PDF Tracking On the Way

← Back to Stories (view on slashdot.org)

Posted by timothy on Saturday April 2, 2005 @10:05AM from the drown-baby-in-the-bathwater dept.

(el)Capitan.Nick writes "PDFzone reports that the company Remote Approach has launched a service to track the movement of PDF documents with its tool Map-Bot. The purpose of this service is to allow PDF publishers the ability to measure their audience, as web publishers can already. Though personal information is not gathered from machines, IP addresses are. PDFs can require users to be connected to the Internet in order to read them, and every person you email the PDF to is subject to the service. As PDFzone's opinion article states, while 'the chances of running into a Remote Approach PDF right now -- and in the near future -- are pretty remote ... the potential for the technology to tarnish PDF's image [of security] is staggering.'"

18 of 248 comments (clear)

Min score:

Reason:

Sort:

Advertisements! by Eric(b0mb)Dennis · 2005-04-02 10:06 · Score: 5, Insightful

Oh.. soon as they can track views of PDFs, people will start putting ads in them... I guarentee it!

I can see it now.. Google introduces AdWords for PDFs...

--
Excuse me, I don't mean to impose, but I am the ocean
Simple... by Rolan · 2005-04-02 10:08 · Score: 5, Insightful

It's simple... Refuse to read PDFs that require the technology. Publishers won't get any data from it, and given a loud enough voice, will find that the tool reduces their distribution. It does them no good if the users won't read their documents because of it.

--
- AMW
1. Re:Simple... by thedillybar · 2005-04-02 10:14 · Score: 4, Insightful
  
  >It's simple... Refuse to read PDFs that require the technology.
  You'd have trouble convincing more than about 2% of users to refuse.
  >Publishers won't get any data from it
  Sure they will. You will be the one getting no data because you're holding out when no one else cares.
  It's a wonderful idea, but it simply won't happen without government intervention...and who wants that?
2. Re:Simple... by j1m+5n0w · 2005-04-02 10:46 · Score: 4, Insightful
  
  It's simple... Refuse to read PDFs that require the technology.
  
  Better than that, refuse to use pdf viewers that implement this "feature". (Does anyone know which those are? Without knowing, I would assume Adobe acrobat reader probably does and xpdf probably does not. Does anyone have more specific/accurate information?)
As much as it pains me to say this... by ral315 · 2005-04-02 10:08 · Score: 4, Insightful

How is it any different from collecting the I.P. of everyone who visits your website?
1. Re:As much as it pains me to say this... by akzeac · 2005-04-02 10:30 · Score: 5, Interesting
  
  Websites only collect the IP of the machine that downloaded the page. This technology would distributors to collect the IP of every machine in which the PDF is *viewed*.
  
  On the evil side, getting on the conspiration mood, it would also allow the FBI or the gov to diffund pseudo-dissident bait documents and then check and track anyone who reads it, anywhere he reads it.
Okay.... by Balthisar · 2005-04-02 10:08 · Score: 4, Informative

Okay... Print, Save as PDF on the Mac, or Print, select PDF Writer on Windows, or print to ps and "distill" with gs on anything else, and there goes the tracking. Not right?

--
--Jim (me)
1. Re:Okay.... by Lehk228 · 2005-04-02 11:15 · Score: 4, Informative
  
  ghostscript can read encrypted PDF's, however it does honor the creator settings for disabled features, you will have to go in and recompile it with whatever function checking if it is set to disable features to always return no features disabled.
  
  --
  Snowden and Manning are heroes.
Disable PDF Javascript by user9918277462 · 2005-04-02 10:10 · Score: 5, Informative

The remote logging is done through embedded Javascript in the PDF file. Most free viewers such as gpdf, xpdf and kpdf don't support Javascript so you're safe with them.

Adobe Acrobat Reader starting supporting embedded Javascript with version 7.0, although you can disable it in the preferences dialog. Apparently it bugs you every time you start the program to re-enable it, though.

Bottom line: Stick with free software.
Discussed on LWN concerning Adobe Acrobat 7 by nick_urbanik · 2005-04-02 10:11 · Score: 5, Informative
- Article is subscribers only (worthwhile)
- Article will be readable by guests 1 week after publishing
- Solution in Linux is to disable Javascript in acroread 7
1. Re:Discussed on LWN concerning Adobe Acrobat 7 by Isthistakenyet? · 2005-04-02 10:24 · Score: 5, Informative
  
  There is a bug (in my opinion) in Acrobat Reader 7 when you disable JavaScript that causes this warning to appear when exiting the program:
  
  This document contains JavaScripts. Do you want to enable JavaScripts from now on? This document may not behave correctly if they're disabled.
  
  This happens even if you do not have a document loaded, since Adobe Reader tries to run some internal JavaScripts when it exits. If JavaScript is disabled, this warning comes up. I've created patches that prevent this from happening on both Linux and Windows. They may also prevent the warning from coming up with documents that actually contain JavaScript.
Re:PDF by jcr · 2005-04-02 10:14 · Score: 4, Informative

IIRC, it's "Portable Document Format".

-jcr

--
The only title of honor that a tyrant can grant is "Enemy of the State."
Sure, that works by John+Jorsett · 2005-04-02 10:16 · Score: 4, Insightful

It's simple... Refuse to read PDFs that require the technology.
Just like I can shop elsewhere if I don't like being captured on a store's video surveillance camera. Except that they ALL have cameras. If there's no true alternative, you're screwed. Am I going to forego opening that online manual that I desperately need to troubleshoot a problem? I don't think so. A better solution is for some enterprising hackers to find a way to break this technology.
1. Re:Sure, that works by John+Hasler · 2005-04-02 11:30 · Score: 4, Funny
  
  > Just like I can shop elsewhere if I don't like
  > being captured on a store's video surveillance
  > camera.
  
  Yes. You can. Contrary to common belief, your choices are not limited to Walmart and Kmart.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Rather pointless by hweimer · 2005-04-02 10:17 · Score: 5, Informative

PDFs can require users to be connected to the Internet in order to read them,

No, they can't, PDF is nothing but a data format. Some broken PDF viewers (especially those from Adobe) may do this, but since PDF is an open format, there will always be some other viewers that don't promote spying on their users. Basically, this is the same nonsense as the "no printing" option.

--
OS Reviews: Free and Open Source Software
They should make another file extension by saskboy · 2005-04-02 10:20 · Score: 4, Insightful

Rather than tarnish the PDF name, they should create the Tracked Document Format or TDF and that way users can distinguish between the two. To make people suspicious of PDF right after versions 5 and 6.0 were found to contain security holes, this will be bad for Adobe.

--
Saskboy's blog is good. 9 out of 10 dentists agree.
Re:Thankfully by GigsVT · 2005-04-02 10:34 · Score: 4, Informative

Not likely, the last change to the PDF license was the ludricrous requirement that all those who implement PDF also implement the "evil bit".. that is the useless tags that forbid you from printing/saving/etc in acrobat (reader).

No one else paid attention to it. Since earlier versions of the spec didn't have the requirement, there's no way they can enforce it. Other than that stupid requirement, the spec has an open and free license.

Besides, only Adobe products implement javascript in PDFs to start with, so Adobe brought this on themselves. No other reader will allow this to happen.

--
I've had enough abrasive sigs. Kittens are cute and fuzzy.
A little technical info by Anonymous Coward · 2005-04-02 10:56 · Score: 5, Informative

Ok, so I downloaded the demo document, and captured the packets.
There's a POST to remoteapproach.com (you could block all traffic going to remoteapproach.com, or just repoint remoteapproach.com to 127.0.0.1 or something in your hosts file.
The POST message looks like:
POST /remoteapproach/logging.asp?type=view&DocID=123456 7890&GroupID=123456789&ChannelID=123456789 HTTP/1.1

The thing that gets me is that the content of the request also contains this:
1 0 obj]/F(/C/Documents and Settings/Administrator/Desktop/MBRemote Approach Manual.pdf)>>>>

As you can see, it contains the full system path to the file that I opened. This seems like a big privacy issue. After all, Acrobat didn't ASK if it could open the URL.

The .PDF files can be opened with Ghostscript, and (obviously) do not send tracking information. Simply re-saving the document as PDF doesn't remove the tracking, but converting it (File--Convert) via pdfwrite APPEARS to remove the tracking.

Some technology.