You guys really are uneasy. Quite paranoid at that. In a good way, obviously :)

nslookup 192.168.112.2o7.net

Non-authoritative answer:
Name: 192.168.112.2o7.net
Address: 216.52.17.136
Name: 192.168.112.2o7.net
Address: 216.52.17.207

Hi, I’m not up on the specific details, but I know that the Help system does use live resources on the Adobe site, and the Adobe site uses Omniture for analytics. I think it’s similar to how this weblog contacts Yahoo’s Overture.

If this concerns you, the preferences should contain options to not automatically check for updates. If you’ve got additional concerns please let me know, thanks.

jd/adobe

How about every one edit their hosts file to redirect *.2O7.com to 127.0.0.1.

Simple and easy fix to the adobe spies.

Omniture is an outstanding and very powerful Analytics program that I have been working closely with for the past year or so. It is simply incapable of doing whatever malicious thing(s) you might be thinking and is a pretty run-of-the mill system like WebTrends or Web Side Story. The 2o7 domain thing has been around for years, and although strange and perhaps confusing, it is also not intended to be evil.

Kibby, does Leopard support wildcarded entries in the HOSTS file? I know Tiger didn’t.

I loaded a packet sniffer and then started my copy of InDesign CS3 (5.0.1) to see if I could catch the same behavior.

Sure enough, there was a connection to 216.52.17.207 (192.168.112.2o7.net) via HTTP (port 80).

I did a little tracing and think I understand why.

When you load InDesign, you get a welcome screen with a small customized portion that I’ve highlighted here: http://jsperkins.com/indesign-welcome.png Though that looks like it’s just part of the program, it’s not. It’s actually a Flash file embedded in the dialog.

When InDesign first starts up it loads Flash Player, which contacts (for me, at least) 216.104.208.201, an IP address assigned to the former Macromedia Inc. It requests this location:
GET /go/startpageid?prod=id&plat=mac&lang=en_US&ver=5.0&stat=full

So that’s a “hello, this is ID 5.0 on Mac”. That server responds with a redirect to:
http://www.adobe.com/startpage/id.swf?prod=id&plat=mac&lang=en_US&ver=5.0&stat=full

The player follows. Take a look at that page and you’ll see it’s (a huge version of) the content that appears inside InDesign.

And it seems to be that very SWF that’s pulling the rest. Subsequent Flash Player requests:
http://216.104.208.201/startpage/id_content/id_customize.xml
(Returns some XML with fields “active_params”: ver, stat, lang.)

http://216.104.208.201/startpage/id_content/id_50_full_default.swf?prod=id&ver=5.0&plat=mac&lang=en_US&stat=full&tday=&spfx=&productName=indesign
(Notice the querystring: ver, stat, lang have been filled in by my installation in this request.)

http://216.104.208.201/startpage/om_acct_nm.txt
That text file in its entirety: &omnitureAccountName=mxcentral
(”mx” — another Macromedia reference.)

http://216.104.208.201/startpage/id_content/indesign_50_content.xml
Here’s where the “Get the most out of InDesign” link/text comes from (in several languages)

Then we switch over to 216.52.17.207, the server you noticed. On my install, it requests a URL that begins:
/b/ss/mxcentral/1/F.3-fb/s11988…
Note the “mxcentral” in the path, that was passed in the omintureAccount variable earlier (I assume). The 11988.. portion looks like a timestamp, and there are several more parameters (not shown) including “&c9=id_5.0_mac_en_US_full__” — more version information.

So, it looks like all of this is due to some Flash embedding. Choosing “Don’t Show Again” on the welcome box may alleviate the problem somewhat, but sounds like keeping Little Snitch around would be smart as well.

Kibby: It’s 2o7.net, and I’ve seen that site used for other things. Like llnwd is a host for myspace, AND apple, and probably several others. I know it’s used by There.com even though a google search for site:2o7.net doesn’t come up, so something’s amiss.

Short answer: It’s not just adobe using 2o7, but if you could block 192.168.*.2o7.net (since i’m betting they rotate that *), then that would work.

@Kibby : hosts file doesn’t accept wildcards. You’d have to mention every host you’d like to block.

thanx, Kibby, changed my host file right away!

You might want to add *.2O7.net too

Kibby, redirecting *.207.com will not fix anything. Firstly, the screenshot and article clearly state that CS3 applications are connecting to 192.168.112.207.net. Secondly no applications that I know of connect to 207.com, maybe you are confusing 207.com with Omniture’s 2o7.com domain?

A better fix would be to modify the host file to redirect 2o7.com and 192.168.112.207.net to a safe place.

yet another blackhole entry for the hosts file. or if your wireless/wired router supports it, just add *.2o7.net to your “parental” filter.

You could also set up a free account at opendns.com and use that to block the domain.
Plus you’ll get super fast DNS lookups as a free bonus :)

The opt-out is cookie-based, so is browser specific. Opting out in Safari won’t have any affect on what CS3 does, as far as I can see.

if you don’t like the spying without consent, put an entry in your hosts file pointing 192.168.112.2O7.net to 127.0.0.1

If you’re considering using Kibby’s redirect, use: *.2o7.net to 127.0.01.

The o in 2o7 is the letter ‘o’ not the number 0. And it’s a .net domain.

Heh, you “opt-out” by having them send you an “opt-out” cookie. 0_o
I didn’t realize Photoshop ate cookies at all.

The problem with all the methods listed here to block Omniture data from being sent is that Omniture allows you to use other domains to send that information to them.

For instance, a unnamed web based reservation system uses http://stats.x.com, Ford uses another such name, etc, etc.

@Kibby: That should be:

127.0.0.2 2o7.net # 127.0.0.2 is another loopback address

Add that to the hosts file: /etc/hosts for Unix/Linux machines, so it should work on Mac.

It is so sad that companies haven’t learned that doing these kind of things is just not very useful in the long run. Besides making a lot of the people who actually pay their salary by buying their products upset. Does the data really give them something that will make the product better or are they using it to sell the product?
I believe that when given the opportunity to provide (with full disclosure) usage data to improve a product people will choose to opt-in. So the only reason any program should without letting the customer opt-in send information back to anyone is if they want to spy on their customers. Which is not a good long term business plan.

Kibby: actually, it’s 2o7.NET perhaps in addition to 2o7.com.

Windows users: Consider using the pretty robust HOSTS file at: http://www.mvps.org/winhelp2002/hosts.htm

I use it and my subsequent spyware/cookie sweeps using Ad-Aware and Spybot have been much cleaner. They’ve got a pretty big block dedicated to 2o7.net. ;)

Jeez, it’s bad enough that Adobe makes us activate the software but we’re too addicted to switch to any other programs despite all this bullsh*t.

I would hope any developer of such a program like “littlesnitch” would want the program itself to be open source and free so we don’t have to fsck with licenses or codes or worry that “littlesnitch” may be phoning home itself or worse.

Look, closed source programs are virtual black boxes, if you can’t read the code, you don’t know what it is capable of, end of line.

If it’s closed source, and you use it, no matter how many e-penises are rubbed in claims of security and privacy by the creators, you deserve what you get.

re: http://www.omniture.com/privacy/2o7 (OPT-OUT)

read it. in order to opt-out you need an “opt-out cookie” in your browser, which you will need to update anytime you get a new computer, or browser, or flush your cookies.

one thing… it’s not my browser that’s phoning home! the “opt-out cookie” needs to be sent from photoshop, or it won’t do anything to curb the problem!

starting the web address 192.168.* is a deceitful way of tricking certain routers into trusting this (or any) domain.
112.2o7.net is a deceitful way of tricking certain users into allowing the pop-up they get from Little Snitch (or whatever)

the fact that the “out-out” is only accessible through my web browser, yet the behavior that i want to stop only happens from the embedded browser in the application… they’re blowing smoke (pure BS)

i’m thinking, these guys know statistics… not scruples.
“if we buy this domain, statistically, more routers will allow our connection.”
“if we offer what looks like an opt-out, statistically most people will just believe us…”
mathematically, this is true, sadly. forget people’s “rights” or whatever…

point is, what you say doesn’t matter, all the stats see is how you behave. i see this BS, i block all access to the server, no mercy. works fine for me, but they NEVER see it. solves my problem, never makes the statement.

what does work? bad press, which they can twist, or suppress as slander, and attacks on the server (DDoS, etc.) which are illegal too.

QUESTION: how can we mangle the data, mimic the “call home”, 12 times a day, each time with 100 random spoofed IPs, random valid serial number, random computer specs, etc.??? help them collect as much of my “data” as they can handle?

can’t OSX’s firewall block ALL traffic to/from that ip address?
based on my experience with freebsd, osx should be very similar, you can edit /etc/firewall file and add the following entries to block all traffic, browser or application:
deny any from 216.52.17.0/24 to me
deny any from me to 216.52.17.0/24

I love how people imply that since it’s omniture, and used “just for web analytics” that it can’t be malicious.

I’ve used Omniture and now WebTrends with Marketing Lab. it’s fairly easy to determine who an individual is on a generic web site (reply to any single form), but when you must register software??? That’d be golden. I could identify your usage traits and build a very robust history.

What makes it even better is you, the user, will have no way of determining whether I’m collecting any information from you. You’d just see an ID being passed in javascript to the address. Maybe a few generic items, but the gold is in those ID numbers.

You want to have fun? Forget blocking the host. Try this…

Option 1: Run Fiddler2 on a Windows box while you turn up CS3. Look for a request to that address, and then look within the request details. You should see something to do with an ID.

Make a backup of your registry. Once you find it, run your registry editor and look for that key value. You may have to dig to find it, but once you find it make a few changes to that key. Keep the length and form (numbers still numbers).

If I know Omniture, I’m betting that throws them off,

Option 2: Identify the key value being used in Fiddler as above. Encourage hundreds of friends to do the same. Signup for a web monitoring service, where you can craft the custom HTTP call. Set it for every 10 or so (randomize it if possible), and have those calls keep calling Omniture. You can’t do it too much because it’s easy to filter, but if you get enough people doing it on a high frequency it’ll really screw with their measurement. A couple hundred people doing it every 10 minutes is tens of thousands of hits per day, hundreds of thousands per month.

Hmm… This is very interesting, but I wonder…. How many people shocked by this ” major breach of trust and ethics” have a genuine licensed copy? I think that if one has nothing to hide, one needn’t draw their curtains…

So please, give me a reasonable explanation why I needed to register my CS2 apps again when I returned to France after my trip to Germany?

I took my PowerBook with me for the holiday in order to finish some work. After my holiday, I wanted to start working again on my Apple G5 computer.

I come back to France, I switch on my G5 workstation, started Photoshop and blubbb, I needed to go through the entire registration process once again. I had to do the registration process twice which is strange enough.

Step 1. I did the software registration over the internet. Adobe said, thank you for registration.

You are now allowed to work with your purchased software from Adobe and are able to continue doing your homework.

Wow, thank you Adobe.

Step 2. I have closed the Adobe app after registering. I launched the Adobe app once again and I see the Adobe registration process popping up once again! (I have restarted my computer after finishing the registration process if I rember well.)

Step 3. I registered my Adobe CS2 suite AGAIN. And this time Adobe was so “intelligent” to remember my registration process.

Conclusion. It is NOT Adobe’s business to know WHEN, I am working on my machine, IF I am working on my machine, IF I am working on my PowerBook or my G5 workstation and for sure it is NOT Adobe’s business to know from WHERE I am actually doing my job.

The other question would be.

Why DO I have to register Adobe software over the internet anyway if I have purchased the software through Adobe’s online store by downloading the files from ADOBE’s website and getting the serial number directly from Adobe?

I make a comparison. I am selling design templates on my website. I am the company providing these products.

However, is it MY business to know WHEN, IF and HOW my customers are editing my design templates?

Answer: NO

It is definitely NOT my business to spy on MY customers. Why should I?

So why should Adobe?

graphically & sincerely,

Marc Klein

Calls are made to the *.2O7.net subnet when Adobe software or a web browser fetches content from Adobe.com.
Because the Welcome Screen in your Adobe software is designed to fetch up-to-date content from the Adobe website and than display this content within the Welcome Screen, your software makes calls to this address at startup.
If you would prefer that the software not make these calls, simply disable the Welcome Screen in your Adobe software by selecting the Don’t Show This Again option in the lower left corner of the Welcome Screen. And stop complaining.

Adobe cares about you!!

Go to their website and opt out of having your information gathered by Omniture. If the information is then still gathered, report the company to your local authorities. There are laws in many countries that are there to protect you, whether to protect your data or to ensure any advertising (virtually anything written or portrayed on a site) is accurate and not misleading. Use them, they work!!