Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Quietly Monitoring Software Use?

Posted by Zonk on from the probably-not-that-big-a-deal dept.

henrypijames writes "For months, users of Adobe Creative Suite 3 have been wondering why some of the applications regularly connect to what looks like a private IP address but is actually a public domain address belonging to the web analytics company Omniture. Now allegations of user spying are getting louder, prompting Adobe Photoshop product manager John Nack to respond, though many remain unsatisfied with his explanation."

12 of 304 comments (clear)

  1. Not about spying by 75th+Trombone · · Score: 5, Interesting

    To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name, 192.168.112.2O7.net. It's at least meant to confuse unwary users, and possibly meant to confuse misconfigured firewalls.

    As someone said on a blog I can't find right now, this is not a story about privacy; it's a story about lies.

    --
    The United States of America: We do what we must because we can.
    1. Re:Not about spying by IdeaMan · · Score: 5, Interesting

      Adobe may indeed be the innocent party here, depending on how Omniture code is included into their build.
      What I found as a cause for concern is that it is tracking an embedded Opera browser.

      --
      They ARE out to get you simply because They are in it for themselves and they don't care about you.
    2. Re:Not about spying by pla · · Score: 5, Insightful

      To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name

      No. The "biggest issue" here comes from the fact that a software vendor has the arrogance to think they have some "right" to use my network connection in an app having no business connecting to the internet in the first place.

      The actual address just raises a few red flags, but I'd consider it just as unkosher if they connected directly to "www.adobe.com".

      If they want to download some form of legitimate update or additional content, their bloatware can damned well ask for my permission. Otherwise, I consider this no less than theft of service on Adobe's (or whatever company you want to pick, since we tolerate far too many of them doing this crap) part.



      Okay, now cue the trolls and apoligists who will quote part of a EULA that not even its own author ever read.

    3. Re:Not about spying by tonsofpcs · · Score: 5, Insightful

      I agree, I don't think any application should be using resources on my system without my explicit consent. There is no reason for software to use a network connection without asking me, unless it is software blatantly designed to do so (web browser) - and even those tend to ask me, the default home page for most browsers is a locally generated site. What if Joe User has a limited internet connection that he gets charged by the KB? What if Fred Foobar is using some sort of low bandwidth connection to maintain communication from a remote site and needs 100% of the minuscule bandwidth he has for that communication? There is no reason for software to connect like this.

      --
      Video Production Support
  2. Don't yet have the full story by Legionary13 · · Score: 5, Insightful

    So far, i have not yet read anything about the transmitted data. Finding that data one would reasonably expect to be private without explicit release would be a serious problem. However, we don't have that - or its opposite. John Nack has given the best generic response that he is able, and I won't know what to make of Adobe's actions until we learn more about the data transmitted, probably next week.
    As Trombone says the misleading server name is the issue. As I perceive it, this smells bad. Microsoft-style bad to be blunt.

  3. Re:2o7.net *Not* 207.net by ASkGNet · · Score: 5, Informative

    I've sniffed the data sent to that address. It includes the serial number of the software:

    GET /b/ss/mxcentral/1/F.3-fb/[sn-here]?[AQB]&purl=mm&pccr=true&c2=dw&c3=9.0&c4=win&c5=en&c6=full&c7=&c8=&c9=dw_9.0_win_en_full__[AQE] HTTP/1.1
    Referer: http://www.adobe.com/startpage/dw_content/dw_90_full_default.swf?prod=dw&ver=9.0&plat=win&lang=en&stat=full&tday=&spfx=&productName=dreamweaver
    x-flash-version: 9,0,45,0
    User-Agent: Shockwave Flash
    Host: 192.168.112.2O7.net

    and returns a 2x2 pixel blank GIF.

  4. Um, no, we can't by Anonymous Coward · · Score: 5, Insightful

    Just because you have issues with Microsoft, doesn't mean you give Adobe a free pass.

    As for responsibility.

    Analogy: If Ford used a third party airbag in their cars that regularly deployed when you hit 70mph, who would be held responsible? Ford, the third party or both?

  5. Re:Phisher's Delight by ScrewMaster · · Score: 5, Interesting

    P.S. for those of you who have not set up a LAN, 192.168.xxx.xxx is typically an IP address for an internal LAN, not something out on the Web.

    More to the point, the 192.168.x.x address range is one of several that are specifically intended to be non-routable on the Internet. Many people know this, even those who aren't otherwise that network-savvy. This is a blatant attempt to make the address appear safe ("well, I dunno what it's doing, but at least it's only sending to address on my LAN!") Not what one should expect from a major software house, but unfortunately, it is what we are all coming to expect from everyone in the business. Doesn't much matter what they're actually sending to Omni-whatever ... the fact that they're sending anything at all is very bad. Nothing on my system is their business, unless I say it is. Period.

    You know, this reminds of something that Jack Valenti once said (about the only thing that sociopath ever said that I agree with): "Just because technology lets us do something, it doesn't mean we should." Now, he was referring to the copying and downloading of DVDs, but his point is still valid. We're seeing too many companies set up to serve larger organizations (Omniture, MediaSentry) using the Internet in unethical if not outright illegal ways. Presumably, this is so the corporation hiring them (in this case, Adobe) has some plausible deniability.

    --
    The higher the technology, the sharper that two-edged sword.
  6. Re:Why is this an issue? by vertinox · · Score: 5, Insightful

    Anyone with a (personal) firewall can control this "phone home" behavior.

    And everyone should have locks on their doors.

    But its still going to piss me off if I come home and forgot to lock my doors and you're sitting on my couch eating my milk and cookies.

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  7. It's about beaing sneaky by Skapare · · Score: 5, Insightful

    I absolutely agree that the software vendor thinking that they have some right to do this spying is very arrogant and serious. But think about this. The fact that the connection is structured to LOOK like something connecting internally only goes to show that not only are they doing this, but they are doing this with the intent to try to obscure it. It would be one thing if they were on the up and up about it. But they would not need to do this 2o7.net stuff if they were. They could connect to "reg7.adobe.com" or some such name. But no ... they tried to add a layer of obfuscation to it.

    They know they are spying on you because they are doing it. But they also know you won't like it. And that is obvious from the effort to hide and obscure it. Doesn't that make it at least twice as bad, if not triple or worse?

    --
    now we need to go OSS in diesel cars
  8. Re:No explanation is a good explanation. by STrinity · · Score: 5, Funny

    It would be helpful for your and your anyones (who make stupid choices, repeatedly) were to vanish from existence, by murder if necessary. I would breath easy knowing the positive direction society would make on that day.
    What would you suggest we do with people who don't know the difference between "breath" and "breathe"?
    --
    Les Miserables Volume 1 now up with my reading of
  9. Bad assumption. by Anne+Honime · · Score: 5, Insightful

    I don't need the thing to handle Exactly Like Photoshop, but if it's going to be the "photoshop competitor" every FOSS advocate claims it is [...]

    I won't speak in the name of others, but clearly The Gimp is not a competitor to photoshop. If PS was to be competing against The Gimp, Adobe would have to release native file format information, plus access to the code. For those among FOSS supporters like me, failing on both counts is a total show stopper for even considering a switch, much like the burden of your previous work is to you.

    The Gimp is like the plank cabin you build on your grounds : there might be holes, it might not be completely comfortable, and the roof might even leak, but nevertheless, you're the king in your own private kingdom, because you're considered to be the owner of the place. PS is more like a rented flat : nice view, good furnitures, central heating, but if your landlord happens to be a complete moron, and suddenly decides to lock all the doors at 9 pm, you're fscked, and either you're in by the curfew, or you're homeless for the night.

    You decide what's acceptable to you.