From a message in MacOSRumors <http://rumors.netexpress.net/> (I have not independently verified this)

--- Begin quote --- Internet Explorer 4.0 ships with major security hole.... With the Microsoft Internet Explorer 4.0 for Windows release only hours old, users have already discovered a major security hole that smacks painfully of Big Brother: Most folks will remember the Netscape java bug that allowed you to snoop on what people where visiting. Well IE4.0 goes a bit further than this - Logging of your actions, even when you would otherwise be shielded by proxies is BUILT-IN. The channel definition format (.CDF) http://www.microsoft.com/standards/cdf-f.htm includes a LOGTARGET feature that allows a web site provider to make your browser deliver logs of your usage via an http post or put. Even hits from cache are logged. This is all not so good and getting worse. Not only is the information posted material, you wouldn't want to give to a provider, (considering) "http post/put" is normally spoofable anyway. Unanswered question for next time - or for folks with more time than me to follow up Can you put other sites in your channel definition and get logs of when they read your competitor's site (with this system)? Definitely not confidence-inspiring. It appears the Mac version is affected by this same problem, as well...and neither platform has any means of disabling this "feature" at present. --- [Internet Explorer 4.0 has not yet been released for the Macintosh platform.] Martin Minow minow@apple.com