Heads Up if You're Using Adobe Acrobat Reader

The following article appears here:
formatting link

Linux users may have been pleased to find that Adobe has finally made
available a new version of its Acrobat Reader, with accessibility features,
a much slicker interface than Acrobat 5.x and new and other spiffy features.
However, there are a few other features that Linux users should be aware of.
A company called Remote Approach is promising to alert PDF publishers as to
the "reach and use of their materials." We were curious to find out how
Remote Approach was going to make good on its promise, given that PDF has
largely been seen as a one-way medium. To find out, we created a test
account and uploaded a PDF to be "tagged" by Remote Approach, and then
downloaded the modified document to see whether Remote Approach could log
our use of the document.
Remote Approach's reporting did not work when we viewed the document with
Kpdf, Xpdf and Adobe Reader 5.0.10. It also failed using Apple's "Preview"
application on Mac OS X. The document was still viewable with no apparent
glitch in other PDF readers, but the reporting function did not work.
However, when we opened the file using Adobe Acrobat Reader 7, Remote
Approach started logging views from our IP address. After doing a little
research, we found that Adobe's Reader was connecting to
formatting link
each time we opened
the document. The information is submitted over port 80 using HTTP, so it is
unlikely that a home or office firewall would, in a normal configuration,
block the activity, unless the firewall administrator is attempting to block
Web browsing.
Apparently, Remote Approach's "tag" to our document included the addition of
JavaScript code causing Acrobat to report back to their server; the
information reported includes the fact that the document had been read, our
IP address, and which viewer it had been read in. (Interestingly, Remote
Approach does not seem to recognize the Linux version of Acrobat Reader, as
it left the "User Agent" field blank in its reports.)
What many Linux users may not have realized, since Adobe did not release an
Acrobat Reader 6.x for Linux, is that Adobe has added JavaScript support to
PDF and the official Acrobat readers since Acrobat 6.x. For those interested
in the JavaScript support and its abilities in Acrobat, see Adobe's
scripting reference or scripting guide. (Both are PDFs, of course.)
By default, Adobe Reader 7 turns on JavaScript, so the "tagged" document is
able to "phone home" without the user's awareness. Turning off JavaScript
disables the document's code, and prevents Remote Approach (or any other
entity) from tracking views of the document. No doubt, Remote Approach is
using features that would normally be used to submit information from a PDF
form.
The inclusion of JavaScript in Adobe Reader 7 for Linux no doubt provides a
number of welcome features for users, but it also raises some privacy
issues. The reader does not inform the user that information is being
submitted, so users are likely to be oblivious to the fact that another
party is aware of their PDF reading habits. While a user may not find it
objectionable to notify the publisher, there are those of us who don't care
to allow publishers to snoop on activities taking place on our personal
computers.
Lucky for us, there are plenty of alternatives to Adobe's Reader. Free PDF
readers are unlikely to adopt features allowing the reader to silently phone
home in response to code stored within the document itself. If you must use
Acrobat, however, you may want to have a look at the JavaScript settings
first.
Reply to
Tony P.
Loading thread data ...
When I disable the Adobe Javascript option, I get prompted on every exit from Adobe Reader 7.0.x that "This document requires Javascript". That will appear when the only actions were to open and then close Adobe Reader without loading any document. So I can leave it on and risk the covert tracking or I turn it off and get nagged with a bitch message on every exit where I have to click on a No button (to prevent turning on the global option).
Looks like I'll be looking for an alternative PDF viewer. in the meantime, I've configure the app rules in my firewall to always block any connections from acrord32.exe. Screw them.
Reply to
<Vanguard>
Response CROSS-POSTED TO alt.privacy.spyware.
Rather than fiddle with the javascript settings, would it not be simpler to add the site
formatting link
to whichever hosts file that you use on your PC?
JC
Reply to
JC

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.