Cerca nel blog

2005/06/01

Acrobat 7 fa la spia?

LWN: Unexpected features in Acrobat 7: "A company called Remote Approach is promising to alert PDF publishers as to the 'reach and use of their materials.' ... we created a test account and uploaded a PDF to be 'tagged' by Remote Approach, and then downloaded the modified document to see whether Remote Approach could log our use of the document.

Remote Approach's reporting did not work when we viewed the document with Kpdf, Xpdf and Adobe Reader 5.0.10. It also failed using Apple's 'Preview' application on Mac OS X. The document was still viewable with no apparent glitch in other PDF readers, but the reporting function did not work. However, when we opened the file using Adobe Acrobat Reader 7, Remote Approach started logging views from our IP address. After doing a little research, we found that Adobe's Reader was connecting to http://www.remoteapproach.com/remoteapproach/logging.asp each time we opened the document. The information is submitted over port 80 using HTTP, so it is unlikely that a home or office firewall would, in a normal configuration, block the activity, unless the firewall administrator is attempting to block Web browsing.

Apparently, Remote Approach's 'tag' to our document included the addition of JavaScript code causing Acrobat to report back to their server; the information reported includes the fact that the document had been read, our IP address, and which viewer it had been read in. (Interestingly, Remote Approach does not seem to recognize the Linux version of Acrobat Reader, as it left the 'User Agent' field blank in its reports.)

...By default, Adobe Reader 7 turns on JavaScript, so the 'tagged' document is able to 'phone home' without the user's awareness. Turning off JavaScript disables the document's code, and prevents Remote Approach (or any other entity) from tracking views of the document.

...The reader does not inform the user that information is being submitted, so users are likely to be oblivious to the fact that another party is aware of their PDF reading habits."