full randomness, mostly IT stuff, but not 100% guaranteed

Adobe Reader DC uploads your files to Amazon AWS without consent

Posted in Uncategorized by alfredomarchena on April 28, 2015

not sure if any of you have noticed but it seems you do not need to have an adobe document cloud account to open PDFs you may have opened on another computer so long as you are signed into the Acrobat Reader DC. It seems that once you sign into the program the files are available on other devices.

what concerns me is that for this to be possible i would imagine the file has to be uploaded somewhere so the other computer with Adobe Reader DC can open it… right?

take for example on the screenshots. i am trying this out on 2 computers. one of my computers is for work, and the second computer is for personal use. lets say i open the the file ‘From Work Computer.pdf’ on my work computer and after i am done reading it i close it. On my other computer which is my personal (non-work) computer i open the file’ From Home PC.pdf’ and then close it. if i go to recent files i can see the ‘From Work Computer.pdf’ on my home computer with a little cloud symbol next to it. if i click on it, it says ‘downloading from adobe document cloud’ and then it shows the file which does not reside on that computer.

so i went to the creative cloud section in Adobe Reader DC and says there are no files.. BUT the screenshot shows it ‘downloaded’ from the cloud. so i got curious and opened the resources in windows and as soon as i opened a new file the process AdobeCollabSync.exe sent network data to *.amazonaws.com which is a cloud service provider. I’m making an educated guess that is why i can see it on other computers where the file isnt save as well as my mobile phone.

what i gathered is that without the users consent it sent a copy up to the cloud. Now, i know for the current quasi-goverment company i am doing work for this would be a violation of their regulatory compliance so i guess i have to sign out of Adobe Reader DC and see if that stops this.

i would wonder what Adobe has to say about the uploading of files without the users content, as someone who works with intellectual property and has to abide by compliance this is not a good thing. furthermore, if amazon ever gets hacked, id be worried about my files or my client’s files getting breached as well.

furthermore, from an enterprise side of things i would like to know what can be done on the enterprise firewall side to block this.

screenshots related to this blog post below
On Work PC opening file not on pc network adobesync no dc adobe iphone

2 Responses

Subscribe to comments with RSS.

  1. alfredomarchena said, on June 16, 2015 at 1:54 PM

    update… since i am part of a influence panel that has ties in to adobe dc, theyre made aware of it and looks like in the future they may change the EULA or the behavior to address this discovery

  2. alfredomarchena said, on June 16, 2015 at 1:59 PM

    here is what also works:

    Go to the web acrobat account: cloud.acrobat.com
    You should see your recent list there
    Delete the files from the cloud on that screen

    that places the files in a purge schedule and whenever the process runs (which im hoping daily – will permanently remove it from AWS cloud)


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: