> The following article appears here: http://lwn.net/Articles/129729/
>
>
> Linux users may have been pleased to find that Adobe has finally made
> available a new version of its Acrobat Reader, with accessibility
> features, a much slicker interface than Acrobat 5.x and new and other
> spiffy features. However, there are a few other features that Linux
> users should be aware of. A company called Remote Approach is
> promising to alert PDF publishers as to the "reach and use of their
> materials." We were curious to find out how Remote Approach was going
> to make good on its promise, given that PDF has largely been seen as
> a one-way medium. To find out, we created a test account and uploaded
> a PDF to be "tagged" by Remote Approach, and then downloaded the
> modified document to see whether Remote Approach could log our use of
> the document.
>
> Remote Approach's reporting did not work when we viewed the document
> with Kpdf, Xpdf and Adobe Reader 5.0.10. It also failed using Apple's
> "Preview" application on Mac OS X. The document was still viewable
> with no apparent glitch in other PDF readers, but the reporting
> function did not work. However, when we opened the file using Adobe
> Acrobat Reader 7, Remote Approach started logging views from our IP
> address. After doing a little research, we found that Adobe's Reader
> was connecting to
> http://www.remoteapproach.com/remote...ch/logging.asp each time we
> opened the document. The information is submitted over port 80 using
> HTTP, so it is unlikely that a home or office firewall would, in a
> normal configuration, block the activity, unless the firewall
> administrator is attempting to block Web browsing.
>
> Apparently, Remote Approach's "tag" to our document included the
> addition of JavaScript code causing Acrobat to report back to their
> server; the information reported includes the fact that the document
> had been read, our IP address, and which viewer it had been read in.
> (Interestingly, Remote Approach does not seem to recognize the Linux
> version of Acrobat Reader, as it left the "User Agent" field blank in
> its reports.)
>
> What many Linux users may not have realized, since Adobe did not
> release an Acrobat Reader 6.x for Linux, is that Adobe has added
> JavaScript support to PDF and the official Acrobat readers since
> Acrobat 6.x. For those interested in the JavaScript support and its
> abilities in Acrobat, see Adobe's scripting reference or scripting
> guide. (Both are PDFs, of course.)
>
> By default, Adobe Reader 7 turns on JavaScript, so the "tagged"
> document is able to "phone home" without the user's awareness.
> Turning off JavaScript disables the document's code, and prevents
> Remote Approach (or any other entity) from tracking views of the
> document. No doubt, Remote Approach is using features that would
> normally be used to submit information from a PDF form.
>
> The inclusion of JavaScript in Adobe Reader 7 for Linux no doubt
> provides a number of welcome features for users, but it also raises
> some privacy issues. The reader does not inform the user that
> information is being submitted, so users are likely to be oblivious
> to the fact that another party is aware of their PDF reading habits.
> While a user may not find it objectionable to notify the publisher,
> there are those of us who don't care to allow publishers to snoop on
> activities taking place on our personal computers.
>
> Lucky for us, there are plenty of alternatives to Adobe's Reader.
> Free PDF readers are unlikely to adopt features allowing the reader
> to silently phone home in response to code stored within the document
> itself. If you must use Acrobat, however, you may want to have a look
> at the JavaScript settings first.

--