When most people think of the phrase “phoning home” they probably reminisce about the titular character of Stephen Spielberg’s critically acclaimed E.T.; when we think about the phrase “phoning home” we most likely feel like we’re being spied on. In our ever-expanding world of cloud-based plugins, phoning home has become a more common occurrence for producers and engineers alike, but in an industry that the internet has both emboldened and destabilized, trust for things happening in your studio from outside its walls is scarce.
Something that should generally never have to phone home is PACE’s iLok technology. Initially created to prevent piracy in the Napster age, the debut of the iLok allowed engineers to have access to their digital rig wherever they were and quickly became the industry standard for dongle based authentication. From its debut in 2000, the key value proposition of an iLok has been that once authorized, it is your physical, or at least local, key to your purchases that you can take with you anywhere.
With the introduction of the iLok License Manager in 2013 users have been able to manage all of their licenses within a cloud-based interface via their desktop, marking the ﬁrst time an iLok required an active internet connection for anything other than initial authorization. Aside from gathering all of your licenses from iLok’s Amazon S3 servers, the now mandatory License Manager has apparently been phoning somewhere other than a PACE owned “home.” Which begs the question, “why is your iLok phoning home to an Ad Network?”
This question arose when Reddit user ﬁfteentabsopen came across a ping on his system from popular network monitoring software Little Snitch which allows users to create their own logic-based ﬁrewalls to ensure privacy and anonymity (You can visit this Reddit thread here). The notiﬁcation from Little Snitch registered that iLok was trying to contact “content.newsinc.com” which links back to programmatic ad tracking company Inform, Inc. which focuses on native ad networks. The Reddit post, which includes the image above, quickly stirred controversy within the audioengineering subreddit and sparked other users to contact PACE to ﬁnd
out what was happening. User Raspberries-are-Evil received the following answer from an iLok.com technical support employee.
We have already been notiﬁed of this Reddit thread. We do not send data to an ad tracking company and we are not selling your data. That is iLok License Manager checking in with Amazon’s secure cloud storage to see if there are updated graphics for your products. The graphics are the images displayed in iLok License Manager when you show the additional information of a license. For reference, you can visit this URL that shows that newsinc is actually Amazon: http:// newsinc.com.ipaddress.com/
Best Regards, Jon Marshall iLok.com Technical Support
This answer only brought more questions because of an ofﬁcial response Steven Slate, founder of Slate Digital, received from PACE in which Mr.Slate stated:
PACE just ofﬁcially conﬁrmed they don’t use any tracking servers. A publisher who uses PACE for their product protection could technically connect to something but that would be pretty difﬁcult and rare, and I doubt it would be the case.
Which was then followed up by another separate statement Slate posted directly from PACE pictured in the photo below.
If PACE’s statement is to be believed, and there is no reason for it not to be, the iLok technology contains a backdoor within its authentication process that programmers could exploit within their own software to phone home to wherever they would. In the case that certain publishers are really tracking your plugin usage to serve you a more tailored ad experience it apparently wouldn’t be easy or common according to PACE. The level of programming knowledge to do this within PACE’s patented system would be “pretty difﬁcult and rare.” Outside of the upside of spying on your customers, phoning
home to serve ads would be an unnecessary juncture for any company to use the resources of PACE.
So iLok away, you’re safe from Skynet for now.