My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers.
- Ars Technica independently confirms many details.
- A second confirmation comes in from Liza Daly of Safari Books.
- Tests show that earlier versions of Adobe DE don’t spy on users.
- Adobe responds.
- Bluefire comments on the story.
- Adobe responds to the ALA (and what I’ve learned since this story broke)
- Digital Editions 4.0.1 is released, and does not spy on users.
- The EFF confirms all of my initial report.
And just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also tested this at my request and saw it with his own eyes.