Marc EdwardsI can confirm Creative Cloud has added to my /etc/hosts file.
Adobe secretly modifies your hosts file for the stupidest reason: https://www.osnews.com/story/144737/adobe-secretly-modifies-your-hosts-file-for-the-stupidest-reason/
decryption@marcedwards so gross from adobe :(
@decryption I need their stuff, but it’s just non-stop stuff like this from them. One day I’ll uninstall it all!
Ricci Adams@marcedwards I haven't experienced this yet, but I also kill any Adobe daemons when Photoshop/Illustrator/etc aren't running. I wonder if that makes the difference.
@iccir It might! It’d make sense that the apps themselves aren’t the ones to make the modification.
@marcedwards I'll try to do a quick search when I get back to my computer and try to figure out which helper/agent/daemon is modifying this. Maybe there is a default to disable it.
@marcedwards I didn't find anything, but I'm also running an older version of Creative Cloud on Sonoma (I don't update apps until I can verify my workflow won't break).
You might want to try:
`find /Applications/Utilities -name "*Adobe*" -print0 | xargs -0 grep -d recurse "Cloud WAM"`
I'm guessing they probably have some shell script that's making the entry.
Rachel Rawlings@marcedwards How is it being modified when /etc/hosts is owned by root? An after-install script run by the package manager?
@linuxandyarn Good question! I’m not sure. I guess at some point it asks for and gets admin privileges? It’s been a while since I installed Adobe CC, so I can’t remember.
Daniel Schildt@marcedwards @linuxandyarn At least on Windows, only way to install Adobe products is to give them system level access to everything. Creative Suite installs many background services, that in the past (back in 2017-) were essentially Node.js applications. So your desktop computer has a built-in web server that has been there for almost a decade, accessible via local ports.
Adobe's included Node.js server could be used to run any custom code, not only their own. Essentially an attacker could use it to run extra bits of code that would be hidden inside Adobe's software.
@autiomaa @marcedwards Christ. There are days I want to day-drink just being a Linux admin. If I were responsible for Windows users with that shiz I'd be hospitalized.
(Also, today I learned Windows might have /etc/hosts; I assumed the OP had a Mac.)
@linuxandyarn @marcedwards Yeah, Windows has those tools from FreeBSD. Parts of Windows network stack were originally from FreeBSD, and Microsoft has bern using BSD licensed software for decades. Core parts of Azure were also running on top of FreeBSD (already a decade ago).
@linuxandyarn @marcedwards At least on my machine, Adobe adds some items to /Library/PrivilegedHelperTools. These will have root access.
Billy O'Neal@marcedwards This explains why I had to constantly terminate all those bits.
aburka 🫣@marcedwards kinda hate that my first thought was "damn that's clever"
Moe Lassus@marcedwards I monitor my hosts file so good luck Adobe.
Disclaimer: I hate Adobe
mrfoostang 🇨🇦 
Eric Likness
JoeHenzi@marcedwards This would be the final straw
Jeff Clatworthy@marcedwards @daringfireball The great irony is that one of the previous ways to Crack Adobe’s Creative Suite Apps was to edit your hosts file so their registration call-home were routed to local host.
Sandy Corzeta@marcedwards this probably to combat those keygen patcher 😂
Jarno@marcedwards does it run with root privileges or other elevated privileges then?
@jarno Yeah, I think they get that when installing.
Frank Heijkamp@marcedwards
That is absolutely terrible!
That is absolutely terrible!
Just a trash panda 🦝@marcedwards If I am following, the way they've done this also leaves the door open for any arbitrary website to determine if you have Adobe Creative Cloud installed.
That could be used as an additional datapoint for fingerprinting purposes.
Not that there aren't plenty enough data points already.
@trashpanda Yep, yep, and yep. It’s incredibly reckless.
Jean-François Mezei@marcedwards nslookup can't find
detect-ccd.creativecloud.adobe.com
and
222.29.117.166.in-addr.arpa name = a2b59aaaf70266dcf.awsglobalaccelerator.com
Very strange that Adobe would use such a weak tecnique as a form of license enforcement. I assume they spread more ofthese golden eggs in many places to force you to install the software on a new machine instead of copying the obvious adobe directories.
@jfmezei It’s not license validation. It’s just a check so they can change their website behaviour and probably collect additional web analytics.