Adobe Swears It's Not Training Its A.I. On Your Photoshops
slate.comAdobe cannot be trusted. They force you to agree to the ToS even to stop using their apps!
You cannot even uninstall Adobe CC apps without using the Creative Cloud app, and you can't use the CC app without agreeing to the ToS.
I used CC mostly on my mac studio, but I had it also installed on a older windows machine. I have cancelled my subscription, then cancelled my account; I had to agree to the ToS to uninstall them on mac studio. I discovered now the old installation on windows and I want to get rid of it, but I don't have an account anymore. I am stuck unable to uninstall their apps on all my computers and the software they provide to do so doesn't work.
On the one mac where I uninstalled it using their tools, it actually kept their software hidden on my machine and tried to reinstall it (found out via osquery). This is very shady behavior. Their installation software is basically a spyware.
Adobe's shenanigans are bad, but I put a lot of the blame here on Windows and its persistent refusal to implement a decent way to uninstall programs without using a vendor-provided binary/script.
It boggles my mind that Windows has no concept of "track what files and registry entries are from what apps, so we can uninstall apps even if the vendor is an asshole/malware distributor/etc", and the corollary "a page that shows what apps still have files or registry entries on the system".
This is worsened by heavy use of the registry, which allows apps to spread files all over the filesystem in a way that is very difficult for users to follow. It's further worsened by the uselessness of Task Manager (it's nearly unfit for purpose, especially considering the bizarre number of strange processes running on even a clean Windows install). Then add in opaque things like svchost.exe and it's very, very hard to tell whether there are any processes left over from an install.
Windows really needs to add better uninstall or cleanup tools for that kind of stuff. Maybe a way to audit what files and registry keys apps access, so users (or a tool) can cross-check them after an app is uninstalled. Maybe some kind of "this app has been running in the background but you haven't interacted with it in X months" info display. Maybe some kind of "you uninstalled app X but I found a folder named X in %appdata%" tools.
It really gives Windows a bad name that no one can trust that uninstalls of apps actually work.
> I put a lot of the blame here on Windows and its persistent refusal to implement a decent way to uninstall programs without using a vendor-provided binary/script.
While the install & uninstall process certainly be criticized. The fact remains that the uninstall script is made by Adobe. They deserve credit for all dark patterns that script contains.
Other systems have similarly opaque places where configuration can be left. Look at dot file structures, gconf, et al. on linux. As well as Preferences, extensions, input managers, Library folders on Mac.
Until we get a system that is entirely containerized, this will continue to be an issue.
We should probably keep the focus on Adobe lest we distract from their bad practices.
I agree that they deserve all the credit for the dark patterns in their uninstall script and people should be pissed. I just also think this was an incredibly obvious outcome, and would not have been a problem at all _if Windows hadn't handed them sole authority to uninstall themselves_.
This isn't even a new issue, I remember jokes about how hard McAfee was to uninstall like a decade ago. Adobe deserves hate for abusing a loophole, and Windows deserves hate for creating and maintaining that loophole through who knows how many issues with it.
> Other systems have similarly opaque places where configuration can be left. Look at dot file structures, gconf, et al. on linux. As well as Preferences, extensions, input managers, Library folders on Mac.
I can't speak for Mac because I lack the context, but there are like a dozen ways to deal with this on Linux. strace, iotrace, selinux audit mode, lsof in a loop if you're lazy and don't care too much, there are some tools built for basically this that use fanotify, I think sar might include this with the right config.
It's like moderate difficulty to write a shell script that will print all the files a process accesses, and trivial difficulty to consume the same.
It's also worth pointing out that a filesystem doesn't typically get "bogged down" the same way the registry does; i.e. there being unused config or cache files on the filesystem doesn't typically harm the filesystem in the same way that having useless entries in the Registry does. There's ups and downs to that kind of centralized config service.
> Until we get a system that is entirely containerized, this will continue to be an issue.
You can do this on Linux already for many things, depending on how much you need it to be isolated and what it does.
In the simplest manner, jails or chroot is probably enough to isolate most applications' filesystems; I'm doubtful they even try to break out of them.
Selinux could be used; first run it in audit mode to generate a list of files it's allowed to access (and record the same), then set it to enforce on the app to prevent other access. AppArmor might also work, not sure.
I believe snaps and/or flatpaks can have their "filesystem" isolated to certain paths.
Docker containers are an option, or just regular old cgroups.
The most basic and common option on Linux is just to install and run it as a separate user. There are certainly ways around that, but most of them would require either giving the installer root access or the kinds of filesystem permissions that malware dreams of.
>I put a lot of the blame here on Windows and its persistent refusal to implement a decent way to uninstall programs without using a vendor-provided binary/script
I agree that this would be nice, but which OS does have this functionality?
Android and I presume iOS are the only ones I can think of.
Linux has .deb packages, but when you run the app it can still do whatever it wants across the filesystem. Just uninstalling the .deb after that isn't a guarantee that everything has been removed.
Distro-maintained packages (not just .Deb but rpm, pacman, etc) do fulfill this, but generally not via an automated means. It relies on package maintainers manually testing or reading source code to figure out what to remove. They don't just blindly accept whatever uninstall script comes with the software.
They don't remove everything, but I consider their choices generally sane. I.e. there are good reasons to not remove Postgres' data when Postgres is uninstalled. People would be pissed if they tried to switch from Ubuntu's packaged version to somebody else's Postgres repo, and Ubuntu deleted all their data when their Postgres was removed.
Linux has the functionality to do this via stuff like fanotify or kernel extensions like selinux. I don't believe this is an issue of "can't be done", I think it's an issue of "distro maintainers do a pretty good job and selinux is clunky". Windows and MacOS might as well; I don't know enough to say either way.
I think Windows has a particularly hard job here because of the proliferation of proprietary binaries, where they can't audit the source code even if they wanted to. Most stuff in Linux repos is open source and can be audited, and I think (could be very wrong) Google Play and the App Store expect to be provided with source code so they can do their own build.
Use geek uninstaller on windows, it nukes it.
What does it matter what they say. There are no consequences to lying, so the only correct move is to assume they are.
Also, you can't claim you didn't violate your customer's NDA because Adobe said something in a blog post. It's the legal agreement that matters most in court.
Then they should update their ToS to clearly state that.
1. Update ToS to give yourself expansive new capabilities
2. Publically state that you're not abusing those capabilities (in the present tense of course) to bury the story
3. In a year quietly turn it on in the backend with no public fuss. Preferably in a confusing incremental way so no one step feels too far and nobody with less than superhuman patience can keep track
Microsoft has gone through their version of the path before and will do it again with Recall. In a decade you will technically be able to disable cloud-recall, only on business windows versions, by editing a registry key every 24h.
this is the way of modern public relations that can precisely measure outrage to each story by monitoring social media. If enough people/reputation backlash, rollback, otherwise push forward quietly towards maximum profits
This. Actions speak louder than words and right now the actions are a free license to do whatever they want with your work.
actually those are the words. the actions are they haven't done that.
that said, they are completely untrustworthy.
No, they claim they haven't done that. Also the ToS words are legally binding, some "promise" they made as part of a PR reaction is not.
That's not how it works. A company can not just claim things (as part of PR reaction or otherwise) and have it mean nothing legally, just because it isn't part of their ToS.
> A company can no just claim things and have it mean nothing legally
They can because that statement isn't binding and it's very interpretable.
> Adobe does NOT train any GenAI models on customer’s content
Today? Right as the tweet was being posted? That he knows of? They train non-GenAI models? Opinions are his own? He's not an authoritative source? It's not "customer content" if you gave them full rights on it?
We have evidence of tweets not counting much in a court, particularly if there are deep pockets behind them. So no, unless it's a legally binding document (and even then I have my doubts, deep pockets run deep) it's literally just words.
> They can because that statement isn't binding[...]
What do you mean? In the EU and the US, there is no law that allows you to say things, and then do other things, and be protected from having the difference mean something in court of law. A court can very well decide that what you provably said/wrote/claimed is legally pertinent, without it being part of any ToS.
Which I assume you understand, hence I am very confused about the confusion here.
If what you really mean is "nobody would care enough to take them to court", that's a different and somewhat ironic point, because if nobody takes legal action, it would not matter anyway where the violation occurs.
Any statement can be deemed legally binding by a court, which is the authority concerned with questions of legality. If you think in this specific case this would not apply, it is at least completely unclear, why.
They definitely can and they do, the only question is whether they will get caught or not. Folks at Volkswagen, Enron, Theranos, etc. probably thought they would never get caught.
They can not do it, and have it mean nothing legally, by their discretion, just because it's not part of their ToS, is my statement in spirit. Violation of ToS is not a requirement for violating the law.
So if they can't do it, how come they did? If push comes to shove what is worth more in court?
I mean you are correct in that public statements are not worth nothing, but Adobe customers would be incredibly naive if they took this as a guarantee that their data is safe with Adobe. In doubt their ToS are the real test. If they won't use, or didn't plan to use their users data in such way: Why did they add that to their ToS? And if they now say they won't don't do that why keep it in their ToS and push people away for whom that is an issue?
Adobe could have been the trusty software publisher whoose products you rely on blindly, yet on many occasions they have shown that this trust is worth next to nothing to them. For once they could do a thing that build trust instead of acting like a drug dealer, but yeah. Monopolism.
I did not claim that they can't do it.
Granted. However I didn't claim that them writing one thing in their ToS and another thing on twitter was a bulletproof legal strategy. I didn't even say it was a sound legal strategy. What I said is, that Adobe customers cannot trust them not to do it purely based on the fact that their ToS say one thing and some employee on twitter says something else. If anything that would leave their customers with some reasonable doubt until they clarify that ToS section.
> the actions are they haven't done that
Are you able to prove or at least provide a convincing reason for that statement?
Previously Adobe users are outraged over vague new policy's AI implications [1] (49 points, 1 day ago 21 comments) Adobe responds to vocal uproar over new Terms of Service language [0] (24 points, 3 days ago)
The default save location to creative cloud is very sus
Drove me crazy that the option to save locally kept resetting back to cloud.
This and all the CC bloatware is why I switched to Affinity.
Tell me that something is malicous without telling me.
Fact, that you cannot use their software legally offline is enough for me to not trust them.
Sure, buddy corpo, we can trust you.
They want to talk with me about my adblocker but I don’t have one. Orion is a zero telemetry browser.
dear Slate. I swear that I closed the tab and did not read anything behind your weneedtotalkaboutyouradblocker popup, scout’s honor. And I am not going to read the comments either
Big Tech promises are without meaning.
And I believe them.
Because whenever there is an uproar it makes sense to wait for things to settle down and then start training on your images.
Wolf swears it's vegan
what is the proof?
How does one prove they did NOT do something?
The problem is more what they will do rather than what they have done¹. So to rephrase your question: “How does one prove they WILL NOT do something?”
The answer is that we can never be sure, but Adobe could increase trust in their statements by making them binding in some way. E.g. By making a legally-binding promise, one opens themselves to legal repercussions when breaking that promise, thus they are less likely do to so².
¹ Yes, Adobe is a shady company with a history of bad behaviour, but the context for the current outrage is the new terms of service.
² Yes, there’s nuance, but that’s not important for a hypothetical.
They could very easily modify the agreement to say something like "your content will never be used to train AI."
I'm sure they'll add that quickly to end the uproar.
(No they won't.)
External audits?
Yeah? How about put it in writing with the CEO signature?