Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Quietly Monitoring Software Use?

Posted by Zonk on from the probably-not-that-big-a-deal dept.

henrypijames writes "For months, users of Adobe Creative Suite 3 have been wondering why some of the applications regularly connect to what looks like a private IP address but is actually a public domain address belonging to the web analytics company Omniture. Now allegations of user spying are getting louder, prompting Adobe Photoshop product manager John Nack to respond, though many remain unsatisfied with his explanation."

9 of 304 comments (clear)

  1. Not about spying by 75th+Trombone · · Score: 5, Interesting

    To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name, 192.168.112.2O7.net. It's at least meant to confuse unwary users, and possibly meant to confuse misconfigured firewalls.

    As someone said on a blog I can't find right now, this is not a story about privacy; it's a story about lies.

    --
    The United States of America: We do what we must because we can.
    1. Re:Not about spying by IdeaMan · · Score: 5, Interesting

      Adobe may indeed be the innocent party here, depending on how Omniture code is included into their build.
      What I found as a cause for concern is that it is tracking an embedded Opera browser.

      --
      They ARE out to get you simply because They are in it for themselves and they don't care about you.
    2. Re:Not about spying by jo42 · · Score: 3, Interesting

      Complain to abuse@internap.com re: that address range as hosting a spyware server...

  2. No explanation is a good explanation. by solios · · Score: 4, Interesting

    Simply put, the only things on my machine that should phone out should be voluntarily invoked by me - the user. Namely the web browsers, software update, ssh, etceteras.

    Adobe's behavior of late (and it will only get worse) is why applications like Little Snitch exist.

    This kind of thing is why I wish The GIMP or similar would get useable* for those of us with hundreds of gigs of Photoshop documents.

    * Open, Save, full support for all blending modes, masking modes, layer groups, and fonts/text editing capability up to at least Photoshop CS. I don't need the thing to handle Exactly Like Photoshop, but if it's going to be the "photoshop competitor" every FOSS advocate claims it is (instead of, say, the Paintshop Pro competitor that it actually is), then it ought to at least be able to handle my existing documents as well as OpenOffice handles .doc files.

  3. Re:Phisher's Delight by ScrewMaster · · Score: 5, Interesting

    P.S. for those of you who have not set up a LAN, 192.168.xxx.xxx is typically an IP address for an internal LAN, not something out on the Web.

    More to the point, the 192.168.x.x address range is one of several that are specifically intended to be non-routable on the Internet. Many people know this, even those who aren't otherwise that network-savvy. This is a blatant attempt to make the address appear safe ("well, I dunno what it's doing, but at least it's only sending to address on my LAN!") Not what one should expect from a major software house, but unfortunately, it is what we are all coming to expect from everyone in the business. Doesn't much matter what they're actually sending to Omni-whatever ... the fact that they're sending anything at all is very bad. Nothing on my system is their business, unless I say it is. Period.

    You know, this reminds of something that Jack Valenti once said (about the only thing that sociopath ever said that I agree with): "Just because technology lets us do something, it doesn't mean we should." Now, he was referring to the copying and downloading of DVDs, but his point is still valid. We're seeing too many companies set up to serve larger organizations (Omniture, MediaSentry) using the Internet in unethical if not outright illegal ways. Presumably, this is so the corporation hiring them (in this case, Adobe) has some plausible deniability.

    --
    The higher the technology, the sharper that two-edged sword.
  4. EULA by slashdotmos · · Score: 3, Interesting

    I didnt see it posted and I dont read most EULAs, but as long as this has a line about the 'phoning home' process then all is ok. Now if they never post anything in the EULA then that is a big problem! You accept anything the software does when you click I agree. You dont have to agree and use the software. Anytime I think about EULAs, I think they are made to legal like that noone is going to read it and those that do will most likly just say 'yea whatever, i want to use the software'. Which reminds me of the one software that had a written reward in the EULA and after like 5 years (or longer, i dont remember) and a lot of users some guy saw a lil statement that said the the effect 'email us this code and we will send you $5000'

  5. Re:2o7.net *Not* 207.net by azrider · · Score: 4, Interesting
    Omniture's Opt-Out Policy:

    We offer visitors to certain of our customers' websites a means for controlling the use of session information with respect to the Omniture SiteCatalyst, Omniture DataWarehouse, Omniture Discover and Omniture SearchCenter products using cookies set from Omniture's 2o7.net domain (i.e. that use the 2o7.net cookie to facilitate data collection). If, at any time a customer's website visitor does not wish to allow his/her session visitation information to be aggregated and analyzed by Omniture on such customer sites, he/she may utilize the following opt out mechanism. For customers that use non-Omniture cookies to collect data on their websites, please review the privacy disclosures of such customers for specific details on any and all applicable opt outs on such sites.
    It was noted in one of the linked articles that the opt-out action sets a cookie on your machine. If you delete this cookie, you have just opted back in.

    So let me get this straight. In order to tell Omniture not to do anything on my machine, I have to give Omniture access to my machine. What sort of half-assed policy is this?

    --
    And ye shall know the truth, and the truth shall make you free.
    John 8:32(King James Version)
  6. Re:Don't yet have the full story by fermion · · Score: 4, Interesting
    It is not a misleading server name, at least not anymore. Cognizant web users know 2o7.net, or whatever, is the cookie tracking site, and mostly blocks them. This company though liegitimate, does smell of sleaze. It was one of the first companies to use such social confusion, replacement of the '0' with 'o' so that in the days when one manually entered the domains to block, they would block the wrong domain. They are legitimate, and companies that work with them are legitimate, but the original sleaze factor is always there, and is obviously going to be transfered to clients.

    This then leads to the question of why Adobe is using them for applications, which leads to think what has been aquired in the past year or so. I know. Macromedia. You know, that company that produces complicated resources hogging web content that unlike other resource hogging content cannot be filtered by most web browsers. I had hoped that Adobe might soften the rules and ship a flash player that was less user hostile, but no such new player exists. So, can we presume that instead of the user friendly Adbobe culture positively affecting the old macromedia products, that the end user hostile macromedia culture is infecting the adobe products.

    OTOH, this product is a web design product, and most web designers get their money from ad revenue, so I would hardly think that the users of the product would have much problem with working with 2o7, kind of a necessary evil sort of thing. I can't imagine why adobe would use them at the design level, but overall I agree that it will be of no big deal to users of the product. To me, it is another step in the downfall of Adobe.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  7. Good justification for a crack by EdIII · · Score: 3, Interesting

    This is why I only use cracked software. Even if I purchase the software, which all of mine actually is, i run it cracked with lot of firewall rules.

    I have never trusted any software company that attempts to make an outbound connection for ANY reason. Certain programs being an obvious exception like web browsers.

    The fact that behavior like this is now coming from Adobe provably, is no surprise to me at all. Adobe has been almost militant in it's defense against piracy. If they had their way, all computers would be hooked up to a central database and run only authorized code decided by a "high council" of software developers.

    I know some may say that the "jury is still out", but I don't believe that any of this was done without Adobe's knowledge or consent. After all, any software developer would be stupid and negligent if it subbed out development work or services to a 3rd party without verifying the functionality of the code or auditing the services.

    In any case, for a company with Adobe's reputation, this is very damaging.