Security → how to ensure PDF file viewing does not "call home"...

there seems to be a lot of companies offering call home type tracking every time someone opens up a PDF file, so how can I block that and protect my privacy short of only opening PDF files while on a anonymizing VPN provider?

so far my precautions include;

viewing PDF files using Foxit

firewall outgoing rule blocking C:\...\Foxit Reader.exe

adding the following HOSTS redirect;
127.0.0.1 remoteapproach.com #block pdf call home

if you have other more up to date ideas that include a wider range of PDF tracking vendors, I would very much appreciate your input here.

Provided the pdf isn't apt to contain proprietary or sensitive information I'll just open it using one of many online pdf readers.
e.g.,
»view.samurajdata.se/

If your concern is about reading sensitive PDF's, disconnect from the net.

i simply do not want the owner (who may have embedded a call home service into his PDF file) to know where (my public IP) and when i viewed it.

obviously i'm talking about PDF files i already have on my local drive, not about viewing something as i'm download it through my browser, since that download source already knows the IP and time of the download.

»view.samurajdata.se/ allows for an upload from your local drive.

look, i'm not interested in using that sight, OK? i don't want yet another entity knowing what i'm doing - get it?! so please move on.

If you block your PDF reader(s) from connecting to the Internet, it's enough to protect your privacy. Just make sure that the rule(s) doesn't allow any type of connection (TCP, UDP) to any IP. You'll have to check for the reader's updates manually after that. But I think that's the fair price for your privacy protection. BTW, none of my PDF readers have access to the Internet...

foxit has a separate update executable that i did not block - but should i still block it for outgoing activity, or the reader itself is sufficient.

You're welcome.

Block that application from internet access with your firewall. It has to be a software firewall that can control outbound access.

My guess is, it'd be enough. But if you want to be sure (and who knows what it actually does?), you may block it as well and check for updates manually, by visiting its site time to time.

@Packeteers

1. A nice reading about Call Home
2. Could you please point me to a document that calls home? Would be interesting to play with
3. Things I would disable in Foxit at all events:
General -> Create links from URLs
JavaScript -> Enable JavaScript Actions

Two questions are these downloaded PDF files, second do you know who runs your VPN?

Blake

Link - i know where you are probably trolling with this, and i don't want to get sidetracked, just focus on PDF viewing privacy issues.

meduza - i could probably isolate one by using a sniffer, but i really don't have the time or inkling. i simply want to take whatever action is known to block a call home short of reading pdf's while offline (or on an anonymous VPN). meduza keep in mind "call home" is one of dozens of other such services all potentially using different schemes and reporting servers.

OZO - i doubt new foxit updates really do much anyway, so i will block both exe's and update manually should foxit ever glitch on me.

curiosity - yes, i'm using a software firewall to block any and all types of outbound traffic while using foxit, thanks for the heads up.

so bottom line - nothing new learned here i could not already google myself - but thanks for trying, guys

I think I can assume then that the PDF files are on your system and not being viewed from say a website (also pretty safe to assume you don't know if the CIA is running your VPN site, but that's another issue). Given the files are on your system, yanking the network cable while viewing pretty much guarantees they won't be able to call home.

don't worry Link, i'll be sure to wear my tin foil hat while reading these PDF's offline

I just find it interesting that folks don't trust some people (ie the PDF folks whoever they might be) while blindly trusting others (the VPN folks), just seems inconsistent.

Blake

Tracert and ping to: remoteapproach.com and remoteapproach.com/remoteapproach/logging.asp both failed to resolve. Although the remoteapproach.com domain is registered at go daddy my browser can't find the server so adding these to your host file is likely ineffective. Perhaps they sold out to another company.

A quick Google turned up several other companies doing the same thing (Locklizard, readynotify, pdftracker and indorse), it appears they all use JavaScript to accomplish tracking. If you are using Adobe go to Edit > Preferences > JavaScript > Uncheck everything > OK your way out. If you open a page that wants JavaScript Adobe will ask permission to allow it. Be aware that if you allow it Adobe changes the settings back to default without alerting you. I have never had to allow scripts to view a page.

Not a bad idea to lock it down with a firewall. It uses port 80 meaning you will need a rule based firewall. If I remember correctly Adobe Acrobat 9 had a service that called home to keep track of your tokens and that had to be allowed for it to run. I have it installed on other machines but I am too lazy to go look. You can also disable anything Adobe that runs at logon. When you click on a pfd it will load whatever it needs.

said by LWN.net :

---

Remote Approach's reporting did not work when we viewed the document with Kpdf, Xpdf and Adobe Reader 5.0.10. It also failed using Apple's "Preview" application on Mac OS X. The document was still viewable with no apparent glitch in other PDF readers, but the reporting function did not work. However, when we opened the file using Adobe Acrobat Reader 7, Remote Approach started logging views from our IP address. After doing a little research, we found that Adobe's Reader was connecting to »www.remoteapproach.com/r ··· ging.asp each time we opened the document. The information is submitted over port 80 using HTTP, so it is unlikely that a home or office firewall would, in a normal configuration, block the activity, unless the firewall administrator is attempting to block Web browsing.

By default, Adobe Reader 7 turns on JavaScript, so the "tagged" document is able to "phone home" without the user's awareness. Turning off JavaScript disables the document's code, and prevents Remote Approach (or any other entity) from tracking views of the document. No doubt, Remote Approach is using features that would normally be used to submit information from a PDF form.

---

Any reader that does not support JavaScript should neuter this.

Someone provides a suggestion and this is the type of thanks you offer? I wouldn't doubt that this has turned many away without continuing further in the thread (I almost was one of those).Blake is about the furthest from what I would consider a troll and this comment may come across as another "attack". If you truly desire assistance you may want to think twice about the wording you use in your responses.

With respect to your original question: This depends upon many factors, including the reader you use (you did not specify), where the PDFs your are concerned over are sourced (Blake's comment), and what type of firewall(s) you may be using. Several suggestions have already pointed at a firewall as your solution.

If you use a firewall that by default blocks all outbound traffic that you do not explicitly enable, you likely are pretty completely covered.

If you use a reader such as Foxit, some googling may help but if you do not trust any reader (you did not specify this either) your question is no longer just one of PDF "call home". You would either need a firewall that only explicitly allows outbound connections that you explicitly allow or you would need to look at something like Sandboxie. Specifically with Sandboxie you would "force" your PDF reader to always run sandboxed, and you would configure your sandbox with no network access. This of course would require the PDF be downloaded and stored locally (again - this goes to Blake's comment) first. And it would mean that you would need to trust Sandboxie more than your reader (or your OS, or your VPN, etc)

You really didn't provide any detail on why you want to do this or if there were specific cases you are concerned with so we can only assume you have some level of paranoia or general heightened concern over privacy. The generic answer to those is to look at solutions such as firewalls or sandboxes.

Edit:For future reference, if you have already done research it might help to note what you have already found and discounted before asking for help. It would help keep many others from wasting their time, providing suggestions, and receiving less-than-grateful responses in return for their troubles.

Didier Stevens has a Python tool that can remove JavaScript and autolaunch functions from PDF files - this is done with the -d option (disarm). You can read more about it here »blog.didierstevens.com/p ··· f-tools/

corey

OMG Shady - that's a great idea!

I used to use autosandbox which came with avast! but had long ago uninstalled it. sorry if how i post here upsets your sensibilities.

corey - interesting stuff, i'll explore it further when i have more time as a great way to know which files are trying to rat me out.

A nice feature of pdfid is that you can run it against a folder, so you can disarm in batches.

If you run it on a Windows system you will need to install both Python and PyWin32 - make sure you use matching version #s (I'm running 2.7 for both).