Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Tracking On the Way

Posted by timothy on from the drown-baby-in-the-bathwater dept.

(el)Capitan.Nick writes "PDFzone reports that the company Remote Approach has launched a service to track the movement of PDF documents with its tool Map-Bot. The purpose of this service is to allow PDF publishers the ability to measure their audience, as web publishers can already. Though personal information is not gathered from machines, IP addresses are. PDFs can require users to be connected to the Internet in order to read them, and every person you email the PDF to is subject to the service. As PDFzone's opinion article states, while 'the chances of running into a Remote Approach PDF right now -- and in the near future -- are pretty remote ... the potential for the technology to tarnish PDF's image [of security] is staggering.'"

8 of 248 comments (clear)

  1. But how will you know? by JoeBuck · · Score: 3, Interesting

    Disabling Javascript will keep the tracking from working, but if you don't, the transmission is completely invisible to you. It will look like normal HTTP traffic to your firewall.

  2. IP harvesting by Douglas+Simmons · · Score: 3, Interesting
    I'm going to try to present this in a non-paranoid tinfoil hat mentality: I could see this being a great feature if I were in the PDF sending business for marketing purposes or whatever. Now if I were in the FBI/CIA business, this would be great to use, for example, to proliferate PDFs on Kazaa with filenames/tags suggesting they contain info on how to make bombs or blueprints to the Pentagon so that I could collect IPs of whoever's interested in this type of stuff. You see where I'm going with that.

    Also, I definitely do not want to risk exposing my static IP to anyone, especially in a way that involves new technology that may be quite exploitable, just by clicking on a PDF link on google. I'm sorry but c'mon, that's just too much. Nevertheless, assuming the technology is viable, there'll be a demand that will outweigh objection for this new feature and Adobe will do it and make more money.

  3. Re:Simple... by Anonymous Coward · · Score: 1, Interesting

    I've received PDFs before that refuse to open unless something online checks them. My guess is that if you block it from tracking you, it'll block you from seeingn its contents.

  4. Re:As much as it pains me to say this... by akzeac · · Score: 5, Interesting

    Websites only collect the IP of the machine that downloaded the page. This technology would distributors to collect the IP of every machine in which the PDF is *viewed*.

    On the evil side, getting on the conspiration mood, it would also allow the FBI or the gov to diffund pseudo-dissident bait documents and then check and track anyone who reads it, anywhere he reads it.

  5. Acrobat is trouble, how about Foxit? by bigberk · · Score: 2, Interesting

    As others pointed out, this potential for a security breach occurs of embedded javascript in a PDF document. Adobe's reader is vulnerable by default. Does anyone know whether Foxit (a totally free PDF reader for Windows) is safer?

  6. Open Acrobat by Doc+Ruby · · Score: 2, Interesting

    My Windows firewall asks for permission for Acrobat Reader to access the Net all the time, and I always deny it. With no effect on the documents. They better not make that connection required, or I'll drop Acrobat entirely, for a snitchfree open alternative. PDF is an open format, with real alternative apps - Adobe would drive people into the arms of their open competition if they required such spyware.

    --

    --
    make install -not war

  7. Nothing new. by mystik · · Score: 2, Interesting

    There is nothing new about this. We've been (unfortunatly) using 3rd party document encryptor to protect some of our client's documents. Users require a plugin installed, but the document is actually encrypted, no javascript involved.

    The document can be configured to ping the server every time any action on the document is performed. (Printing, opening, etc). The server can decide to deny any action too.

    It does support a one-time-online-to-authorize mode (much like Windows Actvation), but that's about it.

    --
    Why aren't you encrypting your e-mail?
  8. Hardly a breakthrough by Darkbird · · Score: 2, Interesting

    My company is already using AlphaMail which does exactly the samething. And my next build of our document delivery system will add javascript to pdfs and webbugs to htmls.

    We're not protecting documents in any way, only capturing the tracking information. A lot of organization don't know that 1 seat license means 1 person and this tracking information would highlight offenders.

    Our subsriptions are 5k+/yearly :-)