Adobe modifies hosts file to detect whether Creative Cloud is installed
by rglullis on 4/6/2026, 5:38:30 PM
Comments
by: matsemann
Oh well, as a teenager, blocking adobe servers in hosts file was how you got to "phone activation" and could generate a code. So I guess we're even, heh.
4/6/2026, 6:54:42 PM
by: lousken
How is defender not flagging this? Changing hosts file should raise alarms
4/6/2026, 6:02:45 PM
by: Terr_
Recycling a comment from prior discussion (4 days, 68 points, 13 comments): <a href="https://news.ycombinator.com/item?id=47617463">https://news.ycombinator.com/item?id=47617463</a><p>_______<p>Oh <i>helllll</i> no. Let's imagine an analogy for Adobe leadership:<p>1. You hired a night janitor to clean and vacuum your executive offices.<p>2. That janitor secretly stops at every desk-phone to alter the settings of voicemail accounts.<p>3. After the change, any external caller can dial a certain sequence to get a message of "Yes, this office was serviced by Adobe Janitorial!"<p>What's your reaction when you discover it? Do you chuckle and say something like "boys will be boys"? No! You have a panic-call, Facilities revokes access, IT starts checking for other unauthorized surprises, HR looks into terminating contracts, and Legal advises whether you need to pursue data-breach notifications or lawsuits or criminal charges.<p>* Is it acceptable because they had <i>some</i> permission to touch objects in the rooms? No.<p>* Is it acceptable because the final effect is innocuous? No.<p>* Is it acceptable because the employment contract had some vague sentence about "enhancing office communication experiences"? No.<p>* Is it acceptable if they were just dumb instead of malicious? No.<p>No person that would blithely cross those lines can be trusted near your stuff, full-stop.
4/6/2026, 6:19:04 PM
by: OptionOfT
Can't even reproduce it when setting location to Belgium, or CA or AZ.<p>I must be missing something.
4/6/2026, 6:46:25 PM
by: vondur
If you don't like Adobe modifying your hosts file then I'd not use them. The checking for the software this way is kinda interesting though.
4/6/2026, 6:06:31 PM
by: ramon156
To be fair, to crack <i>all</i> adobe products requires a few reg keys. It's wild that they have just given up on pirates.
4/6/2026, 6:28:04 PM
by: hypeatei
Looks like they got a wildcard certificate for *.creativecloud.adobe.com[0] so that the HTTPS connection works and so they don't have to publish DNS records for the "detect-ccd" subdomain to obtain a cert. Pretty neat setup, but also kinda hacky.<p>0: <a href="https://crt.sh/?q=creativecloud.adobe.com" rel="nofollow">https://crt.sh/?q=creativecloud.adobe.com</a>
4/6/2026, 6:46:42 PM
by: j45
Make affinity sound like a smarter and smarter choice.
4/6/2026, 6:53:55 PM
by: ChrisArchitect
[dupe] <a href="https://news.ycombinator.com/item?id=47617463">https://news.ycombinator.com/item?id=47617463</a><p><a href="https://news.ycombinator.com/item?id=47624990">https://news.ycombinator.com/item?id=47624990</a>
4/6/2026, 6:10:25 PM
by: jameskraus
Honestly a pretty nifty way to detect if it's installed. I'm sure this can power a lot of nice features, like linking directly into adobe products if they're installed.
4/6/2026, 6:14:34 PM
by: cromka
> for a very stupid reason.<p>I cannot stomach Thom's articles. So borderline judgmental, holier than thou, feels like he only writes whenever there's something to criticize.<p>No, it's not a stupid reason. Reason is OK, the execution is controversial.
4/6/2026, 5:55:11 PM