December 28, 2007

What’s with Adobe & the shady server name?

Thanks for all the feedback on this morning’s post about Adobe, Omniture, and (non) spyware in CS3.

In truth, I think I did miss a key point: in this instance the objections seem to center not so much on whether Adobe apps are contacting a server, but rather that the server is named “,” rather than something obvious and communicative like “”  People are rightly asking why that is, and unfortunately I don’t know the answer.  I’m way out of my depth on the details of IP addresses, ports, etc., so I hesitate to comment further.

Instead I’ll work on getting some details from people with more expertise.  Given where we are in the holiday period, it may take a little time.  I’ll post more info as I get it.  Thanks for your patience.

This is a great example of why I said that “Adobe could and should do a better job taking security concerns into account.”  Even if an application’s behavior is ultimately innocuous, it’s important to be transparent and forthcoming about what’s going on.  I don’t want software sneaking around behind my back any more than the next guy does, and Adobe (like all companies) needs to make sure it’s not abusing users’ trust.

[Update: I posted updates here and here. The complete set of posts is here.]

5:50 PM | Permalink | Comments [81]

Adobe ate me baby!!

Ding ding ding!  We have a winner.

Every year around this time, the online community latches onto some story (CS3 icons last year; “Microsoft to buy Macromedia” before that; etc.) and goes nuts with speculation.  The specualtion is all the more thrilling given that the affected companies are only lightly staffed right now, making it hard to provide a meaningful response.

This year it’s “Lies, Lies, and Adobe Spies“–a story noting that some Adobe apps contact a Web address associated with Web analytics company Omniture.  The story is getting echoed & amplified on Valleywag (“You’re not the only one watching what you do in Adobe Creative Suite 3… Adobe is watching you, too”), CenterNetworks (“I am not suggesting that Adobe is doing anything wrong…” but then “Shame on Adobe, shame“), Daring Fireball (“Assuming this is true, it’s a disgrace, whatever the actual reason for the connections” [emphasis added]), and I’m sure elsewhere.

Whoa, Nellie.

As I say, now is the perfect time for people to throw around whatever wild assertions they’d like, given that so many people are out of the office and can’t respond.  Even so, I’ve been able to find out a few things.  According to Doug Miller from the team, “Omniture is Adobe’s web analytic vendor for There are only 3 places we track things via Omniture anywhere in or around our products.”:

  • The welcome screens (these things) in some Adobe apps include a Flash SWF file that loads current news, special offers, etc.  These requests hit servers and are logged, like regular browser-based traffic, by Omniture.
  • Adobe Bridge embeds both the Opera browser and the Flash Player, both of which can be used to load Adobe-hosted content.  These requests are also logged.
  • Adobe apps can call various online resources (online help, user forums, etc.), and those requests are logged. [Update: To clarify, those contacts are made only if the user requests them–e.g. by choosing Help->Adobe Exchange.]

This, as far as I’ve been able to discover, is the extent of the nefarious “spying.”  If I learn anything else when more people get back on email, I’ll update this post.

Now, let’s get down to brass tacks:

  • There are plenty of reasons, from phishing to Facebook to the NSA, to be concerned about & to debate security & privacy.  But when people cry wolf, making no apparent effort to find out the truth (yeah, let’s assume it’s a disgrace–and please don’t ask anyone at Adobe), they actually make it harder to pay attention to the significant issues at hand.
  • I’m a huge advocate of improving the desktop experience through online connectivity.  There are lots of details to get right here as we work to find the right balance between privacy & connectedness.  Let’s absolutely have those conversations–but let’s not drown them out with a bunch of shrill, irresponsible FUD. (That would be a disgrace.)
  • Adobe could and should do a better job taking security concerns into account.  Including Apple’s Bonjour technology in CS3 apps was meant to make it easier for users to connect to their servers, but the company’s (unintentional) lack of communication caused people to suspect the worst (over the holiday break, naturally).  It’s because we know what these technologies are doing that we may not remember to see them as others might, and to explain what’s going on (and what’s not).  As I say, as the line further blurs between the desktop & online experiences, Adobe & all companies will need to do a better job communicating & giving users choices.

And so, at last, I’m pleading for a little common sense, and for people to give Adobe the benefit of the doubt–or at least to check the facts before screaming “Your Privacy Is An Illusion!”

[Update: Please see this update as well.]


PS–Tracking user habits can be a good thing that benefits customers by helping software creators notice trends & improve their tools.  When Adobe has pursued this kind of thing, it’s always been on a strictly opt-in basis.
PPS–I’m just miffed that if people are going to besmirch a whole company, they don’t also bother to extend the common courtesy of a crude Photoshop job. ;-)

11:53 AM | Permalink | Comments [78]

Print your own beating heart & more

9:29 AM | Permalink | Comments [3]
Copyright © 2020 Adobe Systems Incorporated. All rights reserved.
Terms of Use | Privacy Policy and Cookies (Updated)