Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

PDF Tracking On the Way 248

Posted by timothy from the drown-baby-in-the-bathwater dept.
(el)Capitan.Nick writes "PDFzone reports that the company Remote Approach has launched a service to track the movement of PDF documents with its tool Map-Bot. The purpose of this service is to allow PDF publishers the ability to measure their audience, as web publishers can already. Though personal information is not gathered from machines, IP addresses are. PDFs can require users to be connected to the Internet in order to read them, and every person you email the PDF to is subject to the service. As PDFzone's opinion article states, while 'the chances of running into a Remote Approach PDF right now -- and in the near future -- are pretty remote ... the potential for the technology to tarnish PDF's image [of security] is staggering.'"
This discussion has been archived. No new comments can be posted.

PDF Tracking On the Way More

PDF Tracking On the Way

Comments Filter:

  • Advertisements! (Score:5, Insightful)

    by Eric(b0mb)Dennis ( 629047 ) on Saturday April 02, 2005 @06:06PM (#12121886)
    Oh.. soon as they can track views of PDFs, people will start putting ads in them... I guarentee it!

    I can see it now.. Google introduces AdWords for PDFs...
    • Timmy Boi's Whoring continues:

      http://slashdot.org/search.pl?query=roland [slashdot.org]

      Slashdot Payola...

    • Re:Advertisements! (Score:2, Insightful)

      by ZephyrXero ( 750822 )
      Will the DRM madness ever end!? What do we have to do to let these guys know we won't stand for it?
      • No. DRM will never end, because those who actually spend time and money producing content like to pay the bills like everyone else. Simple as that.

    • Question: How does this supposedly "evil" tracking mechanism differ from web log analysers?

      Answer: It doesn't?

      From the write-up above:

      > Though personal information is not gathered from machines, IP addresses are.

      So no different to when html documents (yes, I know they are another "evil" open spec like PDF) are distributed via http. It's truely shocking this but I can block access to my webserver based on originating IPs! Yes. I'm part of the "evil" conspiracy too! Mwuuuuahhaaha....

      Remo

      • Evil, explained (Score:4, Insightful)

        by hummassa ( 157160 ) on Sunday April 03, 2005 @06:25AM (#12125533) Homepage Journal
        Q: How does this tracking mechanism differ from web log analysers?

        A: Simple, web log analysers aren't capable of tracking redistributions of the same document. If you copy a web page, say about theories in free-market macroeconomics, and e-mail the copy to a friend, say in China, no one will ever know your friend has read it. But if you copy one of those and it's read by your friend there, then certainly your friend will have a red flag (pun intended) on him.

        HTH

  • Simple... (Score:5, Insightful)

    by Rolan ( 20257 ) * on Saturday April 02, 2005 @06:08PM (#12121896) Homepage Journal
    It's simple... Refuse to read PDFs that require the technology. Publishers won't get any data from it, and given a loud enough voice, will find that the tool reduces their distribution. It does them no good if the users won't read their documents because of it.

    • Re:Simple... (Score:5, Insightful)

      by thedillybar ( 677116 ) on Saturday April 02, 2005 @06:14PM (#12121939)
      >It's simple... Refuse to read PDFs that require the technology.

      You'd have trouble convincing more than about 2% of users to refuse.

      >Publishers won't get any data from it

      Sure they will. You will be the one getting no data because you're holding out when no one else cares.

      It's a wonderful idea, but it simply won't happen without government intervention...and who wants that?

      • Re:Simple... (Score:3, Insightful)

        by dnoyeb ( 547705 )
        I doubt what you say is true. PDF I would imagine are used a lot more by the business community than the general public. IN any event the format is in heavy use in the business community.

        I don't see the business community accepting applications phoning home when they see fit. My company wouldn't. Would IBM, Sun, Motorola, Toyota? Doubtful.

      • Re:Simple... (Score:3, Insightful)

        by Zeinfeld ( 263942 )
        >It's simple... Refuse to read PDFs that require the technology.
        You'd have trouble convincing more than about 2% of users to refuse.

        No, simply block out connection to the tracking protocol. If Personal Internet firewalls were not so dufus designed they would make it easy to say 'this program has no business connecting to the Internet, silently disable all connection attempts without notice'.

        IE has the same bug in the active X scheme. There should be an option that allows downloading of active-x com

        • Re:Simple... (Score:3, Insightful)

          by cortana ( 588495 )
          I'm pretty sure you can adjust your security policy to disallow untrusted activex downloads, along with a lot of other crap.

        • Re:Simple... (Score:3, Informative)

          by SeanAhern ( 25764 )
          [S]imply block out connection to the tracking protocol. If Personal Internet firewalls were not so dufus designed they would make it easy to say 'this program has no business connecting to the Internet, silently disable all connection attempts without notice'.

          The point was that the PDF would not be displayed if the tracking server could not be contacted. If you blocked the outgoing connection, you now have a useless PDF.

          Or did I misread something in your argument...
      • It's a wonderful idea, but it simply won't happen without government intervention...and who wants that?

        If it is a better alternative than no action, I do.
      • You'd have trouble convincing more than about 2% of users to refuse.

        Because only 2% of the computer users use a laptop without an internet connection, right?

        Of course they're not the ones "using" it, they're the ones who take it in the ass hard when their boss sends them a PDF for the presentation in New York and they humiliate themselves and their company when they fail to pull up the sales numbers in the boardroom.

    • Sure, that works (Score:5, Insightful)

      by John Jorsett ( 171560 ) on Saturday April 02, 2005 @06:16PM (#12121951)
      It's simple... Refuse to read PDFs that require the technology.

      Just like I can shop elsewhere if I don't like being captured on a store's video surveillance camera. Except that they ALL have cameras. If there's no true alternative, you're screwed. Am I going to forego opening that online manual that I desperately need to troubleshoot a problem? I don't think so. A better solution is for some enterprising hackers to find a way to break this technology.

      • Re:Sure, that works (Score:2, Insightful)

        by frazzydee ( 731240 ) *
        I agree with you...which is why it's so important that we boycott these PDFs NOW, so it's stopped in its tracks. If people had generally decided that surveillance cameras didn't serve the public good, and boycotted them, we wouldn't have them today. Similarly, if we boycott PDFs with this technology before it becomes the only PDFs available, then I doubt they'll be a problem in the future.

      • Re:Sure, that works (Score:5, Funny)

        by John Hasler ( 414242 ) on Saturday April 02, 2005 @07:30PM (#12122448) Homepage
        > Just like I can shop elsewhere if I don't like
        > being captured on a store's video surveillance
        > camera.

        Yes. You can. Contrary to common belief, your choices are not limited to Walmart and Kmart.
    • Or use a firewall with packet inspection to block any outgoing connections.

      I realise that for a lot of users this would result in "just another thing to click yes to syndrome" but if enough people use it, it would make the data gathered pretty useless.

      BTW, if you've got a Mac and value your privacy you should get Little Snitch [obdev.at] (no affiliation) to do exactly this.

    • But how will you know? (Score:4, Interesting)

      by JoeBuck ( 7947 ) on Saturday April 02, 2005 @06:21PM (#12121985) Homepage
      Disabling Javascript will keep the tracking from working, but if you don't, the transmission is completely invisible to you. It will look like normal HTTP traffic to your firewall.
    • This seems a bit similar to the massive boycot of crappy microsoft software we have now. We know from this that people really care about the quality of the products they are using.

      In reality people wouldn't even think a second before opening a pdf that includes some tracking software, all they care about it reading the contents, doube click and there you go. The only thing that stop this is a message that damages the image of pdf i.e. the big media labeling pdf as spyware, which it seems to become if this

    • Re:Simple... (Score:5, Insightful)

      by j1m+5n0w ( 749199 ) on Saturday April 02, 2005 @06:46PM (#12122140) Homepage Journal
      It's simple... Refuse to read PDFs that require the technology.

      Better than that, refuse to use pdf viewers that implement this "feature". (Does anyone know which those are? Without knowing, I would assume Adobe acrobat reader probably does and xpdf probably does not. Does anyone have more specific/accurate information?)

  • As much as it pains me to say this... (Score:4, Insightful)

    by ral315 ( 741081 ) on Saturday April 02, 2005 @06:08PM (#12121899)
    How is it any different from collecting the I.P. of everyone who visits your website?

    • Re:As much as it pains me to say this... (Score:5, Interesting)

      by akzeac ( 862521 ) on Saturday April 02, 2005 @06:30PM (#12122042)
      Websites only collect the IP of the machine that downloaded the page. This technology would distributors to collect the IP of every machine in which the PDF is *viewed*.

      On the evil side, getting on the conspiration mood, it would also allow the FBI or the gov to diffund pseudo-dissident bait documents and then check and track anyone who reads it, anywhere he reads it.
      • it would also allow the FBI or the gov to diffund pseudo-dissident bait documents and then check and track anyone who reads it, anywhere he reads it.

        I'm waiting for some conservative to say that if you simply decline to read this kind of littrachaw, you'll have nothing to worry about...

      • >On the evil side, getting on the conspiration
        >mood, it would also allow the FBI or the gov to
        >diffund pseudo-dissident bait documents and then
        >check and track anyone who reads it, anywhere he
        >reads it.

        Cool, write up some documents on terrorism and other crimes and catch every terrorist and criminal in the world....
    • the difference is that for a website to know your IP, you have to explicitly and wilfully visit the site, in the knowledge that your visit will be logged.

      with this technology, you're not wilfully visiting anything - the document is on your own machine (or network) and unless there's a popup box giving you the information (which the article implies there won't be), you've no way of knowing that your IP is about to be transmitted.

      essentially, for a website, you're a willing client asking for a service to be

  • Okay.... (Score:5, Informative)

    by Balthisar ( 649688 ) on Saturday April 02, 2005 @06:08PM (#12121900) Homepage
    Okay... Print, Save as PDF on the Mac, or Print, select PDF Writer on Windows, or print to ps and "distill" with gs on anything else, and there goes the tracking. Not right?
    • On Mac OS X, Acrobat's "Save as PDF" in the Print dialog is disabled (just try to click on it). I presume you have to use Preview, but I don't think Preview supports Javascript anyways.
      • Open a PDF with Adobe reader. Print. Under "Outout Options" in the Print Dialog Box, click "Output as file" and choose "PostScript" from the type menu. Adobe won't stop you and Preview.App converts the .ps file back to a .pdf.
    • Won't that lose the ability to search through the PDF? Or do those methods still send the text, not just an image of what they're printing?
    • Okay, but that means you've opened the document and have been tracked. Better to use a reader that doesn't implement the function. I use Mac OS X, and have Apple's Preview set to be my default reader of PDFs. I did this because it opened faster, and was less intrusive then Acrobat Reader. Now it looks like it might be more secure to use as well.

      Also, on Mac OS X, I use Little Snitch, which is a great application that monitors the various port connections made by specific applications. Allowing you to block

  • A Day Late (Score:3, Funny)

    by Copperhead ( 187748 ) <talbrech@speakea[ ]net ['sy.' in gap]> on Saturday April 02, 2005 @06:09PM (#12121907) Homepage
    It's April 2nd already! Stop with the unbelievable stories...

    Oh, wait...

  • Mmm.. sounds like PDFs are ripe for 'sploiting (Score:2, Insightful)

    by Anonymous Coward
    Let me see.. how about a DoS attack.. spam a PDF to a bunch of people and have the PDF phone home to a site you wish to attack. Or... can we run arbitrary code from PDFs?

  • Disable PDF Javascript (Score:5, Informative)

    by user9918277462 ( 834092 ) on Saturday April 02, 2005 @06:10PM (#12121920) Journal
    The remote logging is done through embedded Javascript in the PDF file. Most free viewers such as gpdf, xpdf and kpdf don't support Javascript so you're safe with them.

    Adobe Acrobat Reader starting supporting embedded Javascript with version 7.0, although you can disable it in the preferences dialog. Apparently it bugs you every time you start the program to re-enable it, though.

    Bottom line: Stick with free software.
    • Apparently it bugs you every time you start the program to re-enable it, though.

      It was that stupid nag-message that caused me to uninstall Adobe Reader 7 and reinstall Adobe Reader 6 on my Windows machines.

      I would pop up the "This document contains Javascripts. Do you want to enable Javascripts from now on? The document may not behave correctly if they're disabled." message even on PDFs that I created that I know don't have Javascripts in them.

      Feh.
      • Yep. You can get rid of the warning by removing the JavaScript plugin, but then you have to get rid of all the plugins that depend on it, which is most of them, or they pop up their own errors.

        I only just installed Reader 7 a couple days ago, because I heard it was faster. Had I known how obnoxious it was about the JavaScript, I would not have done so.

        I used Adobe Reader Speedup [tnk-bootblock.co.uk] to simplify the decrufting process. (Windows only.) It's easy enough to do it manually, but I figured this way, I could toggle t
    • I myself use acrobat reader 4.0 . It loads about 1000x faster than 6 or 7 which are huge and bloated. I haven't had any trouble viewing pdfs yet.
    • Adobe Acrobat Reader starting supporting embedded Javascript with version 7.0, although you can disable it in the preferences dialog. Apparently it bugs you every time you start the program to re-enable it, though.

      Actually, it bugs you when you try to quit, not when you load it up. Odd. The message says "This document contains JavaScripts. Do you want to enable JavaScripts from now on? The document may not behave correctly if they're disabled."

      It says this even if you run acroread without loading any do

  • Discussed on LWN concerning Adobe Acrobat 7 (Score:5, Informative)

    by nick_urbanik ( 534101 ) <nicku@@@nicku...org> on Saturday April 02, 2005 @06:11PM (#12121924) Homepage
    • Article [lwn.net] is subscribers only (worthwhile)
    • Article will be readable by guests 1 week after publishing
    • Solution in Linux is to disable Javascript in acroread 7

  • Rather pointless (Score:5, Informative)

    by hweimer ( 709734 ) on Saturday April 02, 2005 @06:17PM (#12121958) Homepage
    PDFs can require users to be connected to the Internet in order to read them,

    No, they can't, PDF is nothing but a data format. Some broken PDF viewers (especially those from Adobe) may do this, but since PDF is an open format, there will always be some other viewers that don't promote spying on their users. Basically, this is the same nonsense as the "no printing" option.

    • Re:Rather pointless (Score:4, Informative)

      by NetNifty ( 796376 ) on Saturday April 02, 2005 @06:22PM (#12122002) Homepage
      Depends how it's done though, if it just plain PDF but with javascript as has been suggested so far, then you are correct.

      However, if for example the document is encrypted and they key is on a server which the PDF points to (and the server logs all IP addresses connecting to it to retrieve the key) then it will work at least for the first time you open it (unless of course we create another server or even p2p network with the keys on it for ebooks which the PDF viewer visits instead).
    • From the article text:

      "A user uploads the PDF they want to track to Remote Approach, assigning variables like 'distribution channels' and 'groups' to add additional detail to the data captured. From there, they can download and distribute the PDF as desired," said John Bielby, president of Remote Approach Inc.

      "Every time the PDF is read, it briefly interacts with the reporting repository to record the event. The user has access to live reports and data to see reports on views, distribution by channel or

    • Basically, this is the same nonsense as the "no printing" option.

      I've found that ps2pdf from the ghostscript package is useful in this situation. If you try saving a PDF with document restrictions as a PostScript file, it embeds some extra code in the PostScript file. This code has a stern warning that removing the code is illegal, and it causes ps2pdf to not work right. However, ps2pdf also happily accepts PDF files as input, it doesn't check the document restrictions, and all of the features are allo

    • I know that some PDFs that I've come across will only open in Adobe Reader. I'm sure the data is in there, but the only way I've found to get it out is via Adobe's Reader. PDFs with forms, for example, don't open with OS X's Preview.App. Some PDFs I've found won't open on Linux at all.
    • I thought adobe banned PDF other readers. Do you have any links? cuz I'm waiting to stop acrobat crashing mozilla everytime i accidently click a pdf link...
    • One can put almost any conceivable option into a security handler. Most freeware readers and writers of PDFs can deal with the standard security handler. If you want a more secure document, you encrypt it with a different handler. Some reasonable types of restrictions might be to disable obsolete data, such as prescription formularies (fancy word that means "our insurance company will pay for medicine X, but if the patient wants to pay for the name brand version, they can pay the difference"). Since new dru

  • They should make another file extension (Score:5, Insightful)

    by saskboy ( 600063 ) on Saturday April 02, 2005 @06:20PM (#12121978) Homepage Journal
    Rather than tarnish the PDF name, they should create the Tracked Document Format or TDF and that way users can distinguish between the two. To make people suspicious of PDF right after versions 5 and 6.0 were found to contain security holes, this will be bad for Adobe.
  • Thankfully, if Adobe wants to, they could change their Acrobat license agreement to ban this sort of crap.

    • Re:Thankfully (Score:4, Informative)

      by GigsVT ( 208848 ) on Saturday April 02, 2005 @06:34PM (#12122063) Journal
      Not likely, the last change to the PDF license was the ludricrous requirement that all those who implement PDF also implement the "evil bit".. that is the useless tags that forbid you from printing/saving/etc in acrobat (reader).

      No one else paid attention to it. Since earlier versions of the spec didn't have the requirement, there's no way they can enforce it. Other than that stupid requirement, the spec has an open and free license.

      Besides, only Adobe products implement javascript in PDFs to start with, so Adobe brought this on themselves. No other reader will allow this to happen.
      • Someone else did pay attention to it. Last I heard, xpdf honors those flags. As I recall, there was some controversy a while back when the Debian maintainer for xpdf included a patch to disable the evil bit. (Not whether the patch should be published, but whether it should be the default.)

        Otherwise, yeah.
    • >> Thankfully, if Adobe wants to, they could change their Acrobat license agreement to ban this sort of crap.

      I'm thinking that won't happen.

      Have you forgotten this unfortunate Russian gentleman [linuxgazette.net] already? Sure, they dropped the charges, but...

  • IP harvesting (Score:4, Interesting)

    by Douglas Simmons ( 628988 ) on Saturday April 02, 2005 @06:25PM (#12122022) Homepage
    I'm going to try to present this in a non-paranoid tinfoil hat mentality: I could see this being a great feature if I were in the PDF sending business for marketing purposes or whatever. Now if I were in the FBI/CIA business, this would be great to use, for example, to proliferate PDFs on Kazaa with filenames/tags suggesting they contain info on how to make bombs or blueprints to the Pentagon so that I could collect IPs of whoever's interested in this type of stuff. You see where I'm going with that.

    Also, I definitely do not want to risk exposing my static IP to anyone, especially in a way that involves new technology that may be quite exploitable, just by clicking on a PDF link on google. I'm sorry but c'mon, that's just too much. Nevertheless, assuming the technology is viable, there'll be a demand that will outweigh objection for this new feature and Adobe will do it and make more money.

    • Re:IP harvesting (Score:4, Informative)

      by MntlChaos ( 602380 ) on Sunday April 03, 2005 @01:55AM (#12124644)
      Also, I definitely do not want to risk exposing my static IP to anyone, especially in a way that involves new technology that may be quite exploitable, just by clicking on a PDF link on google

      Wait a minute... clicking on ANY link on Google exposes your static IP to the content provider anyway.

  • Slippery slope argument (Score:4, Insightful)

    by sanityspeech ( 823537 ) on Saturday April 02, 2005 @06:28PM (#12122027) Journal
    The editor's take on the story makes it seem rather benign. However, the actual story makes it sound more alarming:
    Are Your PDFs Spying on You?
    Like Adobe Policy Server, Remote Approach can FORCE users to be connected to the Web in order to read the documents. It can track who's e-mailing your PDFs to whom, and what they're reading. Real-time. (Emphasis mine)

    FORCE me to go online??? I just hope that technical papers never use this tool.

    Denizens of the PDF world, however, take note. We enjoy--and sell--the differences between PDF, e-mail and HTML, and a lot of those differences are in the realm of security...

    Remote Approach, however, is the beginning of a movement that could chip away at PDF's sterling rep, one document at a time...

    Since the Map-Bot can chase a PDF through e-mail forwarding, it's more powerful data mining than that associated with Web pages, where the vital information gets thrown out when the user's cache is emptied.

    One would think they would come up with a better name than Map-BOT!!!

    Pretty damning, if I may say so.
    • Look at this ebook format:

      http://www.ebookgold.com/ [ebookgold.com]

      I once purchased an "ebook" in this format. When their server was wack I couldn't even connect to it to read my ebook. But technology got the last laugh: I electronically reversed that purchase via a chargeback on my credit card.

      Just the thought of something I purchase watching every move I make gives me the creeps.

  • Acrobat is trouble, how about Foxit? (Score:3, Interesting)

    by bigberk ( 547360 ) <bigberk@users.pc9.org> on Saturday April 02, 2005 @06:41PM (#12122108)
    As others pointed out, this potential for a security breach occurs of embedded javascript in a PDF document. Adobe's reader is vulnerable by default. Does anyone know whether Foxit [foxitsoftware.com] (a totally free PDF reader for Windows) is safer?
  • Does this bring memories of the dreaded "Hi I'm Bill Gates Chairman of Microsoft and we're testing a new email tracking system..." spam?

    I couldn't count the number of times my well-meaning but technologically-inept relatives sent around chains for free gift certificates to the Cracker Barrel and monochromatic clothing stores, or worse 'for each email you pass on $.10 goes to this kid dying of cancer.'

    Heaven help us.

  • Refuse to read PDF's, period. (Score:4, Insightful)

    by AtariAmarok ( 451306 ) on Saturday April 02, 2005 @06:46PM (#12122139)
    PDF's are great for printing, but not as easy to view on the Internet as regular html files. The Google "viwe as html" tool will help greatly.
    • Online PDFs have their place. For example, many journals that offer online fulltext versions online for subscribers offer both PDF and html files of articles; I generally stick with the PDF versions, since they mirror the printed version more exactly. It's nice to have the original page numbers on the bottom of the page, instead of inserted amongst the text.

  • Just one more reason (Score:3, Insightful)

    by Peaker ( 72084 ) <gnupeaker@nOSPAM.yahoo.com> on Saturday April 02, 2005 @06:53PM (#12122165) Homepage
    That PDF sucks. Use HTML.
    • That PDF sucks. Use HTML. well, html also has javascript; it can also track you. actually just by including a remote image in html you can be tracked, no javascript required, though i'm not sure if pdfs can use remote images about what kind of network connections can be produced to verify certificates. though i must say that i am rather supprised that standard pdfs(adobes reader) allows for this, when i(and assume many others too) see a pdf i see a document, a standardized text file, not something with a

  • A little technical info (Score:5, Informative)

    by Anonymous Coward on Saturday April 02, 2005 @06:56PM (#12122183)
    Ok, so I downloaded the demo document, and captured the packets.
    There's a POST to remoteapproach.com (you could block all traffic going to remoteapproach.com, or just repoint remoteapproach.com to 127.0.0.1 or something in your hosts file.
    The POST message looks like:
    POST /remoteapproach/logging.asp?type=view&DocID=123456 7890&GroupID=123456789&ChannelID=123456789 HTTP/1.1

    The thing that gets me is that the content of the request also contains this:
    1 0 obj]/F(/C/Documents and Settings/Administrator/Desktop/MBRemote Approach Manual.pdf)>>>>

    As you can see, it contains the full system path to the file that I opened. This seems like a big privacy issue. After all, Acrobat didn't ASK if it could open the URL.

    The .PDF files can be opened with Ghostscript, and (obviously) do not send tracking information. Simply re-saving the document as PDF doesn't remove the tracking, but converting it (File--Convert) via pdfwrite APPEARS to remove the tracking.

    Some technology.
    • Id like to examine this demo document - but I didnt see any mention of it in the story or on their site - where is it/how do you get it?

  • Open Acrobat (Score:3, Interesting)

    by Doc Ruby ( 173196 ) on Saturday April 02, 2005 @07:36PM (#12122494) Homepage Journal
    My Windows firewall asks for permission for Acrobat Reader to access the Net all the time, and I always deny it. With no effect on the documents. They better not make that connection required, or I'll drop Acrobat entirely, for a snitchfree open alternative. PDF is an open format, with real alternative apps - Adobe would drive people into the arms of their open competition if they required such spyware.
    • Time to get a better firewall that doesn't ask stupid questions?

      • Re:Open Acrobat (Score:3, Insightful)

        by Doc Ruby ( 173196 )
        What's so stupid about asking whether some doc reader should open a connection to the Net? That's exactly *why* I use the firewall. I could set it to always deny, but I want some apps to notify me when they ask for access, like Acrobat, IE, various Windows processes. Since they're too sneaky to notify me, I have the firewall do it. Just because *you* don't know what your apps are doing, doesn't mean that they're safe.
        • What's stupid is that it _KEEPS_ asking the same question. Should only ask once, with a checkbox to "remember this setting", and then the only way you can change it after that is to go into the firewall configuration dialog.
          • I *does* do all that. But I *want* to be notified when it is asking for permission. Firewalls are really not nearly as useful without monitoring. With this notice, I not only keep secure, but also informed of what insecure operations are being attempted. I've caught and "retired" many apps with this simple technique.
            • Okay, so you don't bother to click "remember this setting" then, since you want to be informed each and every time the same app tries to connect. Nothing wrong with that, of course... it's just that most people are lazier than that and would just as soon explicitly give trust to certain apps.

  • another DRM defeated by the shift key (Score:3, Informative)

    by gblues ( 90260 ) on Saturday April 02, 2005 @08:06PM (#12122705)
    As a long-time user of Acrobat, I know you can disable plugins (which includes JavaScript) by holding the Shift key at the splash screen. Just hold Shift while opening the PDF, and voila.

    Nice try, though!

    Nathan

  • Nothing new. (Score:3, Interesting)

    by mystik ( 38627 ) on Saturday April 02, 2005 @08:08PM (#12122724) Homepage Journal
    There is nothing new about this. We've been (unfortunatly) using 3rd party document encryptor to protect some of our client's documents. Users require a plugin installed, but the document is actually encrypted, no javascript involved.

    The document can be configured to ping the server every time any action on the document is performed. (Printing, opening, etc). The server can decide to deny any action too.

    It does support a one-time-online-to-authorize mode (much like Windows Actvation), but that's about it.
  • so, you can always run a PDF file through a cleanup utility. Stupid idiots...

  • Hardly a breakthrough (Score:2, Interesting)

    by Darkbird ( 173560 )
    My company is already using AlphaMail which does exactly the samething. And my next build of our document delivery system will add javascript to pdfs and webbugs to htmls.

    We're not protecting documents in any way, only capturing the tracking information. A lot of organization don't know that 1 seat license means 1 person and this tracking information would highlight offenders.

    Our subsriptions are 5k+/yearly :-)
    • Web bugs = easily foiled by reading mails as text. Not to mention by rule-based interception on mail malicious code & scripting scanners, if you're a company. We've mainly used them to track (stupid) scammers and email frauds, which is what they're mainly good for.

      As for the scripts, be very aware that, depending on your legal environment, introducing undocumented or unauthorized (assuming you don't clearly state their existence in an EULA or acknowledged contract) means to subvert, say, company netw

  • Don't use a computer without one if you value your privacy.

    Almost *every* app these days does some kind of outgoing communication - whether it's update checking, phoning home, or serial number checking.

    It's trivially easy to configure most reverse firewalls to disallow any outgoing activity from specific apps. For Windows there is obviously ZoneAlarm [zonelabs.com] and others. With OS X, I recommend Little Snitch [obdev.at].

Slashdot Top Deals

You knew the job was dangerous when you took it, Fred. -- Superchicken

Close