Musings on Photography

A Modest Proposal for Adobe

Posted in Adobe Lightroom, photoshop, web issues by Paul Butzi on December 28, 2007

From Uneasysilence.com, we read

The sky is falling, the NSA is listening and Adobe is watching how many times you open your programs. Okay, the first two can’t be PROVEN but I can show you that Adobe is spying on users application habits.

When you launch a CS3 application the application pings out to what looks like an IP address – and internal IP address: 192.168.112.2O7.

That makes sense, right? Adobe wants to be sure you aren’t running multiple copies of their programs…. Wait something is wrong here.

The first clue something is fishy is that I don’t use a 192.168.xxx.xxx numbering scheme in my network. Secondly, if you look at the address Little Snitch is displaying, the last “numbers” of the IP address (2O7) look funny. Also, IP address don’t end in any .com/net/org suffix.

Turns out that 192.168.112.2O7.net is owned by Omniture, a huge behavioral analytics firm. Hmmmmmm, anybody curious why Adobe is doing this? Anybody care to sniff packets? I sense an invasion of privacy here!

John Nack responds on his blog here, and here.

One thing I find particularly snarky is John’s complaint:

This year it’s “Lies, Lies, and Adobe Spies”–a story noting that some Adobe apps contact a Web address associated with Web analytics company Omniture. The story is getting echoed & amplified on Valleywag (“You’re not the only one watching what you do in Adobe Creative Suite 3… Adobe is watching you, too”), CenterNetworks (“I am not suggesting that Adobe is doing anything wrong…” but then “Shame on Adobe, shame”), Daring Fireball (“Assuming this is true, it’s a disgrace, whatever the actual reason for the connections” [emphasis added]), and I’m sure elsewhere.

Whoa, Nellie.

As I say, now is the perfect time for people to throw around whatever wild assertions they’d like, given that so many people are out of the office and can’t respond.

Well, John. I’m so very sorry that this little hidden behavior of your company’s applications was discovered at a time when Adobe employees find it inconvenient to respond. Isn’t that just rude? I mean, here they are, using your company’s software during the holidays, and they find this very suspicious behavior, and instead of waiting for #$&*&^%$#$%^& HOURS on hold trying to connect with Adobe’s famous crappy customer support they choose to notify other users of Adobe software of the behavior on their blogs. And they have the temerity to voice their opinion of that behavior, too! Of all the nerve!

John, welcome to the grown up world. Your customers don’t have any obligation to you at all. They paid their hundreds of dollars for your software, and when they find out that it engages in suspicious behavior that’s been hidden from them they don’t have to do things the way you’d like. They’re free to say whatever they please about the behavior. They’re free to say it whenever they please, even if John Nack finds the timing to be upsetting in some weird tinfoil hat “clearly there’s some conspiracy to complain about things while everyone is on vacation” way. The fact that they complained when you personally found it inconvenient is bad news for you but has no bearing on the merits of their complaints.

If they find the behavior of your app phoning home sufficiently offensive or upsetting, for whatever reason, they’re free to complain, to be discontented, and to spread that discontent as widely as they please. Realistically, there isn’t a thing you can do about it. I suggest that you wake up, smell the coffee, and start blaming your own company for this little brouhaha. I make that suggestion because the amount of impassioned discontent I see that’s directed at Photoshop and its stranglehold on the photo world makes me think that your days of charging $600 for the application are numbered, and the number is surprisingly low.

Finally, you might want to change your wording. You call these ‘wild assertions’, a wording which suggests that these claims are unsubstantiated. Well, John, I’m guessing that, given that UneasySilence actually caught InDesign in the act of doing this, it’s not unsubstantiated and thus very much NOT a ‘wild assertion’. It’s established fact, and no amount of spin on your part is going to change that.

Nack then writes:

PS–Tracking user habits can be a good thing that benefits customers by helping software creators notice trends & improve their tools. When Adobe has pursued this kind of thing, it’s always been on a strictly opt-in basis.

Horsehockey. I’d suggest that if John really feels this way, I’d like to install some software that tracks the banking habits of all Adobe employees. I’m pretty sure that I would find trends that would help me ‘improve their banking tools’. You’ll have to trust that I won’t track anything you’d find violated your sense of privacy. To make it easy, I’ll hide this tracking so that you won’t know about it and thus won’t find it upsetting.

If Adobe has some legitimate goal here, there’s no need to hide that goal from users. It should be emblazoned in really big type on the initial splash screen when the application is first installed. And it shouldn’t use the domain name ‘192.168.122.2o7.net’, which is clearly a bad choice because it’s exactly the sort of thing the really bad guys would use and so using it pretty much drives people to a conclusion that you’re up to no good.

In the comments, Nack then responds to a comment (Nack’s response in brackets):

Adobe apps can call various online resources (online help, user forums, etc.), and those requests are logged.” Heavens, how could anyone equate that with “covertly phoning home”?

[I don’t know, because it’s not covert. The app only connects to those things if you ask it to do so, by selecting the appropriate menu item. There’s nothing covert about it. –J.]

Ok, John. Without telling you, I’ve installed something on your computer. I haven’t told you what I’ve installed or revealed that I installed it or revealed what it does. It does it when you do something, but I haven’t told you what things trigger it. But you’ve just discovered that when it does it, it contacts a domain with a very phishy sounding domain name that appears to be intended to confuse people and firewall rules.

Two points come to mind:
1. If I did this, you’d be pissed as hell, and you know it. And you’re surely agree it’s ‘covert’. If you’re unsure let me direct you to the definition of covert.
2. Your claims that this is not covert because it only happens when you do some things and not others is nothing but meretricious, unadulterated crapola. And your claiming that it isn’t covert is offensive – not a surprise coming from the company that’s blazing new trails into the land of “We Pissed Off Our Customers Because We’re Arrogant Asshats”.

Bottom line: let me make a Modest Proposal to Adobe. If this information is so valuable to Adobe and isn’t something that would make users uneasy, then issue a software update for the CS3 apps that adds two menu items. The first menu item will display all the information that’s been forwarded to Adobe. The second menu item should offer users a choice of two options 1) users can opt in to sending this info, and Adobe will pay them for the info 2) users can opt out. If this information is so valuable to Adobe, it seems to me perfectly reasonable to have Adobe compensate the users in exchange for the data, instead of just taking the data for free.

17 Responses

Subscribe to comments with RSS.

  1. Billie said, on December 29, 2007 at 7:01 am

    WOW….I wish I had written this entry. Excellent! I hate being spied on.

  2. Adam Maas said, on December 29, 2007 at 8:17 am

    This is actually very simple to disable, by using a hosts.txt file (or your hosts file on OS X) to remap 192.168.122.2o7.net to the IP 127.0.0.1, which is Localhost and prevents anything on your system of contacting that site.

  3. Guy said, on December 29, 2007 at 9:38 am

    Wow. This is downright outrageous. That address is very obviously designed to deceive and conceal this traffic (192.168 is a reserved prefix for private networks).

    For anyone not yet using it – FireFox has a plugin called AdBlock that allows you to block content by wildcards. You can bet *.2o7.net is on my filter list and I hope it’s on yours too.

    I will also configure my system to block all outgoing traffic to this IP.

    Shame on you, Adobe!

    Guy

  4. Bryan Willman said, on December 29, 2007 at 6:26 pm

    Uh, isn’t this illegal? It would at least seem to be grounds for litigation…

  5. Bryan Willman said, on December 29, 2007 at 6:29 pm

    So, I guess we need a new kind of firewall, which block *outgoing* connections to particular IP addresses. Preferrably by telling the application that there is no network connection (so to the app, the machine seems to be offline all the time forever.)

  6. StephaneB said, on December 30, 2007 at 1:33 am

    No need for new kind of firewalls. A firewall can easily block traffic whatever the direction.

    This at the moment I am starting to evaluate Bridge CS3!

  7. Mark said, on December 30, 2007 at 4:37 am

    Wow, thanks for posting this. Seems Adobe’s first new year activity is going to be major PR damage control and a speedy software update like you suggest.

  8. Wim said, on December 31, 2007 at 3:48 am

    if annyone is interested the “192.168.112.2o7.net” address resolves to IP: “216.52.17.207” so if you block that ip in youre firewall you’re all set.

    Wim

  9. Wim said, on December 31, 2007 at 4:09 am

    Better make that “216.52.17.207” and “216.52.17.136”
    to you’re firewall

  10. Peter in Bangkok said, on December 31, 2007 at 8:53 pm

    Hm, not clear, is this also on CS2?
    Dont like it and yes, at least I’d like some exchange benefit.
    From this part of the world, which is Bangkok, I can only report that buying a real legal copy of Photoshop (or anything else) is very difficult. A few years back I manage to locate a local reseller who after some serious questioning was willing to send me a quote at a 30% mark up compared to US and Singapore. In the end i got a legal copy of it in Singapore. Downloading was not possible as I am “in an area where this is not possible” according to Adobe. I spoke to some regional adobe people who did do nothing.
    recently I have been trying to buy a normal legal copy of some microsoft products, same story. It is basically very difficult. And at the same time you have the very same companies complaining on the widespread copying of their products. If they could make distribution a bit better, and normal prices they should see an improvement.
    Then this has nothing to do with the original post but I thought it was worthwhile mentioning
    happy new year

  11. […] reporters (two subjects dear to my heart) complete with sledgehammer-nut follow-up. Paul Butz excoriates Adobe, “the company that’s blazing new trails into the land of ‘We Pissed Off Our Customers […]

  12. Andre said, on January 4, 2008 at 11:30 am

    I think the main issue is that the user was not asked for permission, provided a way to opt out or even told about it. Had it not been hidden like a piece of spyware I don’t think anyone would have complained.

    I hope they come clean about it and fix this. Until then Adam Maas’s solution will do the job. Incidently the solution works for Windows too, though the path is:

    %SystemRoot%\system32\drivers\etc\hosts

  13. Anil said, on January 4, 2008 at 6:35 pm

    Following 192.168.112.2o7.net there is an option to Opt-out from tracking:
    http://www.omniture.com/privacy/2o7#optout

    Selecting/opting to install an opt-out cookie – does this work?

  14. Paul Butzi said, on January 4, 2008 at 7:05 pm

    Following 192.168.112.2o7.net there is an option to Opt-out from tracking:
    http://www.omniture.com/privacy/2o7#optout

    Selecting/opting to install an opt-out cookie – does this work?

    Installing an opt-out cookie will help if it’s the web browser that’s making the connection. In this case, it’s a CS3 application, so it won’t work.

  15. […] Nack weighs in with Adobe’s definitive word on the upsetting business with Adobe CS3 apps contacting “192.168.112.2o7.net”, a domain name clearly chosen to look like it’s a local network address (although it’s […]

  16. Dom said, on January 17, 2008 at 2:04 am

    If Adobe appear to be doing, I bet your bottom dollar that microsoft and other large corperations are doing the same.

    Nothing new but it winds me up also.

  17. Dom said, on January 17, 2008 at 2:06 am

    Just another thought…

    Adobe do alot of software updates, maybe this is the update service or they use this company to monitor the updates.


Comments are closed.

%d bloggers like this: