Adobe Quietly Monitoring Software Use?

henrypijames writes "For months, users of Adobe Creative Suite 3 have been wondering why some of the applications regularly connect to what looks like a private IP address but is actually a public domain address belonging to the web analytics company Omniture. Now allegations of user spying are getting louder, prompting Adobe Photoshop product manager John Nack to respond, though many remain unsatisfied with his explanation."

Not about spying

[75th Trombone]

To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name, 192.168.112.2O7.net. It's at least meant to confuse unwary users, and possibly meant to confuse misconfigured firewalls.

As someone said on a blog I can't find right now, this is not a story about privacy; it's a story about lies.

Re:Not about spying

[IdeaMan]

Adobe may indeed be the innocent party here, depending on how Omniture code is included into their build.
What I found as a cause for concern is that it is tracking an embedded Opera browser.

If SONY wasn't innocent for what First4Internet...

[Animaether]

..did with XCP, then Adobe doesn't get to claim innocence for whatever the heck the Omniture code is doing.

Um, no, we can't

[Anonymous Coward]

Just because you have issues with Microsoft, doesn't mean you give Adobe a free pass.

As for responsibility.

Analogy: If Ford used a third party airbag in their cars that regularly deployed when you hit 70mph, who would be held responsible? Ford, the third party or both?

Re:

[MightyMartian]

Wasn't this Sony's defense. "Well, it's not REALLY our rootkit."

Let's remember this the next time some turd comes around praising the wonders of Flash.

Don't yet have the full story

[Legionary13]

So far, i have not yet read anything about the transmitted data. Finding that data one would reasonably expect to be private without explicit release would be a serious problem. However, we don't have that - or its opposite. John Nack has given the best generic response that he is able, and I won't know what to make of Adobe's actions until we learn more about the data transmitted, probably next week.
As Trombone says the misleading server name is the issue. As I perceive it, this smells bad. Microsoft-style bad to be blunt.

Re:Don't yet have the full story

[fermion]

It is not a misleading server name, at least not anymore. Cognizant web users know 2o7.net, or whatever, is the cookie tracking site, and mostly blocks them. This company though liegitimate, does smell of sleaze. It was one of the first companies to use such social confusion, replacement of the '0' with 'o' so that in the days when one manually entered the domains to block, they would block the wrong domain. They are legitimate, and companies that work with them are legitimate, but the original sleaze factor is always there, and is obviously going to be transfered to clients.

This then leads to the question of why Adobe is using them for applications, which leads to think what has been aquired in the past year or so. I know. Macromedia. You know, that company that produces complicated resources hogging web content that unlike other resource hogging content cannot be filtered by most web browsers. I had hoped that Adobe might soften the rules and ship a flash player that was less user hostile, but no such new player exists. So, can we presume that instead of the user friendly Adbobe culture positively affecting the old macromedia products, that the end user hostile macromedia culture is infecting the adobe products.

OTOH, this product is a web design product, and most web designers get their money from ad revenue, so I would hardly think that the users of the product would have much problem with working with 2o7, kind of a necessary evil sort of thing. I can't imagine why adobe would use them at the design level, but overall I agree that it will be of no big deal to users of the product. To me, it is another step in the downfall of Adobe.

Re:Not about spying

[Dachannien]

the deceptive server name, 192.168.112.2O7.net

That's the sort of obfuscation we've repeatedly come to expect from purveyors of malware, although normally, malware purveyors take up tactics that target the laymasses rather than the sort of folks who know what the 192.168.0.0/16 subnet is for.

It's almost guaranteed that Adobe was trying to hide something here (to state the obvious). I suppose there's always the possibility that somebody thought they were being playfully clever, but if so, it was done with the same poor judgment one uses if one jokingly tells the TSA guy, "Don't worry, I won't blow the plane up, I promise!"

Re:Not about spying

[BSAtHome]

However, in this case you should block 216.52.17.0/24 to get rid of Omniture...

$ host 192.168.112.2O7.net
192.168.112.2O7.net has address 216.52.17.136
192.168.112.2O7.net has address 216.52.17.207

$ whois 216.52.17.136
[Querying whois.arin.net]
[whois.arin.net]
Internap Network Services PNAP-8-98 (NET-216-52-0-0-1)
216.52.0.0 - 216.52.255.255
Omniture PNAP-SFJ-OMNITU-RM-01 (NET-216-52-17-0-1)
216.52.17.0 - 216.52.17.255

This time

[nurb432]

Even if this gets out, they will just move subnets and still catch 90% of the non technical users.

This really should be brought up to the courts.

Re:

[jo42]

Complain to abuse@internap.com re: that address range as hosting a spyware server...

Re:Not about spying

[pla]

To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name

No. The "biggest issue" here comes from the fact that a software vendor has the arrogance to think they have some "right" to use my network connection in an app having no business connecting to the internet in the first place.

The actual address just raises a few red flags, but I'd consider it just as unkosher if they connected directly to "www.adobe.com".

If they want to download some form of legitimate update or additional content, their bloatware can damned well ask for my permission. Otherwise, I consider this no less than theft of service on Adobe's (or whatever company you want to pick, since we tolerate far too many of them doing this crap) part.



Okay, now cue the trolls and apoligists who will quote part of a EULA that not even its own author ever read.

Re:Not about spying

[tonsofpcs]

I agree, I don't think any application should be using resources on my system without my explicit consent. There is no reason for software to use a network connection without asking me, unless it is software blatantly designed to do so (web browser) - and even those tend to ask me, the default home page for most browsers is a locally generated site. What if Joe User has a limited internet connection that he gets charged by the KB? What if Fred Foobar is using some sort of low bandwidth connection to maintain communication from a remote site and needs 100% of the minuscule bandwidth he has for that communication? There is no reason for software to connect like this.

Re:

[rhizome]

I agree, I don't think any application should be using resources on my system without my explicit consent.

Beyond that, should it be legal for a company to commercially leverage a user's internet connection? If the company derives profit or business intelligence that increases the value of the company's products, where is the consideration for the money that the user pays to their internet provider to subsidize its operations?

Think of it this way: What if you were crossing a toll bridge or toll road, and onc

Re:

[LilGuy]

Under Iowa law this is illegal. Including "spyware" with any product without specifically stating what it is for and how to uninstall it is a felony. Any use of network resources or computer resources without explicit knowledge and approval by the own of the machine and/or network is a felony. Is this covered in the EULA?

Re:

[Anonymous Coward]

Nah. You're not alone. There's a limit to what consumers are willing to sacrifice for even free content. For example, Juno would exchange free ISP for ad sponsored content on your machine. But at least you knew that up front though. Slowly, but surely, all of our machines are becoming internet based Nielsen boxes, without our knowledge.

In part, that's why I switched back to an anonymous account here.

-- Rob Malda

Re:

[bornwaysouth]

Agree. I installed CS3 on Boxing day. Christmas present, to finally update my Paintshop pro 7. I was annoyed to find some hours later that it was 200 megs into a 370 meg download. It may have subtly asked my permission, but it did not flag the size of the download.

Mind you, keeping size a secret seems to be standard for most updates even where permission is asked for. First the language is bungled. They ask for permission to 'install' updates as if it had already been downloaded. Then when you think, "Ok, m

It's about beaing sneaky

[Skapare]

I absolutely agree that the software vendor thinking that they have some right to do this spying is very arrogant and serious. But think about this. The fact that the connection is structured to LOOK like something connecting internally only goes to show that not only are they doing this, but they are doing this with the intent to try to obscure it. It would be one thing if they were on the up and up about it. But they would not need to do this 2o7.net stuff if they were. They could connect to "reg7.adobe.com" or some such name. But no ... they tried to add a layer of obfuscation to it.

They know they are spying on you because they are doing it. But they also know you won't like it. And that is obvious from the effort to hide and obscure it. Doesn't that make it at least twice as bad, if not triple or worse?

Re:Not about spying

[Anonymous Coward]

> To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name, 192.168.112.2O7.net. It's at least meant to confuse unwary users, and possibly meant to confuse misconfigured firewalls.

As per "Rules of the Internet: Rule 34: There is Porn of it, no exceptions", and "Rule 35: If there is not porn of it, porn will be made of it".

I hereby propose two new rules for malware:

Rules of Malware: Rule 34: The presence of a zero in your domain name is a prima facie indicator of spyware/spamware/shitware/malware sponsored by a "reputable" vendor, aka "mainsleaze".

This heuristic has held true ever since mainsleaze spammers started flinging shit at me from "m0.net" back in the 90s. (Funny m0.net story - my bank ignored me, but my broker amazingly dropped m0.net after I pointed out that all their client communications were being preemptorily-treated as phishing attempts, and that if they didn't start sending client communications from machines under their own domain I'd transfer my own account. My own account means jack and shit to 'em, but I obviously wasn't the only one enraged by this, and kudos to the broker for realizing they had to dropping m0.net like the spamhaus it was.)

Rules of Malware: Rule 35: In the event of unknown software that violates Rule 34 via the replacement of a zero or one with a "l" (ell) or "o" (oh), it's still mainzleaze malware.

I further propose that 2o7.net be the canonical example of Rule 35 of Spyware.

Ever since Photoshop (6? 7?) phoned home on install, I haven't trusted them and crossed 'em off my vendor list. Giving PDFs the ability to be exploited by Javashit, and the attempt to ubiquitize something as exploit-prone as Flash's runtime, I've been gratified to see that my lack of trust was well-founded. Fuck Adobe.

Re:

[betterunixthanunix]

Ultimately, however, the issue is that nobody except the developers of this product actually knows what the purpose of those connects is. Is it really just for quality tracking and product news/offers? Is it possibly also for the purpose of stopping copyright infringement (that is, illegal software use)? Is it sending your actual activities to Adobe?

This is probably innocuous, but who knows? This is what happens when software is distributed only in binary form -- users pick up on something suspicious,

Re:

[jimdread]

Suppose you discovered that GIMP was connecting to a strange looking host -- what would you do then?

Edit the source, remove the code that makes it connect to a strange looking host, recompile GIMP, and release a patch for others who don't want their software doing strange things.

Consequentialism? Puh-leaze!

[BorgCopyeditor]

Now, by "foreseeable consequences" do you mean those that are accurately predicted, or those that can be reasonably expected. If it's the latter, then you're not really a strict consequentialist. If it's the former, then you can hardly make any moral judgments at all (given how indefinite the chain of consequences of a given act is).

Re:

[fm6]

Like in the dictionary: "being such as may be reasonably anticipated" (Merriam-Webster). So I guess I'm a "strict consequentialist". Congratulations on finding a pretentious label for my opinion, but no points for actually contributing to the discussion, since you forgot to explain why "consequentialism" is such a bad thing. Let's hear it in your own words please; I'm bored with people who can't defend their opinions.

Re:

[DeadChobi]

I think he said it in his post. Let me repeat what he said, because I'm a whore. Strict Consequentialism is an untenable moral stance because it is impossible to predict all the consequences arising from a single action. Thus, what you might think of as a "little white lie" may actually result in some catestrophic life changing event for someone else. The tragedy of your moral stance is that you would not care because to you nothing bad happened as a result of your lie.

Re:

[adminstring]

It can go even further: an act which, as far as you can tell, is purely beneficial may end up having negative consequences. You could help an old lady across the street and she could therefore avoid getting run over, and two weeks later she might introduce two people who end up being the parents of the next EVILPERSON$. So unless you are willing to put a limit on the length of the chain of consequences you consider, you end up being unable to make any moral decisions, because any seemingly good decision c

No explanation is a good explanation.

[solios]

Simply put, the only things on my machine that should phone out should be voluntarily invoked by me - the user. Namely the web browsers, software update, ssh, etceteras.

Adobe's behavior of late (and it will only get worse) is why applications like Little Snitch [obdev.at] exist.

This kind of thing is why I wish The GIMP [gimp.org] or similar would get useable* for those of us with hundreds of gigs of Photoshop documents.

* Open, Save, full support for all blending modes, masking modes, layer groups, and fonts/text editing capability up to at least Photoshop CS. I don't need the thing to handle Exactly Like Photoshop, but if it's going to be the "photoshop competitor" every FOSS advocate claims it is (instead of, say, the Paintshop Pro competitor that it actually is), then it ought to at least be able to handle my existing documents as well as OpenOffice handles .doc files.

Re:

[Anonymous Coward]

> but if it's going to be the "photoshop competitor" every FOSS
> advocate claims it is (instead of, say, the Paintshop Pro
> competitor that it actually is), then it ought to at least
> be able to handle my existing documents as well as OpenOffice handles .doc files.

Dude,
suck it up. You chose a product which uses a proprietary format for
storing data. Nobody held a gun to your head and told you to use it.
If you don't like the fact that you paid and are still paying Adobe
to bend you over a barrel an

Re:

[setirw]

I usually don't feed trolls, but I feel like wasting a few minutes of my time...

The nature of the computer graphics app forced him to use a proprietary format. Too many people confuse the ills of "proprietary" formats with the ills of "arcane" formats. Like it or not, PSD is the industry standard, and it's only logical that he (and 99.99999% of digital artists) use it.

Now, if he had saved in some odd SGI format circa 1990, I'd agree with you.

Re:

[solios]

Indeed.

Pity those who have material locked up in SCITEX and other deceased formats.

I love how the FOSS community embraces .doc as a Necessary Evil, but totally froths at the mouth with .psd. Bit of a double standard if you ask me. :)

Re:No explanation is a good explanation.

[sakusha]

Now, if he had saved in some odd SGI format circa 1990, I'd agree with you.

Gee, it's funny you mention that. A long time ago, maybe Photoshop 2.0 era, I had a client who liked to submit files in .sgi format. He worked on an SGI Irix or something, he didn't have any way to convert them to something I could read.
So I emailed John Knoll to ask how I could read .sgi files in Photoshop. He wrote back and asked for a sample .sgi file for testing. I sent him one, and the next day, he emailed me a brand new .sgi file import plugin. I was amazed, so I emailed him back that I couldn't read Scitex CT files either. He wrote me a plugin for that too, same 24 hour turnaround. They were both publicly released through Adobe.
I don't see any .sgi support in the current CS3 release, but that's probably because it's deprecated. It does have Scitex CT support, though.

Re:

[Anonymous Coward]

> Dude,
> suck it up

Exactly the reason why FOSS gets a bad rap. Advocates would rather tell people why they're stupid, wrong, made a mistake, unethical for using proprietary software, etc. instead of just providing products that people want. The way to convert people is not to tell them, "you put yourself in this mess", the way to convert them is to provide an easy way out of their mess.

Fuck your holier-than-thou mindset, it's not helpful to anyone.

Re:

[solios]

Precisely.

I use Photoshop because for my needs it Sucks Less than the alternatives. I'll switch to the GIMP when it Sucks Less than Photoshop. The fact that one is free and the other costs hundreds of dollars isn't a factor here. Neither is the "ethics" of free software and open formats. The fact is that FOSS has yet to produce an image editor that Sucks Less than commercial equivalents for my needs. My needs are not simple basic image editing. My needs are industrial strength heavy lifting and a repl

Re:No explanation is a good explanation.

[STrinity]

It would be helpful for your and your anyones (who make stupid choices, repeatedly) were to vanish from existence, by murder if necessary. I would breath easy knowing the positive direction society would make on that day.

What would you suggest we do with people who don't know the difference between "breath" and "breathe"?

GIMP vs Paintshop PRO or Photoshop

[sd.fhasldff]

if it's going to be the "photoshop competitor" every FOSS advocate claims it is (instead of, say, the Paintshop Pro competitor that it actually is

GIMP *is* competing primarily with Photoshop. This isn't a matter of which commercial application's feature set it most closely resembles. It's a matter of what users actually USE.

Photoshop is the default application for doing any kind of drawing or photo editing. It might be total overkill, it might not be the best choice or whatever, but that's irrelevant. Ask yourself this instead: How many people do you think PAY hundreds of dollars for Adobe Photoshop for their own personal at-home use?

Face it, Photoshop is the standard because it's pirated so much. This isn't a question of "lost sales", since 90% of Photoshop pirates (and I'm extrapolating from people I know of, so flame away) wouldn't DREAM of laying down that amount of cash. If they were forced to go legal, they would probably buy Paintshop Pro - an application that probably suits their needs much better anyway. (So if anyone is losing sales when Photoshop is pirated, it's probably Corel).

To summarize: GIMP competes primarily with *illegitimate* Photoshop users.

Re:

[MMC Monster]

Don'y knock PaintShop Pro (PSP). Last time I used PSP (v9), it did a hell of a lot more than The Gimp does now.

Re:

[solios]

I haven't used it, to be honest. But I've talked to people who have and from our discussions I came to the conclusion that the GIMP is closer in functionality to PSP than it is to Photoshop - regardless of how close it gets to either. :)

Re:

[pembo13]

I guess this is why some people are religiously against non-OSS. When you tire of your vendor, you can't simply drop said vendor because of all the data you have in their (often) closed formats.

Rushing to defend PSP

[Joce640k]

Paint Shop Pro 9.0 is much better than the GIMP (which is a total mess if you ask me).

Paint shop Pro 10 was where it all went badly wrong. Corel bought it out - and we all know what happens to things that Corel buys. You think Adobe downloading advertising is bad? Online registration an invasion of privacy...? PSP 10 required you to create a "Corel Web Account" and then "log in" before it would even run.

PSP 9.0 though? A fine piece of software. I'm still using it.

Re:

[solios]

I hear that.

I used Photoshop 5.5 since its release. OS X 10.5 and Apple's move to Intel processors has forced me to upgrade - if it wasn't for that, I'd still be slogging along running Classic on top of OS X. PSCS has added a couple of things I like, but overall most of the bullet-point features are largely unused. I haven't heard anything "bad" about CS3, but I haven't heard anything good, either - this is the first point in favor of NOT ugprading.

(and for those who are all OMFG WHY U NOT PHOTOSHIP IN

Bad assumption.

[Anne Honime]

I don't need the thing to handle Exactly Like Photoshop, but if it's going to be the "photoshop competitor" every FOSS advocate claims it is [...]

I won't speak in the name of others, but clearly The Gimp is not a competitor to photoshop. If PS was to be competing against The Gimp, Adobe would have to release native file format information, plus access to the code. For those among FOSS supporters like me, failing on both counts is a total show stopper for even considering a switch, much like the burden of your previous work is to you.

The Gimp is like the plank cabin you build on your grounds : there might be holes, it might not be completely comfortable, and the roof might even leak, but nevertheless, you're the king in your own private kingdom, because you're considered to be the owner of the place. PS is more like a rented flat : nice view, good furnitures, central heating, but if your landlord happens to be a complete moron, and suddenly decides to lock all the doors at 9 pm, you're fscked, and either you're in by the curfew, or you're homeless for the night.

You decide what's acceptable to you.

I don't know about you, but....

[raehl]

I'll take the roof that doesn't drop cold water on me throughout the night.

Let me know when I can be master of a kingdom with a roof that doesn't leak.

Re:

[JohnBailey]

What a DUMB analogy. If my landlord decided to lock me out by an arbitrary curfew, I would make two calls: One to the police, one to a locksmith. When I rent an apartment I *do* have rights.

And how about when you rent... sorry.. License software? To continue with the analogy, what if the government decides to remove your rights as a tenant?

So the landlord can increase your rent. -- Charge more for the next version while phasing out support for the current version.

Do repairs when they feel like it, while forbidding you to do any repairs or decorating. And opting out of any liability when their unqualified cousin rewires your flat and you electrocute yourself. -- Refusing access to the source c

Re:

[padonak]

Update: Apparently it's now called Sunbelt Personal Firewall [sunbelt-software.com] or something like that.

Not firewall related

[addikt10]

There isn't a single firewall that I've ever worked on that could possibly be misconfigured in such a way as to "accidentally" allow traffic to this domain to pass.

Web Proxy? Yeah, OK, maybe, but even then it is a reach...

Re:

[olddoc]

I agree. Two Oscar Seven .net is not a local ip address.
I also agree that Adobe looks like a sleazy scammer who tells me to click on Bankofamerica.com.cn

Re:

[SleepyHappyDoc]

You sure? Back when my home network was simpler, I had a high-up firewall rule to allow all traffic from/to 192.168.*

I would have been tripped up (fortunately, my network is much more complex now, and this hole no longer exists for me).

Re:

[Antique Geekmeister]

It's designed to confuse log analyzers and casual log readers, not sneak past firewalls.

2o7.net *Not* 207.net

[Zymergy]

Clarification: That is ...'2o7.net' as in 'Two-Ocsar-Seven.net' *NOT* 'Two-Zero-Seven.net'

The Opt-Out "Explanation" page is here: http://www.omniture.com/privacy/2o7 [omniture.com]

Still, the dubious address http://192.168.112.2o7.net/ [2o7.net] appears to be some variation of Social Engineering. http://en.wikipedia.org/wiki/Social_engineering_(computer_security) [wikipedia.org]

This might explain some of Adobe's seeming software bloating (like Acrobat Reader, etc...) http://www.google.com/search?hl=en&q=Acrobat+reader+bloat [google.com]

Re:2o7.net *Not* 207.net

[ASkGNet]

I've sniffed the data sent to that address. It includes the serial number of the software:

GET /b/ss/mxcentral/1/F.3-fb/[sn-here]?[AQB]&purl=mm&pccr=true&c2=dw&c3=9.0&c4=win&c5=en&c6=full&c7=&c8=&c9=dw_9.0_win_en_full__[AQE] HTTP/1.1
Referer: http://www.adobe.com/startpage/dw_content/dw_90_full_default.swf?prod=dw&ver=9.0&plat=win&lang=en&stat=full&tday=&spfx=&productName=dreamweaver [adobe.com]
x-flash-version: 9,0,45,0
User-Agent: Shockwave Flash
Host: 192.168.112.2O7.net

and returns a 2x2 pixel blank GIF.

Re:

[prichardson]

GIF have their length defined at the start of the file, and bits after that length are ignored. Perhaps there's some hidden data at the end of the file? Try opening it in a hex editor.

Re:

[Kris_J]

If it includes the serial number of the software in the format needed during installation, then I hope nobody has an ISP with underpaid staff that can access the logs for their transparent proxy.

Re:

[risk one]

Ok, so adobe checks which IP's are running products with cracked serials. They're not the first to do this. Like most companies that do it, they're probably just sitting on the data for now, using it for analysis, or just waiting for the rules to change a bit.

It's not unthinkable, though, that they've implemented so me sort of code based on what's in the GIF. They probably send back a GIF to make the communication look more inconspicuous (I've seen apps taken layout elements from the web before), but I wo

Re:

[gordguide]

" ... They probably send back a GIF to make the communication look more inconspicuous ..."

Sending back the .gif file is a way to make sure you are a "real computer" at the particular address their "phone home" data says you are at. If you were spoofing the address, the gif file would not make the trip, so to speak, and they would know that.

They don't really "send back a gif", per se. They send the url to the gif to your computer, your computer goes to the url to fetch the gif, and ... bingo. There's proof.

Re:

[klui]

They probably go to the same company:

Pinging 192.168.112.207.net [216.52.17.207] with 32 bytes of data:
Pinging 192.168.112.2o7.net [216.52.17.136] with 32 bytes of data:

Re:2o7.net *Not* 207.net

[azrider]

Omniture's Opt-Out Policy:

We offer visitors to certain of our customers' websites a means for controlling the use of session information with respect to the Omniture SiteCatalyst, Omniture DataWarehouse, Omniture Discover and Omniture SearchCenter products using cookies set from Omniture's 2o7.net domain (i.e. that use the 2o7.net cookie to facilitate data collection). If, at any time a customer's website visitor does not wish to allow his/her session visitation information to be aggregated and analyzed by Omniture on such customer sites, he/she may utilize the following opt out mechanism. For customers that use non-Omniture cookies to collect data on their websites, please review the privacy disclosures of such customers for specific details on any and all applicable opt outs on such sites.

It was noted in one of the linked articles that the opt-out action sets a cookie on your machine. If you delete this cookie, you have just opted back in.

So let me get this straight. In order to tell Omniture not to do anything on my machine, I have to give Omniture access to my machine. What sort of half-assed policy is this?

Phisher's Delight

[bobdotorg]

In an updated post:
http://blogs.adobe.com/jnack/2007/12/whats_with_adob.html [adobe.com]
the Adobe guy says:
the objections seem to center not so much on whether Adobe apps are contacting a server, but rather that the server is named "192.168.112.2O7.net,"

Note the letter O instead of a zero. 2o7.net is registered to Omniture.

WTF? If Little Snitch told me that some app was trying to connect to 192.168.112.2O7.net I would assume it was compromised, and would be debating a complete clean system reinstall of OSX.

192.168.112.2O7.net? Masquerading as an IP from my home DHCP server? Are they serious? From Nigeria? Romania?

Again, WTF?

P.S. for those of you who have not set up a LAN, 192.168.xxx.xxx is typically an IP address for an internal LAN, not something out on the Web.

Re:Phisher's Delight

[ScrewMaster]

P.S. for those of you who have not set up a LAN, 192.168.xxx.xxx is typically an IP address for an internal LAN, not something out on the Web.

More to the point, the 192.168.x.x address range is one of several that are specifically intended to be non-routable on the Internet. Many people know this, even those who aren't otherwise that network-savvy. This is a blatant attempt to make the address appear safe ("well, I dunno what it's doing, but at least it's only sending to address on my LAN!") Not what one should expect from a major software house, but unfortunately, it is what we are all coming to expect from everyone in the business. Doesn't much matter what they're actually sending to Omni-whatever ... the fact that they're sending anything at all is very bad. Nothing on my system is their business, unless I say it is. Period.

You know, this reminds of something that Jack Valenti once said (about the only thing that sociopath ever said that I agree with): "Just because technology lets us do something, it doesn't mean we should." Now, he was referring to the copying and downloading of DVDs, but his point is still valid. We're seeing too many companies set up to serve larger organizations (Omniture, MediaSentry) using the Internet in unethical if not outright illegal ways. Presumably, this is so the corporation hiring them (in this case, Adobe) has some plausible deniability.

Re:

[DaveWick79]

For one, sending a software serial number, unencrypted, over the internet in plain text is hardly protecting investment, it's almost encouraging piracy using that serial.

Secondly, while not immoral, phoning home is widely considered unethical, especially when it is without the user's knowledge or consent. The EULA is no place to put this, everyone knows that nobody reads these and hiding behind those is just begging for a class action suit.

There are other ways to verify software - look at Microsoft's activ

Re:

[ScrewMaster]

What's interesting about Adobe is that they already have a Microsoft-style activation process (obnoxious as such things are) so they really have zero excuse for any additional monitoring. They also use that goofy FEAD recomposer to help protect against cracking (not that it appears to have helped.) In any event, I disagree with the GP that it is reasonable for Adobe (or any other company) to use customer resources to protect their intellectual property, to mitigate the effects of piracy with unauthorized co

Re:

[Neil Hodges]

DNS names are case-insensitive, though.

Re:

[Spad]

No, he means Two-Zero-Seven.net resolves to the same IP as Two-Oscar-Seven.net

might not be Adobe misleading...

[Junta]

It's not necessarily adobe's fault that the address is misleading. Who knows what the code is calling the address, and the filtering application doesn't know either, it just reverse lookups the IP address and gets that answer from DNS. However, the response isn't that reassuring 'why, of course we do it, shut up, big deal, we act just like a web browser does when you connect to our site, so what's the big deal?' ignoring the fact that people aren't explicitly trying to use a web browser, they're rying to

You missed my point..

[Junta]

My point was that hypothetically, a reverse dns lookup for an third party's ip address could be misleading without the knowledge of the first party. You sign up for a service with me, and you use www.analytics.example.com as the calling address. Later on, I decide I want to be sneaky, and the reverse lookup for www.analytics.example.com becomes 10.117.1.2O.example.com. Is it your fault I did that? Not really. This isn't the case in Adobe's example, now that I've looked at it, but it's a plausible scena

This is very common

[no-body]

that any application you downloaded and installed calls "home" over the Internet in some way or other without common users even noticing it.

I have an old version of Kerio (very sorry that it vanished) which serves very well in putting every attempt of programs to go out on the network on display.
Recent discoveries: a PDF printer driver "calls home" every time I print a document through it.

Adobe (reader) is pretty bad in checking for updates or whatever it tries to do on the Internet and M$oft of cause alway

Re:This is very common

[ptbarnett]

M$oft of cause always accesses some port 123 when starting XP.

Port 123 (both UDP and TCP) is the NTP port.

Double-click on the time on the right end of your taskbar to open the Date and Time Properties dialog box, then click on the Internet Time tab.

I believe it defaults to time.windows.com. I change mine to us.pool.ntp.org.

Re:

[no-body]

my goof & paranoia = regrets

Re:

[xMilkmanDanx]

Kerio still has a firewall, though I believe they're part of sunbelt software now and you have to search a little to find their free version.

Opt-out site

[seer]

http://www.omniture.com/privacy/2o7#optout [omniture.com] This is the site to install an "opt-out cookie". I'm going to go ahead and guess it might help to visit this site within the embedded Opera browser in CS3. Who knows where that thing keeps it's cookies. Granted, getting this info from a comment on a post to a blog is not the way to have a good opt-out policy. Something in the installer would be nice.

Firewall

[QuoteMstr]

# Block access to Omniture -- spyware vendors
block from any to 216.52.17.0/24

They can change the IP address

[Skapare]

They can change the IP address since they are using a hostname. You need to also add the domain name "2o7.net" (you know, number two, letter oh, number seven, dot net) as a zone in your resolving/caching DNS server, with a wildcard labeled "A" record pointing to somewhere that will be a dead end under your control, like 127.0.0.1.

Re:

[QuoteMstr]

True, but this blocks their entire netblock. It'd be slightly more difficult for them to change /that/. Blackholing the DNS is on the list though.

Adobe needs competition.

[owlnation]

Competition. That's the only solution to this. Adobe has become a very arrogant and supply-side centric company over the past few years. Or rather, an even more arrogant company than it always was.

It has almost no competition in most markets it trades in. Where it did have competition, it bought it out with the Macromedia purchase. That's a problem. It's not just this privacy/lying issue, it's price fixing, it's bloated features, it's the product delays (the universal binary versions), it's the (a la Microsoft) packaged versions that make it hard to get standalone versions.

I use Adobe Software every day (always firmly controlled by Little Snitch from install I may add). I don't like using it, it is not the best they can do, but it is the best available. I use it, but I will jump ship tomorrow.

I really, really, really want to use products from a better company. Surely there MUST be developers out there who can make better products than Adobe.

Re:

[Skapare]

Surely there MUST be developers out there who can make better products than Adobe.

Yes there are. But until we ditch our monopoly-centric competition-busting big-business-oriented lawyer-profiting patent system (and all the patents issued under it), and adopt one that does not award patents to anything even remotely obvious, or anything that someone educated and experienced in the field could come up with if asked to, it will be very hard to produce such competitive software products.

FYI, the kind of pa

Re:

[mobby_6kl]

> patent [..] patents [..] patents [..] patent [..] patents [..] patent [..] patent

Richard Stallman, is that you?

Re:

[99BottlesOfBeerInMyF]

I really, really, really want to use products from a better company. Surely there MUST be developers out there who can make better products than Adobe.

If you're looking to replace Illustrator, try Inkscape [inkscape.org].

If you're looking to replace Framemaker, MadCap is releasing Blaze [madcapsoftware.com] very soon.

If you're looking to replace Adobe Acrobat Pro, there are about 10 different companies with products on the market.

If you're looking to replace InDesign, you could try Quark (but I'm not sure I'd recommend it).

If you're looking to replace Dreamweaver, there are several comparable editors depending upon your needs and platform

If you're looking to replace Photoshop, you ca

EULA

[slashdotmos]

I didnt see it posted and I dont read most EULAs, but as long as this has a line about the 'phoning home' process then all is ok. Now if they never post anything in the EULA then that is a big problem! You accept anything the software does when you click I agree. You dont have to agree and use the software. Anytime I think about EULAs, I think they are made to legal like that noone is going to read it and those that do will most likly just say 'yea whatever, i want to use the software'. Which reminds me of the one software that had a written reward in the EULA and after like 5 years (or longer, i dont remember) and a lot of users some guy saw a lil statement that said the the effect 'email us this code and we will send you $5000'

Local apps shouldn't secretly access the Internet

[dpbsmith]

This seems so simple.

If Adobe and other companies want to retain their paying customers' trust, their applications shouldn't be doing unexplained things behind the user's back.

If they want to pop up a window saying "To insure better product quality, we would like to have this application send information to internet address thus-and-such. To read a detailed description of the information we send and how we use it, press 'details.' To allow us to do this, press 'allow.' If you do not want us to do this, press 'no,'" then everything would be cool.

But if an application does stuff we don't expect it to do, and they don't even mention it in advance, it's not terribly paranoid to assume that the reason is that they're doing something they don't want us to know about.

Firewall, anybody?

[garry_g]

Even having nothing to hide (read: de-centralized backup copies) and using mostly Linux, running a personal firewall that not only controls incoming, but also outgoing software is a total must nowadays. For Windows, there are several, even freeware (e.g. Ashampoo does a pretty good job), or things like Apparmor under Linux ... So with any program suddenly requesting internet connection, just deny it once, or for good ...

I guess that's the curse of the ever-growing number of always-on internet users ... gues

Who will be the first to register ad0b3.com?

[Skapare]

Who will be the first to register ad0b3.com? Or maybe 4dobe.com or 4d0be3.com?

People run their machines with default HOSTS?!

[Tumbleweed]

Please do yourself a favour and download this HOSTS file:

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]

And use it. That domain has long since been blocked. Jeez, people. Old news.

value but no payment

[wikinerd]

So, not only users pay for Adobe products, not only these products are closed-source, but the user is also feeding the business of a profit-making analytics company as well as helping some marketing guys in Adobe justify their bonuses without the user getting any payment. User software usage data have value, so why should the user give up their usage data with no payment? Why should Adobe users give all this value for free without something in return? We do this with free software like Gimp (via ingimp [ingimp.org]),

metered connections

[wikinerd]

Some Internet connections are metered, usually based on the data volume (per kb). If Adobe uses your network connection to transmit data, then this means that some bandwidth (however small) that you pay for is wasted, especially if one is using an Adobe program a lot. Yes, it may be only a few bytes, but the principle holds true: Adobe may be using some of your metered Internet connection. Is this explained in their agreement? There are a lot of reasons why one should dislike this, apart from privacy.

I wouldn't call it quietly...

[LilGuy]

I noticed something odd from the first moment I fired up CS3 and tried to create a new image. It hung for a few moments and then I noticed some heavy network use. This happens every single time I fire up CS3. I knew about this quite a while ago, but never did sniff to see what exactly was happening. I did disable my network connection once to see if it would still allow me to create a new image, which it did.

on my "personal" computer!

[blankoboy]

I purchase software that is intended for a particular use on my "personal" computer (whether it be PC or Mac). I do NOT purchase software so the vendor can track my usage, include 3rd party tool bars or other. Software that is not network related should not have any network component involved whatsoever. Why should image editing software have any network functionality whatsoever, I am not forking over my hard earned $$ for this. If I want to download and install an update you can notify me via email or other, I don't want your app dialing home to check for an update and checking my system stats and usage.

Software companies are now clearly overstepping the boundaries of acceptability. This has behavior subtly creeping it's way into applications in recent years. They start with the "do you want to this application to check for updates automatically"? Then comes "activation", then 3rd party bundled toolbars - Acrobat reader, among many other non-Adobe apps come with opt-in 3rd party toolbars which you can opt out of but WTF is it doing there in the 1st place? I won't install any app that has such software bundled in for fear that it's doing something despite my opting out of the toolbar.

These companies will not learn their lesson and back off until we have sufficiently voted with our wallets. I will say that Adobe will never again get a dollar out of my wallet.

John Nack is an arrogant ass

[Coward Anonymous]

He may be a great program manager but if I were Adobe I would stop him from blogging as quickly as I could. Here are some choice quotes from his responses to user comments. With responses like these I wouldn't believe anything he has to say:

[Are you saying you can't figure out how to remove applications? That's really saying something. --J.]
[You're a complete moron, and I don't have time to bother poking holes in your litany of ridiculous assertions. --J.]
[Sorry to hear that things aren't going well, Ryan. Have you called tech support? If not, why not? --J.]
[What sucks is how gullible, lazy, and reckless people prove to be. --J.]


And on and on it goes...

Good justification for a crack

[EdIII]

This is why I only use cracked software. Even if I purchase the software, which all of mine actually is, i run it cracked with lot of firewall rules.

I have never trusted any software company that attempts to make an outbound connection for ANY reason. Certain programs being an obvious exception like web browsers.

The fact that behavior like this is now coming from Adobe provably, is no surprise to me at all. Adobe has been almost militant in it's defense against piracy. If they had their way, all computers would be hooked up to a central database and run only authorized code decided by a "high council" of software developers.

I know some may say that the "jury is still out", but I don't believe that any of this was done without Adobe's knowledge or consent. After all, any software developer would be stupid and negligent if it subbed out development work or services to a 3rd party without verifying the functionality of the code or auditing the services.

In any case, for a company with Adobe's reputation, this is very damaging.

Re:

[Wonko the Sane]

This site [mvps.org] is targeted at windows users, but it is applicable to almost any OS. Download their hosts file and append it to your /etc/hosts file. (unless OS X puts that file in some other location)

Re:

[jaredmauch]

Easiest way is to set up a dns zone for 2o7.net with a * in it pointing to 127.0.0.1. I do this, not because the tracking stuff of the various websites, but because their servers are slow, and much like the slow web-ad servers that make your web browsing painful, 2o7.net does nothing but bring down your page load time.

If you have a squid or similar proxy setup, just block 2o7.net in there. If you're willing to spend some time with your osx box, install squid, and put all your stuff through it and watch

Re:

[causality]

would using Squid offer any advantages over using, Little Snitch for such purposes?

Well, Squid is a Web (TCP port 80 and friends) proxy only, whereas Little Snitch is a general monitoring app that can alert you to just about any outgoing traffic much like an outgoing firewall. So, they would work well when used in combination, since Squid can be used to control HTTP traffic in very specific ways beyond "is application X allowed to connect to site Y?" Not to mention that with a Web browser, of course you

Re:

[owlnation]

In OS X, is there an easy way to block all outgoing communication to *.2o7.net?

Get Little Snitch, it's a wonderful little app. And it's essential if you are running anything Adobe.

Re:

[canuck57]

Blocking 2o7.net is relatively easy if you have a DNS and/or firewall. I have been blocking 2o7.net both privately and professionally for years as this is hardly the first time 2o7.net has been involved in surveillance of users, in fact it is what they do.

If you have DNS, create a zone file db.2o7.net, db.2o7.com and other tracking domains. In the zones, resolve a wild card address to 127.0.0.1. By putting it in your in-house DNS you can black hole their domains. Also consider reverse zones, as a looku

Re:

[smoker2]

What's wrong with the hosts file ?
1 line and you're done :

127.0.0.1 2o7.net 2o7

Re:

[prshaw]

Is this a reasonable answer to someone who may just use the computer to edit their photos for publishing and checking email? Is this a good way to respond to someone asking for help with their router?

You are saying they need to learn more about their router, and yet when they asked about it you say they should not be using their computer because they don't know the answers. They are damned if they do and damned if they don't.

Re:

[causality]

Is this a reasonable answer to someone who may just use the computer to edit their photos for publishing and checking email? Is this a good way to respond to someone asking for help with their router?

I wish this were a reasonable thing to say, but due to the realities of how often hosts are compromised "is having your data or your identity stolen, participating in a botnet, and having your computer spied on a reasonable price to pay for just using the computer to edit photos and checking e-mail?" is unfor

Minicity troll, don't bother.

[ScrewMaster]

Bugger off.

Re:

[Antique Geekmeister]

Hello, editors of Slashdot? The faked URL's to Minicity are a continuing problem. Can you arrange to add a new moderation categary of "Minicy", or "fake URL", because they're really a pain.

Re:

[Spad]

Because nobody should have to.

Remember the good old days when you didn't have to monitor every single application on your PC to ensure that it wasn't sending back personally identifiable data to some random 3rd party?

Re:Why is this an issue?

[vertinox]

Anyone with a (personal) firewall can control this "phone home" behavior.

And everyone should have locks on their doors.

But its still going to piss me off if I come home and forgot to lock my doors and you're sitting on my couch eating my milk and cookies.

Re:

[Actually, I do RTFA]

Do the XP/Vista firewalls ask you the first time an app like this tries to make an outbound connection? Can you set them to or do you need to install a 3rd party firewall?

In XP it is either on by default or I turned it on so long ago I forgot how. I believe you can also give blanket permission for any app to use a specific port for UDP or TCP transmission. I think you can even combine these (Adobe can use port XXX because that is how I get updates, but not YYY because that connects to marketing.)

I would

Re:

[Jerry Rivers]

"Don't use Adobe."

And what are the alternatives? Gimp? That's not a professional quality app yet and doesn't support CMYK. Quark XPress for page layout? OK for legacy files, trying hard to stay in the game, but has fallen out of favour with many agencies, designers and commercial printers for a variety of reasons. Freehand for vector work? That's owned by Adobe now so you might as well use Illustrator (which Adobe would prefer you do) unless you want to try and get away with an app that has basically