EDRLab
EDRLab is a "non-profit development laboratory working on the deployment of an open, interoperable and accessible digital publishing ecosystem worldwide." It has over 100 members, but some of its founding members are: Editis, Hachette, Centre National du livre, Groupe Madrigall and the French State. EDRLab is a member of W3C and Readium Foundation. It is one of the main contributors to Readium toolkits and the manager of Readium LCP DRM. They are also the creators of Thorium Reader, an EPUB reading application.[1][2][3]
| Basic information | |
|---|---|
| Founded | 2015-07-17 |
| Legal Structure | Non-profit |
| Industry | Software |
| Also known as | European Digital Reading Lab |
| Official website | https://www.edrlab.org/ |
Consumer-impact summary
edit
Incidents
editThorium Reader privacy policy and terms of use
editDespite Thorium's homepage stating that
This application is free, with no ads and no private data leaks.
[4]There is data collection, but it is stated that it is "non-personal." The application calling itself private might give some users the wrong impression if they take it to mean "no calling home." The reader sends this "non-personal" data to EDRLab's servers. It is impossible to opt out of "notifications" that are sent to a server every time the application is started. They state that this information
is for analytics only and not accessed by any third party. It is used to get information about the evolution of the number of installs of the application per operating system, the evolution of usage sessions and the main locales in use.
And
Parameters of such notification are:
- a timestamp,
- the version of Thorium Reader,
- the operating system of the device and its version,
- the locale of the application at the time it is started,
- if this is the first start of Thorium Reader after a fresh install.
The IP address of the device is not stored along with the above information.
It is not possible to opt-out from this notification.
Also
a notification is sent to an LCP Server each time a protected publication is open. This is required by the LCP specification for checking if the license of use of the publication has been updated. There is not centralized LCP Server, each server is operated by the distributor of the protected publication acquired by the user.
Parameters of such notification are:
- a device identifier, automatically generated at the install of the application.
- a device name, automatically generated at the install of the application.
The codebase of Thorium Reader is open-sourced and can therefore be fully inspected, with the exception of a small software library used as core for the Readium LCP DRM, which does not store or send any data.
The terms of privacy policy can also evidently be changed without users being notified in their actual reading application, but rather:
We may change the Privacy Policy from time to time. We will notify you by posting the revised Privacy Policy on this page and the date on which the last changes were made will be noted at the top of the page.
There are several interesting things in the terms of service. First
You hereby agree to indemnify and hold harmless the EDRLab Parties from and against any and all claims, actions or proceedings of any nature whatsoever and all damages, judgments, losses, liabilities, costs and expenses, including reasonable attorneys’ fees and expenses (including those incurred to enforce this provision), arising out of your use of the Application, the Content, any actual or alleged breach by you of these Terms of Use, or any violation by you of any applicable law or the rights of any other person or entity.
Especially:
any actual or alleged breach by you of these Terms of Use
As per this, one is agreeing to "indemnify and hold harmless the EDRLab Parties" even for alleged breaches of the terms of service.
In one of the quotes above, it is mentioned that due to Thorium's open source nature, one can inspect its source code apart from a "small software library used as core for the Readium LCP DRM, which does not store or send any data" Which, one cannot verify that part, since:
In addition, you may not rent, sell, modify, decompile, disassemble, reverse engineer or transfer the Application in whole or in part. You may not use any device, software or routine to interfere with or attempt to interfere with the proper functioning of the Application in whole or in part.
So it would appear that it is up to individual users to decide if not being able to verify that part is acceptable to them. Finally, there is also this:
However, you acknowledge that the EDRLab Parties have the right to monitor the use of the Application, at its sole discretion, and to disclose any information necessary to comply with any law, regulation or government request, in order to be able to operate the Application adequately or in order to protect itself or its users under the “Privacy Policy”
Products
edit- Thorium Reader
See also
editReferences
edit- ↑ "About". edrlab.org. Archived from the original on 2 May 2026. Retrieved 24 Jun 2026.
- ↑ "EDRLab members directory". Archived from the original on 3 Mar 2026. Retrieved 24 Jun 2026.
- ↑ "SITUATION AU REPERTOIRE SIRENE". insee.fr (in français). 24 Jun 2026. Archived from the original on 24 Jun 2026.
- ↑ "Thorium Reader". edrlab.org. Archived from the original on 19 Jun 2026. Retrieved 24 Jun 2026.
- ↑ "Thorium Reader – Terms of Use". edrlab.org. 22 Nov 2022. Archived from the original on 17 Jun 2026. Retrieved 24 Jun 2026.
- ↑ "Thorium Reader – Privacy Policy". edrlab.org. 22 Nov 2022. Archived from the original on 17 Jun 2026. Retrieved 24 Jun 2026.