 
            --- begin forwarded text X-Authentication-Warning: tarnhelm.blu.org: majordom set sender to owner-isig@blu.org using -f From: rivalcs@ma.ultranet.com To: <isig@blu.org> Subject: Netscape inside scoop on "Smart Browsing" Date: Thu, 5 Nov 1998 06:00:21 -0500 MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-isig@blu.org Precedence: bulk Reply-To: isig@blu.org
* IS SMART BROWSING REALLY SO SMART? (contributed by Mark Joseph Edwards, http://www.ntsecurity.net) Many of you are aware of Netscape's new versions of its Navigator Web browser. But do you also know that, starting with version 4.06, the product's Smart Browsing feature can report to Netscape every Web page you visit, including addresses to private sites on your internal network? And are you aware that when you download a secure version of Netscape's browser, the process places a cookie on your system that can match your name and address to your Web surfing habits? Matt Curtin, Gary Ellison, and Doug Monroe of Interhack published a report that outlines the details. Netscape's What's Related? browser feature (a technology provided by Alexa Internet) seems to be the cause of this potential invasion of privacy. For those who don't know, the What's Related? feature delivers a list of URLs associated with the Web page you're visiting. The feature does this by automatically appending the URL of the page you're visiting to the end of another URL and sending it to a server at Netscape. For example, if you visit my Web site (http://www.ntsecurity.net), the URL that Netscape receives is http://www-rl4.netscape.com/wtgn?www.ntsecurity.net. And when Netscape uses this URL to return a list of URLs for related sites, the URLs aren't directly linked-they go through Netscape, telling Netscape which site, if any, you chose from the list. The related URLs link to http://info.netscape.com, which forwards you to the intended destination. The link URLs look like this: http://info.netscape.com/fwd/rl/http://www.ntshop.net:80/. The report states that the group isn't accusing anyone of malice, and clearly points out that even the best-intended systems can have undesirable consequences. The real bone to pick here is the lack of disclosure to potential users of the Smart Browsing technology, and lack of a statement about the intended storage and use of private browsing information collected from unsuspecting Netscape users. According to the report, the feature enables by default, and no documentation on the feature existed until the report became public. I don't know about you, but if I bought a new Corvette from General Motors (GM), and the Corvette reported to GM every place I went, I'd expect GM to tell me up front. Otherwise, I'd feel deceived and taken advantage of. But then again, maybe I'm being paranoid when I assume that private actions should remain private. http://www.interhack.net/pubs/whatsrelated/ http://home.netscape.com/escapes/related/faq.html
Rick Desautels Sr. Systems Engineer Rival Computer Solutions rivalcs@ma.ultranet.com -- To unsubscribe from this list, send mail to majordomo@blu.org with the following text in the *body* (*not* the subject line) of the letter: unsubscribe isig --- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'