There’s nothing like a good conspiracy theory to liven up an otherwise quiet period in the blogosphere.
On the day after Christmas, while most folks were struggling with their new iPod or trying to get XBox Live to work, Adobe was accused of spying on its users by secretly pinging a behavior analytics address every time Adobe Photoshop CS3 starts up.
The site Uneasy Silence, which was involved in the iPhone spying allegations a few months back, broke the story about Adobe. Thanks to a utility called Little Snitch, Uneasy Silence publisher Dan Dorato found CS3 was pinging the address “192.168.112.2O7,” which got his attention as the second to last character was the letter O and not a zero, as is standard in a TCP/IP address.
Dorato noted in his posting that 192.168.112.2O7.net is an address with Omniture, which offers customer usage analytics among its services. Faster than you can say “tinfoil hat,” the blogosphere erupted with accusations and conspiracy theories. “The “biggest issue” here comes from the fact that a software vendor has the arrogance to think they have some “right” to use my network connection in an app having no business connecting to the internet in the first place,” railed one Slashdotter.
Others, however, were more sanguine. “When you try to hide what you’re doing that immediately raises flags. Why try to hide it if it’s innocuous?” argued one respondent on CenterNetworks. “I have no problem with Adobe phoning home – a lot of apps do it. The biggest issue for me: why Adobe is trying to hide the fact,” reasoned another on CenterNetworks.
Adobe is preparing a formal statement on the matter. For now, Photoshop Product Manager John Nack has issued a preliminary comment through his official Adobe blog, although some of the responses indicate people aren’t buying it.
Nack said Ominture is the web analytic vendor for Adobe.com, and that CS3 apps call out to Omniture’s services to track a few usage statistics across Adobe products. There are only three places where stats are tracked: Adobe apps that use a Flash file in the welcome screen to show news or special offers; Adobe Bridge embeds both the Opera browser and the Flash Player to retrieve Adobe-hosted content; and Adobe apps that call online content, like online help.
“This, as far as I’ve been able to discover, is the extent of the nefarious “spying.” If I learn anything else when more people get back on email, I’ll update this post,” he wrote.
While Adobe may consider this minor, in the end it doesn’t matter what Adobe thinks, it’s what customers think, said analyst Rob Enderle of The Enderle Group. “In today’s world, it’s a fact of life you need to ask your customer’s permission before you do anything, and it doesn’t matter how benign it is, because your view of what’s benign might be different from theirs and the customer should be the final arbiter,” he said.
Disclosure and the ability to opt out are a must in such scenarios lest they become a PR mess, like Microsoft’s Windows Genuine Advantage fiasco last year. “Anything that calls home should have an opt-in option and should have full disclosure. It’s when you do stuff you don’t first ask about and don’t disclose where companies get into trouble,” said Enderle.