Shaun King’s latest story — (10/08)
— (LINK) —
POLICE PEPPER SPRAY WAKE COUNTY TEEN INSIDE HIS HOME AFTER HE’S MISTAKEN FOR BURGLAR
The parents of a Wake County high school student are outraged thatpolice pepper-sprayed him inside their homeafter a neighbor mistook him for an intruder.
Fuquay-Varina police said when a neighbor saw DeShawn walk in; they called 911 to report a break-in. Soon, three officers were inside the house, all to DeShawn’s surprise.
"They was like, ‘Put your hands on the door,’” said DeShawn. “I was like, ‘For what? This is my house.’ I was like, ‘Why are y’all in here?’”
DeShawn said he became angry whenofficers pointed out the pictures of the Tyler’s three younger children on the mantle, assuming he didn’t belong there, because he was black and they were white. An argument ensued and DeShawn said one of the officers pepper-sprayed him in the face.
A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe’s DRm for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s Epub app, seemed to be sending an awful lot of data to Adobe’s servers.
My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.) Edit: Adobe responded Tuesday night.
And just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also tested this at my request and saw it with his own eyes.
Update: I can now report that Ars Technica has independently confirmed many of the details in this post.
Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text.
I am not joking; Adobe is not only logging what users are doing, they’re also sending those logs to their servers in such a way that anyone running one of the servers in between can listen in and know everything,
But wait, there’s more.
Adobe isn’t just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers.
In. Plain. Text.
And just to be clear, this includes not just ebooks I opened in DE4, but also ebooks I store in calibre and every Epub ebook I happen to have sitting on my hard disk.
And just to show that I am neither exaggerating nor on drugs, here is proof.
The first file proves that Adobe is tracking users in the app, while the second one shows that Adobe is indexing my ebook collection.
The above two files were generated using data collected by an app called Wireshark. This nifty little app can be used to log all of the information that is sent or received by your computer over a network. Muussler and I both saw that data was being sent to 18.104.22.168, one of Adobe’s IP addresses. Wireshark logged all of the data sent to Adobe, and on request spat out the text files.
This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects.
On a technical level, this kind of mistake is not new. Numerous apps have been caught sending data in clear text, and others have been caught scraping data without permission (email address books, for example). What’s more, LG was caught in a very similar privacy violation last November when one of their Smart TVs was shown to be uploading metadata from a user’s private files to LG’s servers – and like Adobe, that data was sent in clear text.
I am sharing these details not to excuse or justify Adobe, but to show you that this was a massively boneheaded stupid mistake that Adobe would have seen coming had they had the brains of a goldfish.
As for the legal aspects, I am still unsure of just how many privacy laws have been violated. Most states have privacy laws about library books, so if this app was installed in a library or used with a library ebook then those laws may have been violated. What’s more, Adobe may have also violated the data protection sections of FERPA, the Family Educational Rights and Privacy Act, and similar laws passed by states like California. (I’m going to have to let a lawyer answer that.)
And then there are the European privacy laws, some of which make US laws look lax.
Speaking of Europe, the Frankfurt Book Fair is coming up later this week. Adobe will be exhibiting at the trade show, and something tells me they will not be having a nice trip. (I for one hope that the senior management is detained for questioning.)
In any case, I would highly recommend that users avoid running Adobe’s apps for the near future – ever again, for that matter. Luckily for us there are alternatives.
Rather than use Adobe DE 4, I would suggest using an app provided by Amazon, Google, Apple, or Kobo. Amazon uses the Kindle format, and each of the last three ebook platforms uses their own unique DRM and Epub (-ish) file format inside their apps. (While Google and Kobo will let you download an ebook which can be read in Adobe DE, that DRM is not used internally by either Kobo or Google.)
None of those 4 platforms are susceptible to Adobe’s security hole. Of course, I can’t say for sure whether those platforms are more secure and private than Adobe’s, but I’m sure they will be made more secure in the next few weeks.
Wow, not sorry at all to have a copies of Pirateshop CS2 and CS3 that specifically disables their ability to phone home to Adobe.
I was doodling this out of nowhere without any sort of planning…
…are you guys oKAY?!
Happening Now (10.8.14): Oh dear God, not again. Another life lost in St Louis. So little information right now, but it seems that an unarmed 18-year old boy was tased then shot 16 times by an officer, possibly off-duty. Not clear what provoked the event, but I’ll keep you updated as info is released. #staywoke #blacklivesmatter
Be weary of the police reports so far. ALL witness statements seem to contradict it, but the police refuse to interview any of them. They seem to be concocting a story right now to cover for the officer. It’s looking real grim right now.
hwat the hell
understatement of the century this is fucking horrific
Take away snapchat
i made a THING
it’s just an alias of cowsay
but i made a THING