Does Adobe Acrobat Reader DC upload opened PDF files?

Question

I'm wondering if Adobe Reader DC uploads all the PDF files it opens to the Adobe Cloud, even if you have not signed up for the cloud. I am not a fan of Adobe and generally do not install Adobe products on my computers if I can avoid it. Unfortunately I have to fill out a PDF form that only really works properly with Adobe Reader DC.

I've installed Adobe Reader DC and noticed with Wireshark that it is doing "something", despite the fact that I've not logged into their cloud service and made an effort to disable their auto-update auto-reporting auto-spying on me services.

Does Adobe Reader DC upload PDF files to their cloud when it it used out of the box, with no Adobe account?

---

Update

I didn't save the original Wireshark capture. At the moment I'm not seeing much more than an ACK. The output from lsof -iTCP looks like this:

COMMAND   PID    USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
RdrCEF  10150       x   43u  IPv4 0xaaaaaaaaaaaaaaaa      0t0  TCP 10.x.x.x:51620->ec2-34-227-124-173.compute-1.amazonaws.com:https (ESTABLISHED)
RdrCEF  10150       x   49u  IPv4 0xaaaaaaaaaaaaaaaa      0t0  TCP 10.x.x.x:51621->ec2-52-86-116-151.compute-1.amazonaws.com:https (ESTABLISHED)
RdrCEF  10150       x   50u  IPv4 0xaaaaaaaaaaaaaaaa      0t0  TCP 10.x.x.x:51622->ec2-52-86-116-151.compute-1.amazonaws.com:https (ESTABLISHED)
RdrCEF  10150       x   52u  IPv4 0xaaaaaaaaaaaaaaaa      0t0  TCP 10.x.x.x:51624->ec2-52-20-243-157.compute-1.amazonaws.com:https (ESTABLISHED)

If I click one of the services like "Convert", it opens a browser window showing me pricing information and a lot of encrypted data is sent back and forth.

Answer 1

I don't think it likely that Adobe is automatically uploading your PDF to their servers. Collecting all PDFs from all users would be a large about of data, without any visible financial gain. If you want to confirm that your documents are not getting uploaded I can suggest the following ways:

1. Create a local proxy server which uses an SSL certificate which you control. You should then be able to decrypt any traffic sent to Adobe's servers.
2. If the reader implements certificate pinning, or setting up a proxy is not possible, try opening another document, preferably much larger than the original. Make sure the document does not compress well. If the size of the encrypted data in your Wireshark trace increases significantly, then it's possible that your data is being uploaded.

If you don't want to worry about your data getting sent off to Adobe, consider either blocking it at the firewall level, or adding a hosts entry to sinkhole any of the domains specific to the traffic you want to block.