" is that it's correlated with DRM content only, but that's extremely limited comfort IMO.