A Modest Proposal for Adobe

Posted in Adobe Lightroom, photoshop, web issues by Paul Butzi on December 28, 2007

From Uneasysilence.com, we read

The sky is falling, the NSA is listening and Adobe is watching how many times you open your programs. Okay, the first two can’t be PROVEN but I can show you that Adobe is spying on users application habits.

When you launch a CS3 application the application pings out to what looks like an IP address – and internal IP address: 192.168.112.2O7.

That makes sense, right? Adobe wants to be sure you aren’t running multiple copies of their programs…. Wait something is wrong here.

The first clue something is fishy is that I don’t use a 192.168.xxx.xxx numbering scheme in my network. Secondly, if you look at the address Little Snitch is displaying, the last “numbers” of the IP address (2O7) look funny. Also, IP address don’t end in any .com/net/org suffix.

Turns out that 192.168.112.2O7.net is owned by Omniture, a huge behavioral analytics firm. Hmmmmmm, anybody curious why Adobe is doing this? Anybody care to sniff packets? I sense an invasion of privacy here!

John Nack responds on his blog here, and here.

One thing I find particularly snarky is John’s complaint:

This year it’s “Lies, Lies, and Adobe Spies”–a story noting that some Adobe apps contact a Web address associated with Web analytics company Omniture. The story is getting echoed & amplified on Valleywag (“You’re not the only one watching what you do in Adobe Creative Suite 3… Adobe is watching you, too”), CenterNetworks (“I am not suggesting that Adobe is doing anything wrong…” but then “Shame on Adobe, shame”), Daring Fireball (“Assuming this is true, it’s a disgrace, whatever the actual reason for the connections” [emphasis added]), and I’m sure elsewhere.

Whoa, Nellie.

As I say, now is the perfect time for people to throw around whatever wild assertions they’d like, given that so many people are out of the office and can’t respond.

Well, John. I’m so very sorry that this little hidden behavior of your company’s applications was discovered at a time when Adobe employees find it inconvenient to respond. Isn’t that just rude? I mean, here they are, using your company’s software during the holidays, and they find this very suspicious behavior, and instead of waiting for #$&*&^%$#$%^& HOURS on hold trying to connect with Adobe’s famous crappy customer support they choose to notify other users of Adobe software of the behavior on their blogs. And they have the temerity to voice their opinion of that behavior, too! Of all the nerve!

John, welcome to the grown up world. Your customers don’t have any obligation to you at all. They paid their hundreds of dollars for your software, and when they find out that it engages in suspicious behavior that’s been hidden from them they don’t have to do things the way you’d like. They’re free to say whatever they please about the behavior. They’re free to say it whenever they please, even if John Nack finds the timing to be upsetting in some weird tinfoil hat “clearly there’s some conspiracy to complain about things while everyone is on vacation” way. The fact that they complained when you personally found it inconvenient is bad news for you but has no bearing on the merits of their complaints.

If they find the behavior of your app phoning home sufficiently offensive or upsetting, for whatever reason, they’re free to complain, to be discontented, and to spread that discontent as widely as they please. Realistically, there isn’t a thing you can do about it. I suggest that you wake up, smell the coffee, and start blaming your own company for this little brouhaha. I make that suggestion because the amount of impassioned discontent I see that’s directed at Photoshop and its stranglehold on the photo world makes me think that your days of charging $600 for the application are numbered, and the number is surprisingly low.

Finally, you might want to change your wording. You call these ‘wild assertions’, a wording which suggests that these claims are unsubstantiated. Well, John, I’m guessing that, given that UneasySilence actually caught InDesign in the act of doing this, it’s not unsubstantiated and thus very much NOT a ‘wild assertion’. It’s established fact, and no amount of spin on your part is going to change that.

Nack then writes:

PS–Tracking user habits can be a good thing that benefits customers by helping software creators notice trends & improve their tools. When Adobe has pursued this kind of thing, it’s always been on a strictly opt-in basis.

Horsehockey. I’d suggest that if John really feels this way, I’d like to install some software that tracks the banking habits of all Adobe employees. I’m pretty sure that I would find trends that would help me ‘improve their banking tools’. You’ll have to trust that I won’t track anything you’d find violated your sense of privacy. To make it easy, I’ll hide this tracking so that you won’t know about it and thus won’t find it upsetting.

If Adobe has some legitimate goal here, there’s no need to hide that goal from users. It should be emblazoned in really big type on the initial splash screen when the application is first installed. And it shouldn’t use the domain name ‘192.168.122.2o7.net’, which is clearly a bad choice because it’s exactly the sort of thing the really bad guys would use and so using it pretty much drives people to a conclusion that you’re up to no good.

In the comments, Nack then responds to a comment (Nack’s response in brackets):

Adobe apps can call various online resources (online help, user forums, etc.), and those requests are logged.” Heavens, how could anyone equate that with “covertly phoning home”?

[I don’t know, because it’s not covert. The app only connects to those things if you ask it to do so, by selecting the appropriate menu item. There’s nothing covert about it. –J.]

Ok, John. Without telling you, I’ve installed something on your computer. I haven’t told you what I’ve installed or revealed that I installed it or revealed what it does. It does it when you do something, but I haven’t told you what things trigger it. But you’ve just discovered that when it does it, it contacts a domain with a very phishy sounding domain name that appears to be intended to confuse people and firewall rules.

Two points come to mind:
1. If I did this, you’d be pissed as hell, and you know it. And you’re surely agree it’s ‘covert’. If you’re unsure let me direct you to the definition of covert.
2. Your claims that this is not covert because it only happens when you do some things and not others is nothing but meretricious, unadulterated crapola. And your claiming that it isn’t covert is offensive – not a surprise coming from the company that’s blazing new trails into the land of “We Pissed Off Our Customers Because We’re Arrogant Asshats”.

Bottom line: let me make a Modest Proposal to Adobe. If this information is so valuable to Adobe and isn’t something that would make users uneasy, then issue a software update for the CS3 apps that adds two menu items. The first menu item will display all the information that’s been forwarded to Adobe. The second menu item should offer users a choice of two options 1) users can opt in to sending this info, and Adobe will pay them for the info 2) users can opt out. If this information is so valuable to Adobe, it seems to me perfectly reasonable to have Adobe compensate the users in exchange for the data, instead of just taking the data for free.

17 comments