The thing that's worrying here is 2o7.net . That's DESIGNED to look like a numerical IP address, and with the whole bit at the start to make it seem local - this is actually being incredibley underhand. I'm not adverse to people asking me to participate, and getting these stats, but doing it through this method is DELIBERATELY trying to hide it!

2o7.net has cookies from nearly every common website I can think of...even this one.

In fact, 2o7.net, last I verified, is the only tracking cookie that even Microsoft.com uses. It very well may have even surpassed the usage of doubleclick.net.

I'm not saying to disregard your point or anything, but I'm just pointing out that 2o7.net isn't some Johny-come-lately...it's been around, and many, many other vendors use it.

The cited article on DevNet doesn't at all fit this story. It explains how Adobe uses Omniture in their own flex/flash applications on their website and intranet. There's nothing in there about the use in their authoring applications.

On the Omniture website there is an opt-out link:

http://www.omniture.com/privacy/2o7#optout

Not sure if anyone else posted this.

I am not surprised about this
http://www.spymac.com/details/?2324191

not surprised at all. everyone knows that adobe flash is spyware. google toolbar is spyware, free firewalls and antivirals are spywares too.

has anyone read the adobe EULA to see if Adobe declares there little covert operations?

So much righteous indignation simply adding to the already abundant noise....

So, how does one disable this function? Or would that come too dangerously close to actually being of practical use?

Firewall it.

"The hosts file protects against MANY KNOWN bad addresses. There are numerous web objects that load from those bad addresses including many ads etc.."

All this talk about HOST files...doesn't Firefox with the "No-Scripts" plug-in protect you from such things?

what does that have to do with anything?

He kinda reminds me of a fresh out of school helpdesk trainee...you know, those guys that think they know it all but really have no clue how little they actually know?

Duplicate................................

make sure hit "post a reply".

If I had any Adobe aps(except for the Trojan ;)
Flash)my firewall would block them because if
I wanted news about them I wouldn't get it from
them and I sure don't want 'em logging whether
I'm asleep or awake.

Very dissappointing...

That is cool!
http://www.spymac.com/details/?2321924

I see we're back on the privacy kick once again. If you're connected to the net you don't have any privacy. If you think you do, you're exceedingly naive. Slashdot had an article about cable and DSL suppliers monitoring their customers use of bit torrent for file sharing and shutting down those who do. That means you are being watched. If that scares you, you need to stop using your computer. There are way too many people on the net anyway.

So if I carefully hide something in one of my products that watches your habits and reports back to me, that's ok because the internet is not private anyway. Despite the fact that this is not even an internet related program. "Oh other people spy on us too so it's ok! I'll just lay back like a good little sheep and take it." People like you make me sad.

What kind of logic is that? Can I watch you in your house with binoculars because you have windows? Can I get all of your bank reports because it's a public bank? Can I listen in to all your cell phone calls because it's just data flying through open air?

What's that...you're not ok with that? But you're ok with someone silently spying on your computer usage (without telling you) with a program you paid a few hundred dollars for?

If you have the knowledge you can do all of those things. In fact there are people doing everything you listed and that includes bank account info.

I have windowblinds or curtains to protect myself from physical spying. As to electronic spying, it's simple enough for a visitor to place a bug in my home or on my phone. They can be purchased cheaply online. Identifications are stolen daily. It doesn't really matter that I don't want these things to happen, it's a fact that they do. No protection that I use online is impervious and the same is true for you.

No...these things are all possible??! You gotta be kidding me, that's crazy!! /sarcasm

All the things you mentioned obviously can be done...but none of them are legal.

You're completely missing the point...If you bought a car and the car manufacturer had a device in the car that recorded everything and sent it down to the manufacturer ever day without telling you...you'd be fine with it because...well, "it's possible so what can I do?"? That's great...like the poster below, if it's acceptable to you that "legitimate" companies that you do business with are spying on you, then I feel really sad for you.

P.S...if you find a bug in your phone that I've placed to listen in to your phone calls...instead of turning it in to the authorities...just say "ah, F it, what can I do it's electronic spying happens all the time" and toss it away please? Thanks.

You're the guy that's paranoid and you feel sorry for me! I guess I should spend all my time worrying about bogeymen. I'll just continue using my computer and to hell with data collection. There's precious little on my system to steal.

Yea...I mean who cares about privacy right? It's way overrated.

"..If you bought a car and the car manufacturer had a device in the car that recorded everything and sent it down to the manufacturer ever day without telling you."

It's called SatNav :)

Yea but that's there for a reason...and they actually tell you it's there...:)

Oh, really? Sounds like ignorance of zombies and botnets. You're displaying the fallacy of "I don't have anything anyone wants." Your computer can be taken over (becomes what's called a zombie) and used to host porn (including child porn), used as part of DDOS (distributed denial of service) attacks, used to conduct attacks on other computers/websites, etc. Spyware can be used to indicate your interests so that ads can be targeted to you. A profile can be generated and repeatly sold.

If you're connected to the Internet, you're under attack. Ask anyone who does network security (like me) and they're confirm this.

I'm aware of all those things and use an excellent protection system to guard my system. I am also aware of network protection systems that have taken down people's computers. Kaspersky and Symantec are 2 examples. There's no such thing as an inpenetrable protection system. I can make it difficult for people to access my computer, but I can't make it impossible.

I'm also aware that most security problems are the result of misuse of the computer by the user. I purposely limit the sites I visit to avoid corrupting my system and I don't visit sites my protection system tells me not to visit. A protection package can't protect you from your own behaviour.

Be happy. I have a system that's very well protected and I'm very careful about which sites I visit. Happy New Year!

I'm smell 2 lawsuits - one at Adobe and one at Nero.

Heyzeus Christo! Is there no end to this garbage, why not simply do as Sony did install a rootkit?

Better user experience my ***. I'd like to hear the rest of this. How exactly does spying translate to "better user experience".

I have to say that they are better at hiding things than they are making excuses.

UNinstall the Bonjour service that comes with CS3 products and you are better secure from this crap.

Also, Nero....
Do a google search for "Stop nero phoning home" and you can find methods for killing that too.

I'm still using Nero 6, my firewall has never caught it trying to connect to anything. I've avoided upgrading mainly because I think the newer versions are crap, but if they are also phoning home and other hijinks that is all the more reason to stay with version 6.

And companies wonder why no one wants to pay for software these days. That feature alone would make me want to pirate a copy (if I used Abode anything)

Windows users: Consider using the pretty robust HOSTS file at: http://www.mvps.org/winhelp2002/hosts.htm

I use it and my subsequent spyware/cookie sweeps using Ad-Aware and Spybot are much cleaner. They've got a pretty big section dedicated to 2o7.net.

Jeez, it’s bad enough that Adobe makes us activate the software but we’re too addicted to switch to any other programs despite all this bullsh*t.

That would be nice if it only had the malware related entries instead of the hundreds of ad entries. I already have Ad Muncher so I don't need all those. Besides, the hosts file was really not designed to be an ad blocker. Too many entries really slow down your system and that file is way too big.

What's sad is that users put up with this crap. Why run a big fat nasty hosts file, why dont you all just get together and do something about it. That's what ambulance chasers are for.

Go sit in their offices and analyze their developers working habits.

Do s*** that bugs the hell out of them, or better yet just stop using software that does stuff like this.

The article clearly says "The data transmission was discovered in Adobe InDesign CS3 for Mac" How does that translate to Windows users needing to do something about it?

Well, the above says: "it apparently seems this data transfer extends onto all CS3 programs." ...and Adobe makes CS3 programs for Windows, too, so neither camp appears to be immune.

True, it's not just Windows users.

large hosts files will dramatically slow your machine down on boot-up and for dns lookups. parsing the list is slow even on modern machines. There are better ways to do it.

DOH, noted in my comment. It doesn't change the fact that a nasty hosts file isn't the right answer.

NO it does NOT.
You must have the DNScache service stopped and disabled to use a large hosts file. Mine it f'n huge and I have no slow downs at all. You dont need DNScache service anyway and it's just another security hole and has been in the past was subject to pollution attacks.
Sure, if DNScache is running with a large host file your machine wont even resolve anything.

Fewt: The hosts file protects against MANY KNOWN bad addresses. There are numerous web objects that load from those bad addresses including many ads etc..

"The hosts file protects against MANY KNOWN bad addresses. There are numerous web objects that load from those bad addresses including many ads etc.."

You just reiterate my point, why do you put up with it, are games and itunes really worth that kind of hell?

Agreed. There are much better solutions than the hosts file for Windows and OS X. I can deal with seeing advertisements on free websites though.

I concur with a large HOSTS file. I would think it would be faster to have your computer connect to 127.0.0.1 rather than trying to connect and process cookies and crap coming from (and in this case, going to) a site like 2o7.net. Like dlux671, my computer hasn't slowed down at all and it's an old Toshiba laptop.

you know instead of hosts files you could run a small DNS server internally and it would serve all your PCs. In it you could block *.207.net if you wanted. I would go this way if you have pc to run it. A DNS server is a lot better when you have multiple machines then a host file. This would also work regardless if Linux, Windows , MAC or whatever..

just my 2 cents

That is security through obscurity. It takes 5 minutes to change a DNS host. Large static lists of DNS hosts are outdated the moment they are published.

Disabling Windows Services without legit reason is also stupid. The dns cache service only improves the performance and stability of web browsing. Just because a vuln existed in the past means there are vulns today for them.

We should at least be presented with a "YES - I lend my support" or "NO - don't spy on me" dialog box that comes up on some other programs upon installation...

Though I don't like this sort of thing I do hold a little bit of respect for companys who do really rather amusingly sneaky things like this.

I have to say that it is quite a quality bit of hiding.

Why am I not surprised.

Yep - it's the blatant attempt at deception that is entirely disheartening. Most people would agree to "user improvement" stuff... but you wouldn't hide and obfuscate if that's actually what it was.

Hey, Adobe already shuts down Photoshop on a scan of US currency... now tell me why it's a stretch to believe that they don't feed the Treasury the IP address of anyone who scans $20?

"192.168.112.2O7.net"

"2o7.net" -- that is a tracking cookie website. Very interesting. (see http://www.omniture.com/privacy/2o7?f=2o7).

I'd love to hear them try to explain why they are hiding it by using what looks like a local IP address. If this is true Adobe needs to be nailed to the wall for it. No doubt many other programs are doing stuff like this as well.

That address is going into my hosts file to be blocked.

The real problem with using the HOSTS file is that wildcards are not supported (nor partial entries). So you could stop 192.168.112.2O7.net but as soon as they switch to 192.168.113.207.net (say) you're screwed again.

That's true, it's certainly not a perfect solution but every little bit helps.

Nero 8 Does the same thing. It hides itself and the firewall catches the program, but they are not upfront with it.

This is outrageous. Wanna take up a lawsuit?

They should ask the user to either opt in or out of this like Microsoft does instead of hiding it.

lol for the first time MS is doing something right and everyone else should follow suit. never thought I'd say that..

ps *is not an ms hateboy*

To stop Adobe CS3 communicating back to its makers remove Bonjour.
How to get rid of Bonjour:

(In Vista run as administrator)

Start -> run -> type 'cmd' to bring up a command prompt
type 'sc stop "Bonjour Service"' (include the double quotes but not the single ones!)
Type 'sc delete "Bonjour Service"'

Then go to \Program Files\Bonjour and rename this folder to Bonjourold.

Restart your computer you can then delete the Bonjourold folder.

(In Vista run as administrator)
Run the program lspfix.exe (which you can download for free)to fix your Winsock2 and Layered service provider Settings by simply running the lspfix.exe program and then click finish.