Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Tracking On the Way

Posted by timothy on from the drown-baby-in-the-bathwater dept.

(el)Capitan.Nick writes "PDFzone reports that the company Remote Approach has launched a service to track the movement of PDF documents with its tool Map-Bot. The purpose of this service is to allow PDF publishers the ability to measure their audience, as web publishers can already. Though personal information is not gathered from machines, IP addresses are. PDFs can require users to be connected to the Internet in order to read them, and every person you email the PDF to is subject to the service. As PDFzone's opinion article states, while 'the chances of running into a Remote Approach PDF right now -- and in the near future -- are pretty remote ... the potential for the technology to tarnish PDF's image [of security] is staggering.'"

9 of 248 comments (clear)

  1. Okay.... by Balthisar · · Score: 4, Informative

    Okay... Print, Save as PDF on the Mac, or Print, select PDF Writer on Windows, or print to ps and "distill" with gs on anything else, and there goes the tracking. Not right?

    --
    --Jim (me)
    1. Re:Okay.... by Lehk228 · · Score: 4, Informative

      ghostscript can read encrypted PDF's, however it does honor the creator settings for disabled features, you will have to go in and recompile it with whatever function checking if it is set to disable features to always return no features disabled.

      --
      Snowden and Manning are heroes.
  2. Disable PDF Javascript by user9918277462 · · Score: 5, Informative

    The remote logging is done through embedded Javascript in the PDF file. Most free viewers such as gpdf, xpdf and kpdf don't support Javascript so you're safe with them.

    Adobe Acrobat Reader starting supporting embedded Javascript with version 7.0, although you can disable it in the preferences dialog. Apparently it bugs you every time you start the program to re-enable it, though.

    Bottom line: Stick with free software.

  3. Discussed on LWN concerning Adobe Acrobat 7 by nick_urbanik · · Score: 5, Informative
    • Article is subscribers only (worthwhile)
    • Article will be readable by guests 1 week after publishing
    • Solution in Linux is to disable Javascript in acroread 7
    1. Re:Discussed on LWN concerning Adobe Acrobat 7 by Isthistakenyet? · · Score: 5, Informative

      There is a bug (in my opinion) in Acrobat Reader 7 when you disable JavaScript that causes this warning to appear when exiting the program:

      This document contains JavaScripts. Do you want to enable JavaScripts from now on? This document may not behave correctly if they're disabled.

      This happens even if you do not have a document loaded, since Adobe Reader tries to run some internal JavaScripts when it exits. If JavaScript is disabled, this warning comes up. I've created patches that prevent this from happening on both Linux and Windows. They may also prevent the warning from coming up with documents that actually contain JavaScript.

  4. Re:PDF by jcr · · Score: 4, Informative

    IIRC, it's "Portable Document Format".

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  5. Rather pointless by hweimer · · Score: 5, Informative

    PDFs can require users to be connected to the Internet in order to read them,

    No, they can't, PDF is nothing but a data format. Some broken PDF viewers (especially those from Adobe) may do this, but since PDF is an open format, there will always be some other viewers that don't promote spying on their users. Basically, this is the same nonsense as the "no printing" option.

    --
    OS Reviews: Free and Open Source Software
  6. Re:Thankfully by GigsVT · · Score: 4, Informative

    Not likely, the last change to the PDF license was the ludricrous requirement that all those who implement PDF also implement the "evil bit".. that is the useless tags that forbid you from printing/saving/etc in acrobat (reader).

    No one else paid attention to it. Since earlier versions of the spec didn't have the requirement, there's no way they can enforce it. Other than that stupid requirement, the spec has an open and free license.

    Besides, only Adobe products implement javascript in PDFs to start with, so Adobe brought this on themselves. No other reader will allow this to happen.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  7. A little technical info by Anonymous Coward · · Score: 5, Informative

    Ok, so I downloaded the demo document, and captured the packets.
    There's a POST to remoteapproach.com (you could block all traffic going to remoteapproach.com, or just repoint remoteapproach.com to 127.0.0.1 or something in your hosts file.
    The POST message looks like:
    POST /remoteapproach/logging.asp?type=view&DocID=123456 7890&GroupID=123456789&ChannelID=123456789 HTTP/1.1

    The thing that gets me is that the content of the request also contains this:
    1 0 obj]/F(/C/Documents and Settings/Administrator/Desktop/MBRemote Approach Manual.pdf)>>>>

    As you can see, it contains the full system path to the file that I opened. This seems like a big privacy issue. After all, Acrobat didn't ASK if it could open the URL.

    The .PDF files can be opened with Ghostscript, and (obviously) do not send tracking information. Simply re-saving the document as PDF doesn't remove the tracking, but converting it (File--Convert) via pdfwrite APPEARS to remove the tracking.

    Some technology.