1

Do PDF files have the ability to ping a remote server such that the remote server will know that I opened the PDF file? If so, how do I stop that? I am using the Evince PDF reader on my computer that is running the Ubuntu operating system. I am concerned about the privacy implications if PDF files are able to contact other computers.

Flux
  • 683
  • 1
  • 6
  • 12
  • PDF files are no directly executable code, so they also don't make network requests themselves. It depends on what the PDF viewer does when you open the file - and some can be used to phone home. Details in [Detecting and preventing 'phone home' behavior in PDF files](https://security.stackexchange.com/questions/76398/detecting-and-preventing-phone-home-behavior-in-pdf-files). As for evince - it currently does not support Javascript and thus is probably sufficiently safe (except for normal security issues which happend in the past already). – Steffen Ullrich Oct 15 '22 at 15:46
  • Are you asking about PDFs or PDF readers? Those are 2 very different topics. – schroeder Oct 15 '22 at 16:03
  • Does this answer your question? [Detecting and preventing 'phone home' behavior in PDF files](https://security.stackexchange.com/questions/76398/detecting-and-preventing-phone-home-behavior-in-pdf-files) – mentallurg Oct 15 '22 at 23:20

1 Answers1

2

Yes. It's possible for a pdf to link to resources on the internet or include javascript that would interact with a remote server.

It's possible that Evince doesn't support such "features", though.

The easiest solution would be to confine evince so that it is unable to talk to other servers.

For example you can use firejail --noprofile --net=none evince to run evince with no access to the network. However, doing this every time is prone to error.

A better solution would be to do that using apparmor.¹ The evince package in Ubuntu² comes with an AppArmor profile for evince. However, it allows network connections:

  # TCP/UDP network access for NFS
  network inet  stream,
  network inet6 stream,
  network inet  dgram,
  network inet6 dgram,

You can undo that by creating a /etc/apparmor.d/local/usr.bin.evince file containing:

  deny network inet  stream,
  deny network inet6 stream,
  deny network inet  dgram,
  deny network inet6 dgram,

and reloading the profile. Easiest way is to do sudo systemctl reload apparmor.service which will reload all profiles. Afterwards, the next time you open evince it should have no access to the network.

¹ You probably have AppArmor enabled already, check with apparmor_status

² evince 42.1-3 in jammy (22.04LTS)

Ángel
  • 18,188
  • 3
  • 26
  • 63