Jump to content

EDRLab: Difference between revisions

From Consumer Rights Wiki
← Older edit
VisualWikitext
Galomi04 (talk | contribs)
confirmed
391 edits
Galomi04 (talk | contribs)
confirmed
391 edits
m Post-installation: used actual roman numeral chars
 
(25 intermediate revisions by the same user not shown)
Line 5: Line 5:
|Type=Non-profit
|Type=Non-profit
|CompanyAlias=European Digital Reading Lab
|CompanyAlias=European Digital Reading Lab
|Website=https://www.edrlab.org/
|Website=https://www.edrlab.org, https://www.thoriumreader.com
}}
}}
EDRLab is a "non-profit development laboratory working on the deployment of an open, interoperable and accessible digital publishing ecosystem worldwide." It has over 100 members, but some of its founding members are: [[wikipedia:Editis|Editis]], [[wikipedia:Hachette Livre|Hachette]], [[wikipedia:Centre national du livre|Centre National du livre]], [[wikipedia:Groupe Madrigall|Groupe Madrigall]] and the French State. EDRLab is a member of [[wikipedia:World Wide Web Consortium|W3C]] and [[Readium|Readium Foundation]]. It is one of the main contributors to Readium toolkits and the manager of Readium LCP [[Digital rights management|DRM]]. They are also the creators of Thorium Reader, an EPUB reading application.<ref>{{Cite web |title=About |url=https://www.edrlab.org/about/ |url-status=live |website=edrlab.org |archive-url=https://web.archive.org/web/20260502070949/https://www.edrlab.org/about/ |archive-date=2 May 2026 |access-date=24 Jun 2026}}</ref><ref>{{Cite web |title=EDRLab members directory |url=https://members.edrlab.org |url-status=live |archive-url=https://web.archive.org/web/20260303083006/https://members.edrlab.org/ |archive-date=3 Mar 2026 |access-date=24 Jun 2026}}</ref><ref>{{Cite web |language=fr |title=SITUATION AU REPERTOIRE SIRENE |date=24 Jun 2026 |url=https://api-avis-situation-sirene.insee.fr/identification/pdf/81344547500029 |url-status=live |website=insee.fr |archive-url=https://web.archive.org/web/20260624170714/https://api-avis-situation-sirene.insee.fr/identification/pdf/81344547500029 |archive-date=24 Jun 2026}}</ref> They also focus on accessibility in order to increase the number of books available to people with disabilities.<ref>{{Cite web |title=Accessibility |url=https://www.edrlab.org/accessibility/ |url-status=live |website=edrlab.org |archive-url=https://ghostarchive.org/archive/EMoqh |archive-date=25 Jun 2026}}</ref>
EDRLab is a "non-profit development laboratory working on the deployment of an open, interoperable and accessible digital publishing ecosystem worldwide." It has over 100 members, but some of its founding members are: [[wikipedia:Editis|Editis]], [[wikipedia:Hachette Livre|Hachette]], [[wikipedia:Centre national du livre|Centre National du livre]], [[wikipedia:Groupe Madrigall|Groupe Madrigall]] and the French State. EDRLab is a member of [[wikipedia:World Wide Web Consortium|W3C]] and [[Readium|Readium Foundation]]. It is one of the main contributors to Readium toolkits and the manager of Readium LCP [[Digital rights management|DRM]]. They are also the creators of Thorium Reader, an EPUB reading application.<ref>{{Cite web |title=About |url=https://www.edrlab.org/about/ |url-status=live |website=edrlab.org |archive-url=https://web.archive.org/web/20260502070949/https://www.edrlab.org/about/ |archive-date=2026-05-02 |access-date=2026-06-24}}</ref><ref>{{Cite web |title=EDRLab members directory |url=https://members.edrlab.org |url-status=live |archive-url=https://web.archive.org/web/20260303083006/https://members.edrlab.org/ |archive-date=2026-03-03 |access-date=2026-06-24}}</ref><ref>{{Cite web |language=fr |title=SITUATION AU REPERTOIRE SIRENE |date=2026-06-24 |url=https://api-avis-situation-sirene.insee.fr/identification/pdf/81344547500029 |url-status=live |website=insee.fr |archive-url=https://web.archive.org/web/20260624170714/https://api-avis-situation-sirene.insee.fr/identification/pdf/81344547500029 |archive-date=2026-06-24}}</ref> They also focus on accessibility in order to increase the number of books available to people with disabilities.<ref>{{Cite web |title=Accessibility |url=https://www.edrlab.org/accessibility/ |url-status=live |website=edrlab.org |archive-url=https://ghostarchive.org/archive/EMoqh |archive-date=2026-06-25}}</ref>
==Consumer-impact summary==
==Consumer-impact summary==
EDRLab is one of the main contributors to [[Readium]] LCP DRM. Their EPUB reader application, Thorium Reader, which uses <abbr title="Licensed Content Protection">LCP</abbr>, claims to be private, yet it has "non-personal" data collection that the user cannot opt out of. It also contacts EDRLab's servers every time the application is started.  
EDRLab is one of the main contributors to [[Readium]] LCP DRM. Their EPUB reader application, Thorium Reader, which uses <abbr title="Licensed Content Protection">LCP</abbr>, claims to be private, yet it has "non-personal" data collection that the user cannot opt out of. It also contacts EDRLab's servers every time the application is started.  


This is not apparent, since Thorium's installer doesn't inform the user of this, there are no "agree/disagree" options and Thorium's interface does not directly link to either the [[Terms of service]] or the Privacy policy (see: [[EDRLab#User not clearly presented with terms|User not clearly presented with terms]]. Users also wouldn't be notified if the privacy policy were to change, since that would require them to manually check the Privacy policy page for updates.  
This is not apparent, since Thorium's installer doesn't inform the user of this, there are no "agree/disagree" options and Thorium's interface does not directly link to either the [[Terms of service]] (ToS) or the Privacy policy (see: [[EDRLab#User not clearly presented with terms|User not clearly presented with terms]]. Users also wouldn't be notified if the Privacy policy were to change, since that would require them to manually check the Privacy policy page for updates.  


The Terms of service also mentions that the user agrees to "indemnify and hold harmless the EDRLab Parties" even for "alleged" breaches by the user of the Terms of service. It is also stated that "EDRLab Parties have the right to monitor the use of the Application."  
The Terms of service also mentions that the user agrees to "indemnify and hold harmless the EDRLab Parties" even for "alleged" breaches by the user of the ToS. It is also stated that "EDRLab Parties have the right to monitor the use of the Application." The 2026 ToS also contains a [[Forced arbitration]] clause (see: [[EDRLab#Forced arbitration (2026-04-08 ToS version)|Forced arbitration (2026-04-08 ToS version)]]).


The application is also deceptively marketed as open source as it is stated in the privacy policy that it is in fact not entirely open source, but rather has a "small software library used as core for the Readium LCP DRM, which does not store or send any data." This requires users to trust the company on their word, since users cannot inspect the application, as they may not "rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part", according to the Terms of service. Furthermore, this connects directly to the 2nd paragraph. The Terms of service as well as the Privacy policy are discussed in more detail in the "Incidents" section (see: [[EDRLab#Thorium Reader privacy policy and terms of use|Thorium Reader privacy policy and terms of use]]).
The application is also deceptively marketed as open source as it is stated in the privacy policy that it is in fact not entirely open source, but rather has a "small software library used as core for the Readium LCP DRM, which does not store or send any data." This requires users to trust the company on their word, since users cannot inspect the application, as they may not "rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part", according to the Terms of service. Furthermore, this connects directly to the 2nd paragraph. The Terms of service as well as the Privacy policy are discussed in more detail in the "Incidents" section (see: [[EDRLab#Thorium Reader privacy policy and terms of use|Thorium Reader privacy policy and terms of use]]).
Line 19: Line 19:
==Incidents==
==Incidents==
===Thorium Reader privacy policy and terms of use===
===Thorium Reader privacy policy and terms of use===
====Privacy policy====
====Privacy policy (2022-11-22 version)====
Despite Thorium's homepage stating that:<blockquote>This application is free, with no ads and no private data leaks.</blockquote><ref name="thorium-home">{{Cite web |title=Thorium Reader |url=https://www.edrlab.org/software/thorium-reader/ |url-status=live |website=edrlab.org |archive-url=https://web.archive.org/web/20260619033750/https://www.edrlab.org/software/thorium-reader/ |archive-date=19 Jun 2026 |access-date=24 Jun 2026}}</ref>There is data collection, but it is stated that it is "non-personal." The application calling itself private might give some users the wrong impression, if they take that to mean "no phoning home." The reader sends this "non-personal" data to EDRLab's servers.  
Despite Thorium's homepage stating that:<blockquote>This application is free, with no ads and no private data leaks.</blockquote><ref name="thorium-home">{{Cite web |title=Thorium Reader |url=https://www.edrlab.org/software/thorium-reader/ |url-status=live |website=edrlab.org |archive-url=https://web.archive.org/web/20260619033750/https://www.edrlab.org/software/thorium-reader/ |archive-date=2026-06-19 |access-date=2026-06-24}}</ref>There is data collection, but it is stated that it is "non-personal." The application calling itself private might give some users the wrong impression, if they take that to mean "no phoning home." The reader sends this "non-personal" data to EDRLab's servers.  


It is impossible to opt out of "notifications" that are sent to a server every time the application is started. They state that this information <blockquote>is for analytics only and not accessed by any third party. It is used to get information about the evolution of the number of installs of the application per operating system, the evolution of usage sessions and the main locales in use.</blockquote>And:<blockquote>Parameters of such notification are:
It is impossible to opt out of "notifications" that are sent to a server every time the application is started. They state that this information <blockquote>is for analytics only and not accessed by any third party. It is used to get information about the evolution of the number of installs of the application per operating system, the evolution of usage sessions and the main locales in use.</blockquote>And:<blockquote>Parameters of such notification are:
Line 42: Line 42:
The terms of privacy policy can also evidently be changed without users being notified in their actual reading application, but rather: <blockquote>We may change the Privacy Policy from time to time. We will notify you by posting the revised Privacy Policy on this page and the date on which the last changes were made will be noted at the top of the page.</blockquote>So users would have to periodically check this site to know whether any terms have changed.
The terms of privacy policy can also evidently be changed without users being notified in their actual reading application, but rather: <blockquote>We may change the Privacy Policy from time to time. We will notify you by posting the revised Privacy Policy on this page and the date on which the last changes were made will be noted at the top of the page.</blockquote>So users would have to periodically check this site to know whether any terms have changed.


====Terms of service====
====Terms of service (2022-11-22 version)====
Moving on to the Terms of service, there are several interesting things. First:<blockquote>You hereby agree to indemnify and hold harmless the EDRLab Parties from and against any and all claims, actions or proceedings of any nature whatsoever and all damages, judgments, losses, liabilities, costs and expenses, including reasonable attorneys’ fees and expenses (including those incurred to enforce this provision), arising out of your use of the Application, the Content, any actual or alleged breach by you of these Terms of Use, or any violation by you of any applicable law or the rights of any other person or entity.</blockquote>Especially:<blockquote>any actual or alleged breach by you of these Terms of Use</blockquote>
Moving on to the Terms of service, there are several interesting things. First:<blockquote>You hereby agree to indemnify and hold harmless the EDRLab Parties from and against any and all claims, actions or proceedings of any nature whatsoever and all damages, judgments, losses, liabilities, costs and expenses, including reasonable attorneys’ fees and expenses (including those incurred to enforce this provision), arising out of your use of the Application, the Content, any actual or alleged breach by you of these Terms of Use, or any violation by you of any applicable law or the rights of any other person or entity.</blockquote>Especially:<blockquote>any actual or alleged breach by you of these Terms of Use</blockquote>
As per this, one is agreeing to "indemnify and hold harmless the EDRLab Parties" even for alleged breaches of the terms of service.
As per this, one is agreeing to "indemnify and hold harmless the EDRLab Parties" even for alleged breaches of the terms of service.


In one of the quotes above, it is mentioned that due to Thorium's open source nature, one can inspect its source code apart from a "small software library used as core for the Readium LCP DRM, which does not store or send any data" Which, one cannot verify that part, since:<blockquote>In addition, you may not rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part. You may not use any device, software or routine to interfere with or attempt to interfere with the proper functioning of the Application in whole or in part.</blockquote>So it would appear that it is up to individual users to decide if not being able to verify that part is acceptable to them. Finally, there is also this:<blockquote> However, you acknowledge that the EDRLab Parties have the right to monitor the use of the Application, at its sole discretion, and to disclose any information necessary to comply with any law, regulation or government request, in order to be able to operate the Application adequately or in order to protect itself or its users under the “Privacy Policy”</blockquote><ref name="tos">{{Cite web |title=Thorium Reader – Terms of Use |date=22 Nov 2022 |url=https://www.edrlab.org/software/thorium-reader/terms-of-use/ |website=edrlab.org |url-status=live |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/software/thorium-reader/terms-of-use/ |archive-date=17 Jun 2026 |access-date=24 Jun 2026}}</ref><ref name="privacy-policy">{{Cite web |title=Thorium Reader – Privacy Policy |date=22 Nov 2022 |url=https://www.edrlab.org/software/thorium-reader/privacy-policy/ |website=edrlab.org |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/software/thorium-reader/privacy-policy/ |url-status=live |archive-date=17 Jun 2026 |access-date=24 Jun 2026}}</ref>The above summarizes and discusses Thorium's Privacy policy and Terms of service. Readers are encouraged to consult both the Privacy policy and the Terms of service for themselves and form their own conclusions.
In one of the quotes above, it is mentioned that due to Thorium's open source nature, one can inspect its source code apart from a "small software library used as core for the Readium LCP DRM, which does not store or send any data" Which, one cannot verify that part, since:<blockquote>In addition, you may not rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part. You may not use any device, software or routine to interfere with or attempt to interfere with the proper functioning of the Application in whole or in part.</blockquote>So it would appear that it is up to individual users to decide if not being able to verify that part is acceptable to them. Finally, there is also this:<blockquote> However, you acknowledge that the EDRLab Parties have the right to monitor the use of the Application, at its sole discretion, and to disclose any information necessary to comply with any law, regulation or government request, in order to be able to operate the Application adequately or in order to protect itself or its users under the “Privacy Policy”</blockquote><ref name="tos">{{Cite web |title=Thorium Reader – Terms of Use |date=2022-11-22 |url=https://www.edrlab.org/software/thorium-reader/terms-of-use/ |website=edrlab.org |url-status=live |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/software/thorium-reader/terms-of-use/ |archive-date=2026-06-17 |access-date=2026-06-24}}</ref><ref name="privacy-policy">{{Cite web |title=Thorium Reader – Privacy Policy |date=2022-11-22 |url=https://www.edrlab.org/software/thorium-reader/privacy-policy/ |website=edrlab.org |archive-url=https://web.archive.org/web/20260617083801/https://www.edrlab.org/software/thorium-reader/privacy-policy/ |url-status=live |archive-date=2026-06-17 |access-date=2026-06-24}}</ref> The above summarizes and discusses Thorium's Privacy policy and Terms of service. Readers are encouraged to consult both the Privacy policy and the Terms of service for themselves and form their own conclusions.
=====Forced arbitration (2026-04-08 ToS version)=====
In the updated Terms of service (see [[EDRLab#External links|External links]]), from 2026-04-08, there is a Forced arbitration clause.<blockquote>To the fullest extent permitted by applicable law, any dispute, claim or controversy between you and EDRLab that relates in any way to or arises from your use of the Application or these Terms of Use (a “Dispute”) shall be resolved on an individual basis and, except as provided below, exclusively through binding arbitration. A Dispute will be submitted to arbitration, whether it is based on contract, statute, regulation, court order, tort or any other legal or equitable theory. You understand that in arbitration, there is no judge or jury and that judicial review of an arbitral award is limited. Unless otherwise required by mandatory law, the arbitration shall be administered by a recognised arbitration institution (for example, the ICC in Paris, or, for consumers in the United States, the American Arbitration Association) under its applicable rules for consumer or commercial disputes, as modified by this clause. The arbitration shall be conducted by a single arbitrator, in French or English, and, unless the arbitrator decides that an in‑person hearing is necessary, may be held by videoconference. The arbitrator shall apply the applicable governing law set out below and may award any remedies available at law or in equity. The arbitrator’s award shall be final and binding and may be entered in any court of competent jurisdiction.</blockquote>
And:<blockquote>You agree that any arbitration or court proceeding will be conducted only on an individual basis, not as a class, collective, or representative action. To the fullest extent permitted by applicable law, you and EDRLab each waive any right to a jury trial in any court proceedings. Notwithstanding the foregoing, either you or EDRLab may: (a) bring an individual action in a court of competent jurisdiction for claims that fall within the jurisdiction of a small‑claims or equivalent court, or (b) seek provisional or injunctive relief in a court of competent jurisdiction to protect intellectual property rights or prevent unauthorised access to or use of the Application. You and we agree to submit to the exclusive jurisdiction of Paris, France. Unless prohibited by applicable law, and without regard to its conflict of laws principles, you and we agree that any Dispute between you and us will be governed by and construed in accordance with the laws of France. ​In all cases, nothing in these Terms of Use is intended to waive any sovereign immunity, governmental immunity or other mandatory legal protection that cannot be contractually waived under applicable law.</blockquote>
You also agree to first contact EDRLab and try to resolve matters "informally", before initiating any proceedings:<blockquote>If you have any concern or dispute regarding the Application or these Terms of Use, you agree first to contact EDRLab at [email protected] and to make a good‑faith effort to resolve the dispute informally for at least thirty (30) days before initiating arbitration or court proceedings.</blockquote><ref name="tos2" />


===User not clearly presented with terms===
===User not clearly presented with terms===
During the installation process, the user is not clearly presented with the Terms of use or the Privacy policy. There is no option to agree or disagree to the terms and the privacy policy, nor are they directly linked in the app (see: [[EDRLab#Installation|Installation]] and [[EDRLab#Post-installation|Post-installation]]). While it is not possible to opt out, the user doesn't know that during installation, unless they'd scrolled on Thorium's webpage to find the Terms of use and the Privacy policy, or unless they'd found them wherever they're installing the app from (e.g. [[Microsoft|Microsoft]] Store). See [[EDRLab#External links|External links]] for installation videos of Thorium.<ref name="install-thorium-win">{{Cite web |date=24 Feb 2026 |title=installer_thorium_pc |author=Stine Kjær Kappel |url=https://edumedia.dk/media/t/0_dadiw6fi/480184 |url-status=live |website=edumedia.dk |archive-url=https://ghostarchive.org/archive/3IlBv |archive-date=25 Jun 2026}}</ref><ref name="install-thorium-mac">{{Cite web |date=24 Feb 2026 |title=installer_thorium_mac |author=Stine Kjær Kappel |url=https://edumedia.dk/media/t/0_1j7nppt4 |url-status=live |website=edumedia.dk |archive-url=https://ghostarchive.org/archive/ILix8 |archive-date=25 Jun 2026}}</ref>
During the installation process, the user is not clearly presented with the Terms of use or the Privacy policy. There is no option to agree or disagree to the terms and the privacy policy, nor are they directly linked in the app (see: [[EDRLab#Installation|Installation]] and [[EDRLab#Post-installation|Post-installation]]). While it is not possible to opt out, the user doesn't know that during installation, unless they'd scrolled on Thorium's webpage to find the Terms of use and the Privacy policy, or unless they'd found them wherever they're installing the app from (e.g. [[Microsoft|Microsoft]] Store). See [[EDRLab#External links|External links]] for installation videos of Thorium.<ref name="install-thorium-win">{{Cite web |date=2026-02-24 |title=installer_thorium_pc |author=Stine Kjær Kappel |language=da |url=https://edumedia.dk/media/t/0_dadiw6fi/480184 |url-status=live |website=edumedia.dk |archive-url=https://ghostarchive.org/archive/3IlBv |archive-date=2026-06-25}}</ref><ref name="install-thorium-mac">{{Cite web |date=2026-02-24 |title=installer_thorium_mac |author=Stine Kjær Kappel |language=da |url=https://edumedia.dk/media/t/0_1j7nppt4 |url-status=live |website=edumedia.dk |archive-url=https://ghostarchive.org/archive/ILix8 |archive-date=2026-06-25}}</ref>
====Installation====
====Installation====
<gallery>
<gallery>
Line 61: Line 65:
The Terms of use and the Privacy policy can be located on the homepage by scrolling down to the "Terms of Use, Privacy Policy" section.<ref name="thorium-home" />
The Terms of use and the Privacy policy can be located on the homepage by scrolling down to the "Terms of Use, Privacy Policy" section.<ref name="thorium-home" />
=====Step 1=====
=====Step 1=====
On the installation page (step 1), the user would have to click on "Support" on the top right (or "Minimum system requirement" in the center-left) and then locate the "About Thorium Reader" section on the bottom left. This is not the same page as the "About" located next to "Support."<ref name="homepage">{{Cite web |title=Thorium Reader |url=https://thorium.edrlab.org/en/ |url-status=live |website=thorium.edrlab.org |archive-url=https://ghostarchive.org/archive/BI26o |archive-date=27 Jun 2026}}</ref><ref>{{Cite web |title=Thorium 3 support |url=https://thorium.edrlab.org/en/th3/ |url-status=live |website=thorium.edrlab.org |archive-url=https://ghostarchive.org/archive/eHOlo |archive-date=27 Jun 2026}}</ref>
On the installation page (step 1), the user would have to click on "Support" on the top right (or "Minimum system requirement" in the center-left) and then locate the "About Thorium Reader" section on the bottom left. This is not the same page as the "About" located next to "Support."<ref name="homepage">{{Cite web |title=Thorium Reader |url=https://thorium.edrlab.org/en/ |url-status=live |website=thorium.edrlab.org |archive-url=https://ghostarchive.org/archive/BI26o |archive-date=2026-06-27}}</ref><ref>{{Cite web |title=Thorium 3 support |url=https://thorium.edrlab.org/en/th3/ |url-status=live |website=thorium.edrlab.org |archive-url=https://ghostarchive.org/archive/eHOlo |archive-date=2026-06-27}}</ref>
======Microsoft Store======
======Microsoft Store======
On the Microsoft Store (alternative step 1 for Windows), the "Additional information" section contains links to the Privacy policy and the "Terms of transaction." The former leads to EDRLab's "Legal Information" page, not the actual privacy policy on the site that the "''About Thorium (Online)''" opens (it is also in French, even with the computer's language set to English)<ref>{{Cite web |title=Legal Information |url=https://www.edrlab.org/legal-information/ |url-status=live |website=edrlab.org |language=fr |archive-url=https://ghostarchive.org/archive/NvQtI |archive-date=27 Jun 2026}}</ref>.
On the Microsoft Store (alternative step 1 for Windows), the "Additional information" section contains links to the Privacy policy and the "Terms of transaction." The former leads to EDRLab's "Legal Information" page, not the actual privacy policy on the site that the "''About Thorium (Online)''" opens (it is also in French, even with the computer's language set to English)<ref>{{Cite web |title=Legal Information |url=https://www.edrlab.org/legal-information/ |url-status=live |website=edrlab.org |language=fr |archive-url=https://ghostarchive.org/archive/NvQtI |archive-date=2026-06-27}}</ref>.


The latter link leads to a "Microsoft Store Terms of Sale" (which is not the same as the app's Terms of use). There is also a website link, but it opens a different website<ref name="altsite">{{Cite web |title=Thorium Reader |url=https://www.thoriumreader.com/en/ |url-status=live |website=thoriumreader.com |archive-url=https://ghostarchive.org/archive/ZjTqS |archive-date=27 Jun 2026}}</ref> than the one Thorium Reader opens when clicking "''About Thorium (Online)''" (see [[EDRLab#External links|External links]]).<ref>{{Cite web |title=Thorium Reader |url=https://apps.microsoft.com/detail/9nfzp1g7m2sc?hl=en-US |website=apps.microsoft.com |url-status=live |archive-url=https://ghostarchive.org/archive/ukmly |archive-date=27 Jun 2026}}</ref> That site site has a "Legal Notices" (not to be confused with the aforementioned "Legal Information" page) link, through which users can locate the Terms of service and the Privacy policy.<ref name="altsite" /><ref name="conformance">{{Cite web |title=Thorium Reader Conformance Reports |url=https://conformance.thoriumreader.com/ |url-status=live |website=conformance.thoriumreader.com |archive-url=https://ghostarchive.org/archive/Y4JlV |archive-date=27 Jun 2026}}</ref>
The latter link leads to a "Microsoft Store Terms of Sale" (not the same thing as the app's Terms of use). There is also a website link, but it opens a different website<ref name="altsite">{{Cite web |title=Thorium Reader |url=https://www.thoriumreader.com/en/ |url-status=live |website=thoriumreader.com |archive-url=https://ghostarchive.org/archive/ZjTqS |archive-date=2026-06-27}}</ref> than the one Thorium Reader opens when clicking "''About Thorium (Online)''" (see [[EDRLab#External links|External links]]).<ref>{{Cite web |title=Thorium Reader |url=https://apps.microsoft.com/detail/9nfzp1g7m2sc?hl=en-US |website=apps.microsoft.com |url-status=live |archive-url=https://ghostarchive.org/archive/ukmly |archive-date=2026-06-27}}</ref> That site site has a "Legal Notices" (not to be confused with the aforementioned "Legal Information" page) link, through which users can locate the Terms of service and the Privacy policy.<ref name="altsite" /><ref name="conformance">{{Cite web |title=Thorium Reader Conformance Reports |url=https://conformance.thoriumreader.com/ |url-status=live |website=conformance.thoriumreader.com |archive-url=https://ghostarchive.org/archive/Y4JlV |archive-date=2026-06-27}}</ref>


=====Step 2 & 3=====
=====Steps 2 & 3=====
The installer does not have a link to the Privacy policy or the Terms of service, but after installation (after getting past the welcome screen in image 3), one can use the "''About Thorium (Online)''" link to go to the app's website and locate the documents (see [[EDRLab#Step 0|Step 0]]).<ref name="thorium-home />
The installer does not have a link to the Privacy policy or the Terms of service, but after installation (after getting past the welcome screen in image 3), one can use the "''About Thorium (Online)''" link to go to the app's website and locate the documents (see [[EDRLab#Step 0|Step 0]]).<ref name="thorium-home />


====Post-installation====
====Post-installation====
<gallery>
<gallery>
File:S1.webp|alt=Searching for terms in the app: 1|right|Searching for terms in the app: 1
File:S1.webp|alt=(Ⅰ) Welcome dialog post installation|right|(Ⅰ) Welcome dialog post installation
File:S2.webp|alt=Searching for terms in the app: 2|right|Searching for terms in the app: 2
File:S2.webp|alt=(Ⅱ) "Resources & Community" section of the dialog |right|(Ⅱ) "Resources & Community" section of the dialog
File:S3.webp|alt=Searching for terms in the app: 3|right|Searching for terms in the app: 3
File:S0.webp|alt=(Ⅲ)"Home" tab|right|(Ⅲ) "Home" tab
File:S4.webp|alt=Searching for terms in the app: 4|right|Searching for terms in the app: 4
File:S3.webp|alt=(Ⅳ) Settings -- general -- part 1|right|(Ⅳ) Settings -- general (part 1)
File:S4.webp|alt=(V) Settings -- general -- part 2|right|(V) Settings -- general (part 2)
</gallery>
</gallery>
Again, no clear mention of the Terms of use or the Privacy policy. The user would have to click the "''About Thorium (Online)''" link, visible on the bottom right of the images, which would open the app's website in the browser. Then, the user would have to scroll down to locate the "Terms of Use, Privacy Policy" section, where they'd find the links.
No direct presentation of the Terms of use or the Privacy policy. The dialog in images (Ⅰ) and (Ⅱ) only contains information about the app's version and links, one of which is the website.<ref name="altsite" /> This webpage includes a "Legal Notices" link, through which users can find the relevant documentation.
 
Image (Ⅲ) contains depicts the app's "Home" tab. The user would have to click the "''About Thorium (Online)''" link (visible on the bottom right of the images), which would open the app's website in the browser. This, however, is not the same website as the one that the link from image (Ⅱ) leads to.<ref name="homepage" /> In fact, via the former (through "Legal Notices"),<ref name="conformance" /> users can access a more recent version of the Terms of use (the version from 2026-04-08 as of 2026-06-27);<ref name="tos2">{{Cite web |title=Conformance Reports - Terms of use |date=2022-04-08 |url=https://conformance.thoriumreader.com/documents/desktop3/terms-of-use/ |url-status=live |website=conformance.thoriumreader.com |archive-url=https://ghostarchive.org/archive/bRGDV |archive-date=2026-06-27}}</ref> whereas via the latter, users can access (by scrolling down to the "Terms of Use, Privacy Policy" section, where they'd find the link) Terms of service (as of 2026-06-27) from 2022-11-22.<ref name="tos" />
 
Image (Ⅳ) and (Ⅴ) depict the settings tab, where any links can't be found either. This is also seen in the installation videos in [[EDRLab#External links|External links]].<ref name="install-thorium-win" /><ref name="install-thorium-mac" />


==Products==
==Products==
Line 86: Line 95:
==See also==
==See also==
*[[Digital rights management]]
*[[Digital rights management]]
*[[Forced arbitration]]
*[[Readium]]
*[[Readium]]
*[[Adobe Digital Editions' ebook DRM]]
*[[Adobe Digital Editions' ebook DRM]]
Line 93: Line 103:


==External links==
==External links==
===Installation videos===
*[https://edumedia.dk/media/t/0_dadiw6fi/480184 Thorium PC installation video]
*[https://edumedia.dk/media/t/0_dadiw6fi/480184 Thorium PC installation video]
*[https://edumedia.dk/media/t/0_1j7nppt4 Thorium Mac installation video]
*[https://edumedia.dk/media/t/0_1j7nppt4 Thorium Mac installation video]
 
===ToS===
*[https://conformance.thoriumreader.com/documents/desktop3/terms-of-use/ 2026 ToS] ([https://ghostarchive.org/archive/bRGDV archived])
*[https://www.edrlab.org/software/thorium-reader/terms-of-use/ 2022 ToS] ([https://ghostarchive.org/archive/O61SS archived])
===Privacy Policy===
*[https://www.edrlab.org/software/thorium-reader/privacy-policy/ Privacy policy] ([https://ghostarchive.org/archive/cemKI archived]); [https://conformance.thoriumreader.com/documents/desktop3/privacy-policy/ Same policy but on "conformance.thoriumreader.com"] ([https://ghostarchive.org/archive/ye7GZ archived])
===Websites===
*[https://www.edrlab.org/software/thorium-reader/ edrlab.org/software/thorium-reader/] ([https://ghostarchive.org/archive/mqQkB archived])
*[https://www.thoriumreader.com/en/ thoriumreader.com] ([https://ghostarchive.org/archive/ZjTqS archived])
[[Category:{{PAGENAME}}]]
[[Category:{{PAGENAME}}]]

Latest revision as of 08:24, 28 June 2026

EDRLab
Basic information
Founded 2015-07-17
Legal Structure Non-profit
Industry Software
Also known as European Digital Reading Lab
Official website https://www.edrlab.org

EDRLab is a "non-profit development laboratory working on the deployment of an open, interoperable and accessible digital publishing ecosystem worldwide." It has over 100 members, but some of its founding members are: Editis, Hachette, Centre National du livre, Groupe Madrigall and the French State. EDRLab is a member of W3C and Readium Foundation. It is one of the main contributors to Readium toolkits and the manager of Readium LCP DRM. They are also the creators of Thorium Reader, an EPUB reading application.[1][2][3] They also focus on accessibility in order to increase the number of books available to people with disabilities.[4]

Consumer-impact summary

[edit | edit source]

EDRLab is one of the main contributors to Readium LCP DRM. Their EPUB reader application, Thorium Reader, which uses LCP, claims to be private, yet it has "non-personal" data collection that the user cannot opt out of. It also contacts EDRLab's servers every time the application is started.

This is not apparent, since Thorium's installer doesn't inform the user of this, there are no "agree/disagree" options and Thorium's interface does not directly link to either the Terms of service (ToS) or the Privacy policy (see: User not clearly presented with terms. Users also wouldn't be notified if the Privacy policy were to change, since that would require them to manually check the Privacy policy page for updates.

The Terms of service also mentions that the user agrees to "indemnify and hold harmless the EDRLab Parties" even for "alleged" breaches by the user of the ToS. It is also stated that "EDRLab Parties have the right to monitor the use of the Application." The 2026 ToS also contains a Forced arbitration clause (see: Forced arbitration (2026-04-08 ToS version)).

The application is also deceptively marketed as open source as it is stated in the privacy policy that it is in fact not entirely open source, but rather has a "small software library used as core for the Readium LCP DRM, which does not store or send any data." This requires users to trust the company on their word, since users cannot inspect the application, as they may not "rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part", according to the Terms of service. Furthermore, this connects directly to the 2nd paragraph. The Terms of service as well as the Privacy policy are discussed in more detail in the "Incidents" section (see: Thorium Reader privacy policy and terms of use).

Incidents

[edit | edit source]

Thorium Reader privacy policy and terms of use

[edit | edit source]

Privacy policy (2022-11-22 version)

[edit | edit source]

Despite Thorium's homepage stating that:

This application is free, with no ads and no private data leaks.

[5]There is data collection, but it is stated that it is "non-personal." The application calling itself private might give some users the wrong impression, if they take that to mean "no phoning home." The reader sends this "non-personal" data to EDRLab's servers. It is impossible to opt out of "notifications" that are sent to a server every time the application is started. They state that this information

is for analytics only and not accessed by any third party. It is used to get information about the evolution of the number of installs of the application per operating system, the evolution of usage sessions and the main locales in use.

And:

Parameters of such notification are:

  • a timestamp,
  • the version of Thorium Reader,
  • the operating system of the device and its version,
  • the locale of the application at the time it is started,
  • if this is the first start of Thorium Reader after a fresh install.

The IP address of the device is not stored along with the above information.

It is not possible to opt-out from this notification.

Also:

a notification is sent to an LCP Server each time a protected publication is open. This is required by the LCP specification for checking if the license of use of the publication has been updated. There is not centralized LCP Server, each server is operated by the distributor of the protected publication acquired by the user.

Parameters of such notification are:

  • a device identifier, automatically generated at the install of the application.
  • a device name, automatically generated at the install of the application.

The codebase of Thorium Reader is open-sourced and can therefore be fully inspected, with the exception of a small software library used as core for the Readium LCP DRM, which does not store or send any data.

The terms of privacy policy can also evidently be changed without users being notified in their actual reading application, but rather:

We may change the Privacy Policy from time to time. We will notify you by posting the revised Privacy Policy on this page and the date on which the last changes were made will be noted at the top of the page.

So users would have to periodically check this site to know whether any terms have changed.

Terms of service (2022-11-22 version)

[edit | edit source]

Moving on to the Terms of service, there are several interesting things. First:

You hereby agree to indemnify and hold harmless the EDRLab Parties from and against any and all claims, actions or proceedings of any nature whatsoever and all damages, judgments, losses, liabilities, costs and expenses, including reasonable attorneys’ fees and expenses (including those incurred to enforce this provision), arising out of your use of the Application, the Content, any actual or alleged breach by you of these Terms of Use, or any violation by you of any applicable law or the rights of any other person or entity.

Especially:

any actual or alleged breach by you of these Terms of Use

As per this, one is agreeing to "indemnify and hold harmless the EDRLab Parties" even for alleged breaches of the terms of service.

In one of the quotes above, it is mentioned that due to Thorium's open source nature, one can inspect its source code apart from a "small software library used as core for the Readium LCP DRM, which does not store or send any data" Which, one cannot verify that part, since:

In addition, you may not rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part. You may not use any device, software or routine to interfere with or attempt to interfere with the proper functioning of the Application in whole or in part.

So it would appear that it is up to individual users to decide if not being able to verify that part is acceptable to them. Finally, there is also this:

However, you acknowledge that the EDRLab Parties have the right to monitor the use of the Application, at its sole discretion, and to disclose any information necessary to comply with any law, regulation or government request, in order to be able to operate the Application adequately or in order to protect itself or its users under the “Privacy Policy”

[6][7] The above summarizes and discusses Thorium's Privacy policy and Terms of service. Readers are encouraged to consult both the Privacy policy and the Terms of service for themselves and form their own conclusions.

Forced arbitration (2026-04-08 ToS version)
[edit | edit source]

In the updated Terms of service (see External links), from 2026-04-08, there is a Forced arbitration clause.

To the fullest extent permitted by applicable law, any dispute, claim or controversy between you and EDRLab that relates in any way to or arises from your use of the Application or these Terms of Use (a “Dispute”) shall be resolved on an individual basis and, except as provided below, exclusively through binding arbitration. A Dispute will be submitted to arbitration, whether it is based on contract, statute, regulation, court order, tort or any other legal or equitable theory. You understand that in arbitration, there is no judge or jury and that judicial review of an arbitral award is limited. Unless otherwise required by mandatory law, the arbitration shall be administered by a recognised arbitration institution (for example, the ICC in Paris, or, for consumers in the United States, the American Arbitration Association) under its applicable rules for consumer or commercial disputes, as modified by this clause. The arbitration shall be conducted by a single arbitrator, in French or English, and, unless the arbitrator decides that an in‑person hearing is necessary, may be held by videoconference. The arbitrator shall apply the applicable governing law set out below and may award any remedies available at law or in equity. The arbitrator’s award shall be final and binding and may be entered in any court of competent jurisdiction.

And:

You agree that any arbitration or court proceeding will be conducted only on an individual basis, not as a class, collective, or representative action. To the fullest extent permitted by applicable law, you and EDRLab each waive any right to a jury trial in any court proceedings. Notwithstanding the foregoing, either you or EDRLab may: (a) bring an individual action in a court of competent jurisdiction for claims that fall within the jurisdiction of a small‑claims or equivalent court, or (b) seek provisional or injunctive relief in a court of competent jurisdiction to protect intellectual property rights or prevent unauthorised access to or use of the Application. You and we agree to submit to the exclusive jurisdiction of Paris, France. Unless prohibited by applicable law, and without regard to its conflict of laws principles, you and we agree that any Dispute between you and us will be governed by and construed in accordance with the laws of France. ​In all cases, nothing in these Terms of Use is intended to waive any sovereign immunity, governmental immunity or other mandatory legal protection that cannot be contractually waived under applicable law.

You also agree to first contact EDRLab and try to resolve matters "informally", before initiating any proceedings:

If you have any concern or dispute regarding the Application or these Terms of Use, you agree first to contact EDRLab at [email protected] and to make a good‑faith effort to resolve the dispute informally for at least thirty (30) days before initiating arbitration or court proceedings.

[8]

User not clearly presented with terms

[edit | edit source]

During the installation process, the user is not clearly presented with the Terms of use or the Privacy policy. There is no option to agree or disagree to the terms and the privacy policy, nor are they directly linked in the app (see: Installation and Post-installation). While it is not possible to opt out, the user doesn't know that during installation, unless they'd scrolled on Thorium's webpage to find the Terms of use and the Privacy policy, or unless they'd found them wherever they're installing the app from (e.g. Microsoft Store). See External links for installation videos of Thorium.[9][10]

Installation

[edit | edit source]
  • Installation step: 1 (installation page)
    Installation step: 1 (installation page)
  • Installation step: 1 (alternative on Windows: Microsoft Store)
    Installation step: 1 (alternative on Windows: Microsoft Store)
  • Installation step: 2 (Thorium being installed)
    Installation step: 2 (Thorium being installed)
  • Installation step: 3 (Thorium's welcome page upon first launch)
    Installation step: 3 (Thorium's welcome page upon first launch)

No direct presentation of the Terms of use or the Privacy policy during installation (example on Windows).

Step 0
[edit | edit source]

The Terms of use and the Privacy policy can be located on the homepage by scrolling down to the "Terms of Use, Privacy Policy" section.[5]

Step 1
[edit | edit source]

On the installation page (step 1), the user would have to click on "Support" on the top right (or "Minimum system requirement" in the center-left) and then locate the "About Thorium Reader" section on the bottom left. This is not the same page as the "About" located next to "Support."[11][12]

Microsoft Store
[edit | edit source]

On the Microsoft Store (alternative step 1 for Windows), the "Additional information" section contains links to the Privacy policy and the "Terms of transaction." The former leads to EDRLab's "Legal Information" page, not the actual privacy policy on the site that the "About Thorium (Online)" opens (it is also in French, even with the computer's language set to English)[13].

The latter link leads to a "Microsoft Store Terms of Sale" (not the same thing as the app's Terms of use). There is also a website link, but it opens a different website[14] than the one Thorium Reader opens when clicking "About Thorium (Online)" (see External links).[15] That site site has a "Legal Notices" (not to be confused with the aforementioned "Legal Information" page) link, through which users can locate the Terms of service and the Privacy policy.[14][16]

Steps 2 & 3
[edit | edit source]

The installer does not have a link to the Privacy policy or the Terms of service, but after installation (after getting past the welcome screen in image 3), one can use the "About Thorium (Online)" link to go to the app's website and locate the documents (see Step 0).[5]

Post-installation

[edit | edit source]
  • (Ⅰ) Welcome dialog post installation
    (Ⅰ) Welcome dialog post installation
  • (Ⅱ) "Resources & Community" section of the dialog
    (Ⅱ) "Resources & Community" section of the dialog
  • (Ⅲ)"Home" tab
    (Ⅲ) "Home" tab
  • (Ⅳ) Settings -- general -- part 1
    (Ⅳ) Settings -- general (part 1)
  • (V) Settings -- general -- part 2
    (V) Settings -- general (part 2)

No direct presentation of the Terms of use or the Privacy policy. The dialog in images (Ⅰ) and (Ⅱ) only contains information about the app's version and links, one of which is the website.[14] This webpage includes a "Legal Notices" link, through which users can find the relevant documentation.

Image (Ⅲ) contains depicts the app's "Home" tab. The user would have to click the "About Thorium (Online)" link (visible on the bottom right of the images), which would open the app's website in the browser. This, however, is not the same website as the one that the link from image (Ⅱ) leads to.[11] In fact, via the former (through "Legal Notices"),[16] users can access a more recent version of the Terms of use (the version from 2026-04-08 as of 2026-06-27);[8] whereas via the latter, users can access (by scrolling down to the "Terms of Use, Privacy Policy" section, where they'd find the link) Terms of service (as of 2026-06-27) from 2022-11-22.[6]

Image (Ⅳ) and (Ⅴ) depict the settings tab, where any links can't be found either. This is also seen in the installation videos in External links.[9][10]

Products

[edit | edit source]
  • Thorium Reader
  • Readium LCP (main contributor)
  • Lis mon Livre

See also

[edit | edit source]

References

[edit | edit source]
  1. "About". edrlab.org. Archived from the original on 2026-05-02. Retrieved 2026-06-24.
  2. "EDRLab members directory". Archived from the original on 2026-03-03. Retrieved 2026-06-24.
  3. "SITUATION AU REPERTOIRE SIRENE". insee.fr (in français). 2026-06-24. Archived from the original on 2026-06-24.
  4. "Accessibility". edrlab.org. Archived from the original on 2026-06-25.
  5. 5.0 5.1 5.2 "Thorium Reader". edrlab.org. Archived from the original on 2026-06-19. Retrieved 2026-06-24.
  6. 6.0 6.1 "Thorium Reader – Terms of Use". edrlab.org. 2022-11-22. Archived from the original on 2026-06-17. Retrieved 2026-06-24.
  7. "Thorium Reader – Privacy Policy". edrlab.org. 2022-11-22. Archived from the original on 2026-06-17. Retrieved 2026-06-24.
  8. 8.0 8.1 "Conformance Reports - Terms of use". conformance.thoriumreader.com. 2022-04-08. Archived from the original on 2026-06-27.
  9. 9.0 9.1 Stine Kjær Kappel (2026-02-24). "installer_thorium_pc". edumedia.dk (in dansk). Archived from the original on 2026-06-25.
  10. 10.0 10.1 Stine Kjær Kappel (2026-02-24). "installer_thorium_mac". edumedia.dk (in dansk). Archived from the original on 2026-06-25.
  11. 11.0 11.1 "Thorium Reader". thorium.edrlab.org. Archived from the original on 2026-06-27.
  12. "Thorium 3 support". thorium.edrlab.org. Archived from the original on 2026-06-27.
  13. "Legal Information". edrlab.org (in français). Archived from the original on 2026-06-27.
  14. 14.0 14.1 14.2 "Thorium Reader". thoriumreader.com. Archived from the original on 2026-06-27.
  15. "Thorium Reader". apps.microsoft.com. Archived from the original on 2026-06-27.
  16. 16.0 16.1 "Thorium Reader Conformance Reports". conformance.thoriumreader.com. Archived from the original on 2026-06-27.
[edit | edit source]

Installation videos

[edit | edit source]

ToS

[edit | edit source]

Privacy Policy

[edit | edit source]

Websites

[edit | edit source]
Retrieved from "https://consumerrights.wiki/index.php?title=EDRLab&oldid=59229"