[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Netscape inside scoop on "Smart Browsing"





--- begin forwarded text


X-Authentication-Warning: tarnhelm.blu.org: majordom set sender to
[email protected] using -f
From: [email protected]
To: <[email protected]>
Subject: Netscape inside scoop on "Smart Browsing"
Date: Thu, 5 Nov 1998 06:00:21 -0500
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Importance: Normal
Sender: [email protected]
Precedence: bulk
Reply-To: [email protected]

> * IS SMART BROWSING REALLY SO SMART?
> (contributed by Mark Joseph Edwards, http://www.ntsecurity.net)
> Many of you are aware of Netscape's new versions of its Navigator Web
> browser. But do you also know that, starting with version 4.06, the
> product's Smart Browsing feature can report to Netscape every Web page
> you visit, including addresses to private sites on your internal
> network? And are you aware that when you download a secure version of
> Netscape's browser, the process places a cookie on your system that can
> match your name and address to your Web surfing habits? Matt Curtin,
> Gary Ellison, and Doug Monroe of Interhack published a report that
> outlines the details. Netscape's What's Related? browser feature (a
> technology provided by Alexa Internet) seems to be the cause of this
> potential invasion of privacy. For those who don't know, the What's
> Related? feature delivers a list of URLs associated with the Web page
> you're visiting. The feature does this by automatically appending the
> URL of the page you're visiting to the end of another URL and sending
> it to a server at Netscape. For example, if you visit my Web site
> (http://www.ntsecurity.net), the URL that Netscape receives is
> http://www-rl4.netscape.com/wtgn?www.ntsecurity.net. And when Netscape
> uses this URL to return a list of URLs for related sites, the URLs
> aren't directly linked-they go through Netscape, telling Netscape which
> site, if any, you chose from the list. The related URLs link to
> http://info.netscape.com, which forwards you to the intended
> destination. The link URLs look like this:
> http://info.netscape.com/fwd/rl/http://www.ntshop.net:80/.
>   The report states that the group isn't accusing anyone of malice, and
> clearly points out that even the best-intended systems can have
> undesirable consequences. The real bone to pick here is the lack of
> disclosure to potential users of the Smart Browsing technology, and
> lack of a statement about the intended storage and use of private
> browsing information collected from unsuspecting Netscape users.
> According to the report, the feature enables by default, and no
> documentation on the feature existed until the report became public. I
> don't know about you, but if I bought a new Corvette from General
> Motors (GM), and the Corvette reported to GM every place I went, I'd
> expect GM to tell me up front. Otherwise, I'd feel deceived and taken
> advantage of. But then again, maybe I'm being paranoid when I assume
> that private actions should remain private.
>   http://www.interhack.net/pubs/whatsrelated/
>   http://home.netscape.com/escapes/related/faq.html
>

Rick Desautels
Sr. Systems Engineer
Rival Computer Solutions
[email protected]


--
To unsubscribe from this list, send mail to [email protected]
with the following text in the *body* (*not* the subject line) of the letter:
unsubscribe isig

--- end forwarded text


-----------------
Robert A. Hettinga <mailto: [email protected]>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'