Adobe Acrobat now enables spying on readers

Like many non-Microsoft users, I rely on Adobe pdf as a way of circulating and publishing documents. But now it transpires that

The well known PDF reader Adobe Reader reports back to a central server whenever you open specially marked PDF documents.

The newly released Adobe Reader 7 again allows authors of PDF documents to embed an arbitrary web address which is then informed whenever you open the document.

According to one of the Slashdot postings, the current Remote Approach tracking code already sends off the full file path to the PDF on your computer, which could in itself include confidential information. This use of “web-bugs” is the same functionality used by spammers to track and verify use of your email address and is done without informing the user and without his or her consent.

It’s all done with Javascript. According to the link, you can disable the spying ‘feature’ either by deleting all plugins or by renaming the plugin directory acroread7/Reader/intellinux/plug_ins. (But you have to remember to repeat this every time there is an update.)

Alternatively you can use one of the free PDF viewers (xpdf, kpdf, evince etc.), none of which allows this surreptitious functionality of reporting back.

[Thanks for Seb for the link.]