Thread of privacy violations by software companies/Internet services

http://the-digital-reader.com/2014/1…/#.VDQhI_ldWYA

Adobe has just given us a graphic demonstration of how not to handle security and privacy issues.

A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe’s DRm for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s Epub app, seemed to be sending an awful lot of data to Adobe’s servers.

My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.)

And just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also tested this at my request and saw it with his own eyes.

Update: I can now report that Ars Technica has independently confirmed many of the details in this post.

Update: Liza Daly of Safari Books has confirmed some details:

I can confirm that AD4 (OSX) is sending reading data even for non-DRMed EPUBs. Can’t confirm it searching my drive. pic.twitter.com/5MaUYQWKOi

— Liza Daly (@liza) October 7, 2014

Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.

I am not joking; Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,

But wait, there’s more.

Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.

In. Plain. Text.

And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk.

Since this happens all the time, I thought of making this thread and updating it frequently so people know what to avoid.

Sadly it seems more and more unless it's open source and free and the developers have no business incentive to make money from you, it means they're monetizing you and tracking you as much as possible. Even then that might not be true (see Ubuntu sending your local searches to Amazon).

I will sure never use that Ebook program.

Please don't forget the Secret Services are actively using leaks, too.
See the Projects "Hacienda", "Olympia" etc. made by the Five Eyes coalition.

They are actively ( ! ) breaking into PCs in order to turn them into bot-net zombies !

http://en.wikipedia.org/wiki/Five_Eyes

http://yro.slashdot.org/story/14/10/…their-location

The social network Whisper which flaunts itself as being anonymous has been shown to track users without their consent.

It's really simple, you constantly need to wonder why you're getting something for free, and if you can't find a very good reason, your privacy is being breached.

http://arstechnica.com/security/2014…n-search-data/

In the latest version of Mac OS X, Yosemite, Apple has a new function called Spotlight that sends your searches to both Apple and Microsoft (through Bing). Effectively they have pulled a Ubuntu, and for the first time by default OS X doesn't respect user privacy.

I installed Yosemite yesterday, and I saw this immediately. Although to be fair, they are upfront about it.

To disable it, you need to disable it in both the system settings and in Safari, meaning that yes, for the near totality of the userbase, Apple and Microsoft will garner all their search data even when they are just looking for local files.

This thread is most useful. Personally I'd not trust any software with my privacy, best bet is to go offline.

http://yro.slashdot.org/story/14/04/…-its-customers

Wow, now Verizon mobile in the US forces all its users to be tracked via a supercookie, for all their HTTP target. And the only way to opt out is to still get tracked through a cookie. This is revolting.