The Communications Week issue of September 25 1995 contains an interesting interview with Netscape Chairman Jim Clark in which he outlines the future that he envisions for his company. The interview also contains a passage discussing the Netscape browser software that I find somewhat disturbing. Many cypherpunk list members are concerned with the general issue of electronic privacy and with the programming of WWW browsers, so I think this post is relevant to the list. Clark's apparent attitude toward privacy makes me uneasy. Begin excerpt Comm Week: How do you track usage? Clark: We have worked out schemes to tell us when you use our program and for how long you use it. That capability is easy to add. We can tell each and every time you turn it on and we can tell whether you have paid for it or not. We were getting 10 million hits a day at our Web site. It has doubled since our IPO. End excerpt I personally oppose the collection of this type of behavioral tracking information without my explicit consent, and I would reconsider using software which implements the type of tracking Clark mentions above. Note, Clark's reply is ambiguous because it does not indicate if the `schemes' have been implemented or deployed at this time. Some list member associated with Netscape may wish to clarify Clark's comments. It is true that a user automatically contacts the Netscape Web cite when starting the browser if he or she has not reset the default home page. I reset my home page long ago, but I do not know if the Netscape site is still contacted anyway. Nor do I know if Netscape is contacted when I quit the browser, or if elapsed usage time is tracked. The future Clark posits for his corporation depends on people adopting Netscape software for a wide variety of tasks. He wants the browser to evolve toward being a general multimedia web browser, mail handler, newsreader, and collaboration tool. Such a tool would handle large amounts of private and/or proprietary information and the creator of such a tool must be extremely sensitive to privacy concerns in my opinion. Collecting and relaying information about usage is potentially a significant violation of the privacy users will expect. Certainly, it is tempting to gather information for marketing purposes and other reasons. For example, some browser company unconcerned about privacy might program its browser to regularly transmit information about bookmarks and histories to a database site for analysis and data-mining. But ignoring privacy concerns risks invoking the fervent ill-will of many users. Perhaps I am over-reacting to Clark's comments. Even if I am over-reacting, Netscape should consider developing a statement of its privacy policy and making it available at its web site. It is not easy to craft clear, concise and general privacy guidelines. Below are two crudely crafted suggestions for properties that should be satisfied by a browser. 1) Information about browser usage will never be collected and/or transmitted surreptitiously to any other agent on the net. 2) Transfer of information should be done openly with the explicit initiation/agreement of the browser user. Note, currently the Netscape browser (and other browsers) apparently transmit identification information such as the browser type, version number, and machine name when making a connection. The browser user should probably be told about this information in my opinion. Chris Smyth csmyth@blaze.cs.jhu.edu