Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Tracking On the Way

Posted by timothy on from the drown-baby-in-the-bathwater dept.

(el)Capitan.Nick writes "PDFzone reports that the company Remote Approach has launched a service to track the movement of PDF documents with its tool Map-Bot. The purpose of this service is to allow PDF publishers the ability to measure their audience, as web publishers can already. Though personal information is not gathered from machines, IP addresses are. PDFs can require users to be connected to the Internet in order to read them, and every person you email the PDF to is subject to the service. As PDFzone's opinion article states, while 'the chances of running into a Remote Approach PDF right now -- and in the near future -- are pretty remote ... the potential for the technology to tarnish PDF's image [of security] is staggering.'"

5 of 248 comments (clear)

  1. Disable PDF Javascript by user9918277462 · · Score: 5, Informative

    The remote logging is done through embedded Javascript in the PDF file. Most free viewers such as gpdf, xpdf and kpdf don't support Javascript so you're safe with them.

    Adobe Acrobat Reader starting supporting embedded Javascript with version 7.0, although you can disable it in the preferences dialog. Apparently it bugs you every time you start the program to re-enable it, though.

    Bottom line: Stick with free software.

  2. Discussed on LWN concerning Adobe Acrobat 7 by nick_urbanik · · Score: 5, Informative
    • Article is subscribers only (worthwhile)
    • Article will be readable by guests 1 week after publishing
    • Solution in Linux is to disable Javascript in acroread 7
    1. Re:Discussed on LWN concerning Adobe Acrobat 7 by Isthistakenyet? · · Score: 5, Informative

      There is a bug (in my opinion) in Acrobat Reader 7 when you disable JavaScript that causes this warning to appear when exiting the program:

      This document contains JavaScripts. Do you want to enable JavaScripts from now on? This document may not behave correctly if they're disabled.

      This happens even if you do not have a document loaded, since Adobe Reader tries to run some internal JavaScripts when it exits. If JavaScript is disabled, this warning comes up. I've created patches that prevent this from happening on both Linux and Windows. They may also prevent the warning from coming up with documents that actually contain JavaScript.

  3. Rather pointless by hweimer · · Score: 5, Informative

    PDFs can require users to be connected to the Internet in order to read them,

    No, they can't, PDF is nothing but a data format. Some broken PDF viewers (especially those from Adobe) may do this, but since PDF is an open format, there will always be some other viewers that don't promote spying on their users. Basically, this is the same nonsense as the "no printing" option.

    --
    OS Reviews: Free and Open Source Software
  4. A little technical info by Anonymous Coward · · Score: 5, Informative

    Ok, so I downloaded the demo document, and captured the packets.
    There's a POST to remoteapproach.com (you could block all traffic going to remoteapproach.com, or just repoint remoteapproach.com to 127.0.0.1 or something in your hosts file.
    The POST message looks like:
    POST /remoteapproach/logging.asp?type=view&DocID=123456 7890&GroupID=123456789&ChannelID=123456789 HTTP/1.1

    The thing that gets me is that the content of the request also contains this:
    1 0 obj]/F(/C/Documents and Settings/Administrator/Desktop/MBRemote Approach Manual.pdf)>>>>

    As you can see, it contains the full system path to the file that I opened. This seems like a big privacy issue. After all, Acrobat didn't ASK if it could open the URL.

    The .PDF files can be opened with Ghostscript, and (obviously) do not send tracking information. Simply re-saving the document as PDF doesn't remove the tracking, but converting it (File--Convert) via pdfwrite APPEARS to remove the tracking.

    Some technology.