| Author |
Message |
Christopher Cole
Guest
|
 Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Tracking links in datasheet PDFs |
|
|
I just got a datasheet on a family of inductors from a vendor. When I open
the datasheet, it tries to connect to some website that tracks viewing
history of this particular PDF (IP addr, serial # of document, time/date,
etc.). Probably interesting information to their marketing department,
but it is a nuisance to the design engineer opening the datasheet.
Microsoft anti-spyware warns this is happening and allows me to block such
connections. This PDF is not confidential, and is not a controlled copy.
Has anyone else seen such behavior by component vendors? I have thousands
of datasheets archived for reference purposes, and I have never come across
this in any other datasheet. I hope this is not going to start a trend.
-Chris
--
/> Christopher Cole <\ <\
<< Cole Design and Development \\ email: cole@coledd.com \\
\\ Computer Networking & Embedded Electronics \\ web: http://coledd.com >>
\> \> </
|
|
| Back to top |
|
 |
martin griffith
Guest
|
| Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Re: Tracking links in datasheet PDFs |
|
|
On Thu, 08 Dec 2005 14:15:19 GMT, in sci.electronics.design
Christopher Cole <cole@scoob.coledd.com> wrote:
| Quote: | I just got a datasheet on a family of inductors from a vendor. When I open
the datasheet, it tries to connect to some website that tracks viewing
history of this particular PDF (IP addr, serial # of document, time/date,
etc.). Probably interesting information to their marketing department,
but it is a nuisance to the design engineer opening the datasheet.
Microsoft anti-spyware warns this is happening and allows me to block such
connections. This PDF is not confidential, and is not a controlled copy.
Has anyone else seen such behavior by component vendors? I have thousands
of datasheets archived for reference purposes, and I have never come across
this in any other datasheet. I hope this is not going to start a trend.
-Chris
try reading it with this fast PDF reader |
http://www.foxitsoftware.com/pdf/rd_intro.php
see if it still happens
martin |
|
| Back to top |
|
|
Spehro Pefhany
Guest
|
| Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Re: Tracking links in datasheet PDFs |
|
|
On Thu, 08 Dec 2005 15:19:44 GMT, the renowned Christopher Cole
<cole@scoob.coledd.com> wrote:
| Quote: | Can you see their URL or IP (? 65.17.226.156 ?) if you open the
document in a text editor? Can you point to a sample document? I'd
like to block whatever they are using right at the entry firewall.
You can get a copy of the document in question by googling for 0201cs.
It is the first match. In order to get a copy of this datasheet, The
company asks you for your email address so they can put a serial number
that is tied to you in their tracking database. They then email an
identifiable copy to you.
|
Not very quickly, I see. 8-(
According to a post earlier this year on slashdot, the javascript code
is mostly fairly benign, but it does send the entire path in the clear
to the tracking company. As well as other possible security issues, if
it's in the typical Windows default My Documents folder, the path
could well contain the name of the current user, which is a privacy
issue.
I actually can see reasonable applications for this technology, and
even the more extreme versinos (for proposals, business plans and
other relatively secure documents), but data sheets are not it.
Best regards,
Spehro Pefhany
--
"it's the network..." "The Journey is the reward"
speff@interlog.com Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog Info for designers: http://www.speff.com
|
|
| Back to top |
|
|
Tim Shoppa
Guest
|
| Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Re: Tracking links in datasheet PDFs |
|
|
| Quote: | Of course, this is hypothetical. If you believe that
Acrobat reader and the underlying windows
support libraries are 100% secure
|
And "of course" there are ways of reading PDF files other than with
Acrobat and Windows. I'm thinking specifically of tools like xpdf and
ghostscript, which know quite well how to get around traditional
Acrobat PDF encryption.
Wthether the remoteapproach.com documents locks these other viewers out
or not, I don't know.
If a manufacturer chooses to publish its datasheets in any given
obscure evil way is up to them, but if viewing them is not a benign
process then I won't view them and I won't buy their parts.
Datasheet wholesalers are another ball of wax!
Tim. |
|
| Back to top |
|
|
Roger Hamlett
Guest
|
| Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Re: Tracking links in datasheet PDFs |
|
|
"Donald" <donald@dontdoithere.com> wrote in message
news:c9-dnYhSqfugzAXenZ2dnUVZ_tCdnZ2d@forethought.net...
| Quote: | PeteS wrote:
My response was to block outbound traffic from Acrobat reader
completely at the firewall on my home system. This had other
serendipitous side effects such as the 'update' screen on Acrobat not
autodisplaying telling me it wants to download some 10s of megabytes of
updates.
How did you stop this action ??
I am using XP and I could not find out how to stop just Acrobat.
Thanks,
Donald
You have to add a better firewall. |
Basically, the inbuilt firewall, barely merits the name, since it is an
'incoming' wall only. If you add slightly better firewall packages, they
will allow you to block or allow individual packages/users etc., for
incoming and outgoing connections.
Best Wishes |
|
| Back to top |
|
|
Spehro Pefhany
Guest
|
| Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Re: Tracking links in datasheet PDFs |
|
|
On Thu, 08 Dec 2005 14:15:19 GMT, the renowned Christopher Cole
<cole@scoob.coledd.com> wrote:
| Quote: | I just got a datasheet on a family of inductors from a vendor. When I open
the datasheet, it tries to connect to some website that tracks viewing
history of this particular PDF (IP addr, serial # of document, time/date,
etc.). Probably interesting information to their marketing department,
but it is a nuisance to the design engineer opening the datasheet.
Microsoft anti-spyware warns this is happening and allows me to block such
connections. This PDF is not confidential, and is not a controlled copy.
Has anyone else seen such behavior by component vendors? I have thousands
of datasheets archived for reference purposes, and I have never come across
this in any other datasheet. I hope this is not going to start a trend.
-Chris
|
I saw it recently in a free non-datasheet document and immediately
deleted said document. Remote Approach is the name of the service.
http://www.remoteapproach.com/
Can you see their URL or IP (? 65.17.226.156 ?) if you open the
document in a text editor? Can you point to a sample document? I'd
like to block whatever they are using right at the entry firewall.
They are working on even worse stuff- like documents you won't be able
to read unless a connection is made over the net and they apparently
now have ones they can remotely prevent from being read (presumably by
blacklisting them and transmitting information to the reader when the
document comes a-calling).
I suggest nipping this ridiculous crap in the bud-- let the vendor
know in no uncertain terms that this spyware stuff is not appreciated.
Since it communicates via port 80, it's unlikely that most people will
even notice what it's doing. Also, full Acrobat needs to be able to
use port 80 to use all the features.
Best regards,
Spehro Pefhany
--
"it's the network..." "The Journey is the reward"
speff@interlog.com Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog Info for designers: http://www.speff.com |
|
| Back to top |
|
|
Christopher Cole
Guest
|
| Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Re: Tracking links in datasheet PDFs |
|
|
| Quote: | Can you see their URL or IP (? 65.17.226.156 ?) if you open the
document in a text editor? Can you point to a sample document? I'd
like to block whatever they are using right at the entry firewall.
|
You can get a copy of the document in question by googling for 0201cs.
It is the first match. In order to get a copy of this datasheet, The
company asks you for your email address so they can put a serial number
that is tied to you in their tracking database. They then email an
identifiable copy to you. I have written to the company in question
informing them that this is not good practice. It is actually a gaping
_security hole_.
Imagine what could happen if remoteapproach.com went out of business or
changed their internet address some time in the future. Then, a nasty
individual could regsiter that domain and set up a buffer overflow
response to the acrobat reader. The security of that company is
breached. The attacker now has unlimited access to the computer that
opened up the PDF file. There is now a wide open tunnel between the
attacker's computer and the company's internal network. Because the
engineer opened the PDF file, the Acrobat reader instantiated the
outbound IP connection to the rougue host. This removes the protection
that the company firewall provides to its internal LAN. All further
traffic is then sent through an encrypted SSH tunnel using the very
port that was initiated by the reader.
Of course, this is hypothetical. If you believe that Acrobat reader
and the underlying windows support libraries are 100% secure, and will
never ever suffer from security holes, then there's nothing to worry
about.
-Chris
--
/> Christopher Cole <\ <\
<< Cole Design and Development \\ email: cole@coledd.com \\
\\ Computer Networking & Embedded Electronics \\ web: http://coledd.com >>
\> \> </ |
|
| Back to top |
|
|
Donald
Guest
|
| Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Re: Tracking links in datasheet PDFs |
|
|
PeteS wrote:
| Quote: | My response was to block outbound traffic from Acrobat reader
completely at the firewall on my home system. This had other
serendipitous side effects such as the 'update' screen on Acrobat not
autodisplaying telling me it wants to download some 10s of megabytes of
updates.
|
How did you stop this action ??
I am using XP and I could not find out how to stop just Acrobat.
Thanks,
Donald |
|
| Back to top |
|
|
PeteS
Guest
|
| Posted:
Thu Dec 08, 2005 5:35 pm Post subject:
Re: Tracking links in datasheet PDFs |
|
|
Christopher Cole wrote:
| Quote: | I just got a datasheet on a family of inductors from a vendor. When I open
the datasheet, it tries to connect to some website that tracks viewing
history of this particular PDF (IP addr, serial # of document, time/date,
etc.). Probably interesting information to their marketing department,
but it is a nuisance to the design engineer opening the datasheet.
Microsoft anti-spyware warns this is happening and allows me to block such
connections. This PDF is not confidential, and is not a controlled copy.
Has anyone else seen such behavior by component vendors? I have thousands
of datasheets archived for reference purposes, and I have never come across
this in any other datasheet. I hope this is not going to start a trend.
-Chris
--
/> Christopher Cole <\ <\
Cole Design and Development \\ email: cole@coledd.com \\
\\ Computer Networking & Embedded Electronics \\ web: http://coledd.com
\> \> </
|
I have had that issue (well, attempted) with certain datasheets I have,
although I can't for the life of me see what earthly use it could be to
them.
If they are trying to figure out how many people are reading it, that's
a poor measure, epsecially as the vast majority of net connections are
DHCP.
Perhaps the more someone at one IP reads it then they will figure out
it's a crap datasheet? (Yeah, right).
My response was to block outbound traffic from Acrobat reader
completely at the firewall on my home system. This had other
serendipitous side effects such as the 'update' screen on Acrobat not
autodisplaying telling me it wants to download some 10s of megabytes of
updates.
Cheers
PeteS |
|
| Back to top |
|
|
Spehro Pefhany
Guest
|
| Posted:
Fri Dec 09, 2005 12:57 am Post subject:
Re: Tracking links in datasheet PDFs |
|
|
On Thu, 08 Dec 2005 15:52:02 GMT, the renowned "Roger Hamlett"
<rogerspamignored@ttelmah.demon.co.uk> wrote:
| Quote: |
"Donald" <donald@dontdoithere.com> wrote in message
news:c9-dnYhSqfugzAXenZ2dnUVZ_tCdnZ2d@forethought.net...
PeteS wrote:
My response was to block outbound traffic from Acrobat reader
completely at the firewall on my home system. This had other
serendipitous side effects such as the 'update' screen on Acrobat not
autodisplaying telling me it wants to download some 10s of megabytes of
updates.
How did you stop this action ??
I am using XP and I could not find out how to stop just Acrobat.
Thanks,
Donald
Basically, the inbuilt firewall, barely merits the name, since it is an
'incoming' wall only. If you add slightly bette
You have to add a better firewall.r firewall packages, they
will allow you to block or allow individual packages/users etc., for
incoming and outgoing connections.
Best Wishes
|
I signed up for their trial service and tagged an existing PDF
document to test it. Blocking their domain at the firewall works fine.
Here's what you see in Acrobat 5.05
http://server2.hostingplex.com/~zstoretr/ra.gif
Best regards,
Spehro Pefhany
--
"it's the network..." "The Journey is the reward"
speff@interlog.com Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog Info for designers: http://www.speff.com |
|
| Back to top |
|
|
qrk
Guest
|
| Posted:
Fri Dec 09, 2005 1:35 am Post subject:
Re: Tracking links in datasheet PDFs |
|
|
On Thu, 08 Dec 2005 14:15:19 GMT, Christopher Cole
<cole@scoob.coledd.com> wrote:
| Quote: | I just got a datasheet on a family of inductors from a vendor. When I open
the datasheet, it tries to connect to some website that tracks viewing
history of this particular PDF (IP addr, serial # of document, time/date,
etc.). Probably interesting information to their marketing department,
but it is a nuisance to the design engineer opening the datasheet.
Microsoft anti-spyware warns this is happening and allows me to block such
connections. This PDF is not confidential, and is not a controlled copy.
Has anyone else seen such behavior by component vendors? I have thousands
of datasheets archived for reference purposes, and I have never come across
this in any other datasheet. I hope this is not going to start a trend.
-Chris
|
I experimented with one of Remote Approach's PDFs with the phone home
feature.
http://www.remoteapproach.com/remoteapproach/pdf/Remote%20Approach-PDF-Measurement.pdf
You can see it talking back to the home location. You can disable this
by turing off javascript in Acrobat's preferences. You will get nag
screens about the document containing java script. Just say no to
javascript!
If you crack the password on the PDF, you can delete the javascripts
on each page to remove the phone home feature. |
|
| Back to top |
|
|
Spehro Pefhany
Guest
|
| Posted:
Fri Dec 09, 2005 1:35 am Post subject:
Re: Tracking links in datasheet PDFs |
|
|
On Thu, 08 Dec 2005 22:10:38 GMT, the renowned qrk <SpamTrap@spam.net>
wrote:
| Quote: |
What happens if you turn off Acrobat JavaScript? Acrobat has a
JavaScript enable in the preferences.
|
As I think someone else mentioned, if you turn them off in
preferences, it pops up a warning and dongs, if you tell it to ignore,
then it doesn't seem to bother you again that session.
Will turning off Javascript break any innocent or useful documents?
Best regards,
Spehro Pefhany
--
"it's the network..." "The Journey is the reward"
speff@interlog.com Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog Info for designers: http://www.speff.com |
|
| Back to top |
|
|
qrk
Guest
|
| Posted:
Fri Dec 09, 2005 1:35 am Post subject:
Re: Tracking links in datasheet PDFs |
|
|
On Thu, 08 Dec 2005 13:57:34 -0500, Spehro Pefhany
<speffSNIP@interlogDOTyou.knowwhat> wrote:
| Quote: | On Thu, 08 Dec 2005 15:52:02 GMT, the renowned "Roger Hamlett"
rogerspamignored@ttelmah.demon.co.uk> wrote:
"Donald" <donald@dontdoithere.com> wrote in message
news:c9-dnYhSqfugzAXenZ2dnUVZ_tCdnZ2d@forethought.net...
PeteS wrote:
My response was to block outbound traffic from Acrobat reader
completely at the firewall on my home system. This had other
serendipitous side effects such as the 'update' screen on Acrobat not
autodisplaying telling me it wants to download some 10s of megabytes of
updates.
How did you stop this action ??
I am using XP and I could not find out how to stop just Acrobat.
Thanks,
Donald
Basically, the inbuilt firewall, barely merits the name, since it is an
'incoming' wall only. If you add slightly bette
You have to add a better firewall.r firewall packages, they
will allow you to block or allow individual packages/users etc., for
incoming and outgoing connections.
Best Wishes
I signed up for their trial service and tagged an existing PDF
document to test it. Blocking their domain at the firewall works fine.
Here's what you see in Acrobat 5.05
http://server2.hostingplex.com/~zstoretr/ra.gif
Best regards,
Spehro Pefhany
|
What happens if you turn off Acrobat JavaScript? Acrobat has a
JavaScript enable in the preferences.
---
Mark |
|
| Back to top |
|
|
Homer.Simpson
Guest
|
| Posted:
Fri Dec 09, 2005 1:35 am Post subject:
Re: Tracking links in datasheet PDFs |
|
|
Rich Grise, but drunk said
| Quote: | I was somewhat astonished the other day - the PHB got a few TIFFs
in a(an?) RFQ, and asked me to convert them to PDF and print them
out for him. Well, Paint Shop Pro 4.12 does just a jim-dandy job
of opening any file, and printing[1]. I said, "But I don't have
software to make a PDF." He shows me "PDF995", which blew my
socks off. It's free, which they can afford because every time
you use it, you get two ads. :-/ But all it is is, you install
it, and it becomes a printer in your "printers" "folder". It's a
total WYSIWYG, and quite cool.
|
Another option. Ad free. http://www.primopdf.com/
It's license doesn't even exclude commercial use. |
|
| Back to top |
|
|
Rich Grise, but drunk
Guest
|
| Posted:
Fri Dec 09, 2005 1:35 am Post subject:
Re: Tracking links in datasheet PDFs |
|
|
On Thu, 08 Dec 2005 10:06:32 -0500, Spehro Pefhany wrote:
....
| Quote: | I suggest nipping this ridiculous crap in the bud-- let the vendor know in
no uncertain terms that this spyware stuff is not appreciated. Since it
communicates via port 80, it's unlikely that most people will even notice
what it's doing. Also, full Acrobat needs to be able to use port 80 to use
all the features.
|
Well, screw Acrobat anyway. When I'm _required_ to use Doze, I use Acrobat
reader v.4 or so, but in Linux I just use KPDF, which don't have no truck with
such shenanigans. ;-)
I was somewhat astonished the other day - the PHB got a few TIFFs in a(an?) RFQ,
and asked me to convert them to PDF and print them out for him. Well, Paint Shop
Pro 4.12 does just a jim-dandy job of opening any file, and printing[1]. I said,
"But I don't have software to make a PDF." He shows me "PDF995", which blew my
socks off. It's free, which they can afford because every time you use it, you
get two ads. :-/ But all it is is, you install it, and it becomes a printer in
your "printers" "folder". It's a total WYSIWYG, and quite cool.
I wonder if it'd be worth the bother to open the offending docs in Reader 4,
and print them to PDF995? I think there are also PDF utilities for Linux, but
I haven't really pursued it.
As far as the documents that want to phone home, I say we boycott those vendors.
Vote with your feet!
Cheers!
Rich
[1] I downloaded it about 10 years ago, and when I finally got around to having
$20.00 to spare, I emailed them, and asked, "Where should I send my check?" and
they never answered. :-) |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in