Adobe has recently been exposed for forcibly adding entries to the hosts files of Windows and macOS users. This practice is intended to confirm whether the Creative Cloud creative software suite is installed on a user's system through network probing.
According to an analysis by Reddit user thenickdude, when a user visits the Adobe homepage, the site uses JavaScript to attempt to load an image hosted at detect-ccd.creativecloud.adobe.com. If the corresponding DNS entry added by Adobe exists in the user's hosts file, the browser initiates a connection, effectively signaling to Adobe's servers that the software is installed. If the connection fails, the system concludes that the software is absent.
Bypassing Local Network Access Restrictions
Previously, Adobe attempted to connect directly to the Creative Cloud application by accessing various ports on http://localhost. However, as major browsers like Chrome have tightened security restrictions on Local Network Access, this legacy method became ineffective. Adobe subsequently pivoted to this "hacker-style" approach of modifying the hosts file to circumvent browser security blocks.
This practice has sparked significant backlash within the technical community. Critics argue that modifying underlying system configuration files without explicit user permission is a major overstep. Such actions not only alter the system's network resolution logic but also blur the line between legitimate commercial software and malware.
Although Adobe claims this move is merely intended to optimize the onboarding process on its website, the intrusive nature of the operation has raised concerns regarding privacy and system integrity. As of now, Adobe has not provided an official response as to why it chose to modify hosts files rather than utilizing more transparent API interfaces.
