Adobe wrote to my hosts file. I've never had an app do this before

4/3/2026 at 12:52:00 PM

Redditor thenickdude commented:

> I found that in my hosts file the other day too, and I investigated to find why they're doing it at all.

> They're using this to detect if you have Creative Cloud already installed when you visit on their website.

> When you visit https://www.adobe.com/home, they load this image using JavaScript: https://detect-ccd.creativecloud.adobe.com/cc.png

> If the DNS entry in your hosts file is present, your browser will therefore connect to their server, so they know you have Creative Cloud installed, otherwise the load fails, which they detect.

> They used to just hit http://localhost:<various ports>/cc.png which connected to your Creative Cloud app directly, but then Chrome started blocking Local Network Access, so they had to do this hosts file hack instead.

by jt2190

4/3/2026 at 1:09:45 PM

This is clever in a way, but I wonder what the review process looks like on that team (I say that team because my experience at Adobe was that the company is very heterogeneous).

by tdeck

4/3/2026 at 3:09:05 PM

They’re still completely heterogeneous in my experience as someone who works with each of their teams. It’s like talking to completely different companies who have little idea what the others are doing.

by dagmx

4/4/2026 at 8:32:55 AM

It's because Adobe grew through acquisitions and they have a philosophy of "let teams keep working in the way that works for them".

by tdeck

4/3/2026 at 5:35:08 PM

Novel. A similar approach could be taken by other SaaS tools to comply with age verificaiton laws. Just write an entry to the client's hosts file that points to a subdomain corresponding to a particular birth year. Simple enough for legislative representatives to understand.

/s

by evanjrowley

4/3/2026 at 3:13:33 PM

The underlying intent here (figure out if it's an existing customer of our locally installed apps when they visit our website) doesn't seem bad, but I certainly dislike both the hosts file and localhost detection options.

I'm curious if there's a "good" way to do this.

by michaelbuckbee

4/3/2026 at 3:38:23 PM

I dislike the intent too. A website should simply not be able to see which apps I've got installed. Imagine Facebook doing stuff like this in order to know what ads they should serve.

by ssdspoimdsjvv

4/3/2026 at 5:37:56 PM

Fairly certain they already do, atleast on mobile.

by porridgeraisin

4/3/2026 at 3:53:46 PM

Just do it by asking users to log in. Am I missing something here ?

by 10729287

4/3/2026 at 4:54:28 PM

No that seems like the reasonable expectation to me too.

by johntash

4/3/2026 at 4:52:58 PM

Next they'll be installing a font like TeamViewer did... https://community.teamviewer.com/English/discussion/124507/s...

by ZoneZealot

4/3/2026 at 11:10:40 AM

This is the kind of thing that erodes trust slowly. Most users will never notice, and that's exactly the point. Would be interesting to know if this is documented anywhere in Adobe's ToS or if it's purely undisclosed behavior.

by aisignaldev

4/3/2026 at 12:47:55 PM

The same Adobe that is squatting my /documents folder on my Mac ?

by 10729287

4/3/2026 at 12:09:20 PM

How is Adobe modifying a system file at all? Does Adobe run a background process with root privileges?

by curt15

4/3/2026 at 7:24:09 PM

Yup. Just checked. Right now I have "com.adobe.acc.installer.v2" running as root on two threads. The other 3 background processes (at least those with adobe in the name) are under the user. The whole stack is using like 75mb ram at all times. You kill the process they restart. You delete the files from your launchd, open adobe software they come back.

by asdff

4/3/2026 at 12:30:00 PM

AGMServices it's optional but gets shoe horned at install time.

by BoredPositron

4/3/2026 at 4:10:23 PM

Even then, the installer itself has administrative access already, should they choose to do it then.

by colejohnson66

4/3/2026 at 2:19:50 PM

[dupe] https://news.ycombinator.com/item?id=47617463

by ChrisArchitect

4/3/2026 at 3:47:28 PM

Ddev does this too, to set up local domains when you’re offline. Asks for permission at least.

by makeitrain

4/5/2026 at 1:46:52 PM

Apparently it's using a rooted background process installed at software installation time.

This whole practice needs to be exposed since it essentially gives any piece of software complete control over the machine simply because the user was supposedly asked to "temporarily" provide admin/root access to the installer in order to install some app.

But in addition to that, it also installed a rooted background process that essentially grants them access to read/write anything on the machine, forever.

by sapiosenses

4/3/2026 at 6:58:06 PM

Sounds like a job for chattr +i, though who knows what will happen someday if a macOS installer script tries to modify it.

by altairprime

4/4/2026 at 1:42:20 PM

Well, Tailscale does this during install on Windows :-))

by KellyCriterion

4/3/2026 at 3:46:48 PM

[dead]

by scottburgess33