Abode is on the defensive after users complained that their premier software package Creative Suite 3 is collecting usage stats in an underhand manner.
On the other hand, Adobe’s John Nack reports that the content being tracked is content delivered from the internet, such as a Live News SWF, and online help which really is online, not just local files.
The other part of this story is that Adobe is using Omniture for analytics, and Omniture has chosen a deceptive url for its tracking stats, specifically 192.168.112.2O7.net. That’s not an IP number, it’s an URL – note the capital O used where it looks like a zero.
Breach of privacy? Case not proven. Anyone running a web site should track stats for all kinds of reasons; I used them recently to investigate a break-in. When desktop applications call internet resources, they are acting like a web browser, and users should expect that they leave a digital trail. It is not as if CS3 calls the internet secretly – I think most of us can figure out that a live news panel is doing more than showing files installed by setup.
Unfortunately once you start browsing the web it is difficult to know exactly what resources you are calling and from where. What users see as a single web page typically has ads from one place, maybe images from another, and often slightly sneaky tricks like invisible images or scripts put in place solely to track usage. Now desktop apps are doing the same thing; it is not different in kind though it is true that neither case is transparent for the user.
That’s no excuse for Omniture using a silly URL that is the kind of thing you would expect from spam sites or misleading emails that want you to click malware links. Omniture’s URL is designed to look like an internal IP address which would normally be safe. That’s beyond “not transparent”; it is deliberate deception, albeit easy to spot for anyone moderately technical.
Should Adobe offer an option to turn off all non-local content? Possibly, though not many users would want to do so. There is a simple way for users to protect their privacy, which is to disconnect their machine from the Internet.
The big unknown is how these stats are used. Does Adobe check for the same serial number being used on multiple machines concurrently? Does it link usage stats to registration details? Does it check which apps in the suite are used most, and use that for contextual marketing to specific users? There is probably a privacy policy somewhere which explains what Adobe does, or does not, or might do. Unfortunately users have to take such things on trust. Occasionally companies slip up, even with good intentions – you may recall the day AOL released search logs for 500,000 users naively thinking they were not personally identifiable.
This problem is not specific to Adobe. It is inherent in internet-connected applications including web browsers. That said, Adobe should beat up Omniture for its shady URL, and do a better job informing users what kind of data it is collecting and how it is used. Which is pretty much what Nack says in a second post – except he says security when this is a privacy issue. Not the same thing.
Hi Tim,
I’ve covered these issues in detail on my blog. The four related posts are grouped here: http://blogs.adobe.com/jnack/privacy_spyware/
J.
“What are privacy settings?
Applications that are created with Macromedia Flash from Adobe may want to have access to the camera and/or microphone available on your computer. Privacy settings let you specify whether you want applications from a particular website to have such access. Note that it is the person or company that has created the application you are using that is requesting such access, not Adobe (unless Adobe has created the application that wants access to your camera or microphone). “