Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adobe Quietly Monitoring Software Use?

Zonk posted more than 6 years ago | from the probably-not-that-big-a-deal dept.

Privacy 304

henrypijames writes "For months, users of Adobe Creative Suite 3 have been wondering why some of the applications regularly connect to what looks like a private IP address but is actually a public domain address belonging to the web analytics company Omniture. Now allegations of user spying are getting louder, prompting Adobe Photoshop product manager John Nack to respond, though many remain unsatisfied with his explanation."

cancel ×

304 comments

Not about spying (5, Interesting)

75th Trombone (581309) | more than 6 years ago | (#21851418)

To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name, 192.168.112.2O7.net. It's at least meant to confuse unwary users, and possibly meant to confuse misconfigured firewalls.

As someone said on a blog I can't find right now, this is not a story about privacy; it's a story about lies.

Re:Not about spying (5, Interesting)

IdeaMan (216340) | more than 6 years ago | (#21851438)

Adobe may indeed be the innocent party here, depending on how Omniture code is included into their build.
What I found as a cause for concern is that it is tracking an embedded Opera browser.

If SONY wasn't innocent for what First4Internet... (4, Insightful)

Animaether (411575) | more than 6 years ago | (#21851478)

..did with XCP, then Adobe doesn't get to claim innocence for whatever the heck the Omniture code is doing.

Re:If SONY wasn't innocent for what First4Internet (0)

Anonymous Coward | more than 6 years ago | (#21851496)

Until Adobe make a console that's preventing Microsoft from extending their monopoly to another industry, I think we can all give them the benefit of the doubt.

Um, no, we can't (5, Insightful)

Anonymous Coward | more than 6 years ago | (#21851736)

Just because you have issues with Microsoft, doesn't mean you give Adobe a free pass.

As for responsibility.

Analogy: If Ford used a third party airbag in their cars that regularly deployed when you hit 70mph, who would be held responsible? Ford, the third party or both?

Re:Um, no, we can't (0)

Anonymous Coward | more than 6 years ago | (#21851996)


As for responsibility.

Analogy: If Ford used a third party airbag in their cars that regularly deployed when you hit 70mph, who would be held responsible? Ford, the third party or both?

Definitely the correct interpretation,

This falls squarely under the rubric of, "... and the horse you rode in on."

Re:If SONY wasn't innocent for what First4Internet (0)

Anonymous Coward | more than 6 years ago | (#21852064)

These are two very different things. Sonys rootkit caused real and lasting damage to users systems and is illegal under the criminal
laws of most nations. This is a common piece of spyware. While morally repugnant it cannot be compared to the act by Sony and causes no damage
(necessary for breach of the Computer Misuse Act 1990 in the UK) - http://en.wikipedia.org/wiki/Computer_Misuse_Act_1990 [wikipedia.org]

It's not helpful to conflate this with ordinary spyware - http://en.wikipedia.org/wiki/Spyware [wikipedia.org]

Not defending this behaviour of course, in fact since these companies have elected to break the law I have no moral compunction advocating someone write a DDOS virus to reduce Omnitures servers to a smouldering pile of silicon dioxide. Any corporation attacking public and private computer systems for their own profit motives is entering a battle they will lose.

Don't yet have the full story (5, Insightful)

Legionary13 (607355) | more than 6 years ago | (#21851466)

So far, i have not yet read anything about the transmitted data. Finding that data one would reasonably expect to be private without explicit release would be a serious problem. However, we don't have that - or its opposite. John Nack has given the best generic response that he is able, and I won't know what to make of Adobe's actions until we learn more about the data transmitted, probably next week.
As Trombone says the misleading server name is the issue. As I perceive it, this smells bad. Microsoft-style bad to be blunt.

Re:Not about spying (4, Insightful)

Dachannien (617929) | more than 6 years ago | (#21851492)

the deceptive server name, 192.168.112.2O7.net
That's the sort of obfuscation we've repeatedly come to expect from purveyors of malware, although normally, malware purveyors take up tactics that target the laymasses rather than the sort of folks who know what the 192.168.0.0/16 subnet is for.

It's almost guaranteed that Adobe was trying to hide something here (to state the obvious). I suppose there's always the possibility that somebody thought they were being playfully clever, but if so, it was done with the same poor judgment one uses if one jokingly tells the TSA guy, "Don't worry, I won't blow the plane up, I promise!"

Re:Not about spying (4, Informative)

BSAtHome (455370) | more than 6 years ago | (#21851826)

However, in this case you should block 216.52.17.0/24 to get rid of Omniture...

$ host 192.168.112.2O7.net
192.168.112.2O7.net has address 216.52.17.136
192.168.112.2O7.net has address 216.52.17.207

$ whois 216.52.17.136
[Querying whois.arin.net]
[whois.arin.net]
Internap Network Services PNAP-8-98 (NET-216-52-0-0-1)
216.52.0.0 - 216.52.255.255
Omniture PNAP-SFJ-OMNITU-RM-01 (NET-216-52-17-0-1)
216.52.17.0 - 216.52.17.255

Re:Not about spying (0)

Anonymous Coward | more than 6 years ago | (#21851522)

...the deceptive server name, 192.168.112.2O7.net. It's at least meant to confuse unwary users, and possibly meant to confuse misconfigured firewalls.
Very very very very misconfigured indeed - so misconfigured that you can't even do that in, say, Linux. If you use Very Dumb Regular Expressions (as in /^192\.168/ dumb) to parse host names, you deserve everything you get. =) It's probably meant to confuse people and people alone.

Re:Not about spying (5, Insightful)

pla (258480) | more than 6 years ago | (#21851572)

To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name

No. The "biggest issue" here comes from the fact that a software vendor has the arrogance to think they have some "right" to use my network connection in an app having no business connecting to the internet in the first place.

The actual address just raises a few red flags, but I'd consider it just as unkosher if they connected directly to "www.adobe.com".

If they want to download some form of legitimate update or additional content, their bloatware can damned well ask for my permission. Otherwise, I consider this no less than theft of service on Adobe's (or whatever company you want to pick, since we tolerate far too many of them doing this crap) part.



Okay, now cue the trolls and apoligists who will quote part of a EULA that not even its own author ever read.

Re:Not about spying (5, Insightful)

tonsofpcs (687961) | more than 6 years ago | (#21851698)

I agree, I don't think any application should be using resources on my system without my explicit consent. There is no reason for software to use a network connection without asking me, unless it is software blatantly designed to do so (web browser) - and even those tend to ask me, the default home page for most browsers is a locally generated site. What if Joe User has a limited internet connection that he gets charged by the KB? What if Fred Foobar is using some sort of low bandwidth connection to maintain communication from a remote site and needs 100% of the minuscule bandwidth he has for that communication? There is no reason for software to connect like this.

Re:Not about spying (1, Redundant)

poopdeville (841677) | more than 6 years ago | (#21852120)

I agree, I don't think any application should be using resources on my system without my explicit consent.

You gave it when you explicitly agreed to the EULA.

Re:Not about spying (1)

Threni (635302) | more than 6 years ago | (#21852252)

Also, why is this a surprise? You can see it connecting to the net when it loads up by using your firewall. Doesn't it prompt you to allow the connection? You are using a firewall, right? What else would the app be doing other than informing on your use? Don't all apps which connect to the net do this? What else would they be doing? Loading up a DLL? (That's enough questions - ed.)

Re:Not about spying (3, Funny)

Anonymous Coward | more than 6 years ago | (#21851798)

Nah. You're not alone. There's a limit to what consumers are willing to sacrifice for even free content. For example, Juno would exchange free ISP for ad sponsored content on your machine. But at least you knew that up front though. Slowly, but surely, all of our machines are becoming internet based Nielsen boxes, without our knowledge.

In part, that's why I switched back to an anonymous account here.

-- Rob Malda

Re:Not about spying (2, Informative)

bornwaysouth (1138751) | more than 6 years ago | (#21851994)

Agree. I installed CS3 on Boxing day. Christmas present, to finally update my Paintshop pro 7. I was annoyed to find some hours later that it was 200 megs into a 370 meg download. It may have subtly asked my permission, but it did not flag the size of the download.

Mind you, keeping size a secret seems to be standard for most updates even where permission is asked for. First the language is bungled. They ask for permission to 'install' updates as if it had already been downloaded. Then when you think, "Ok, may as well be up to date, since it's got the data now. It's a small patch to block a security hole.", it goes off to get 70 megs or so of update for some damn media player I don't use. (I have teenage children. Media players spontaneously generate inside my computer.)
   

It's about beaing sneaky (5, Insightful)

Skapare (16644) | more than 6 years ago | (#21852186)

I absolutely agree that the software vendor thinking that they have some right to do this spying is very arrogant and serious. But think about this. The fact that the connection is structured to LOOK like something connecting internally only goes to show that not only are they doing this, but they are doing this with the intent to try to obscure it. It would be one thing if they were on the up and up about it. But they would not need to do this 2o7.net stuff if they were. They could connect to "reg7.adobe.com" or some such name. But no ... they tried to add a layer of obfuscation to it.

They know they are spying on you because they are doing it. But they also know you won't like it. And that is obvious from the effort to hide and obscure it. Doesn't that make it at least twice as bad, if not triple or worse?

I am Albert Einstein (-1, Troll)

fm6 (162816) | more than 6 years ago | (#21851714)

this is not a story about privacy; it's a story about lies.
So, you've never told a lie? Sure you have, and I'll bet there have even been times when you thought that lying was the right thing to do.

When an act is wrong, it's wrong because of its actual or foreseeable consequences. If this were just about lying, nobody would give a shit.

Consequentialism? Puh-leaze! (3, Insightful)

BorgCopyeditor (590345) | more than 6 years ago | (#21851806)

Now, by "foreseeable consequences" do you mean those that are accurately predicted, or those that can be reasonably expected. If it's the latter, then you're not really a strict consequentialist. If it's the former, then you can hardly make any moral judgments at all (given how indefinite the chain of consequences of a given act is).

I am Immanuel Kant (1, Informative)

Anonymous Coward | more than 6 years ago | (#21852038)

Incorrect. [stanford.edu]

Re:Not about spying (4, Insightful)

Anonymous Coward | more than 6 years ago | (#21851754)

> To clarify the summary, the biggest issue is not the spying on users; the biggest issue is the deceptive server name, 192.168.112.2O7.net. It's at least meant to confuse unwary users, and possibly meant to confuse misconfigured firewalls.

As per "Rules of the Internet: Rule 34: There is Porn of it, no exceptions", and "Rule 35: If there is not porn of it, porn will be made of it".

I hereby propose two new rules for malware:

Rules of Malware: Rule 34: The presence of a zero in your domain name is a prima facie indicator of spyware/spamware/shitware/malware sponsored by a "reputable" vendor, aka "mainsleaze".

This heuristic has held true ever since mainsleaze spammers started flinging shit at me from "m0.net" back in the 90s. (Funny m0.net story - my bank ignored me, but my broker amazingly dropped m0.net after I pointed out that all their client communications were being preemptorily-treated as phishing attempts, and that if they didn't start sending client communications from machines under their own domain I'd transfer my own account. My own account means jack and shit to 'em, but I obviously wasn't the only one enraged by this, and kudos to the broker for realizing they had to dropping m0.net like the spamhaus it was.)

Rules of Malware: Rule 35: In the event of unknown software that violates Rule 34 via the replacement of a zero or one with a "l" (ell) or "o" (oh), it's still mainzleaze malware.

I further propose that 2o7.net be the canonical example of Rule 35 of Spyware.

Ever since Photoshop (6? 7?) phoned home on install, I haven't trusted them and crossed 'em off my vendor list. Giving PDFs the ability to be exploited by Javashit, and the attempt to ubiquitize something as exploit-prone as Flash's runtime, I've been gratified to see that my lack of trust was well-founded. Fuck Adobe.

Re:Not about spying (0)

Anonymous Coward | more than 6 years ago | (#21851904)

Then why is the title of this Slashdot post: "Adobe Quietly Monitoring Software Use"? Hmmm??

Re:Not about spying (1)

betterunixthanunix (980855) | more than 6 years ago | (#21852282)

Ultimately, however, the issue is that nobody except the developers of this product actually knows what the purpose of those connects is. Is it really just for quality tracking and product news/offers? Is it possibly also for the purpose of stopping copyright infringement (that is, illegal software use)? Is it sending your actual activities to Adobe?

This is probably innocuous, but who knows? This is what happens when software is distributed only in binary form -- users pick up on something suspicious, and start to assume the worst, and then that whole mob mentality enters the picture. Suppose you discovered that GIMP was connecting to a strange looking host -- what would you do then?

niggers (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21851448)

every last one of you.

fucking shit-bag niggers...

says (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21851482)

you, kikey magee

No explanation is a good explanation. (4, Interesting)

solios (53048) | more than 6 years ago | (#21851480)

Simply put, the only things on my machine that should phone out should be voluntarily invoked by me - the user. Namely the web browsers, software update, ssh, etceteras.

Adobe's behavior of late (and it will only get worse) is why applications like Little Snitch [obdev.at] exist.

This kind of thing is why I wish The GIMP [gimp.org] or similar would get useable* for those of us with hundreds of gigs of Photoshop documents.

* Open, Save, full support for all blending modes, masking modes, layer groups, and fonts/text editing capability up to at least Photoshop CS. I don't need the thing to handle Exactly Like Photoshop, but if it's going to be the "photoshop competitor" every FOSS advocate claims it is (instead of, say, the Paintshop Pro competitor that it actually is), then it ought to at least be able to handle my existing documents as well as OpenOffice handles .doc files.

Re:No explanation is a good explanation. (3, Insightful)

Anonymous Coward | more than 6 years ago | (#21851694)

> but if it's going to be the "photoshop competitor" every FOSS
> advocate claims it is (instead of, say, the Paintshop Pro
> competitor that it actually is), then it ought to at least
> be able to handle my existing documents as well as OpenOffice handles .doc files.

Dude,
suck it up. You chose a product which uses a proprietary format for
storing data. Nobody held a gun to your head and told you to use it.
If you don't like the fact that you paid and are still paying Adobe
to bend you over a barrel and give you one, then you have 1
and only 1 person to blame: yourself.

Be a man and accept you made a bad choice. Try harder next time
to use open formats the next time for your data.

--Johnny hates whiny people who get what they paid for.
 

Re:No explanation is a good explanation. (0)

Anonymous Coward | more than 6 years ago | (#21851832)

Dude, pull your head out.

Fact is, for PROFESSIONAL uses, "The Gimp" (what an ASININE name), is trash.

Re:No explanation is a good explanation. (1)

X0563511 (793323) | more than 6 years ago | (#21852074)

Then don't call it GIMP. Call it "GNU Image Manipulation Program" - of which is the actual name, of which gimp.org [gimp.org] actually TELLS you.

I quote:

GIMP is the GNU Image Manipulation Program. It is a freely distributed piece of software for such tasks as photo retouching [gimp.org] , image composition and image authoring [gimp.org] . It works on many operating systems, in many languages. (more... [gimp.org] )

Re:No explanation is a good explanation. (2, Insightful)

setirw (854029) | more than 6 years ago | (#21851870)

I usually don't feed trolls, but I feel like wasting a few minutes of my time...

The nature of the computer graphics app forced him to use a proprietary format. Too many people confuse the ills of "proprietary" formats with the ills of "arcane" formats. Like it or not, PSD is the industry standard, and it's only logical that he (and 99.99999% of digital artists) use it.

Now, if he had saved in some odd SGI format circa 1990, I'd agree with you.

Re:No explanation is a good explanation. (2, Insightful)

solios (53048) | more than 6 years ago | (#21851910)

Indeed.

Pity those who have material locked up in SCITEX and other deceased formats.

I love how the FOSS community embraces .doc as a Necessary Evil, but totally froths at the mouth with .psd. Bit of a double standard if you ask me. :)

Re:No explanation is a good explanation. (3, Insightful)

Anonymous Coward | more than 6 years ago | (#21851876)

> Dude,
> suck it up

Exactly the reason why FOSS gets a bad rap. Advocates would rather tell people why they're stupid, wrong, made a mistake, unethical for using proprietary software, etc. instead of just providing products that people want. The way to convert people is not to tell them, "you put yourself in this mess", the way to convert them is to provide an easy way out of their mess.

Fuck your holier-than-thou mindset, it's not helpful to anyone.

Re:No explanation is a good explanation. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21852096)

is has nothing to do with being holy. It is easy to examine the consequences for these choices and decide if they are worth it. eat shit and die. It would be helpful for your and your anyones (who make stupid choices, repeatedly) were to vanish from existence, by murder if necessary. I would breath easy knowing the positive direction society would make on that day.

Re:No explanation is a good explanation. (5, Funny)

STrinity (723872) | more than 6 years ago | (#21852216)

It would be helpful for your and your anyones (who make stupid choices, repeatedly) were to vanish from existence, by murder if necessary. I would breath easy knowing the positive direction society would make on that day.
What would you suggest we do with people who don't know the difference between "breath" and "breathe"?

Re:No explanation is a good explanation. (0)

Anonymous Coward | more than 6 years ago | (#21852152)

Clearly you stumbled upon someone who forgot to take his/her meds today.

Re:No explanation is a good explanation. (0)

Anonymous Coward | more than 6 years ago | (#21851822)

Little Snitch looks awesome. Anyone aware of a similar app for Windows, not including ZoneAlarm.

Re:No explanation is a good explanation. (1)

padonak (687721) | more than 6 years ago | (#21852034)

Kerio Personal Firewall used to be very good until they discontinued the 2.x versions. I'm still using 2.1.5 on all my XP installations.

Re:No explanation is a good explanation. (2, Informative)

padonak (687721) | more than 6 years ago | (#21852098)

Update: Apparently it's now called Sunbelt Personal Firewall [sunbelt-software.com] or something like that.

GIMP vs Paintshop PRO or Photoshop (4, Insightful)

sd.fhasldff (833645) | more than 6 years ago | (#21851914)

if it's going to be the "photoshop competitor" every FOSS advocate claims it is (instead of, say, the Paintshop Pro competitor that it actually is

GIMP *is* competing primarily with Photoshop. This isn't a matter of which commercial application's feature set it most closely resembles. It's a matter of what users actually USE.

Photoshop is the default application for doing any kind of drawing or photo editing. It might be total overkill, it might not be the best choice or whatever, but that's irrelevant. Ask yourself this instead: How many people do you think PAY hundreds of dollars for Adobe Photoshop for their own personal at-home use?

Face it, Photoshop is the standard because it's pirated so much. This isn't a question of "lost sales", since 90% of Photoshop pirates (and I'm extrapolating from people I know of, so flame away) wouldn't DREAM of laying down that amount of cash. If they were forced to go legal, they would probably buy Paintshop Pro - an application that probably suits their needs much better anyway. (So if anyone is losing sales when Photoshop is pirated, it's probably Corel).

To summarize: GIMP competes primarily with *illegitimate* Photoshop users.

Re:No explanation is a good explanation. (1)

KugelKurt (908765) | more than 6 years ago | (#21851986)

While AC/Johnny used harsh language, he's basically right. It's almost impossible for free software projects to support proprietary file formats to 100%. There's another way, though: use Photoshop's batch tool to export your PSD files into an open format. At worst a new file format plugin for PS has to be written. That's probably still easier than reverse engineering the PSD format.

Re:No explanation is a good explanation. (1)

MMC Monster (602931) | more than 6 years ago | (#21852146)

Don'y knock PaintShop Pro (PSP). Last time I used PSP (v9), it did a hell of a lot more than The Gimp does now.

Re:No explanation is a good explanation. (2, Insightful)

pembo13 (770295) | more than 6 years ago | (#21852158)

I guess this is why some people are religiously against non-OSS. When you tire of your vendor, you can't simply drop said vendor because of all the data you have in their (often) closed formats.

Rushing to defend PSP (1)

Joce640k (829181) | more than 6 years ago | (#21852294)

Paint Shop Pro 9.0 is much better than the GIMP (which is a total mess if you ask me).

Paint shop Pro 10 was where it all went badly wrong. Corel bought it out - and we all know what happens to things that Corel buys. You think Adobe downloading advertising is bad? Online registration an invasion of privacy...? PSP 10 required you to create a "Corel Web Account" and then "log in" before it would even run.

PSP 9.0 though? A fine piece of software. I'm still using it.

Not firewall related (1)

addikt10 (461932) | more than 6 years ago | (#21851484)

There isn't a single firewall that I've ever worked on that could possibly be misconfigured in such a way as to "accidentally" allow traffic to this domain to pass.

Web Proxy? Yeah, OK, maybe, but even then it is a reach...

Re:Not firewall related (1)

olddoc (152678) | more than 6 years ago | (#21851524)

I agree. Two Oscar Seven .net is not a local ip address.
I also agree that Adobe looks like a sleazy scammer who tells me to click on Bankofamerica.com.cn

Re:Not firewall related (2, Informative)

SleepyHappyDoc (813919) | more than 6 years ago | (#21852154)

You sure? Back when my home network was simpler, I had a high-up firewall rule to allow all traffic from/to 192.168.*

I would have been tripped up (fortunately, my network is much more complex now, and this hole no longer exists for me).

Re:Not firewall related (0)

Anonymous Coward | more than 6 years ago | (#21852198)

You're an idiot, but your firewall would have saved you regardless.

Re:Not firewall related (1)

Antique Geekmeister (740220) | more than 6 years ago | (#21852288)

It's designed to confuse log analyzers and casual log readers, not sneak past firewalls.

2o7.net *Not* 207.net (4, Informative)

Zymergy (803632) | more than 6 years ago | (#21851486)

Clarification: That is ...'2o7.net' as in 'Two-Ocsar-Seven.net' *NOT* 'Two-Zero-Seven.net'

The Opt-Out "Explanation" page is here: http://www.omniture.com/privacy/2o7 [omniture.com]

Still, the dubious address http://192.168.112.2o7.net/ [2o7.net] appears to be some variation of Social Engineering. http://en.wikipedia.org/wiki/Social_engineering_(computer_security) [wikipedia.org]

This might explain some of Adobe's seeming software bloating (like Acrobat Reader, etc...) http://www.google.com/search?hl=en&q=Acrobat+reader+bloat [google.com]

Re:2o7.net *Not* 207.net (5, Informative)

ASkGNet (695262) | more than 6 years ago | (#21851516)

I've sniffed the data sent to that address. It includes the serial number of the software:

GET /b/ss/mxcentral/1/F.3-fb/[sn-here]?[AQB]&purl=mm&pccr=true&c2=dw&c3=9.0&c4=win&c5=en&c6=full&c7=&c8=&c9=dw_9.0_win_en_full__[AQE] HTTP/1.1
Referer: http://www.adobe.com/startpage/dw_content/dw_90_full_default.swf?prod=dw&ver=9.0&plat=win&lang=en&stat=full&tday=&spfx=&productName=dreamweaver [adobe.com]
x-flash-version: 9,0,45,0
User-Agent: Shockwave Flash
Host: 192.168.112.2O7.net

and returns a 2x2 pixel blank GIF.

Re:2o7.net *Not* 207.net (2, Interesting)

prichardson (603676) | more than 6 years ago | (#21851672)

GIF have their length defined at the start of the file, and bits after that length are ignored. Perhaps there's some hidden data at the end of the file? Try opening it in a hex editor.

Re:2o7.net *Not* 207.net (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21851902)

> GET /b/ss/mxcentral/1/F.3-fb/[sn-here]?[AQB]&purl=mm&pccr=true&c2=dw&c3=9.0&c4=win&c5=en&c6=full&c7=&c8=&c9=dw_9.0_win_en_full__[AQE] HTTP/1.1
> Referer: http://www.adobe.com/startpage/dw_content/dw_90_full_default.swf?prod=dw&ver=9.0&plat=win&lang=en&stat=full&tday=&spfx=&productName=dreamweaver [adobe.com]
> x-flash-version: 9,0,45,0
> User-Agent: Shockwave Flash
> Host: 192.168.112.2O7.net

Why am I not surprised that Adobe's using Flash as its spyw^H^H^H^Hphone-home tool?

The only surprising thing about this story is that Adobe's managed to brib^H^H^H^Hconvince the vendors of "security" software to not declare Flash as a malware vector.

When was the last time you saw something as capable of interacting with both the web browser and the rest of the system as Flash... not have at least one security hole that could be exploited through the downloading of malicious content?

Re:2o7.net *Not* 207.net (2, Insightful)

Kris_J (10111) | more than 6 years ago | (#21852076)

If it includes the serial number of the software in the format needed during installation, then I hope nobody has an ISP with underpaid staff that can access the logs for their transparent proxy.

Re:2o7.net *Not* 207.net (1)

risk one (1013529) | more than 6 years ago | (#21852286)

Ok, so adobe checks which IP's are running products with cracked serials. They're not the first to do this. Like most companies that do it, they're probably just sitting on the data for now, using it for analysis, or just waiting for the rules to change a bit.

It's not unthinkable, though, that they've implemented so me sort of code based on what's in the GIF. They probably send back a GIF to make the communication look more inconspicuous (I've seen apps taken layout elements from the web before), but I wouldn't be surprised if there's also some command in there. It should be possible to route the IP to an internal server, and have the server return some different GIF's.

Re:2o7.net *Not* 207.net (0)

Anonymous Coward | more than 6 years ago | (#21851932)

Both 207.net and 2O7.net resolve to the same ip and are owned by the same company.

Re:2o7.net *Not* 207.net (2, Informative)

klui (457783) | more than 6 years ago | (#21851942)

They probably go to the same company:

Pinging 192.168.112.207.net [216.52.17.207] with 32 bytes of data:
Pinging 192.168.112.2o7.net [216.52.17.136] with 32 bytes of data:

Re:2o7.net *Not* 207.net (4, Interesting)

azrider (918631) | more than 6 years ago | (#21851976)

Omniture's Opt-Out Policy:

We offer visitors to certain of our customers' websites a means for controlling the use of session information with respect to the Omniture SiteCatalyst, Omniture DataWarehouse, Omniture Discover and Omniture SearchCenter products using cookies set from Omniture's 2o7.net domain (i.e. that use the 2o7.net cookie to facilitate data collection). If, at any time a customer's website visitor does not wish to allow his/her session visitation information to be aggregated and analyzed by Omniture on such customer sites, he/she may utilize the following opt out mechanism. For customers that use non-Omniture cookies to collect data on their websites, please review the privacy disclosures of such customers for specific details on any and all applicable opt outs on such sites.
It was noted in one of the linked articles that the opt-out action sets a cookie on your machine. If you delete this cookie, you have just opted back in.

So let me get this straight. In order to tell Omniture not to do anything on my machine, I have to give Omniture access to my machine. What sort of half-assed policy is this?

Phisher's Delight (4, Informative)

bobdotorg (598873) | more than 6 years ago | (#21851512)

In an updated post:
http://blogs.adobe.com/jnack/2007/12/whats_with_adob.html [adobe.com]
the Adobe guy says:
the objections seem to center not so much on whether Adobe apps are contacting a server, but rather that the server is named "192.168.112.2O7.net,"

Note the letter O instead of a zero. 2o7.net is registered to Omniture.

WTF? If Little Snitch told me that some app was trying to connect to 192.168.112.2O7.net I would assume it was compromised, and would be debating a complete clean system reinstall of OSX.

192.168.112.2O7.net? Masquerading as an IP from my home DHCP server? Are they serious? From Nigeria? Romania?

Again, WTF?

P.S. for those of you who have not set up a LAN, 192.168.xxx.xxx is typically an IP address for an internal LAN, not something out on the Web.

Re:Phisher's Delight (0)

Anonymous Coward | more than 6 years ago | (#21851716)

Note that both version of the domain name resolve back to the same IP...

ping -n 1 192.168.113.2o7.net
      Pinging 192.168.113.2o7.net [216.52.17.113] with 32 bytes of data:
      Reply from 216.52.17.113: bytes=32 time=66ms TTL=233

ping -n 1 192.168.113.207.net
      Pinging 192.168.113.207.net [216.52.17.113] with 32 bytes of data:
      Reply from 216.52.17.113: bytes=32 time=69ms TTL=233

Re:Phisher's Delight (2, Funny)

Neil Hodges (960909) | more than 6 years ago | (#21851846)

DNS names are case-insensitive, though.

Re:Phisher's Delight (1)

Spad (470073) | more than 6 years ago | (#21851864)

No, he means Two-Zero-Seven.net resolves to the same IP as Two-Oscar-Seven.net

Re:Phisher's Delight (5, Interesting)

ScrewMaster (602015) | more than 6 years ago | (#21851756)

P.S. for those of you who have not set up a LAN, 192.168.xxx.xxx is typically an IP address for an internal LAN, not something out on the Web.

More to the point, the 192.168.x.x address range is one of several that are specifically intended to be non-routable on the Internet. Many people know this, even those who aren't otherwise that network-savvy. This is a blatant attempt to make the address appear safe ("well, I dunno what it's doing, but at least it's only sending to address on my LAN!") Not what one should expect from a major software house, but unfortunately, it is what we are all coming to expect from everyone in the business. Doesn't much matter what they're actually sending to Omni-whatever ... the fact that they're sending anything at all is very bad. Nothing on my system is their business, unless I say it is. Period.

You know, this reminds of something that Jack Valenti once said (about the only thing that sociopath ever said that I agree with): "Just because technology lets us do something, it doesn't mean we should." Now, he was referring to the copying and downloading of DVDs, but his point is still valid. We're seeing too many companies set up to serve larger organizations (Omniture, MediaSentry) using the Internet in unethical if not outright illegal ways. Presumably, this is so the corporation hiring them (in this case, Adobe) has some plausible deniability.

Re:Phisher's Delight (0, Troll)

ELProphet (909179) | more than 6 years ago | (#21852290)

I'm sorry, I didn't realize a company trying to protect it's investments was unethical. As a previous poster found, there is a single GET request with the "registered" serial number, followed by a 2x2 blank gif. The bandwidth usage is negligible, and it's the only secure way to ensure the product is a valid, legal license. With software piracy as it is, business are justified in taking actions like these to lock their investment down.

As to the address used... that's another point. It would be better to say (in the EULA, that you read, which it may, I don't own CS3 and haven't read the EULA) "This product connects to the internet once per run to verify it's authenticity" and connect to authenticate.adobe.com.

Phoning home is neither unethical nor immoral, and should be expected. It would, however, be nice to not try to hide the fact that that's what they're doing.

might not be Adobe misleading... (1)

Junta (36770) | more than 6 years ago | (#21851556)

It's not necessarily adobe's fault that the address is misleading. Who knows what the code is calling the address, and the filtering application doesn't know either, it just reverse lookups the IP address and gets that answer from DNS. However, the response isn't that reassuring 'why, of course we do it, shut up, big deal, we act just like a web browser does when you connect to our site, so what's the big deal?' ignoring the fact that people aren't explicitly trying to use a web browser, they're rying to use an application.

As to the address, it's certainly suspicious that Omniture chose such a misleading looking domain name for one of their servers. I'm not even sure what they were expecting to pull off. If someone is knowledgeable to recognize that as a private network, they are almost certainly knowledgeable enough to recognize there being no point to connect to such an address (chances are it wouldn't exist), even if they didn't notice the .net. 192.168 is so small it tends only be used in small environments where technical users have a high chance of understanding the full lay of the land, they'd probably know how licensing is working at the site and the point of all the 'server' role systems. They probably would also wonder why they see an ip address instead of the usual DNS lookup in the dialog, prompting noticing the suffix. 10. might have been a riper target, it's generous address space means it might be used in an environment where a technical user could mistake it for an internal company server (i.e. a license server).

Any firewalling rules wouldn't be fooled by such a stunt as well, so trying to trick it into one zone versus another seems a stretch..

Re:might not be Adobe misleading... (1)

Ralph Yarro (704772) | more than 6 years ago | (#21851658)

It's not necessarily adobe's fault that the address is misleading.
Of course it's their fault. They shipped the software.

Would you actually take this attitude with other industries? "Oh this item I bought does [bad thing], well it's not necessarily the manufacturer's fault, I expect they just plug random components in with no idea what's going to happen."

If they don't know what domains the software they ship contacts then yes, that's their fault.

You missed my point.. (1)

Junta (36770) | more than 6 years ago | (#21851858)

My point was that hypothetically, a reverse dns lookup for an third party's ip address could be misleading without the knowledge of the first party. You sign up for a service with me, and you use www.analytics.example.com as the calling address. Later on, I decide I want to be sneaky, and the reverse lookup for www.analytics.example.com becomes 10.117.1.2O.example.com. Is it your fault I did that? Not really. This isn't the case in Adobe's example, now that I've looked at it, but it's a plausible scenario.

All that aside, going to www.adobe.com in firefox, then doing a view source, ctrl-f for 192.168 reveals that it appears in that form verbatim in the html served from adobe's website. On the surface it does appear to not be the case I described. The only way they'd be unaware of the misleading address is if they include code verbatim on their site from a third party without even reviewing it, which would be a horrible excuse.

This is very common (1)

no-body (127863) | more than 6 years ago | (#21851576)

that any application you downloaded and installed calls "home" over the Internet in some way or other without common users even noticing it.

I have an old version of Kerio (very sorry that it vanished) which serves very well in putting every attempt of programs to go out on the network on display.
Recent discoveries: a PDF printer driver "calls home" every time I print a document through it.

Adobe (reader) is pretty bad in checking for updates or whatever it tries to do on the Internet and M$oft of cause always accesses some port 123 when starting XP.

In essence - unless you really are behind every program, you have no privacy!
And - with NTFS allowing stealth handles, who knows what is installed, not even talking about Vista.

FBI now openly talking about a kitchensink database on everyone with everything, I think the game is lost....

should take care of unemployment though - two people necessary to track every "normal" citizen

Re:This is very common (4, Informative)

ptbarnett (159784) | more than 6 years ago | (#21852016)

M$oft of cause always accesses some port 123 when starting XP.

Port 123 (both UDP and TCP) is the NTP port.

Double-click on the time on the right end of your taskbar to open the Date and Time Properties dialog box, then click on the Internet Time tab.

I believe it defaults to time.windows.com. I change mine to us.pool.ntp.org.

Re:This is very common (1)

no-body (127863) | more than 6 years ago | (#21852172)

my goof & paranoia = regrets

How do I block it? (1)

LordNimon (85072) | more than 6 years ago | (#21851608)

In OS X, is there an easy way to block all outgoing communication to *.2o7.net? Can I do that on my router (DGL-4300)?

Re:How do I block it? (1)

Wonko the Sane (25252) | more than 6 years ago | (#21851650)

This site [mvps.org] is targeted at windows users, but it is applicable to almost any OS. Download their hosts file and append it to your /etc/hosts file. (unless OS X puts that file in some other location)

Re:How do I block it? (1)

Neil Hodges (960909) | more than 6 years ago | (#21851666)

You could try using IPFilter on Mac OS X, which is the same one that's provided with many BSDs (including OS X). I couldn't tell you exactly what to do, since I use IPTables to do that stuff on Linux.

Re:How do I block it? (1)

jaredmauch (633928) | more than 6 years ago | (#21851734)

Easiest way is to set up a dns zone for 2o7.net with a * in it pointing to 127.0.0.1. I do this, not because the tracking stuff of the various websites, but because their servers are slow, and much like the slow web-ad servers that make your web browsing painful, 2o7.net does nothing but bring down your page load time.

If you have a squid or similar proxy setup, just block 2o7.net in there. If you're willing to spend some time with your osx box, install squid, and put all your stuff through it and watch all the sites that you're actually hitting. You may find a lot of cache hits and other things you get as a result and speed things up overall. Add this to flashblock, or just disabling plug-ins and your web surfing will be much happier.

Re:How do I block it? (1)

Fyre2012 (762907) | more than 6 years ago | (#21852050)

would using Squid offer any advantages over using, Little Snitch for such purposes?
I've never thought of using squid like that, and have never looked into what can be done with a web proxy, but i'm curious if it would be more valuable than Little Snitch alone.

Re:How do I block it? (1)

owlnation (858981) | more than 6 years ago | (#21851808)

In OS X, is there an easy way to block all outgoing communication to *.2o7.net?
Get Little Snitch, it's a wonderful little app. And it's essential if you are running anything Adobe.

Re:How do I block it? (0)

Anonymous Coward | more than 6 years ago | (#21852044)

Edit /etc/hosts. You need an adminstrator account (or sudo) to do it. Add a line that looks like this:

127.0.0.1 2o7.net

(Also works for things like ad.doubleclick.net)

Re:How do I block it? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21851862)

yes, there is, and yes you can, respectively.

too bad you don't know how your OS or other equipment works. maybe you should go find an etch-a-sketch. i hear the network security is pretty tight on those babies.

Re:How do I block it? (0)

Anonymous Coward | more than 6 years ago | (#21852012)

Typical slashdot nerd. Go fuck yourself.

Re:How do I block it? (1)

canuck57 (662392) | more than 6 years ago | (#21851990)

Blocking 2o7.net is relatively easy if you have a DNS and/or firewall. I have been blocking 2o7.net both privately and professionally for years as this is hardly the first time 2o7.net has been involved in surveillance of users, in fact it is what they do.

If you have DNS, create a zone file db.2o7.net, db.2o7.com and other tracking domains. In the zones, resolve a wild card address to 127.0.0.1. By putting it in your in-house DNS you can black hole their domains. Also consider reverse zones, as a lookup, even reverse can spill information.

Next is the firewall, simply block their IPs and name servers. I usually block the who netblock(s).

Remember, it does not take much to use DNS as a way to send out information. Just do a lookup of pcyourpassword.domain.com and out it goes. More sophisticated methods can be less obvious, say encode it and make it look like a cable modem pool or something.

So if you don't trust a domain like 2o7.net, don't just block the http, block everything.

Re:How do I block it? (1)

smoker2 (750216) | more than 6 years ago | (#21852296)

What's wrong with the hosts file ?
1 line and you're done :

127.0.0.1 2o7.net 2o7

Opt-out site (4, Informative)

seer (21011) | more than 6 years ago | (#21851654)

http://www.omniture.com/privacy/2o7#optout [omniture.com] This is the site to install an "opt-out cookie". I'm going to go ahead and guess it might help to visit this site within the embedded Opera browser in CS3. Who knows where that thing keeps it's cookies. Granted, getting this info from a comment on a post to a blog is not the way to have a good opt-out policy. Something in the installer would be nice.

Omniture = Bad (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21851680)

Omniture will be in damage control as soon as this secret report from a recent high-level staff meeting are leaked [dwarfurl.com] [presswatch.org]

Minicity troll, don't bother. (1)

ScrewMaster (602015) | more than 6 years ago | (#21851772)

Bugger off.

Why is this an issue? (0)

BarnabyWilde (948425) | more than 6 years ago | (#21851682)

Anyone with a (personal) firewall can control this "phone home" behavior.

Re:Why is this an issue? (0)

Anonymous Coward | more than 6 years ago | (#21851742)

The issue is precisely that Adobe and the people they do business with have gone out of their way to mislead people into allowing the behaviour. And address starting with 192.168.xxx.xxx looks like it's on your local network. Someone with just enough knowledge to understand that, i.e. an ordinary non-expert user who is actually making an effort to be security conscious, is likely to tell their firewall to allow the activity because they think it's all local. This probably legal, but it's seriously unacceptable behaviour.

Re:Why is this an issue? (1)

Spad (470073) | more than 6 years ago | (#21851834)

Because nobody should have to.

Remember the good old days when you didn't have to monitor every single application on your PC to ensure that it wasn't sending back personally identifiable data to some random 3rd party?

Re:Why is this an issue? (5, Insightful)

vertinox (846076) | more than 6 years ago | (#21852048)

Anyone with a (personal) firewall can control this "phone home" behavior.

And everyone should have locks on their doors.

But its still going to piss me off if I come home and forgot to lock my doors and you're sitting on my couch eating my milk and cookies.

Anti Piracy? (1)

cheese-cube (910830) | more than 6 years ago | (#21851686)

Couldn't this just be some new anti-piracy feature similiar to WGA? Adobe's Given that a it is rather easy to download a pirated copy of CS3 and the fact that an actual retail copy costs quite a bit of money I would say that this is a plausible explanation.

Firewall (3, Informative)

QuoteMstr (55051) | more than 6 years ago | (#21851708)


# Block access to Omniture -- spyware vendors
block from any to 216.52.17.0/24

Adobe needs competition. (2, Interesting)

owlnation (858981) | more than 6 years ago | (#21851918)

Competition. That's the only solution to this. Adobe has become a very arrogant and supply-side centric company over the past few years. Or rather, an even more arrogant company than it always was.

It has almost no competition in most markets it trades in. Where it did have competition, it bought it out with the Macromedia purchase. That's a problem. It's not just this privacy/lying issue, it's price fixing, it's bloated features, it's the product delays (the universal binary versions), it's the (a la Microsoft) packaged versions that make it hard to get standalone versions.

I use Adobe Software every day (always firmly controlled by Little Snitch from install I may add). I don't like using it, it is not the best they can do, but it is the best available. I use it, but I will jump ship tomorrow.

I really, really, really want to use products from a better company. Surely there MUST be developers out there who can make better products than Adobe.

EULA (3, Interesting)

slashdotmos (819804) | more than 6 years ago | (#21851952)

I didnt see it posted and I dont read most EULAs, but as long as this has a line about the 'phoning home' process then all is ok. Now if they never post anything in the EULA then that is a big problem! You accept anything the software does when you click I agree. You dont have to agree and use the software. Anytime I think about EULAs, I think they are made to legal like that noone is going to read it and those that do will most likly just say 'yea whatever, i want to use the software'. Which reminds me of the one software that had a written reward in the EULA and after like 5 years (or longer, i dont remember) and a lot of users some guy saw a lil statement that said the the effect 'email us this code and we will send you $5000'

That sounds like REALLY intuitive market research (1)

Cathoderoytube (1088737) | more than 6 years ago | (#21852108)

So basically it's easier to set up this complicated system for tracking mouse clicks and system usage that surreptitiously reports back to home base which I imagine probably looks something like...

1:00pm paintbrush selected
1:03pm eraser selected
1:07pm paintbrush selected
1:08pm save file hm_build_001.psd 9.3mb
1:10pm program idle
2:45pm paintbrush selected

As opposed to going out and saying to the customers
'What do you like about Photoshop? What tools work? What would you change? please limit your responses to 500 words. We appreciate your business and look forward to providing superior digital imaging software till the day god comes down from the heavens and smites you all for making sinful images'

What god damned mook of a market researcher thought a blow by blow report of what a customer clicks on while working on a project is superior to actually talking to the customer?

Slimey behavior! Shame on Adobe! (0)

Anonymous Coward | more than 6 years ago | (#21852136)

Several points:

1. The user never knew that the application was contacting a remote (and unidentified to the user) server.

2. If you check, the server is obfuscated by a private-IP-like address. Deception is being used.

3. The process to opt out involves A: Figuring out what is happening first, B: knowing to look at the provacy policy page at the server's owner, and C: Allowing the deception-using server to put an opt-out cookie on your computer.

4. Shame, shame, shame on Adobe for employing this deliberately deceptive method of data collection. Shame. Shame.

Local apps shouldn't secretly access the Internet (4, Insightful)

dpbsmith (263124) | more than 6 years ago | (#21852140)

This seems so simple.

If Adobe and other companies want to retain their paying customers' trust, their applications shouldn't be doing unexplained things behind the user's back.

If they want to pop up a window saying "To insure better product quality, we would like to have this application send information to internet address thus-and-such. To read a detailed description of the information we send and how we use it, press 'details.' To allow us to do this, press 'allow.' If you do not want us to do this, press 'no,'" then everything would be cool.

But if an application does stuff we don't expect it to do, and they don't even mention it in advance, it's not terribly paranoid to assume that the reason is that they're doing something they don't want us to know about.

Firewall, anybody? (2, Interesting)

garry_g (106621) | more than 6 years ago | (#21852180)

Even having nothing to hide (read: de-centralized backup copies) and using mostly Linux, running a personal firewall that not only controls incoming, but also outgoing software is a total must nowadays. For Windows, there are several, even freeware (e.g. Ashampoo does a pretty good job), or things like Apparmor under Linux ... So with any program suddenly requesting internet connection, just deny it once, or for good ...

I guess that's the curse of the ever-growing number of always-on internet users ... guess one of these days, you won't be allowed to even launch your commercial apps without the software's main server confirming you're not running a pirated copy. Then, if the company dies, all the programs die with it ...

New App Needed? (0)

Anonymous Coward | more than 6 years ago | (#21852194)

Do we now need a firewalling app that accesses a central list of "phone-home" addresses to automatically block similar to the advert lists that AdBlock uses?

Who will be the first to register ad0b3.com? (1)

Skapare (16644) | more than 6 years ago | (#21852206)

Who will be the first to register ad0b3.com? Or maybe 4dobe.com or 4d0be3.com?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...