As a general principle, application developers should not have free rein to modify my system's configuration, and OS's should do their part to make it very difficult for developers. Installing your binaries into C:\Program Files\AppName or /usr/local/bin? Fine. Dumping crap all over C:\Windows or /usr or /boot or something? No way--the OS should make the developer obtain my consent (not just a blanket sudo-like escalation) to do these things. Sneakily modifying /etc/hosts to act against me? Get the hell outta here!
> As a general principle, application developers should not have free rein to modify my system's configuration, and OS's should do their part to make it very difficult for developers.
Funny enough macOS, iOS, iPadOS and Android do this and they are constantly attacked for it.
I do think there needs to be more strict adherence by developers to standards like XDG but I don’t know how it could be enforced.
I thought the days if needing to "sudo" to install applications on windows were long gone; doesn't basically everything happily do user installations now? I would view a demand to escalate as basically proof that the application is about to do something janky, if not outright malicious. On linux, if I can't build and run software with just my user account, that software has some explaining to do. Virtually every desktop application should be able to run without escalated privileges.
on windows and mac they just get a prompt and a lot of people don't read it, care, nor wonder what it's actually doing they just want it to work.
I know you all know this but companies will do this knowing that exploiting all of us.
I use Linux and agreed on all those points. when I used adobe before it wanted to charge me a fee to cancel my subscription and wouldn't let me just 'cancel' in their system so I just blocked the payments on my card and dipped out.
"C:/Program Files" is still the recommended place to install programs, and it requires admin privileges to write to. Some programs (ab)use C:\ProgramData for that purpose instead and therefore don't need admin privliges. But even with that hack, ultimately Windows still uses the https://xkcd.com/1200/ permission model. (Everything runs with full access to all your data.)
Oh well, as a teenager, blocking adobe servers in hosts file was how you got to "phone activation" and could generate a code. So I guess we're even, heh.
Software wants to be installed in C:\Program Files so that other software can’t modify their installation without admin permissions. Of course to do that your installer needs to be run as administrator which makes the whole thing rather silly.
The hosts file is not sacred on Windows. Anyone who is administrator can just edit it. I've done it to add domain names to localhost.
For anyone hand-wringing over this, this used to be normal. The hosts file was invented a decade before DNS. The end user, or app, would edit their hosts file purposefully after downloading a master copy from the Stanford Research Institute which was occasionally updated.
> For anyone hand-wringing over this, this used to be normal.
People editing hosts files for other reasons was normal (a long time ago-- and it stopped being normal for valid reasons, as tech evolved and the shortcomings of that system were solved). A program automatically editing the hosts file and its website using that to detect information about the website visitor is not the same thing; that usage is novel and was never "normal."
Programs adding entries to the hosts file is still pretty normal, e.g. if something that uses a local webserver as its UI and wants you to be able to access it by name even if you don't have an internet connection or may be stuck behind a DNS server that mangles entries in the public DNS that resolve to localhost.
Programs like that should just be shipped with good documentation. And applications built to be used by normies should almost certainly never be built that way in the first place.
In particular, manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped, and certainly by the time Windows actually had a built-in networking stack. And it was always a red flag for a local app to mess with the hosts file.
Obsolete? My team has an onboard document that spells out lines that needed to be add to host file so they can access internal resources. These are machines directly bought/rented and maintained by the team, so we prefer to use host files instead of going through the company DNS, which is maintained by an entirely different team.
Most users won't care, especially if the Adobe installer warns them that a security warning might popup after installation. Besides, in practice, any malware editing the hosts file isn't going to get much because of HTTPS; one cannot simply redirect "google.com" traffic to their own IP without issue.
Whether it's run as root/administrator or not - you can disable this behavior by setting the immutable flag on /etc/hosts. No user, including root, can write to a file with the immutable flag set(although root could _remove_ the attribute and then write).
Oh helllll no. Let's imagine an analogy for Adobe leadership:
1. You hired a night janitor to clean and vacuum your executive offices.
2. That janitor secretly stops at every desk-phone to alter the settings of voicemail accounts.
3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!"
What's your reaction when you discover it? Do you chuckle and say something like "boys will be boys"? No! You have a panic-call, Facilities revokes access, IT starts checking for other unauthorized surprises, HR looks into terminating contracts, and Legal advises whether you need to pursue data-breach notifications or lawsuits or criminal charges.
* Is it acceptable because they had some permission to touch objects in the rooms? No.
* Is it acceptable because the final effect is innocuous? No.
* Is it acceptable because the employment contract had some vague sentence about "enhancing office communication experiences"? No.
* Is it acceptable if they were just dumb instead of malicious? No.
No person that would blithely cross those lines can be trusted near your stuff, full-stop.
> 3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!"
Theoretically, it's not "any external caller." Only the janitor's department calling in can dial that sequence and get "Yes, you serviced this office!" If anyone else tries to dial the extension, the desk-phone pretends it doesn't know what it means. (Because it seems Adobe's server serving the analytics image checks the request origin and only serves the image if the origin is Adobe's own website.)
The origin "security" doesn't excuse the complexity and the potential for both exploits and human-error breakage in the future.
> Only the janitor's department calling in can dial that sequence
Is this the case though? Cannot any website use the same trick Adobe does to check whether you have Creative Cloud installed? Like, the entries in /etc/hosts are not magically scoped to work just on Adobe's web, no?
Are we sure this is to detect Creative Cloud instead of, trying to detect whether you have/had a pirated version of Adobe installed? Some reference material I've seen often involved blackholing adobe hosts to prevent installation software from verifying or otherwise talking to adobe.
They're doing this because the localhost shenanigans got blocked. This is pure internet requests, but the IP changes (or fails to resolve) based on what's in your hosts file.
Also a lot of recent features are AI related and rely on talking to Adobe servers, which would require a valid subscription. They're probably betting the AI features are valuable enough that local only pirated copies aren't a threat long term.
Looks like they got a wildcard certificate for *.creativecloud.adobe.com[0] so that the HTTPS connection works and so they don't have to publish DNS records for the "detect-ccd" subdomain to obtain a cert. Pretty neat setup, but also kinda hacky.
Honestly a pretty nifty way to detect if it's installed. I'm sure this can power a lot of nice features, like linking directly into adobe products if they're installed.
Agreed, at worst this is just vaguely icky feeling; realistically this is a nothing burger.
To exploit this kind of thing you'd either need to have access to someone's computer to change the hosts file yourself, pointing to a different IP address, or somehow gain control of Adobe's IP address and point it to a different server. For the former, if you have local root permission, you already own the machine, why bother with this slow of an option. And the latter is already such a takeover that the involvement of this hosts file change is basically irrelevant.
I’ve been trying to get by with Affinity and Pixelmator in the new Apple Creator Studio.
I don’t exactly love them, but they’re better than the unending nightmare you suffer with Adobe. I’m hoping the thirty years of muscle memory will eventually fade.
I don't know anything about Thom, but I've kind of grown to prefer the pissy opinionated tones of blog posts. I think impartiality is difficult or impossible for a lot of tasks, and I'd rather people lay out their opinions plainly than trying to pretend that what they're saying is "objective".
Also, I think writing only when you have things to criticize is a valid enough thing to do; what's the point of writing a glorified "I agree!" article?
I only ever blog when I have something that I think is unique to say, and as such a lot of the time my posts end up being kind of negative. I don't think I'm that negative of a person, I just don't see the point of flooding the internet with more echo-chambers.
It's one thing when it's the Associated Press, where they are trying to be a somewhat impartial source of news and reporting raw facts to the best of their ability; stuff like that probably should not have an opinionated tone at all.
But I think for things like blogs, without opinions being clear, posts can feel kind of soulless. Even before LLMs I felt that way, and now it has been amplified ten fold with people just cranking out low-effort posts with ChatGPT for reasons that I do not understand.
When I write stuff for my blog, I like to think of it as a time capsule of the entirety of the thing I'm writing about. This doesn't just include the raw subject matter, but also my mood and opinions about the subject matter. I'm egotistical enough to occasionally read through my old posts and the ones that I like the best are the ones where I feel like I was expressing myself the most, and where I make no effort whatsoever to try and be impartial.
> No, it's not a stupid reason. Reason is OK, the execution is controversial.
This is a muddled statement. It is a stupid reason to "execute" the act of silently modifying your host file.
If I murder somebody to keep them from stepping on my foot, and the judge says that it's a stupid reason to murder somebody, it's silly to say that the reason is "OK" because it hurts to have one's foot stepped on.
And even then, only controversial to nerds with opinions. Nothing else about it is controversial.
If anything, knowing whether the app is installed or not is kinda important? If you open a file shared with you in the browser, the option to "Open in Desktop" versus "Install Desktop App" actually works correctly?
You can't detect whether a URL handler worked correctly in a browser; otherwise Windows will appear with a "Select an app to open YOURPROTOCOLHERE://" which is completely nonsensical to the user.
As for option 2; ask them every time, or edit their hosts file. Easiest decision in the world: Edit their hosts file, every time, no question. The 1% of nerds who care, and oddly enough don't buy Adobe software, are completely meaningless to the 99% of customers who experience the decision positively.
Why does Adobe need to exfiltrate some information from my machine anyway? If I'm a customer, then they should know this when I sign into my account. They absolutely don't need this information if I'm visiting their website without logging in.
Modifying a global system file is something their software shouldn't be doing in the first place, but relying on this abuse to track me on their website is on another level of insidious behavior.
If you're worried about device fingerprinting, Adobe has far more reliable ways to do it already. Canvas fingerprinting, IP tracking, cookies. A hosts entry tells them almost nothing they couldn't get elsewhere, provides them with almost no entropy, and attributing insidious intent to what is most plausibly a UX feature is conspiratorial.
I'm not worried about this, since I don't use Adobe products. I'm just calling out what's clearly user hostile behavior. Considering the amount of hostility Adobe has exhibited towards its users over the years, I'm inclined to believe this is yet another example. Nothing conspiratorial about that. If anything, calling this a "UX feature" without any evidence either way is suspiciously dismissive.
> If anything, knowing whether the app is installed or not is kinda important? If you open a file shared with you in the browser, the option to "Open in Desktop" versus "Install Desktop App" actually works correctly?
This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
If you want the browser to be able to give the OS a file handler and have the OS present an option to install the app if it's not installed, that should be handled at the platform level, not on the website using a hack like this.
Why can a file not simply be downloaded with a page displayed showing a link to install the app and also instructions to open the file, trusting the user will know if they already have it installed? At best, you're talking about a very small UX optimization. Emphasis on the "kinda" in "kinda important."
> This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
How many apps are you installing that it becomes "unsustainable"? Host file entries are extremely cheap, and it's not like the app needs more than one. Of all the arguments against this, sustainability is a comically weak one. If anything, it's using less contested resources than the "hitting random ports on localhost" approach...
The "sustainable" comment wasn't about the hosts file ballooning to the point of causing performance problems. It was more about the engineering effort required for every program ever (or at least every commercial program that might want this sort of analytic) to have to parse and edit a text file on both installation and removal, without messing that important text file up.
Do you really not see scripted editing of shared system-wide text files as a step back compared to the general containerization that app development has moved towards? This sort of approach would be explicitly incompatible with sandboxes. Adobe can only get away with it because they're already very entrenched with their own app store on their users' machines.
> This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
Actually it's completely sustainable. DNS was invented a decade after hosts files. The idea of your host file being almost completely empty is a modern aberration from the days it used to be thousands of lines long.
Do I wish there was a better mechanism? Sure. Would HN ever agree on a OS-level app-detection API for the browser? Never.
> Why can a file not simply be downloaded with a page displayed showing a link to install the app and also instructions to open the file, trusting the user will know if they already have it installed? At best, you're talking about a very small UX optimization. Emphasis on the "kinda" in "kinda important."
A small UX decision, adding up to tens of millions of times per day, affecting 99.9% of people who don't give a darn - versus a matter of slight software engineering principles of "we just don't do it that way." Easiest decision ever.
> There *already( is one. It just asks the user whether it's okay before it tells the website
The current implementation defines a way to launch (w/ the user's approval) but it lacks any signaling of success or failure of the request. Without such feedback, it falls short of being a detection API.
71 comments:
As a general principle, application developers should not have free rein to modify my system's configuration, and OS's should do their part to make it very difficult for developers. Installing your binaries into C:\Program Files\AppName or /usr/local/bin? Fine. Dumping crap all over C:\Windows or /usr or /boot or something? No way--the OS should make the developer obtain my consent (not just a blanket sudo-like escalation) to do these things. Sneakily modifying /etc/hosts to act against me? Get the hell outta here!
> As a general principle, application developers should not have free rein to modify my system's configuration, and OS's should do their part to make it very difficult for developers.
Funny enough macOS, iOS, iPadOS and Android do this and they are constantly attacked for it.
I do think there needs to be more strict adherence by developers to standards like XDG but I don’t know how it could be enforced.
I thought the days if needing to "sudo" to install applications on windows were long gone; doesn't basically everything happily do user installations now? I would view a demand to escalate as basically proof that the application is about to do something janky, if not outright malicious. On linux, if I can't build and run software with just my user account, that software has some explaining to do. Virtually every desktop application should be able to run without escalated privileges.
on windows and mac they just get a prompt and a lot of people don't read it, care, nor wonder what it's actually doing they just want it to work.
I know you all know this but companies will do this knowing that exploiting all of us.
I use Linux and agreed on all those points. when I used adobe before it wanted to charge me a fee to cancel my subscription and wouldn't let me just 'cancel' in their system so I just blocked the payments on my card and dipped out.
good software, garbage company
"C:/Program Files" is still the recommended place to install programs, and it requires admin privileges to write to. Some programs (ab)use C:\ProgramData for that purpose instead and therefore don't need admin privliges. But even with that hack, ultimately Windows still uses the https://xkcd.com/1200/ permission model. (Everything runs with full access to all your data.)
Oh well, as a teenager, blocking adobe servers in hosts file was how you got to "phone activation" and could generate a code. So I guess we're even, heh.
That CS2 torrent was a GOAT.
How is defender not flagging this? Changing hosts file should raise alarms
Defender warns you this happened.
Can this not be blocked with file permissions? Or a symlink to a file in a ro folder?
Most software installers demand to be run as root/Administrator.
The fact that this is largely seen as acceptable or even sensible is rather silly in this day and age.
Yes, and when apps do request many permissios, I just estimate how reputable the company is. A name like Adobe must be ok, right?
Software wants to be installed in C:\Program Files so that other software can’t modify their installation without admin permissions. Of course to do that your installer needs to be run as administrator which makes the whole thing rather silly.
I wonder how this works on Windows, if any service overrides/resets it
The hosts file is not sacred on Windows. Anyone who is administrator can just edit it. I've done it to add domain names to localhost.
For anyone hand-wringing over this, this used to be normal. The hosts file was invented a decade before DNS. The end user, or app, would edit their hosts file purposefully after downloading a master copy from the Stanford Research Institute which was occasionally updated.
> For anyone hand-wringing over this, this used to be normal.
People editing hosts files for other reasons was normal (a long time ago-- and it stopped being normal for valid reasons, as tech evolved and the shortcomings of that system were solved). A program automatically editing the hosts file and its website using that to detect information about the website visitor is not the same thing; that usage is novel and was never "normal."
Programs adding entries to the hosts file is still pretty normal, e.g. if something that uses a local webserver as its UI and wants you to be able to access it by name even if you don't have an internet connection or may be stuck behind a DNS server that mangles entries in the public DNS that resolve to localhost.
Programs like that should just be shipped with good documentation. And applications built to be used by normies should almost certainly never be built that way in the first place.
In particular, manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped, and certainly by the time Windows actually had a built-in networking stack. And it was always a red flag for a local app to mess with the hosts file.
Obsolete? My team has an onboard document that spells out lines that needed to be add to host file so they can access internal resources. These are machines directly bought/rented and maintained by the team, so we prefer to use host files instead of going through the company DNS, which is maintained by an entirely different team.
> manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped
This claim strikes me as obviously wrong.
Most users won't care, especially if the Adobe installer warns them that a security warning might popup after installation. Besides, in practice, any malware editing the hosts file isn't going to get much because of HTTPS; one cannot simply redirect "google.com" traffic to their own IP without issue.
Whether it's run as root/administrator or not - you can disable this behavior by setting the immutable flag on /etc/hosts. No user, including root, can write to a file with the immutable flag set(although root could _remove_ the attribute and then write).
Recycling a comment from prior discussion (4 days, 68 points, 13 comments): https://news.ycombinator.com/item?id=47617463
_______
Oh helllll no. Let's imagine an analogy for Adobe leadership:
1. You hired a night janitor to clean and vacuum your executive offices.
2. That janitor secretly stops at every desk-phone to alter the settings of voicemail accounts.
3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!"
What's your reaction when you discover it? Do you chuckle and say something like "boys will be boys"? No! You have a panic-call, Facilities revokes access, IT starts checking for other unauthorized surprises, HR looks into terminating contracts, and Legal advises whether you need to pursue data-breach notifications or lawsuits or criminal charges.
* Is it acceptable because they had some permission to touch objects in the rooms? No.
* Is it acceptable because the final effect is innocuous? No.
* Is it acceptable because the employment contract had some vague sentence about "enhancing office communication experiences"? No.
* Is it acceptable if they were just dumb instead of malicious? No.
No person that would blithely cross those lines can be trusted near your stuff, full-stop.
It's more like when you join a company the laptop is given the ability to connect to an internal network for employees.
This is an extremely common practice.
To be fair, your analogy has one flaw:
> 3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!"
Theoretically, it's not "any external caller." Only the janitor's department calling in can dial that sequence and get "Yes, you serviced this office!" If anyone else tries to dial the extension, the desk-phone pretends it doesn't know what it means. (Because it seems Adobe's server serving the analytics image checks the request origin and only serves the image if the origin is Adobe's own website.)
The origin "security" doesn't excuse the complexity and the potential for both exploits and human-error breakage in the future.
> Only the janitor's department calling in can dial that sequence
Is this the case though? Cannot any website use the same trick Adobe does to check whether you have Creative Cloud installed? Like, the entries in /etc/hosts are not magically scoped to work just on Adobe's web, no?
I think cors can prevent that. You can't make a cross origin request from an origin that isn't allowlisted
I installed Creative Cloud just last week. No such entry was created in the hosts file on my macOs system.
I owe thousands of dollars to amtlib.dll.
Are we sure this is to detect Creative Cloud instead of, trying to detect whether you have/had a pirated version of Adobe installed? Some reference material I've seen often involved blackholing adobe hosts to prevent installation software from verifying or otherwise talking to adobe.
If you don't like Adobe modifying your hosts file then I'd not use them. The checking for the software this way is kinda interesting though.
I wonder how many Adobe users are aware of this sketchy behavior tho
My guess is most Adobe users have no idea there is a hosts file nor what it does.
Browsers could still do something about mixed Internet and LAN/Localhost requests by IP address regardless of the domain name.
Did you misread the post?
They're doing this because the localhost shenanigans got blocked. This is pure internet requests, but the IP changes (or fails to resolve) based on what's in your hosts file.
This does not request a local/LAN file, it's a remote server but without any DNS entry unless the hosts file entry is present.
So can I fool the website that I have CC installed?
The most difficult of tasks is trying to un-unstall this pos app on windows.
To be fair, to crack all adobe products requires a few reg keys. It's wild that they have just given up on pirates.
They don't want to be too hard on piracy, its their new/young user on ramp method
Also a lot of recent features are AI related and rely on talking to Adobe servers, which would require a valid subscription. They're probably betting the AI features are valuable enough that local only pirated copies aren't a threat long term.
Can't even reproduce it when setting location to Belgium, or CA or AZ.
I must be missing something.
what happens if you happen to use a DNS server that resolves this domain to the correct IP?
"Correct IP" wins ;)
Looks like they got a wildcard certificate for *.creativecloud.adobe.com[0] so that the HTTPS connection works and so they don't have to publish DNS records for the "detect-ccd" subdomain to obtain a cert. Pretty neat setup, but also kinda hacky.
0: https://crt.sh/?q=creativecloud.adobe.com
[dupe] https://news.ycombinator.com/item?id=47617463
https://news.ycombinator.com/item?id=47624990
Honestly a pretty nifty way to detect if it's installed. I'm sure this can power a lot of nice features, like linking directly into adobe products if they're installed.
It can power even more security issues too. This is absolutely horrendous.
I’m wondering how this can be exploited.
Agreed, at worst this is just vaguely icky feeling; realistically this is a nothing burger.
To exploit this kind of thing you'd either need to have access to someone's computer to change the hosts file yourself, pointing to a different IP address, or somehow gain control of Adobe's IP address and point it to a different server. For the former, if you have local root permission, you already own the machine, why bother with this slow of an option. And the latter is already such a takeover that the involvement of this hosts file change is basically irrelevant.
Make affinity sound like a smarter and smarter choice.
I’ve been trying to get by with Affinity and Pixelmator in the new Apple Creator Studio.
I don’t exactly love them, but they’re better than the unending nightmare you suffer with Adobe. I’m hoping the thirty years of muscle memory will eventually fade.
> for a very stupid reason.
I cannot stomach Thom's articles. So borderline judgmental, holier than thou, feels like he only writes whenever there's something to criticize.
No, it's not a stupid reason. Reason is OK, the execution is controversial.
I don't know anything about Thom, but I've kind of grown to prefer the pissy opinionated tones of blog posts. I think impartiality is difficult or impossible for a lot of tasks, and I'd rather people lay out their opinions plainly than trying to pretend that what they're saying is "objective".
Also, I think writing only when you have things to criticize is a valid enough thing to do; what's the point of writing a glorified "I agree!" article?
I only ever blog when I have something that I think is unique to say, and as such a lot of the time my posts end up being kind of negative. I don't think I'm that negative of a person, I just don't see the point of flooding the internet with more echo-chambers.
I like his tone too. It also is easier to identify that it isn’t LLM generated text.
(I have nothing against LLMs but have little interest in reading text generated from them.)
It's one thing when it's the Associated Press, where they are trying to be a somewhat impartial source of news and reporting raw facts to the best of their ability; stuff like that probably should not have an opinionated tone at all.
But I think for things like blogs, without opinions being clear, posts can feel kind of soulless. Even before LLMs I felt that way, and now it has been amplified ten fold with people just cranking out low-effort posts with ChatGPT for reasons that I do not understand.
When I write stuff for my blog, I like to think of it as a time capsule of the entirety of the thing I'm writing about. This doesn't just include the raw subject matter, but also my mood and opinions about the subject matter. I'm egotistical enough to occasionally read through my old posts and the ones that I like the best are the ones where I feel like I was expressing myself the most, and where I make no effort whatsoever to try and be impartial.
> No, it's not a stupid reason. Reason is OK, the execution is controversial.
This is a muddled statement. It is a stupid reason to "execute" the act of silently modifying your host file.
If I murder somebody to keep them from stepping on my foot, and the judge says that it's a stupid reason to murder somebody, it's silly to say that the reason is "OK" because it hurts to have one's foot stepped on.
It's literally a 2 sentence article. Might as well have just tweeted "Adobe makes me mad"
> Reason is OK, the execution is controversial.
And even then, only controversial to nerds with opinions. Nothing else about it is controversial.
If anything, knowing whether the app is installed or not is kinda important? If you open a file shared with you in the browser, the option to "Open in Desktop" versus "Install Desktop App" actually works correctly?
> In which case, how else would you propose doing it?
- Registering an url handler?
- Asking the user?
You can't detect whether a URL handler worked correctly in a browser; otherwise Windows will appear with a "Select an app to open YOURPROTOCOLHERE://" which is completely nonsensical to the user.
As for option 2; ask them every time, or edit their hosts file. Easiest decision in the world: Edit their hosts file, every time, no question. The 1% of nerds who care, and oddly enough don't buy Adobe software, are completely meaningless to the 99% of customers who experience the decision positively.
What a ridiculous conclusion.
Why does Adobe need to exfiltrate some information from my machine anyway? If I'm a customer, then they should know this when I sign into my account. They absolutely don't need this information if I'm visiting their website without logging in.
Modifying a global system file is something their software shouldn't be doing in the first place, but relying on this abuse to track me on their website is on another level of insidious behavior.
If you're worried about device fingerprinting, Adobe has far more reliable ways to do it already. Canvas fingerprinting, IP tracking, cookies. A hosts entry tells them almost nothing they couldn't get elsewhere, provides them with almost no entropy, and attributing insidious intent to what is most plausibly a UX feature is conspiratorial.
I'm not worried about this, since I don't use Adobe products. I'm just calling out what's clearly user hostile behavior. Considering the amount of hostility Adobe has exhibited towards its users over the years, I'm inclined to believe this is yet another example. Nothing conspiratorial about that. If anything, calling this a "UX feature" without any evidence either way is suspiciously dismissive.
> If anything, knowing whether the app is installed or not is kinda important? If you open a file shared with you in the browser, the option to "Open in Desktop" versus "Install Desktop App" actually works correctly?
This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
If you want the browser to be able to give the OS a file handler and have the OS present an option to install the app if it's not installed, that should be handled at the platform level, not on the website using a hack like this.
Why can a file not simply be downloaded with a page displayed showing a link to install the app and also instructions to open the file, trusting the user will know if they already have it installed? At best, you're talking about a very small UX optimization. Emphasis on the "kinda" in "kinda important."
> This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
How many apps are you installing that it becomes "unsustainable"? Host file entries are extremely cheap, and it's not like the app needs more than one. Of all the arguments against this, sustainability is a comically weak one. If anything, it's using less contested resources than the "hitting random ports on localhost" approach...
The "sustainable" comment wasn't about the hosts file ballooning to the point of causing performance problems. It was more about the engineering effort required for every program ever (or at least every commercial program that might want this sort of analytic) to have to parse and edit a text file on both installation and removal, without messing that important text file up.
Do you really not see scripted editing of shared system-wide text files as a step back compared to the general containerization that app development has moved towards? This sort of approach would be explicitly incompatible with sandboxes. Adobe can only get away with it because they're already very entrenched with their own app store on their users' machines.
> This is not an approach any other app on any platform has historically used, and it doesn't seem sustainable if every app you install has to modify your hosts file to use a hack like this to detect whether it should handle files or not.
Actually it's completely sustainable. DNS was invented a decade after hosts files. The idea of your host file being almost completely empty is a modern aberration from the days it used to be thousands of lines long.
Do I wish there was a better mechanism? Sure. Would HN ever agree on a OS-level app-detection API for the browser? Never.
> Why can a file not simply be downloaded with a page displayed showing a link to install the app and also instructions to open the file, trusting the user will know if they already have it installed? At best, you're talking about a very small UX optimization. Emphasis on the "kinda" in "kinda important."
A small UX decision, adding up to tens of millions of times per day, affecting 99.9% of people who don't give a darn - versus a matter of slight software engineering principles of "we just don't do it that way." Easiest decision ever.
> Would HN ever agree on a OS-level app-detection API for the browser? Never.
There already is one. It just asks the user whether it's okay before it tells the website, as you acknowledged: https://news.ycombinator.com/item?id=47664546
What you're arguing for is not good UX. It's lack of user privacy & control. You just think you're being hip or whatever for being blasé about it.
> There *already( is one. It just asks the user whether it's okay before it tells the website
The current implementation defines a way to launch (w/ the user's approval) but it lacks any signaling of success or failure of the request. Without such feedback, it falls short of being a detection API.