Response CROSS-POSTED TO alt.privacy.spyware.

Rather than fiddle with the javascript settings, would it not be simpler to add
the site http://www.remoteapproach.com to whichever hosts file that you use on
your PC?

JC

On Tue, 12 Apr 2005 16:38:24 -0400, "Tony P." <noone@cork.adelphia.net> wrote:

> The following article appears here: http://lwn.net/Articles/129729/
>
>
> Linux users may have been pleased to find that Adobe has finally made
> available a new version of its Acrobat Reader, with accessibility features,
> a much slicker interface than Acrobat 5.x and new and other spiffy features.
> However, there are a few other features that Linux users should be aware of.
> A company called Remote Approach is promising to alert PDF publishers as to
> the "reach and use of their materials." We were curious to find out how
> Remote Approach was going to make good on its promise, given that PDF has
> largely been seen as a one-way medium. To find out, we created a test
> account and uploaded a PDF to be "tagged" by Remote Approach, and then
> downloaded the modified document to see whether Remote Approach could log
> our use of the document.
>
> Remote Approach's reporting did not work when we viewed the document with
> Kpdf, Xpdf and Adobe Reader 5.0.10. It also failed using Apple's "Preview"
> application on Mac OS X. The document was still viewable with no apparent
> glitch in other PDF readers, but the reporting function did not work.
> However, when we opened the file using Adobe Acrobat Reader 7, Remote
> Approach started logging views from our IP address. After doing a little
> research, we found that Adobe's Reader was connecting to
> http://www.remoteapproach.com/remote...ch/logging.asp each time we opened
> the document. The information is submitted over port 80 using HTTP, so it is
> unlikely that a home or office firewall would, in a normal configuration,
> block the activity, unless the firewall administrator is attempting to block
> Web browsing.
>
> Apparently, Remote Approach's "tag" to our document included the addition of
> JavaScript code causing Acrobat to report back to their server; the
> information reported includes the fact that the document had been read, our
> IP address, and which viewer it had been read in. (Interestingly, Remote
> Approach does not seem to recognize the Linux version of Acrobat Reader, as
> it left the "User Agent" field blank in its reports.)
>
> What many Linux users may not have realized, since Adobe did not release an
> Acrobat Reader 6.x for Linux, is that Adobe has added JavaScript support to
> PDF and the official Acrobat readers since Acrobat 6.x. For those interested
> in the JavaScript support and its abilities in Acrobat, see Adobe's
> scripting reference or scripting guide. (Both are PDFs, of course.)
>
> By default, Adobe Reader 7 turns on JavaScript, so the "tagged" document is
> able to "phone home" without the user's awareness. Turning off JavaScript
> disables the document's code, and prevents Remote Approach (or any other
> entity) from tracking views of the document. No doubt, Remote Approach is
> using features that would normally be used to submit information from a PDF
> form.
>
> The inclusion of JavaScript in Adobe Reader 7 for Linux no doubt provides a
> number of welcome features for users, but it also raises some privacy
> issues. The reader does not inform the user that information is being
> submitted, so users are likely to be oblivious to the fact that another
> party is aware of their PDF reading habits. While a user may not find it
> objectionable to notify the publisher, there are those of us who don't care
> to allow publishers to snoop on activities taking place on our personal
> computers.
>
> Lucky for us, there are plenty of alternatives to Adobe's Reader. Free PDF
> readers are unlikely to adopt features allowing the reader to silently phone
> home in response to code stored within the document itself. If you must use
> Acrobat, however, you may want to have a look at the JavaScript settings
> first.