The IT Nerd

Over the weekend I worked with a client that specializes in among other things, mergers and acquisitions. And that activity is often confidential. So they tend to be very paranoid about the software that they install on their computers. As part of an audit that they regularly run on their computers, they discovered that Adobe Acrobat had this feature, if you want to call it that, that uploads PDFs to the cloud to process them using AI. That’s not something that you want if you’re this firm.

Here’s the setting in question:

Just reading what this option does makes it clear that if you want your PDFs to stay confidential, this box must be unchecked. For bonus points, you should also uncheck “Show AI query bar on document” and “Show AI summary Bar on top of the document”. But the fact is that these options are on by default. My advice would be that all Adobe Acrobat users should check these options and take whatever action they deem that are required to ensure their privacy.

This is a huge reminder that you should never trust the default settings of any application. Especially related to AI. Because you never know what an application might have changed via an software update or something like that.

Adobe has had a few problems over the last week. Most notably the uproar over the changes in their terms of use of their apps. But they now have a new problem that they need to worry about. The US Justice Department is suing them:

The Justice Department, together with the Federal Trade Commission (FTC), today announced a civil enforcement action against Adobe Inc. and two Adobe executives, Maninder Sawhney and David Wadhwani, for alleged violations of the Restore Online Shoppers’ Confidence Act (ROSCA). The lawsuit alleges that the defendants imposed a hidden “Early Termination Fee” on millions of online subscribers and that Adobe forced subscribers to navigate a complex and challenging cancellation process designed to deter them from cancelling subscriptions they no longer wanted.

Adobe Inc. is a software company that offers online subscriptions to design and productivity software applications via its website, Adobe.com. David Wadhwani is Adobe’s President of Digital Media Business, and Maninder Sawhney is Adobe’s Vice President of Digital Go to Market & Sales.

According to a complaint filed in the U.S. District Court for the Northern District of California, the defendants have systematically violated ROSCA by using fine print and inconspicuous hyperlinks to hide important information about Adobe’s subscription plans, including about a hefty Early Termination Fee that customers may be charged when they cancel their subscriptions. The complaint alleges that for years, Adobe has profited from this hidden fee, misleading consumers about the true costs of a subscription and ambushing them with the fee when they try to cancel, wielding the fee as a powerful retention tool.

The complaint alleges that Adobe has further violated ROSCA by failing to provide consumers with a simple mechanism to cancel their recurring, online subscriptions. Instead, Adobe allegedly protects its subscription revenues by thwarting subscribers’ attempts to cancel, subjecting them to a convoluted and inefficient cancellation process filled with unnecessary steps, delays, unsolicited offers and warnings.

The lawsuit seeks unspecified amounts of consumer redress and monetary civil penalties from the defendants, as well as a permanent injunction to prohibit them from engaging in future violations.

I have heard stories about it being difficult to cancel Adobe subscriptions. I guess that this lawsuit confirms that. Which is bad news for Adobe. You have to wonder if this combined with their other issues will send customers to the exits. I’m sure Adobe will deny the charges and say they will fight this. But honestly, how many battles can one company fight at the same time?

Last week Adobe released new terms of use for its products that almost immediately sparked anger amongst its user base. And attempts to explain it away didn’t go over well. So Adobe is trying again for a third time via this blog post:

We recently rolled out a re-acceptance of our Terms of Use which has led to concerns about what these terms are and what they mean to our customers. This has caused us to reflect on the language we use in our Terms, and the opportunity we have to be clearer and address the concerns raised by the community.

Over the next few days, we will speak to our customers with a plan to roll out updated changes by June 18, 2024.

At Adobe, there is no ambiguity in our stance, our commitment to our customers, and innovating responsibly in this space. We’ve never trained generative AI on customer content, taken ownership of a customer’s work, or allowed access to customer content beyond legal requirements. Nor were we considering any of those practices as part of the recent Terms of Use update. That said, we agree that evolving our Terms of Use to reflect our commitments to our community is the right thing to do.

In other words, the blowback was so epic that Adobe has had to do a rethink. And next week Adobe will roll out new terms of use that clearly state what Adobe and and can’t do with user data. And at the same time, Adobe hopes by doing so that it can get users to trust them again. That might be a tall order given how epic the blowback was. But I guess we will see when these new terms of use drop.

Yesterday, a C level executive tried to put out the fire surrounding the firestorm that Adobe created when changes to their terms of use came to light and made it look like Adobe products were basically spyware. And that Adobe were intent on using customer data to train their AI models.

It now Adobe is taking another crack at trying to make this issue go away via this blog post. I encourage you to read it in full. But here’s the part of it that is most relevant to this discussion:

The focus of this update was to be clearer about the improvements to our moderation processes that we have in place. Given the explosion of Generative AI and our commitment to responsible innovation, we have added more human moderation to our content submissions review processes.

And they also say this:

To be clear, Adobe requires a limited license to access content solely for the purpose of operating or improving the services and software and to enforce our terms and comply with law, such as to protect against abusive content.

Finally they say this:

• Adobe does not train Firefly Gen AI models on customer content. Firefly generative AI models are trained on a dataset of licensed content, such as Adobe Stock, and public domain content where copyright has expired. Read more here: https://helpx.adobe.com/firefly/faq.html#training-data
• Adobe will never assume ownership of a customer’s work. Adobe hosts content to enable customers to use our applications and services. Customers own their content and Adobe does not assume any ownership of customer work.

Now if this blog post came out at the same time the terms of use were updated, we may not be here talking about it now. And if they didn’t do any of the following, this absolutely would not have been such a huge issue:

• To request support to clarify the terms of use, you had to agree to these terms
• To uninstall the apps because you didn’t like these terms of use, you had to agree to these terms of use anyway.

The fact is Adobe to borrow a U.K. phrase, stuffed this whole thing. They really screwed up how they handled it and burned a whole lot of goodwill in the process. I guarantee that because of how this was handled, a lot of creative professionals are now either looking for alternatives to Adobe products, or have already switched. Will Adobe care about that? They might if it hits their bank account hard enough. I guess the central question is does this make you feel better about Adobe, and will you feel comfortable enough to use their products? Sound off in the comments below with your thoughts.

Yesterday, I posted a story about Adobe changing their terms of use and sparking an uproar about it. At the time I said this:

Adobe could really do itself a favour by clarifying this. Because until they do, people are going to have the impression that Adobe products are basically spyware when in reality they’re likely not. Thus I’ve pinged Adobe over this and if I actually get a response, I’ll post it here.

I said that because Adobe really wasn’t saying anything about this to address this issue. But that changed when Adobe Chief Strategy Officer Scott Belsky responded to the Tweet that started this:

 I encourage you to read the entire Tweet. But The fact that Adobe as of the time that this story is written doesn’t train AI models with customer data isn’t something that inspire any confidence as their terms could allow Adobe to do so in the future.

Now if you read the entire Tweet, Belsky does say that this could be clearer. But he also uses the “everyone else does this” excuse. Which again doesn’t inspire confidence in Adobe. And from what I can tell, this isn’t going over really well on Twitter.

The bottom line is this. Even with this response from a C level executive at Adobe, I have shifted my opinion from “let’s give Adobe a chance to respond because this may not be as bad as it seems” to “Adobe is possibly setting the groundwork to do something suspect with your data in the future.” And I am likely not the only person who is thinking that given how many people are now threatening to dump Adobe products because of this. Maybe Adobe should take that into account and come up with a strategy to address these concerns and put this to bed before their reputation gets damaged beyond repair.

From the “this seems a bit suspect” comes this discovery by Sam Santala about the terms of use for Adobe Photoshop:

Of course this set off a bit of a tizzy on the Internet. And it sounds pretty bad on the surface. But there’s another view to this.

The way this is written, it sounds like it only refers to content that you upload to Adobe. Meaning that stuff that is local is stuff that they don’t have access to. That’s fine. Sort of. There’s also references to looking for things like CSAM and adult material. Now I am a computer nerd and not a lawyer, but that sounds like a cover your a$$ sort of thing to me. There’s also verbiage about using machine learning to improve their products. That’s something that I can see people having issues with as there are people out there who don’t want AI models trained using their stuff.

Adobe could really do itself a favour by clarifying this. Because until they do, people are going to have the impression that Adobe products are basically spyware when in reality they’re likely not. Thus I’ve pinged Adobe over this and if I actually get a response, I’ll post it here.

If you’re using older versions of Adobe Creative Cloud apps, now might be a great time to upgrade. Because according to Adobe, you might get sued if you don’t. Customers have been getting emails from Adobe in regards to this which apparently aren’t too nice. And one customer reached out to Adobe on Twitter and got this response.

Customers who continue to use or deploy, unauthorized versions of Creative Cloud may face potential claims of infringement by third parties. We can not comment on claims of third party infringement, as it concerns ongoing litigation. ^CS https://t.co/wx2K8MXov9

— Adobe Care (@AdobeCare) May 13, 2019

The apps affected include Photoshop, Lightroom Classic, Premiere, Animate and Media Director. And you’re likely wondering why using older versions of these apps is an issue. Well, it stems from the fact that a lot of creative types have workflows that work best with older versions of software. Or they are just used to the software and don’t want to change. Or they don’t want to introduce issues by upgrading to something that breaks their workflow.

Apparently this stems from a licensing dispute between Adobe and Dolby which seems to be turning ugly. Thus users of Created Cloud should consider themselves warned because by the time a company starts sending out notices like these, it’s a sign that things are not good.

Last week I told you about an Adobe Flash exploit that had been around since November and was actively being used by North Korean hackers. Adobe promised to fixed it this week and they did. But in the process of fixing that exploit, they disclosed that there was a second exploit that was floating around unfixed. It’s documented in the CVE database as CVE-2018-4877 and in short, it’s an exploit that allows for remote code execution. In other words, doing something as simple as opening a webpage or other document with a malicious Flash file embedded in it will pretty much result in pwnage if you have the wrong version of Flash installed. Thus, you should update your version of Flash right now to avoid pwnage.

Or the better route is to dump Flash completely because it’s a security nightmare that Adobe cannot remedy. Thus since Adobe can’t save you from the nasties that are out there, you have to save yourself.