Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Tracking On the Way

Posted by timothy on from the drown-baby-in-the-bathwater dept.

(el)Capitan.Nick writes "PDFzone reports that the company Remote Approach has launched a service to track the movement of PDF documents with its tool Map-Bot. The purpose of this service is to allow PDF publishers the ability to measure their audience, as web publishers can already. Though personal information is not gathered from machines, IP addresses are. PDFs can require users to be connected to the Internet in order to read them, and every person you email the PDF to is subject to the service. As PDFzone's opinion article states, while 'the chances of running into a Remote Approach PDF right now -- and in the near future -- are pretty remote ... the potential for the technology to tarnish PDF's image [of security] is staggering.'"

28 of 248 comments (clear)

  1. Advertisements! by Eric(b0mb)Dennis · · Score: 5, Insightful

    Oh.. soon as they can track views of PDFs, people will start putting ads in them... I guarentee it!

    I can see it now.. Google introduces AdWords for PDFs...

    --
    Excuse me, I don't mean to impose, but I am the ocean
    1. Re:Advertisements! by ZephyrXero · · Score: 1, Insightful

      Will the DRM madness ever end!? What do we have to do to let these guys know we won't stand for it?

      --
      "A truly wise man realizes he knows nothing."
  2. Simple... by Rolan · · Score: 5, Insightful

    It's simple... Refuse to read PDFs that require the technology. Publishers won't get any data from it, and given a loud enough voice, will find that the tool reduces their distribution. It does them no good if the users won't read their documents because of it.

    --
    - AMW
    1. Re:Simple... by thedillybar · · Score: 4, Insightful
      >It's simple... Refuse to read PDFs that require the technology.

      You'd have trouble convincing more than about 2% of users to refuse.

      >Publishers won't get any data from it

      Sure they will. You will be the one getting no data because you're holding out when no one else cares.

      It's a wonderful idea, but it simply won't happen without government intervention...and who wants that?

    2. Re:Simple... by j1m+5n0w · · Score: 4, Insightful
      It's simple... Refuse to read PDFs that require the technology.

      Better than that, refuse to use pdf viewers that implement this "feature". (Does anyone know which those are? Without knowing, I would assume Adobe acrobat reader probably does and xpdf probably does not. Does anyone have more specific/accurate information?)

    3. Re:Simple... by dnoyeb · · Score: 2, Insightful

      I doubt what you say is true. PDF I would imagine are used a lot more by the business community than the general public. IN any event the format is in heavy use in the business community.

      I don't see the business community accepting applications phoning home when they see fit. My company wouldn't. Would IBM, Sun, Motorola, Toyota? Doubtful.

    4. Re:Simple... by Zeinfeld · · Score: 2, Insightful
      >It's simple... Refuse to read PDFs that require the technology.
      You'd have trouble convincing more than about 2% of users to refuse.

      No, simply block out connection to the tracking protocol. If Personal Internet firewalls were not so dufus designed they would make it easy to say 'this program has no business connecting to the Internet, silently disable all connection attempts without notice'.

      IE has the same bug in the active X scheme. There should be an option that allows downloading of active-x components to be refused unless they come from a small number of trusted sources. today the choice is disable activex entirely or allow sites to pester with 20 or more demands to install spyware.

      This adobe crap is spyware BTW

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
    5. Re:Simple... by cortana · · Score: 2, Insightful

      I'm pretty sure you can adjust your security policy to disallow untrusted activex downloads, along with a lot of other crap.

  3. As much as it pains me to say this... by ral315 · · Score: 4, Insightful

    How is it any different from collecting the I.P. of everyone who visits your website?

    1. Re:As much as it pains me to say this... by markandrew · · Score: 2, Insightful

      the difference is that for a website to know your IP, you have to explicitly and wilfully visit the site, in the knowledge that your visit will be logged.

      with this technology, you're not wilfully visiting anything - the document is on your own machine (or network) and unless there's a popup box giving you the information (which the article implies there won't be), you've no way of knowing that your IP is about to be transmitted.

      essentially, for a website, you're a willing client asking for a service to be delivered back to your address from a remote point. the simple act of asking for information to be sent to you is an implicit acknowledgement that your IP is available to the server for its own use. for -this- technology, you'd be an unwilling server sending out information without your knowledge to an, effectively, unknown client. that seems like a big difference to me.

    2. Re:As much as it pains me to say this... by Copperhead · · Score: 2, Insightful

      Remember, it was Big Brother who wrote Emmanuel Goldstein's "The Theory and Practice of Oligarchical Collectivism".

      --
      Your reality is lies and balderdash and I'm delighted to say that I have no grasp of it whatsoever. - Baron Munchausen
  4. PDF by UlfGabe · · Score: 1, Insightful

    doesn't PDF stand for "personal document file?"

    how does this application keep pdf's private?

    will pdf's work without an internet connection(i often transport pdfs to a secondary computer for viewing, and it is not connected to the internet!)

    --
    Check journal for info on Anti-TextBook, an idea by me.
  5. Mmm.. sounds like PDFs are ripe for 'sploiting by Anonymous Coward · · Score: 2, Insightful

    Let me see.. how about a DoS attack.. spam a PDF to a bunch of people and have the PDF phone home to a site you wish to attack. Or... can we run arbitrary code from PDFs?

  6. Sure, that works by John+Jorsett · · Score: 4, Insightful
    It's simple... Refuse to read PDFs that require the technology.

    Just like I can shop elsewhere if I don't like being captured on a store's video surveillance camera. Except that they ALL have cameras. If there's no true alternative, you're screwed. Am I going to forego opening that online manual that I desperately need to troubleshoot a problem? I don't think so. A better solution is for some enterprising hackers to find a way to break this technology.

    1. Re:Sure, that works by frazzydee · · Score: 2, Insightful

      I agree with you...which is why it's so important that we boycott these PDFs NOW, so it's stopped in its tracks. If people had generally decided that surveillance cameras didn't serve the public good, and boycotted them, we wouldn't have them today. Similarly, if we boycott PDFs with this technology before it becomes the only PDFs available, then I doubt they'll be a problem in the future.

  7. They should make another file extension by saskboy · · Score: 4, Insightful

    Rather than tarnish the PDF name, they should create the Tracked Document Format or TDF and that way users can distinguish between the two. To make people suspicious of PDF right after versions 5 and 6.0 were found to contain security holes, this will be bad for Adobe.

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  8. Slippery slope argument by sanityspeech · · Score: 3, Insightful
    The editor's take on the story makes it seem rather benign. However, the actual story makes it sound more alarming:
    Are Your PDFs Spying on You?
    Like Adobe Policy Server, Remote Approach can FORCE users to be connected to the Web in order to read the documents. It can track who's e-mailing your PDFs to whom, and what they're reading. Real-time. (Emphasis mine)

    FORCE me to go online??? I just hope that technical papers never use this tool.

    Denizens of the PDF world, however, take note. We enjoy--and sell--the differences between PDF, e-mail and HTML, and a lot of those differences are in the realm of security...

    Remote Approach, however, is the beginning of a movement that could chip away at PDF's sterling rep, one document at a time...

    Since the Map-Bot can chase a PDF through e-mail forwarding, it's more powerful data mining than that associated with Web pages, where the vital information gets thrown out when the user's cache is emptied.

    One would think they would come up with a better name than Map-BOT!!!

    Pretty damning, if I may say so.
  9. Re:IP harvesting by Anonymous Coward · · Score: 1, Insightful

    you can have my static ip

    192.168.0.2

  10. Eh? by Anonymous Coward · · Score: 1, Insightful

    The number one method of distributing pdf's is via website download, and that can already be tracked. So what is being gained (or lost) here? Tracking pdf's that are passed from person-to-person? *yawn*

  11. Refuse to read PDF's, period. by AtariAmarok · · Score: 3, Insightful

    PDF's are great for printing, but not as easy to view on the Internet as regular html files. The Google "viwe as html" tool will help greatly.

    --
    Don't blame Durga. I voted for Centauri.
  12. Just one more reason by Peaker · · Score: 2, Insightful

    That PDF sucks. Use HTML.

  13. No. DRM will never end. by Saeed+al-Sahaf · · Score: 2, Insightful

    No. DRM will never end, because those who actually spend time and money producing content like to pay the bills like everyone else. Simple as that.

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
    1. Re:No. DRM will never end. by Daniel+Phillips · · Score: 2, Insightful

      "I spend time and money making content and I pay the bills just fine without DRM."

      Sad or not, good or bad, YOU do not represent the VAST majority of content producers

      But HE understands the position of the VAST majority of content consumers, which is more important. Whichever content producers do not understand this are going to suffer pain. Much pain. Try this little experiment: think to yourself "who is king?"

      If the thought popped into your head "the customer is king!" then you are well on the way to having a clue.

      --
      Have you got your LWN subscription yet?
  14. Re:Okay.... by mysidia · · Score: 2, Insightful

    Or more likely: ghostscript just can't read encrypted PDFs.

    And when you can successfully read it, the same goes for some other special features/text formatting, maybe... you just lose them in the conversion

    The technology kind of defeats the value of PDF, IMO. Because, you see, if you have to be on the Internet to read the PDF, and you can't read offline at your leisure on whatever device that is available then it's not really a Portable document, now, is it?

  15. Re:Disable PDF Javascript by Laxori666 · · Score: 2, Insightful

    I myself use acrobat reader 4.0 . It loads about 1000x faster than 6 or 7 which are huge and bloated. I haven't had any trouble viewing pdfs yet.

  16. Re:Thankfully by Anonymous Coward · · Score: 1, Insightful

    Ban it? Adobe loves it. Have you seen A7? I think it started in 6 for Windows, but 7 now has all sorts of DRM capability including server managed keys.

  17. Re:Open Acrobat by Doc+Ruby · · Score: 2, Insightful

    What's so stupid about asking whether some doc reader should open a connection to the Net? That's exactly *why* I use the firewall. I could set it to always deny, but I want some apps to notify me when they ask for access, like Acrobat, IE, various Windows processes. Since they're too sneaky to notify me, I have the firewall do it. Just because *you* don't know what your apps are doing, doesn't mean that they're safe.

    --

    --
    make install -not war

  18. Evil, explained by hummassa · · Score: 3, Insightful

    Q: How does this tracking mechanism differ from web log analysers?

    A: Simple, web log analysers aren't capable of tracking redistributions of the same document. If you copy a web page, say about theories in free-market macroeconomics, and e-mail the copy to a friend, say in China, no one will ever know your friend has read it. But if you copy one of those and it's read by your friend there, then certainly your friend will have a red flag (pun intended) on him.

    HTH

    --
    It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048