Comments on: What’s with Adobe & the shady server name?

By: bill gall

bill gall — Tue, 02 Sep 2008 03:59:17 +0000

I solved this problem a long time ago. I bought a separate computer just for graphics work. That computer never gets hooked to any network, wireless or other because I removed the modem. I don’t mean I disabled it, I mean I opened the tower, took it out and threw it in the dumpster. NOTHING will happen on my computer without my say so. In addition, I garbaged Adobe when they came out with cs2 because it was needlesly bloated. Alot of my associates said “screw this” and downloaded pirated copies of CS2 and CS3 that had been recoded to work in an actual productive manner. One of them had a portable copy of CS3 that’s just over 80 megabytes and can be run on any computer from a keychain flash drive with no endless lags in startup or operation and certainly no illicit activities. I would have done this too, but I don’t really need Adobe anymore. There are plenty of alternatives and some of them are even free. And now that Adobe’s let their market dominance go to their heads, they’ve lost the trust of their customers (at least the ones that count), just as Sony did when their heads got too big and they implemented rootkits. Sony will never make another penny of mine me and now neither will Adobe. When a company reaches a certain size, they forget that it’s the customer that controls their success or failure, not vice versa. Now the tide has turned. Trust has gone elsewhere and the company that will sink Adobe is already on the rise. Here’s to the fall of yet another empire, brought down from inside by its own greed. Bon Voyage, Adobe. You brought it on yourself. ;)

By: j

Sun, 17 Aug 2008 23:19:42 +0000

Wow, great job finding out more info on this for us. It's been what, eight months with no answer? [I posted updates here and here (within a week of the entry on which you're commenting). So, great job on your thorough research. --J.]

By: TiredoftheSNOOPING

TiredoftheSNOOPING — Sun, 20 Jul 2008 17:13:55 +0000

1. We should NOT have to go to Adobe.com website to change settings on FlashPlayer on our own hard drives to avoid their sneaky hidden FLASH COOKIES! This is extremely heavyhanded and sneaky of Adobe/Macromedia. (Those who don’t even know about Flash Player cookies need to read up on them, then do a search of their own hard drives: *. sol – and be surprised at what they find.
2. Even after you DO change the settings and try to avoid all Flash Player cookies, you will probably get more anyway.
3. If you do BLOCK all Flash Player Cookies, some sites, like youtube.com will NOT work for you, unless you go back and ALLOW the Flash Player Cookies.
4. EVERYONE using Flash Player should demand that Adobe/Macromedia release a patch for their product that enables end-users to change these settings on our own hard drives, without the interference and nosiness of Adobe forcing us to do any changes ON THEIR WEBSITE!
Whose machine is it, anyway?

By: Phil Brown

Phil Brown — Sun, 13 Jan 2008 18:19:27 +0000

Gary – my point was to address the apparent claims (from many!) that Adobe was some how soley to blame or involved in under hand techniques. This isn’t unique to Adobe, and yet they’re being targetted as if it is.
They’ve had a problem brought to their attention. They’ve reasonably explained that it’s not as bad as some people were trying to make out. They’re now looking to fix it.
Although some will complain that they took too long, in my epxerience with a major corporation such as this, the time frame has been extremely fast. It’s also been transparent and open, which ought to be applauded (and some people, such as you, are doing just that).
Going forward, you are going to see many more apps intergrated with web functionality (heck, you browse the web from inside many online games now!) in order to access support, marketing, additional features and so forth.
Of course you should be able to opt out (or even better, choose to opt in in the first instance). But I would think it’s fairly clear that this address wasn’t createed exclusively for use by Adobe. There really is nothing sinister in Adobe engaging a company to do research for them.
Omniture’s decision to use that address is very poor. Adobe, no doubt, will not be so trusting themselves when they have someone create code for them. Everyone’s learned something.
Everyone makes mistakes. It’s how we deal with and address them that matters the most. We should be promoting how this issue has been handled (without ignoring the underlying issue – which is being resolved) rather than harping on with conspiracy theories and ad hominem attacks. That’s really been my point (and I think you agree).

By: Gary Ulam

Gary Ulam — Sun, 13 Jan 2008 03:53:12 +0000

This is in response to the following posted by Phil Brown:
Have a look for other instances of the address that so concerns you. Then, when you notice that every other firm that uses this company to conduct similar research has the same questionable IP naming technique, I hope you’ll immediately launch yourselves at those companies in the same way, else you might consider printing a label that says “hypocrite” and sticking it to yourselves.”
Phil, it’s true that Adobe isn’t the only company utilizing these methods and I certainly appreciate the openness with which Adobe is permitting this blog to run, unlike certain companies who have censored or locked user discussions in forums (ie. try googling “lcd panel lottery” and you’ll see what I mean).
Good companies know censorship backfires, and I applaud Adobe for permitting our comments to appear on this blog.
However, to rebutt the comment you made, I must state that adopting a “hey, other companies do it too” attitude does not justify why my high priced software suite is surreptitiously being used to gather…marketing?….information
about me while I believed its primary purpose was to permit me to edit photos!
Furthermore, what use are cookies in a photo and video editing suite? I can understand if I was browsing other companies websites, but with Adobe I was getting the cookies just using my workplace TOOLS!
It’s too bizarre to imagine that Adobe/Omniture need marketing information every time I use my tools!
At Omniture’s server that receives my cookie information, it will be very simple for them to determine when and how often my company uses its software, just by looking at the cookie logs. If they associate that with my
IP address (and possibly my registration data), it can give them enough precious information to sell to my competitors that would like a general idea of how much business I’m doing in the current fiscal period. Of course I’m not saying Omniture *IS* doing this, but only that it has the *ABILITY* to do so thanks to the built-in cookie spying routine that Adobe put in to a NON-WEB-BROWSER softare tool.
I can expect to block my web browser from serving info to O mniture, but should I have to become paranoid about blocking my trusty Adobe suite? Heck no!

By: Andrew

Andrew — Thu, 10 Jan 2008 12:10:36 +0000

Let’s not forget folks: blogs, the Internet and all the rest of the 1′s & 0′s move much more quickly than People (and large corps.) do. Give Peace (and John) a chance to get this problem sorted.
p.s. The above referenced digit is a “zero” – not the letter O ;]

By: Phil Brown

Phil Brown — Tue, 08 Jan 2008 03:23:19 +0000

Those of you accusing Adobe (and John, personally…what is up with that – he’s been openly responding as he can on this issue for MONTHS before this latest little attack of interest from some quarters) should check your cookies (depends on your o/s where they will be).
Have a look for other instances of the address that so concerns you. Then, when you notice that every other firm that uses this company to conduct similar research has the same questionable IP naming technique, I hope you’ll immediately launch yourselves at those companies in the same way, else you might consider printing a label that says “hypocrite” and sticking it to yourselves.
Neither Adobe nor John need me sticking up for them, but when they make the effort to try to obtain details of something like this and to discuss it in public, it’s absolutely terrible to see them attacked for it.
The very fact that such abuse and attacks are happily posted on this blog should tell you a lot about their willingness to remain open and honest when there’s a problem or a mistake.
Meh, I’ve only been back at work 2 days since the holiday and already my faith in my fellow man is eroding. The irony of Internet based IQ tests does not escape me…

By: Leslie

Leslie — Mon, 07 Jan 2008 18:57:10 +0000

John Nack’s posting is a ‘non-answer’. It is a carefully worded response that fails to address the questions being raised, but is designed to give the appearance of saying something important. Here is the Senior Product Manager for Photoshop claiming that he doesn’t have an explanation for a major function of the program (I would consider ‘phoning home’ with details of what a user is doing with the program–even if it is as simple as checking for multiple or illegal copies–a ‘major function’). Frankly,I don’t buy it. He of all people at Adobe should know about major functions and design issues of Photoshop. Even his post of January 02, 2008 says nothing more than “We don’t know anything about it.” I don’t buy it. I think this is a case of someone being caught with their hand in the cookie jar and he is hoping that he can avoid addressing the issue long enough that the issue will go away.
[Thanks for the total lack of benefit of the doubt... I said I'm working on it, and I am. Sometimes at a big company (esp. when other companies are involved) it's not possible to move as quickly as one would like. --J.]

By: Gary Ulam

Gary Ulam — Sat, 05 Jan 2008 15:05:01 +0000

This is a response to the comment from “Eric — 09:55 AM on January 03, 2008″ who wrote:
Some people just don’t get that a large organization can make mistakes, or not tighten up procedures without making some mistakes to point out the problem areas.
Eric, no hard feelings, but several of my IT guys are hard core “nerds” and they point out that this 2o7.net affair is not a simple “mistake” but a clear attempt to deceive. Should a thief who gets caught be let off so easily by a judge concluding “he just made a mistake”?
Rather than dismissing the claims of previous commentors by denigrating them as nerds and silly “sheriffs” of information tech-justice,
lets deal with facts rather than personalities:
You claim this information is anonymous, but how did you prove that it truly is? Because Adobe/Omniture says it is? Can we really trust them?
Also, do you understand how data-mining, geolocation and other similar information technologies work? My company has to register its hardware, software, etc. even though we know a lot of this information ends up in the hands of the data-mining corporations who sell & share this information amongst themselves to develop even larger profiles of the users.
Here are 2 simple ways it can cause grief for my company:
1. I don’t need third parties (who may sell information to my competitors, or may one day decide to compete in my field themselves) knowing what hardware and software I purchase, in what quantities, etc. This is very valuable information to competitors.
2. Tracking cookies can cause embarassing incidents! Before we put in a policy to refuse all cookies unless dealing with the website of required and trusted companies, we had the situation where a worker was using his workstation to find naughty pictures on the web.
That employee was fired but
the damage was done.
Sure enough, the geolocators
kicked in and we soon found our computers displaying targeted advertising for dating and adult services.
The geolocation was able to determine the city we were in and said “meet hot women in …….”.
This looked extremely unprofessional one day when it appeared during a consultation session with a
client.
We know it was all caused by tracking cookies.
In the end, many cookies just serve to re-direct more advertising towards you, and this wastes our bandwidth and $$$.
God bless the nerds. If it weren’t for people like them, we’d all conclude the Sony rootkit affair was also a “harmless mistake” much like what you think Adobe has done.

By: Gary Ulam

Gary Ulam — Sat, 05 Jan 2008 14:39:03 +0000

Will Adobe consent to allowing users to disassemble their code so we can figure out all the dirty spying tricks they’ve hidden in the software?
I’m sure the answer is a fat “NO”, we can’t let you do that because (1) we have something to hide AND/OR (2) we automatically assume you are going to steal our software. (Bad assumption -I paid $$$ for CS3, just to find out Adobe now thinks it has the right to spy on me).
Well, if you do illegal SONY-style activity, then why should I trust YOU my dear Adobe? Hence the necessity for a third-party disassembly and review of your code, and the case should be taken to the Attorney General of every country you do business with.
If you’re EULA prohibits us from snooping inside your code, but you breach our trust by using it to spy on us, I think you’re going to give a lawyer a good excuse to say that your contract with the user is voided.
Does Adobe really want this?
Heck no! So come clean, condemn Omniture for the spying 2o7.net sleaze that it is, FIRE whoever made the corporate decision at Adobe to spy in such a sleazy manner, and immediately inform all of your registered users of the issue via email. Plus provide a patch to plug the security hole in your software.
Since learning of the issue yesterday (thanks to word spreading rapidly in a graphics forum I’m on, not thanks to Adobe!) I’ve had to waste time analyzing what my computer does to make sure this security hole isn’t bigger than it first appears.
My business has to much at stake and in the past we’ve even had competitors try to hack us.
It makes me want to build a computer just for Photoshop that never connects to the net, I don’t like being spyed on and I don’t like that I don’t know all the information Adobe transmits.
(I assume some of it may well
be to protect Adobe’s ass against pirates, such as sending out a serial #, but they should at least specify what they are sending so I don’t have to waste my IT department’s time with an order to packet-sniff anything going to 2o7.net now!)
Adobe DESERVES to be punished, it is no different than SONY. Adobe deserves to
pay my IT guys for any time
we have to waste due to this
issue.
“TRUSTED APPLICATION”? No way
Adobe, every internet access
you make through my computers
will now have to be confirmed
and packet sniffed until we
determine what kind of information is sent. Any cookies to Omniture will find
themselves re-written with bogus information directly in the return http-stream. I don’t consent to Omniture invading my workstations, wasting my bandwidth, etc.
Gary Ulam

By: Eric

Eric — Thu, 03 Jan 2008 09:55:22 +0000

Wow, who needs to go to /. to watch the nerds stretch the limits of hyperbole – or credulity? You think granny understands 192. means on the local network only? Yeah, right.
Some people just don’t get that a large organization can make mistakes, or not tighten up procedures without making some mistakes to point out the problem areas.
I have no doubt Adobe will fix this. The fact that the reporting is anonymous makes me think there’s no harm intended.
There are plenty of evil companies out there who deserve the mob’s ire. Adobe is not one of them.
People who stop using Adobe’s products because of a misstep like this are like the Sheriff in “Blazing Saddles” holding the gun to his own head and shouting, “Stand back or the [Sheriff] gets it!”
Please, won’t somebody help that poor nerd? :-)

By: mr_mcse

mr_mcse — Thu, 03 Jan 2008 05:04:16 +0000

1) THEY STEAL BANDWIDTH. These applications do not pay for bandwidth used or repeatedly lost. They never asked permission for use.
2) They cost money in tracking because we believe we have security holes.
3) We are LEGALLY responsible for the content(RIAA/MPAA/CHILD PORN/PIRACY/DoS attacks, ETC.) and actions of programs on on our machines and networks.
4) To circumvent our attempts at security is no better than a TROJAN horse sitting on our drives.
5) INTENT does not matter “YOU” companies are in violation and should be sued for your WILLFULL ACTIONS. You sue for your rights and so should we. How would you like our software on your servers taking snapshots of your Intelectual Property?
6) Other Corp. or businesses should be outraged at the possible theft of their materials.
7) DO TO OTHERS AS YOU WOULD HAVE DONE TO YOU! How are we gonna play this out guys?

By: Tarragon

Tarragon — Thu, 03 Jan 2008 01:10:36 +0000

The key factor here is the transfer of information to a server which has been designed to look local.
The use of the 027.net domain is dubious at the best of times.

By: Marc

Marc — Wed, 02 Jan 2008 17:07:38 +0000

John. i just want to say thank you for taking the time to try to get us answers. that is definitely more than you needed to do, especially considering that your specific application isn't one of the ones that has this activity going on. [Thanks for the words of support, Marc; glad to help when I can. --J.] try not to let all of the stupid comments on here upset you. they shouldn't have been directed AT you anyway. [That's cool; I don't take it personally. --J.]

By: Tobias Hoellrich

Tobias Hoellrich — Wed, 02 Jan 2008 14:22:27 +0000

@Phillip: I did not try every CS3 application, in fact I only have Fireworks/Photoshop CS3 installed on my Windows XP system. I can clearly see that FW CS3 uses IE’s browsing facilities when making web connections. I deleted the *.2o7.net cookies from IE and Fireworks stopped sending cookies when starting up. That confirms the connection between IE and Fireworks for those applications. Things may be different for other OS/CS3-application combos, but I can’t confirm that at the moment. It is possible that Flash CS3 uses the embedded version of the Opera-browser (like Adobe Bridge) to conduct “web business”. I’m sorry that I can’t be more precise with this issue.