[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Big Brother Netscape

Netscape's "what's related" is a backdoor for Netscape to monitor your surfing.

--forwarded text---------------------------------------------------------
>From "Flemming S. Johansen" <[email protected]> on [email protected]

Starting with version 4.06, the Netscape browser has a new "What's
Related?" button next to the Location: field. After having tried it
in the new 4.5, I am more than a little worried by the functionality
behind it.

Briefly, the user clicks on this button, and is presented with a
list of sites which are hopefully related to the page currently
on display, plus some ads for Netscape.

As far as I have been able to deduce (helped by a packet sniffer), this
works by opening a HTTP connection to www-rl.netscape.com and making a
query modelled on this template: GET /wtgn?CurrentURL/ HTTP/1.0, where
CurrentUrl is the URL of the page currently displayed.  The server
responds with a list of URLs it believe to be related. There are four
modes for this function, settable through preferences->navigator->smart

    - "Always" The browser always downloads the list of 'related'
      URLS, beginning while the page in question is loading.

    - "Never" The browser starts downloading the list of 'related'
      URLS when the user clicks on the 'What's related?' button.

    - "After first use" Automatically fetches the URL list for
      a page if the user has ever clicked the button for that

    - Completely disabled.

The default setting is "Always". So, the unsuspecting user who upgrades
to the latest Netscape will automatically and unknowingly begin sending
out a detailed log of pages viewed.

Netscapes privacy statement notwithstanding, I don't like the fact that
anyone is able to compile a list of every single web page I visit. I
don't like the fact that someone with a sniffer anywhere on the path
from here to netscape.com is able to do so either.  And the company I
work for is not too thrilled about the name of every single document on
our internal, not-for-public-viewing web server leaking out on the Net,
once our users begin installing this release on their PCs.

I would like to control this "feature" globally for my LAN, but as far
as I can see, there are only two ways of doing it: Fascist control of
Netscape preferences settings on every PC on my LAN, or block
www-rl.netscape.com in the firewall.

        Flemming S. Johansen
        [email protected]