If I had experience with Netscape plugins and spare time, I'd try it myself. But here's my proposed solution. A plugin in Netscape intercepts all requests, encrypt the URL with a pubkey algorithm, encode the string base64, send it as GET input to a proxy server. The proxy server decodes and decrypts the URL, gets the requested page, and returns it. This beats out URL-based filtering. Still need to figure out the specifics of key-exchange. If we use 40-bit encryption, it's exportable, and it still works in our threat model (ie. we don't care if the watchers figure out the URL a few hours later). To beat out dropping packets with unacceptable pattern in them, we could use an SSL-based server as the proxy. The plugin could even have a nice little on/off switch and a list list of available proxies. mark -- [] Mark Rogaski || "Computers save time like kudzu [] [] wendigo@pobox.com || prevents soil erosion." [] [] http://www.pobox.com/~wendigo/ || - afcasta@texas.net [] [] >> finger for PGP pubkey << || []