Reply With Quote
Don't most "Internet Security" programs nowadays have a firewall setup where you can permit/deny applications internet access, that also tells you what they're trying to ring up?
Just a thought.
So much ****ing semen.
http://arstechnica.com/news.ars/post...cs3-users.html
It all began with a post at UNEASYsilence titled "Lies, Lies and Adobe Spies" which caught on to the fact that Adobe CS3 apps were calling out to a suspiciously-crafted IP address. As it turns out, the IP in question—192.168.112.2O7.net (note the capital O instead of a zero)—is not an IP at all, but rather a domain owned by statistics-tracking firm Omniture.
Criticism and conspiracy theories quickly erupted across the web, calling for an answer from Adobe over what looked like a clear invasion of privacy crafted to look like a typical local IP address. The holidays aren't always the best time to ask a corporation as large as Adobe for an answer on issues like this, but Photoshop Product Manager John Nack came to at least a preliminary rescue. Across a couple of posts at his official Adobe blog, Nack took it upon himself to dig into the matter.
According to Nack's investigation, Adobe's CS3 apps call out to Omniture's services to track a few usage statistics across Adobe products. Specifically, only three things are tracked: the news items presented in some apps' welcome screens, Adobe-hosted content loaded in Bridge's implementations of Opera and Flash Player (Bridge is the asset management component of Creative Suite), and Adobe online help systems like forums and the Exchange service, but only upon a user's request.
As for the suspicious nature of Omniture's faux-IP URL, Nack is less sure. He also agrees with users' concerns over the matter and says he's doing his best to find out more. It is likely, however, that Omniture is not returning Nack's calls just as it isn't returning Ars Technica's, again probably due to holiday vacations. Other theories postulate that the URL crafting is both a technical and social engineering attempt to fool curious users and firewalls that might use some kind of wild card to allow 192.168.* requests. An underhanded tactic to be sure, but one that would allow Omniture to continue collecting usage statistics from many of Adobe's users.
Adding fuel to the fire, Omniture's own explanation of the "2o7.net" domain (note the lowercase "o" in Omniture's usage) explains absolutely nothing about the disguising of the domain its clients' products call. Even worse, Omniture's opt-out method only covers individual web browsers, not applications. Neither Adobe nor Omniture offer an opt-out method that covers Creative Suite 3 applications, forcing power users concerned over this issue to add the specific Omniture URL to a firewall or other monitoring utility such as ObDev's Little Snitch. Needless to say, this isn't exactly as user-friendly as a splash screen check box, or even an application preference.
There's a lesson to be learned from this latest marketing and privacy snafu, and Adobe and Omniture had better be taking notes. Omniture is clearly at fault—and still owes consumers an explanation—for trying to sneak this URL into clients' products, and Adobe can't be short on alternatives for product statistics tracking. One of the oddest things about the whole situation is that the outcry has focused on the crafty URL and not the stats tracking, suggesting that many CS3 users are used to companies watching (anonymously) over their backs. But no one likes wool, even digital wool, being pulled over their eyes or their routers.
Don't most "Internet Security" programs nowadays have a firewall setup where you can permit/deny applications internet access, that also tells you what they're trying to ring up?
Just a thought.
For the record, the Little Snitch app mentioned above is awesome. Would recommend to anyone running OS X. Not that that includes me anymore, but I liked knowing exactly what applications were trying to get away with.
So much ****ing semen.
i don't think they would make a big deal out of this if Windows Firewall or Defender said it was phoning out. sounds like somebody had to do some work to figure it out.Originally Posted by YellerDog
If it's doing it and subverting those programs somehow, then yeah, it's bogus.
I pretty much expect any high-dollar program is going to try to do that these days, though.
Braaaaaaainssssss
That is brilliantly evil. I'm impressed.
Old Country Doctor
the .net suffix gives it away more than the capital O
So much ****ing semen.
in case it bothers anyone to block it from phoning home, just add the aforementioned domain to your hosts file (%windir%\system32\drivers\etc\) and point it at 127.0.0.1
or use PeerGuardian2 or other blacklisting software, and block it there.
Who's bringing the GD Juice!
You could also just change your IP schema to a non 192 private addy right?
Posting Permissions
Bookmarks