Slashdot Mirror
PDF Tracking On the Way
(el)Capitan.Nick writes "PDFzone reports that the company Remote Approach has launched a service to track the movement of PDF documents with its tool Map-Bot. The purpose of this service is to allow PDF publishers the ability to measure their audience, as web publishers can already. Though personal information is not gathered from machines, IP addresses are. PDFs can require users to be connected to the Internet in order to read them, and every person you email the PDF to is subject to the service. As PDFzone's opinion article states, while 'the chances of running into a Remote Approach PDF right now -- and in the near future -- are pretty remote ... the potential for the technology to tarnish PDF's image [of security] is staggering.'"
Oh.. soon as they can track views of PDFs, people will start putting ads in them... I guarentee it!
I can see it now.. Google introduces AdWords for PDFs...
Excuse me, I don't mean to impose, but I am the ocean
It's simple... Refuse to read PDFs that require the technology. Publishers won't get any data from it, and given a loud enough voice, will find that the tool reduces their distribution. It does them no good if the users won't read their documents because of it.
- AMW
How is it any different from collecting the I.P. of everyone who visits your website?
Okay... Print, Save as PDF on the Mac, or Print, select PDF Writer on Windows, or print to ps and "distill" with gs on anything else, and there goes the tracking. Not right?
--Jim (me)
Oh, wait...
Your reality is lies and balderdash and I'm delighted to say that I have no grasp of it whatsoever. - Baron Munchausen
The remote logging is done through embedded Javascript in the PDF file. Most free viewers such as gpdf, xpdf and kpdf don't support Javascript so you're safe with them.
Adobe Acrobat Reader starting supporting embedded Javascript with version 7.0, although you can disable it in the preferences dialog. Apparently it bugs you every time you start the program to re-enable it, though.
Bottom line: Stick with free software.
IIRC, it's "Portable Document Format".
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Just like I can shop elsewhere if I don't like being captured on a store's video surveillance camera. Except that they ALL have cameras. If there's no true alternative, you're screwed. Am I going to forego opening that online manual that I desperately need to troubleshoot a problem? I don't think so. A better solution is for some enterprising hackers to find a way to break this technology.
PDFs can require users to be connected to the Internet in order to read them,
No, they can't, PDF is nothing but a data format. Some broken PDF viewers (especially those from Adobe) may do this, but since PDF is an open format, there will always be some other viewers that don't promote spying on their users. Basically, this is the same nonsense as the "no printing" option.
OS Reviews: Free and Open Source Software
Rather than tarnish the PDF name, they should create the Tracked Document Format or TDF and that way users can distinguish between the two. To make people suspicious of PDF right after versions 5 and 6.0 were found to contain security holes, this will be bad for Adobe.
Saskboy's blog is good. 9 out of 10 dentists agree.
Disabling Javascript will keep the tracking from working, but if you don't, the transmission is completely invisible to you. It will look like normal HTTP traffic to your firewall.
Also, I definitely do not want to risk exposing my static IP to anyone, especially in a way that involves new technology that may be quite exploitable, just by clicking on a PDF link on google. I'm sorry but c'mon, that's just too much. Nevertheless, assuming the technology is viable, there'll be a demand that will outweigh objection for this new feature and Adobe will do it and make more money.
FORCE me to go online??? I just hope that technical papers never use this tool.
Denizens of the PDF world, however, take note. We enjoy--and sell--the differences between PDF, e-mail and HTML, and a lot of those differences are in the realm of security...
Remote Approach, however, is the beginning of a movement that could chip away at PDF's sterling rep, one document at a time...
Since the Map-Bot can chase a PDF through e-mail forwarding, it's more powerful data mining than that associated with Web pages, where the vital information gets thrown out when the user's cache is emptied.
One would think they would come up with a better name than Map-BOT!!!
Pretty damning, if I may say so.
Not likely, the last change to the PDF license was the ludricrous requirement that all those who implement PDF also implement the "evil bit".. that is the useless tags that forbid you from printing/saving/etc in acrobat (reader).
No one else paid attention to it. Since earlier versions of the spec didn't have the requirement, there's no way they can enforce it. Other than that stupid requirement, the spec has an open and free license.
Besides, only Adobe products implement javascript in PDFs to start with, so Adobe brought this on themselves. No other reader will allow this to happen.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
PDF's are great for printing, but not as easy to view on the Internet as regular html files. The Google "viwe as html" tool will help greatly.
Don't blame Durga. I voted for Centauri.
Ok, so I downloaded the demo document, and captured the packets. /remoteapproach/logging.asp?type=view&DocID=123456 7890&GroupID=123456789&ChannelID=123456789 HTTP/1.1
.PDF files can be opened with Ghostscript, and (obviously) do not send tracking information. Simply re-saving the document as PDF doesn't remove the tracking, but converting it (File--Convert) via pdfwrite APPEARS to remove the tracking.
There's a POST to remoteapproach.com (you could block all traffic going to remoteapproach.com, or just repoint remoteapproach.com to 127.0.0.1 or something in your hosts file.
The POST message looks like:
POST
The thing that gets me is that the content of the request also contains this:
1 0 obj]/F(/C/Documents and Settings/Administrator/Desktop/MBRemote Approach Manual.pdf)>>>>
As you can see, it contains the full system path to the file that I opened. This seems like a big privacy issue. After all, Acrobat didn't ASK if it could open the URL.
The
Some technology.
That PDF sucks. Use HTML. well, html also has javascript; it can also track you. actually just by including a remote image in html you can be tracked, no javascript required, though i'm not sure if pdfs can use remote images about what kind of network connections can be produced to verify certificates. though i must say that i am rather supprised that standard pdfs(adobes reader) allows for this, when i(and assume many others too) see a pdf i see a document, a standardized text file, not something with a mind of its own, it was rather nasty for adobe to sneak in something like this after previosly providing a clean and trusted standard, i guess i should have taken that animated banner as a warning to what has and will become. yes, you can use open source readers but look at all the joe averages that have been led to adobes reader by more tech savy people, joe average isn't reading slashdot and doesn't like change. and no you can't really disable javascript as it will bother about it everytime you close until you give in.
Q: How does this tracking mechanism differ from web log analysers?
A: Simple, web log analysers aren't capable of tracking redistributions of the same document. If you copy a web page, say about theories in free-market macroeconomics, and e-mail the copy to a friend, say in China, no one will ever know your friend has read it. But if you copy one of those and it's read by your friend there, then certainly your friend will have a red flag (pun intended) on him.
HTH
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048