Filed under: Software, Security
John Nack updates Adobe 2O7.net controversy
Adobe Photoshop product manager & corp-blogger John Nack has posted a followup on the issue of Adobe applications that 'phone home' to a quirky domain name; the official Adobe technote is here. In case you missed it, the commotion arose out of an Uneasy Silence post on 12/26. Dan initially thought that Little Snitch was catching CS3's welcome screen in the act of pinging to his local network, but then a bit of due diligence showed that '192.168.112.2O7.net' was not, in fact, an IP address but rather a domain name owned by Omniture and used for usage tracking (including by the iTunes ministore). Suspicions about the 2O7.net domain go back quite a while, so it's no surprise that frustrated users would raise a stink with Adobe when the tracking connections were discovered; more so in this case because the domain name is plainly constructed to appear, on casual examination, as a private IP address (fooling humans, but not firewalls).Nack's post, one of several on the topic, indicates that pretty much any content retrieved from the Adobe.com site (including the Flash file embedded into the CS3 welcome screens) pings back to Omniture's servers for anonymous usage tracking. OK, forewarned is forearmed -- but why the 192.168 goofy domain? Nack's trying to help:
Q.: Why does Adobe use a server whose name is so suspicious-looking?
A.: I'm afraid the answer is that we don't really know. The fact is that this SWF tracking code already existed on the Macromedia side at the time the companies merged, and it was adopted without change by a number of products for CS3. The people who wrote the code originally did not document why they used that server name, and we can't find anyone who remembers. I'm sorry we aren't able to provide a more solid, definitive explanation.
Forthrightness appreciated, but what we're left with is the same explanation we had at the beginning (which is the only reasonable one, as far as I can see): the 2O7.net domain name was designed to fool users into thinking the app is accessing the local LAN when it phones home. Omniture has been using 2O7.net since 2000, with varying degrees of public outcry; in this case, at least, the response of customers is encouraging Adobe to stop using the deceptive domain name in future products.
[via Daring Fireball]

![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)


Reader Comments (Page 1 of 2)
artifex said 7:12AM on 1-09-2008
hah. We don't know why we used it, we don't know what it does, but we included it in new programs anyway!
Dear John: If you don't have a good reason to try to pierce my privacy, DON'T. kthxbye.
Reply
ben said 7:19AM on 1-09-2008
what else dont they know about that they are complacent about because "someone else did it"
Reply
peeweejd said 8:21AM on 1-09-2008
someone needs to wipe adobe off the map.
Reply
John Nack said 8:44AM on 1-09-2008
"Corp-blogger"? Is that a good thing...? ;-)
J.
Reply
Michael Rose said 9:24AM on 1-09-2008
Happy to bestow whatever title you feel is appropriate... "Voice Of Reason, John Nack, says..."
:-)
Chris said 8:52AM on 1-09-2008
"It's Macromedia's fault."
Yeah, right...
Reply
ElvisThePelvis said 9:06AM on 1-09-2008
sudo vi /etc/hosts
add:
127.0.0.1 192.168.112.2O7.net
suddenly feel better
Reply
Dan said 9:08AM on 1-09-2008
No, it's to match firewall rules of 192.168.*.* , not just to fool users.
Reply
Michael Rose said 9:23AM on 1-09-2008
Dan, firewalls generally don't care about domain names, only about IP addresses -- otherwise they'd fail whenever DNS was unavailable. If your firewall actually allows wildcard traffic based on a domain name when you're specifying an IP address, you need to upgrade that firewall.
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html
That's why the Omniture domain name can only be intended to fool humans: computers know better. :-)
Dan said 6:21PM on 1-09-2008
Michael,
Actually, hosts.allow (tcpwrappers) will allow * and ? to match for both IP addresses and hostnames as long as it does not start or end with ".". Thus, if you have the allow line,
ALL : 192.168* : allow
It would match both private 192.168 IP addresses and the Omniture server. Granted, this is a badly formed allow line since you should use 192.168. to force it to interpret it as an IP, BUT it is a fully conceivable occurrence.
chucksav said 9:22AM on 1-09-2008
"The fact is that this SWF tracking code already existed on the Macromedia side at the time the companies merged..."
This implies that Adobe products were not doing this sort of tracking prior to the Macromedia merger. Is that true?
Reply
Luigi193 said 9:29AM on 1-09-2008
Its also a cookie, you can opt out of it:
http://www.omniture.com/privacy/2o7?f=2o7#optout
there
Reply
Michael Rose said 9:34AM on 1-09-2008
Luigi, that opt-out is for browsers but does not affect the Adobe apps. The best way to avoid the track is to turn off the Welcome screen.
Luigi193 said 10:29AM on 1-09-2008
Yeah, I figured that (browser ≠ Adobe apps), but I don't want it in my browser either!!! Well... considering theres an opt out cookie in there now, when none may have been there before... BUT W/E!
sam said 10:31AM on 1-09-2008
yo thanks for this post.
mike rose rules.
my favorite tuaw blogger by far.
Reply
Frank said 11:03AM on 1-09-2008
nice -- blame macromedia, a company you bought out. long live freehand!!
Reply
namtastic said 11:22AM on 1-09-2008
Riiiight. So everyone gets pissed off at Adobe for an Omniture product, that even in this post has been shown to be used in iTunes, as well as dozens of other products/websites?
Why not get pissed off at Omniture? They are the ones who created the deception in the first place. I don't hear anyone saying Apple should be "wiped off the map" for tracking usage of the iTunes Store.
Reply
artifex said 1:52PM on 1-09-2008
It's my understanding that Apple uses it in the "ministore" part of iTunes, but you are given notice when you run iTunes the first time and elect to use the ministore.
clair said 11:26AM on 1-09-2008
Personally, I like this solution which I read about the other day.
The hosts file entry is okay, but this "blocks" this IP range of theirs... Just in case they decide to pop another one of their servers on that particular subnet. If they have other networks, I'm not aware of them.
sudo route add -net 216.52.17.0 127.0.0.1 255.255.255.0
Reply
Thomas said 11:30AM on 1-09-2008
What's more disturbing is that the reason they can't find anyone who remembers is because they were "disappeared".
Reply