[DNSB]

Quote:

Originally Posted by crasspumpkins

Absolutely correct. However, Odessa specifically mentioned not wanting to give information to Kobo and Adobe. In order to avoid giving information to Kobo and Adobe, one needs to avoid purchasing from Kobo, and indeed any vendor which uses Adobe DRM. I don't know Odessa's trust model beyond an apparent (and definitely justified) mistrust of Kobo.

You are aware that Kobo uses two flavours of DRM? If you download the books using the menu on their webpage, you will get either no DRM or Adobe's ADEPT DRM. If you synchronize the books from Kobo to an app or to your Kobo ereader, you will get either Kobo's proprietary DRM for which an entirely adequate DRM removal tools exists in KFX or no DRM. So no need to sweat Adobe's DRM.

Quote:

Originally Posted by crasspumpkins

Do you work for Rakuten? Do you have insider knowledge on what the corporation has done under its Kobo brand since it was purchased by them, or before? Would you be willing to swear in a deposition, under penalty of perjury, that under no circumstance has Kobo / Rakuten ever deleted a paid-for ebook? Further, would be willing to bet US$400 that never, from this day forward, that Kobo will never cause the deletion, either through direct action or service neglect, of purchased contents? Whoever loses has to donate to an agreed-upon children's literacy charity. I'll let you pick it.

At this point, I can safely say that Kobo has never deleted a paid for ebook. They have withdrawn ebooks from sale due to various issues but they have not reached out and deleted content off the user's device in the fashion where Amazon deleted illegal copies of 1984 from user devices.

Quote:

Originally Posted by crasspumpkins

In such a circumstance, I would expect a user as adept as Odessa to be able to navigate such a situation, or else request a refund

The person who purchased the Glose only ebook was informed that no refund was going to be issued. Since there are no tools available to download and unprotect Glose content regardless of how adept a user might be, the purchaser wrote the ebook off as a learning experience.

Quote:

Originally Posted by crasspumpkins

This isn't about you, or what you want, or what has happened to you, or what you care about. This is about Odessa asking a very specific question about how to minimize the data being gathered by Kobo and how to minimize the risk of Kobo, as a service, deleting content that they paid for. Whether that solution conflicts with other services that Odessa finds useful is certainly something for Odessa to weigh, but it doesn't change the answer. Whether you find the chances of Odessa's concerns coming to fact likely or unlikely does not change the answer to the question. The truth is, we don't know what's going to happen when Kobo shuts down. We do know what happened when similar services shut down -- Microsoft revoked access to the books that people purchased and issued them refunds.

Perhaps I've been around a bit longer than you. I remember when Microsoft shut down their servers that handled DRM on .lit format ebooks. No refunds were issued and if you didn't remove the DRM before the shutdown, you had content that could not be used.

Quote:

Originally Posted by crasspumpkins

We also don't know what data Kobo has access to. We can assume they have the same information that Amazon has with their e-readers -- and it's quite a lot. So, a person who is concerned about this benefits from knowing the whole story.

We do have a pretty decent idea of what information your Kobo ereader shares with Kobo which unlike Amazon does not include information beyond reading time and page flips for sideloaded ebooks. Blame it on Canadian privacy laws.(*) You can also ask Kobo for access to any information that they have collected on your activities and they have a legal obligation to grant that access.

I find it rather humourous that such trivial precautions such as setting up a email account solely for use with your Kobo account and using gift cards to purchase content for that account are too arcane for some of the "I demand my privacy" gripers.

*

Quote:

The 10 Principles of PIPEDA

Referred to as the fair information principles, these ten criteria represent the foundation of PIPEDA and are detailed in the Schedule 1 of the Personal Information Protection and Electronic Documents Act. Beyond them, organizations are responsible for the protection and fair handling of personal information at all times and are obligated to ensure that any collection, use or disclosure of personal information is done only for purposes that a reasonable person would deem appropriate given the circumstances.

The 10 fair information principles are:

1. Accountability: An organization is responsible for personal information under its control. It must appoint a Privacy Officer whose purpose is to ensure compliance with Canada’s data protection law.
2. Identifying Purposes: Organizations must identify the purposes for which personal data is being collected before or at the time of collection.
3. Consent: Individuals’ consent is needed for the collection, use or disclosure of personal information. Some exemptions apply to this principle such as, for example, in cases where legal, medical or security reasons make seeking consent impossible or impractical.
4. Limiting Collection: Information must be collected by fair and lawful means and must be limited to the data needed for the purpose identified by the organization.
5. Limiting Use, Disclosure, and Retention: Personal information can only be used or disclosed for the purposes for which it was collected and must be kept solely for the duration required to serve those purposes unless the individual consents otherwise or it is required by law.
6. Accuracy: Personal information must be as accurate, complete, and as up-to-date as possible in order to properly satisfy the purposes for which it is to be used.
7. Safeguards: Personal information must be protected through appropriate security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.
8. Openness: Organizations must be open about their policies and practices relating to the management of personal data and ensure that such information is easily available to individuals in a generally understandable format.
9. Individual Access: Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to it. Individuals have the right to challenge the accuracy and completeness of that information and have it amended as appropriate. Organizations may deny access to personal data if the information cannot be disclosed for legal, security, or commercial proprietary reasons or is subject to solicitor-client or litigation privilege.
10. Challenging Compliance: An individual can challenge an organization’s compliance with PIPEDA’s principles and address their challenge to the company’s Privacy Officer in charge of PIPEDA compliance.

The real kicker for most companies is clause 9. The requirement to allow the individual to access the information collected on them unless there is compelling legal reasons for a judge to deny that access has bitten a few companies since PIPEDA was first born back in 2000.