Forgot your password?
typodupeerror
Privacy Software Your Rights Online

Adobe Quietly Monitoring Software Use? 304

Posted by Zonk
from the probably-not-that-big-a-deal dept.
henrypijames writes "For months, users of Adobe Creative Suite 3 have been wondering why some of the applications regularly connect to what looks like a private IP address but is actually a public domain address belonging to the web analytics company Omniture. Now allegations of user spying are getting louder, prompting Adobe Photoshop product manager John Nack to respond, though many remain unsatisfied with his explanation."
This discussion has been archived. No new comments can be posted.

Adobe Quietly Monitoring Software Use?

Comments Filter:
  • by Legionary13 (607355) on Saturday December 29, 2007 @05:51PM (#21851466)
    So far, i have not yet read anything about the transmitted data. Finding that data one would reasonably expect to be private without explicit release would be a serious problem. However, we don't have that - or its opposite. John Nack has given the best generic response that he is able, and I won't know what to make of Adobe's actions until we learn more about the data transmitted, probably next week.
    As Trombone says the misleading server name is the issue. As I perceive it, this smells bad. Microsoft-style bad to be blunt.
  • by Animaether (411575) on Saturday December 29, 2007 @05:52PM (#21851478) Journal
    ..did with XCP, then Adobe doesn't get to claim innocence for whatever the heck the Omniture code is doing.
  • by Dachannien (617929) on Saturday December 29, 2007 @05:55PM (#21851492)

    the deceptive server name, 192.168.112.2O7.net
    That's the sort of obfuscation we've repeatedly come to expect from purveyors of malware, although normally, malware purveyors take up tactics that target the laymasses rather than the sort of folks who know what the 192.168.0.0/16 subnet is for.

    It's almost guaranteed that Adobe was trying to hide something here (to state the obvious). I suppose there's always the possibility that somebody thought they were being playfully clever, but if so, it was done with the same poor judgment one uses if one jokingly tells the TSA guy, "Don't worry, I won't blow the plane up, I promise!"

  • by pla (258480) on Saturday December 29, 2007 @06:09PM (#21851572) Journal
    To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name

    No. The "biggest issue" here comes from the fact that a software vendor has the arrogance to think they have some "right" to use my network connection in an app having no business connecting to the internet in the first place.

    The actual address just raises a few red flags, but I'd consider it just as unkosher if they connected directly to "www.adobe.com".

    If they want to download some form of legitimate update or additional content, their bloatware can damned well ask for my permission. Otherwise, I consider this no less than theft of service on Adobe's (or whatever company you want to pick, since we tolerate far too many of them doing this crap) part.



    Okay, now cue the trolls and apoligists who will quote part of a EULA that not even its own author ever read.
  • by Anonymous Coward on Saturday December 29, 2007 @06:26PM (#21851694)
    > but if it's going to be the "photoshop competitor" every FOSS
    > advocate claims it is (instead of, say, the Paintshop Pro
    > competitor that it actually is), then it ought to at least
    > be able to handle my existing documents as well as OpenOffice handles .doc files.

    Dude,
    suck it up. You chose a product which uses a proprietary format for
    storing data. Nobody held a gun to your head and told you to use it.
    If you don't like the fact that you paid and are still paying Adobe
    to bend you over a barrel and give you one, then you have 1
    and only 1 person to blame: yourself.

    Be a man and accept you made a bad choice. Try harder next time
    to use open formats the next time for your data.

    --Johnny hates whiny people who get what they paid for.
     
  • by tonsofpcs (687961) <{slashback} {at} {tonsofpcs.com}> on Saturday December 29, 2007 @06:26PM (#21851698) Homepage Journal
    I agree, I don't think any application should be using resources on my system without my explicit consent. There is no reason for software to use a network connection without asking me, unless it is software blatantly designed to do so (web browser) - and even those tend to ask me, the default home page for most browsers is a locally generated site. What if Joe User has a limited internet connection that he gets charged by the KB? What if Fred Foobar is using some sort of low bandwidth connection to maintain communication from a remote site and needs 100% of the minuscule bandwidth he has for that communication? There is no reason for software to connect like this.
  • Um, no, we can't (Score:5, Insightful)

    by Anonymous Coward on Saturday December 29, 2007 @06:29PM (#21851736)
    Just because you have issues with Microsoft, doesn't mean you give Adobe a free pass.

    As for responsibility.

    Analogy: If Ford used a third party airbag in their cars that regularly deployed when you hit 70mph, who would be held responsible? Ford, the third party or both?

  • by Anonymous Coward on Saturday December 29, 2007 @06:31PM (#21851754)
    > To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name, 192.168.112.2O7.net. It's at least meant to confuse unwary users, and possibly meant to confuse misconfigured firewalls.

    As per "Rules of the Internet: Rule 34: There is Porn of it, no exceptions", and "Rule 35: If there is not porn of it, porn will be made of it".

    I hereby propose two new rules for malware:

    Rules of Malware: Rule 34: The presence of a zero in your domain name is a prima facie indicator of spyware/spamware/shitware/malware sponsored by a "reputable" vendor, aka "mainsleaze".

    This heuristic has held true ever since mainsleaze spammers started flinging shit at me from "m0.net" back in the 90s. (Funny m0.net story - my bank ignored me, but my broker amazingly dropped m0.net after I pointed out that all their client communications were being preemptorily-treated as phishing attempts, and that if they didn't start sending client communications from machines under their own domain I'd transfer my own account. My own account means jack and shit to 'em, but I obviously wasn't the only one enraged by this, and kudos to the broker for realizing they had to dropping m0.net like the spamhaus it was.)

    Rules of Malware: Rule 35: In the event of unknown software that violates Rule 34 via the replacement of a zero or one with a "l" (ell) or "o" (oh), it's still mainzleaze malware.

    I further propose that 2o7.net be the canonical example of Rule 35 of Spyware.

    Ever since Photoshop (6? 7?) phoned home on install, I haven't trusted them and crossed 'em off my vendor list. Giving PDFs the ability to be exploited by Javashit, and the attempt to ubiquitize something as exploit-prone as Flash's runtime, I've been gratified to see that my lack of trust was well-founded. Fuck Adobe.

  • by BorgCopyeditor (590345) on Saturday December 29, 2007 @06:38PM (#21851806)
    Now, by "foreseeable consequences" do you mean those that are accurately predicted, or those that can be reasonably expected. If it's the latter, then you're not really a strict consequentialist. If it's the former, then you can hardly make any moral judgments at all (given how indefinite the chain of consequences of a given act is).
  • by setirw (854029) on Saturday December 29, 2007 @06:46PM (#21851870) Homepage
    I usually don't feed trolls, but I feel like wasting a few minutes of my time...

    The nature of the computer graphics app forced him to use a proprietary format. Too many people confuse the ills of "proprietary" formats with the ills of "arcane" formats. Like it or not, PSD is the industry standard, and it's only logical that he (and 99.99999% of digital artists) use it.

    Now, if he had saved in some odd SGI format circa 1990, I'd agree with you.
  • by Anonymous Coward on Saturday December 29, 2007 @06:47PM (#21851876)
    > Dude,
    > suck it up

    Exactly the reason why FOSS gets a bad rap. Advocates would rather tell people why they're stupid, wrong, made a mistake, unethical for using proprietary software, etc. instead of just providing products that people want. The way to convert people is not to tell them, "you put yourself in this mess", the way to convert them is to provide an easy way out of their mess.

    Fuck your holier-than-thou mindset, it's not helpful to anyone.
  • by solios (53048) on Saturday December 29, 2007 @06:52PM (#21851910) Homepage
    Indeed.

    Pity those who have material locked up in SCITEX and other deceased formats.

    I love how the FOSS community embraces .doc as a Necessary Evil, but totally froths at the mouth with .psd. Bit of a double standard if you ask me. :)
  • by sd.fhasldff (833645) on Saturday December 29, 2007 @06:52PM (#21851914)

    if it's going to be the "photoshop competitor" every FOSS advocate claims it is (instead of, say, the Paintshop Pro competitor that it actually is

    GIMP *is* competing primarily with Photoshop. This isn't a matter of which commercial application's feature set it most closely resembles. It's a matter of what users actually USE.

    Photoshop is the default application for doing any kind of drawing or photo editing. It might be total overkill, it might not be the best choice or whatever, but that's irrelevant. Ask yourself this instead: How many people do you think PAY hundreds of dollars for Adobe Photoshop for their own personal at-home use?

    Face it, Photoshop is the standard because it's pirated so much. This isn't a question of "lost sales", since 90% of Photoshop pirates (and I'm extrapolating from people I know of, so flame away) wouldn't DREAM of laying down that amount of cash. If they were forced to go legal, they would probably buy Paintshop Pro - an application that probably suits their needs much better anyway. (So if anyone is losing sales when Photoshop is pirated, it's probably Corel).

    To summarize: GIMP competes primarily with *illegitimate* Photoshop users.

  • by vertinox (846076) on Saturday December 29, 2007 @07:07PM (#21852048)
    Anyone with a (personal) firewall can control this "phone home" behavior.

    And everyone should have locks on their doors.

    But its still going to piss me off if I come home and forgot to lock my doors and you're sitting on my couch eating my milk and cookies.
  • by Kris_J (10111) * on Saturday December 29, 2007 @07:11PM (#21852076) Journal
    If it includes the serial number of the software in the format needed during installation, then I hope nobody has an ISP with underpaid staff that can access the logs for their transparent proxy.
  • by dpbsmith (263124) on Saturday December 29, 2007 @07:21PM (#21852140) Homepage
    This seems so simple.

    If Adobe and other companies want to retain their paying customers' trust, their applications shouldn't be doing unexplained things behind the user's back.

    If they want to pop up a window saying "To insure better product quality, we would like to have this application send information to internet address thus-and-such. To read a detailed description of the information we send and how we use it, press 'details.' To allow us to do this, press 'allow.' If you do not want us to do this, press 'no,'" then everything would be cool.

    But if an application does stuff we don't expect it to do, and they don't even mention it in advance, it's not terribly paranoid to assume that the reason is that they're doing something they don't want us to know about.

  • by pembo13 (770295) on Saturday December 29, 2007 @07:24PM (#21852158) Homepage
    I guess this is why some people are religiously against non-OSS. When you tire of your vendor, you can't simply drop said vendor because of all the data you have in their (often) closed formats.
  • by Skapare (16644) on Saturday December 29, 2007 @07:32PM (#21852186) Homepage

    I absolutely agree that the software vendor thinking that they have some right to do this spying is very arrogant and serious. But think about this. The fact that the connection is structured to LOOK like something connecting internally only goes to show that not only are they doing this, but they are doing this with the intent to try to obscure it. It would be one thing if they were on the up and up about it. But they would not need to do this 2o7.net stuff if they were. They could connect to "reg7.adobe.com" or some such name. But no ... they tried to add a layer of obfuscation to it.

    They know they are spying on you because they are doing it. But they also know you won't like it. And that is obvious from the effort to hide and obscure it. Doesn't that make it at least twice as bad, if not triple or worse?

  • by DaveWick79 (939388) on Saturday December 29, 2007 @08:25PM (#21852494)
    For one, sending a software serial number, unencrypted, over the internet in plain text is hardly protecting investment, it's almost encouraging piracy using that serial.

    Secondly, while not immoral, phoning home is widely considered unethical, especially when it is without the user's knowledge or consent. The EULA is no place to put this, everyone knows that nobody reads these and hiding behind those is just begging for a class action suit.

    There are other ways to verify software - look at Microsoft's activation process, which at least is up front, stated on the box, and limits to a small number the amount of systems the product can be installed on. Sure, the other alternative is going entirely to FOSS, but the problem with FOSS applications is that without financial incentive, little to no innovation is being done - people are merely trying to clone functionality of mainstream tools and with few exceptions doing a lousy job of it.
  • by prshaw (712950) on Saturday December 29, 2007 @08:40PM (#21852588) Homepage
    Is this a reasonable answer to someone who may just use the computer to edit their photos for publishing and checking email? Is this a good way to respond to someone asking for help with their router?

    You are saying they need to learn more about their router, and yet when they asked about it you say they should not be using their computer because they don't know the answers. They are damned if they do and damned if they don't.

  • Bad assumption. (Score:5, Insightful)

    by Anne Honime (828246) on Saturday December 29, 2007 @10:12PM (#21853118)

    I don't need the thing to handle Exactly Like Photoshop, but if it's going to be the "photoshop competitor" every FOSS advocate claims it is [...]

    I won't speak in the name of others, but clearly The Gimp is not a competitor to photoshop. If PS was to be competing against The Gimp, Adobe would have to release native file format information, plus access to the code. For those among FOSS supporters like me, failing on both counts is a total show stopper for even considering a switch, much like the burden of your previous work is to you.

    The Gimp is like the plank cabin you build on your grounds : there might be holes, it might not be completely comfortable, and the roof might even leak, but nevertheless, you're the king in your own private kingdom, because you're considered to be the owner of the place. PS is more like a rented flat : nice view, good furnitures, central heating, but if your landlord happens to be a complete moron, and suddenly decides to lock all the doors at 9 pm, you're fscked, and either you're in by the curfew, or you're homeless for the night.

    You decide what's acceptable to you.

  • by blankoboy (719577) on Sunday December 30, 2007 @01:01AM (#21853912)
    I purchase software that is intended for a particular use on my "personal" computer (whether it be PC or Mac). I do NOT purchase software so the vendor can track my usage, include 3rd party tool bars or other. Software that is not network related should not have any network component involved whatsoever. Why should image editing software have any network functionality whatsoever, I am not forking over my hard earned $$ for this. If I want to download and install an update you can notify me via email or other, I don't want your app dialing home to check for an update and checking my system stats and usage.

    Software companies are now clearly overstepping the boundaries of acceptability. This has behavior subtly creeping it's way into applications in recent years. They start with the "do you want to this application to check for updates automatically"? Then comes "activation", then 3rd party bundled toolbars - Acrobat reader, among many other non-Adobe apps come with opt-in 3rd party toolbars which you can opt out of but WTF is it doing there in the 1st place? I won't install any app that has such software bundled in for fear that it's doing something despite my opting out of the toolbar.

    These companies will not learn their lesson and back off until we have sufficiently voted with our wallets. I will say that Adobe will never again get a dollar out of my wallet.

  • by Coward Anonymous (110649) on Sunday December 30, 2007 @01:25AM (#21853988)
    He may be a great program manager but if I were Adobe I would stop him from blogging as quickly as I could. Here are some choice quotes from his responses to user comments. With responses like these I wouldn't believe anything he has to say:

    [Are you saying you can't figure out how to remove applications? That's really saying something. --J.]
    [You're a complete moron, and I don't have time to bother poking holes in your litany of ridiculous assertions. --J.]
    [Sorry to hear that things aren't going well, Ryan. Have you called tech support? If not, why not? --J.]
    [What sucks is how gullible, lazy, and reckless people prove to be. --J.]


    And on and on it goes...
  • by raehl (609729) <raehl311@yFREEBSDahoo.com minus bsd> on Sunday December 30, 2007 @04:15AM (#21854690) Homepage
    I'll take the roof that doesn't drop cold water on me throughout the night.

    Let me know when I can be master of a kingdom with a roof that doesn't leak.
  • Re:Solutions (Score:3, Insightful)

    by Jerry Rivers (881171) on Sunday December 30, 2007 @07:15AM (#21855234)
    "Don't use Adobe."

    And what are the alternatives? Gimp? That's not a professional quality app yet and doesn't support CMYK. Quark XPress for page layout? OK for legacy files, trying hard to stay in the game, but has fallen out of favour with many agencies, designers and commercial printers for a variety of reasons. Freehand for vector work? That's owned by Adobe now so you might as well use Illustrator (which Adobe would prefer you do) unless you want to try and get away with an app that has basically become the redheaded stepchild of their software lineup.

    This is what happens when a single company basically crushes and buys out it's competition. You end up with an increasingly arrogant, unresponsive and less diligent behemoth that basically does whatever the hell it wants, customers be damned because they have little or no choice. This is what's happening with Adobe, now that is basically the only game in town.

    Stay tuned for more public complaints about this company.
  • Re:Bad assumption. (Score:3, Insightful)

    by JohnBailey (1092697) on Sunday December 30, 2007 @07:32AM (#21855280)

    What a DUMB analogy. If my landlord decided to lock me out by an arbitrary curfew, I would make two calls: One to the police, one to a locksmith. When I rent an apartment I *do* have rights.
    And how about when you rent... sorry.. License software? To continue with the analogy, what if the government decides to remove your rights as a tenant?

    So the landlord can increase your rent. -- Charge more for the next version while phasing out support for the current version.

    Do repairs when they feel like it, while forbidding you to do any repairs or decorating. And opting out of any liability when their unqualified cousin rewires your flat and you electrocute yourself. -- Refusing access to the source code, or refusing others access to the source code, denying any responsibility for their badly tested software or patches screwing up your business, but providing an expensive API license if they feel like it.

    And have the right of unannounced access at a time to suit them to make sure you are not breaking the rental agreement by subletting or carrying out illegal modifications/repairs. -- Installing spyware to monitor use of their software on your computer, and not doing it as an opt in service.

    And all you can do is suck it up and pay, or move out?

    The software industry in general has already has done the above, and nobody seems to be complaining except for us crazy open source fanatics.
    We FOSS supporters may have a leaky roof from time to time, but if we have the skills or someone who is willing to do the job has the skills to repair the roof, it doesn't leak for long. The closed source defenders are turning up in court as character witnesses for abusive landlords. Kinda makes you wonder who is getting the better deal.
  • by solios (53048) on Sunday December 30, 2007 @09:39AM (#21855748) Homepage
    Precisely.

    I use Photoshop because for my needs it Sucks Less than the alternatives. I'll switch to the GIMP when it Sucks Less than Photoshop. The fact that one is free and the other costs hundreds of dollars isn't a factor here. Neither is the "ethics" of free software and open formats. The fact is that FOSS has yet to produce an image editor that Sucks Less than commercial equivalents for my needs. My needs are not simple basic image editing. My needs are industrial strength heavy lifting and a replacement needs to be a drop-in solution with a minimal learning curve. File format compatibility is the one thing I have to have - not some argument about why I made a wrong choice in 1997 when I'd never even heard of the GIMP and Photoshop was The Only Image Editor at my school*. :P

    Artists are, by and large, not programmers. I can tell perl from c (on a good day) - just don't ask me to write any. Or compile it. Photoshop is worth the money for me - unlike Knuth, I don't have the time or ability to spend years and years and years developing a "better" FOSS equivalent that does what I need.

    Until FOSS advocates realize that people are still buying horribly proprietary software because it does what they need better than FOSS, and until those same advocates stop blaming those users, Linux will never be truly "ready for the desktop" in the Windows or MacOS sense of the term. Be, IRIX, OS/2, sure - but how many grandmothers use OS/2?

    * My Pile Of Files doesn't go back that far, fortunately. Only to '98 or so.

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

Working...