OverDrive takes data security and patron privacy very seriously. They continue to invest in updating their services to adhere to the latest standards for data protection and security. To be able to offer more current technologies, they are also sometimes required to discontinue support for legacy services that do not meet the newer standards.
Accordingly, OverDrive is preparing to end support for devices that use the outdated TLS 1.0 and 1.1 security protocols. TLS (Transport Layer Security) is the technology that keeps data private when it is sent over a secure (https) internet connection. TLS versions 1.0 and 1.1 date back to 1999 and 2006, respectively, and have since been replaced on most devices by TLS 1.2, which addresses weaknesses and vulnerabilities in the earlier versions. At OverDrive, TLS protects the privacy of patron data, including library card information.
In alignment with security best practices, and following suit with other technology industry leaders like Apple, Google, and Microsoft, OverDrive will end support for TLS 1.0 and 1.1 on October 30, 2020. After October 30, the OverDrive app and OverDrive websites will no longer work on devices that don’t support TLS 1.2.
This change is most likely to affect Android devices that cannot upgrade to at least Android version 5, including early Kindle Fires, early Samsung Galaxy tablets, and Kobo Arc devices (all of which were released in 2014 or earlier). Based on OverDrive analytics, usage of these devices has been declining and currently accounts for approximately 0.5-1% of users across all OverDrive libraries.
To keep using the OverDrive app and OverDrive websites, affected patrons will need to either update their device’s operating system (if possible) to a version that supports TLS 1.2 or switch to a device that supports TLS 1.2. Users can also choose to only update their device’s browser to a version that supports TLS 1.2, which will allow them to use OverDrive websites in their browser (though they won’t be able to use the OverDrive app). Users of early Kindle Fires and other ereaders that don’t support TLS 1.2 will still be able to read library ebooks if the book is delivered or transferred to their Kindle Fire or ereader from a supported device.
Current Libby users on Android devices should not be affected, as Libby’s minimum system requirements were already raised to Android 5 in June 2020.
Beginning September 1, 2020, the OverDrive app and OverDrive websites will display a message on devices currently using TLS 1.0 and 1.1 to alert affected users of the upcoming change. This message will link to a help article that explains the change and provides information about the system updates that will be needed to access our OverDrive digital library after October 30.
~ Hilary, Carnegie Library of Pittsburgh