Adobe & Omniture Spying On CS3 Users

First Adobe went the paid ad route  with Yahoo, now they are snooping on users. Sounds like Adobe is getting a bit too frisky…and Omniture is getting well…if not untrustworthy…suspicious.

From Ars Technica:

It all began with a post at UNEASYsilence titled “Lies, Lies and Adobe Spies” which caught on to the fact that Adobe CS3 apps were calling out to a suspiciously-crafted IP address. As it turns out, the IP in question—192.168.112.2O7.net (note the capital O instead of a zero)—is not an IP at all, but rather a domain owned by statistics-tracking firm Omniture.

Criticism and conspiracy theories quickly erupted across the web, calling for an answer from Adobe over what looked like a clear invasion of privacy crafted to look like a typical local IP address. The holidays aren’t always the best time to ask a corporation as large as Adobe for an answer on issues like this, but Photoshop Product Manager John Nack came to at least a preliminary rescue. Across a couple of posts at his official Adobe blog, Nack took it upon himself to dig into the matter.

According to Nack’s investigation, Adobe’s CS3 apps call out to Omniture’s services to track a few usage statistics across Adobe products. Specifically, only three things are tracked: the news items presented in some apps’ welcome screens, Adobe-hosted content loaded in Bridge’s implementations of Opera and Flash Player (Bridge is the asset management component of Creative Suite), and Adobe online help systems like forums and the Exchange service, but only upon a user’s request.

As for the suspicious nature of Omniture’s faux-IP URL, Nack is less sure. He also agrees with users’ concerns over the matter and says he’s doing his best to find out more. It is likely, however, that Omniture is not returning Nack’s calls just as it isn’t returning Ars Technica’s, again probably due to holiday vacations. Other theories postulate that the URL crafting is both a technical and social engineering attempt to fool curious users and firewalls that might use some kind of wild card to allow 192.168.* requests. An underhanded tactic to be sure, but one that would allow Omniture to continue collecting usage statistics from many of Adobe’s users.

Adding fuel to the fire, Omniture’s own explanation of the “2o7.net” domain (note the lowercase “o” in Omniture’s usage) explains absolutely nothing about the disguising of the domain its clients’ products call. Even worse, Omniture’s opt-out method only covers individual web browsers, not applications. Neither Adobe nor Omniture offer an opt-out method that covers Creative Suite 3 applications, forcing power users concerned over this issue to add the specific Omniture URL to a firewall or other monitoring utility such as ObDev’s Little Snitch. Needless to say, this isn’t exactly as user-friendly as a splash screen check box, or even an application preference.

There’s a lesson to be learned from this latest marketing and privacy snafu, and Adobe and Omniture had better be taking notes. Omniture is clearly at fault—and still owes consumers an explanation—for trying to sneak this URL into clients’ products, and Adobe can’t be short on alternatives for product statistics tracking. One of the oddest things about the whole situation is that the outcry has focused on the crafty URL and not the stats tracking, suggesting that many CS3 users are used to companies watching (anonymously) over their backs. But no one likes wool, even digital wool, being pulled over their eyes or their routers.

http://arstechnica.com/news.ars/post/20071231-adobe-omniture-in-hot-water-for-snooping-on-cs3-users.html

Yahoo to Serve Up Ads in Pdf’s?

 Say it ain’t so! Aren’t pdf’s annoying enough?

Ads for Adobe PDF powered by Yahoo!

Privacy Policy | Terms of Services Copyright © 2007 Yahoo! Inc. All rights reserved. | Copyright Notice

To be considered for the Ads for Adobe PDF powered by Yahoo! beta program, please enter your information below. Participants of the program must have a valid U.S. Social Security or Tax ID number, and PDF content that is in English and targeted at a U.S. user base. We will contact you about your eligibility to participate and about availability of the program.Yahoo! Publisher Network does not wish to be associated with certain types of content, behavior and/or products. Please refer to our Content Guidelines

http://advision.webevents.yahoo.com/scp/viewer/index.php?client_id=1173&event_id=18671

Yahoo! Publisher Network Content Guidelines

Yahoo! Publisher Network does not wish to be associated with certain types of content, behavior and/or products, and will not accept sites that contain this type of content. This includes, but is not limited to:

Adult-oriented content Violence, excessive use of vulgar or obscene language Excessive, duplicate or competing advertisements Content related to human suffering or death Copyright or trademark-sensitive products such as MP3 downloads, DVD backups or bootleg items Weaponry, ammunition, fireworks or explosives Gambling Illegal drugs and drug paraphernalia Propaganda, potentially offensive or controversial content Defamatory, libelous, threatening or other material that advocates against any individual or group The sale of body parts or bodily fluids The sale of hazardous substances Political, religious or charitable organizations, issues or causes The sale of tobacco and tobacco-related products Hacking, surveillance, interception or de-scrambling equipment The sale (or facilitated sale) of prescription drugs The sale of counterfeit or stolen items The sale of government IDs or police items The sale of alcoholic beverages The sale of products from any of the following countries: The Balkans, Burma (Myanmar), Cuba, Iran, Iraq, Liberia, Libya, North Korea, The Sudan, Syria or Zimbabwe