Netscape and privacy
The Communications Week issue of September 25 1995 contains an interesting interview with Netscape Chairman Jim Clark in which he outlines the future that he envisions for his company. The interview also contains a passage discussing the Netscape browser software that I find somewhat disturbing. Many cypherpunk list members are concerned with the general issue of electronic privacy and with the programming of WWW browsers, so I think this post is relevant to the list. Clark's apparent attitude toward privacy makes me uneasy. Begin excerpt Comm Week: How do you track usage? Clark: We have worked out schemes to tell us when you use our program and for how long you use it. That capability is easy to add. We can tell each and every time you turn it on and we can tell whether you have paid for it or not. We were getting 10 million hits a day at our Web site. It has doubled since our IPO. End excerpt I personally oppose the collection of this type of behavioral tracking information without my explicit consent, and I would reconsider using software which implements the type of tracking Clark mentions above. Note, Clark's reply is ambiguous because it does not indicate if the `schemes' have been implemented or deployed at this time. Some list member associated with Netscape may wish to clarify Clark's comments. It is true that a user automatically contacts the Netscape Web cite when starting the browser if he or she has not reset the default home page. I reset my home page long ago, but I do not know if the Netscape site is still contacted anyway. Nor do I know if Netscape is contacted when I quit the browser, or if elapsed usage time is tracked. The future Clark posits for his corporation depends on people adopting Netscape software for a wide variety of tasks. He wants the browser to evolve toward being a general multimedia web browser, mail handler, newsreader, and collaboration tool. Such a tool would handle large amounts of private and/or proprietary information and the creator of such a tool must be extremely sensitive to privacy concerns in my opinion. Collecting and relaying information about usage is potentially a significant violation of the privacy users will expect. Certainly, it is tempting to gather information for marketing purposes and other reasons. For example, some browser company unconcerned about privacy might program its browser to regularly transmit information about bookmarks and histories to a database site for analysis and data-mining. But ignoring privacy concerns risks invoking the fervent ill-will of many users. Perhaps I am over-reacting to Clark's comments. Even if I am over-reacting, Netscape should consider developing a statement of its privacy policy and making it available at its web site. It is not easy to craft clear, concise and general privacy guidelines. Below are two crudely crafted suggestions for properties that should be satisfied by a browser. 1) Information about browser usage will never be collected and/or transmitted surreptitiously to any other agent on the net. 2) Transfer of information should be done openly with the explicit initiation/agreement of the browser user. Note, currently the Netscape browser (and other browsers) apparently transmit identification information such as the browser type, version number, and machine name when making a connection. The browser user should probably be told about this information in my opinion. Chris Smyth csmyth@blaze.cs.jhu.edu
csmyth@blaze.cs.jhu.edu (Chris Smyth) wrote:
I personally oppose the collection of this type of behavioral tracking information without my explicit consent, and I would reconsider using software which implements the type of tracking Clark mentions above. Note, Clark's reply is ambiguous because it does not indicate if the `schemes' have been implemented or deployed at this time. Some list member associated with Netscape may wish to clarify Clark's comments.
It is true that a user automatically contacts the Netscape Web cite when starting the browser if he or she has not reset the default home page. I reset my home page long ago, but I do not know if the Netscape site is still contacted anyway. Nor do I know if Netscape is contacted when I quit the browser, or if elapsed usage time is tracked.
The Navigator doesn't make any special connections nor perform any data collection on the client-side. In fact, most of the engineers here would quit long before we would provide information without consent. That was the reason for removing the mail address from the HTTP header years ago...it is very easy to track what the Navigator sends out by simply setting up a proxy/firewall... Netscape (the company) does attempt to track users through their contacts with our homepage...Needless to say, this is a common practice. We track hits, IP addresses, and attempt to use cookies to determine unique users...We sell advertising based on estimates of hits/etc...if you never hit our site, you are never counted... even if you do hit our site, no information (other than IP address) is ever known... -Jon
Michael Froomkin (froomkin@law.miami.edu) wrote: : With all respect to you and to Netscape (I am one who thinks that the : Netscape participation on this list has reflected very well on the : participants and the company), I think that the reply "we only collect IP : addresses" is not fully responsive to the issue. While I recognize that : there are implementations that assign a new IP address to every login, I : understand the current norm to be static IP addresses. I sure have one. : Thus, if you keep a file of my IP address, and a fact about that address, : you have a database that can be purchased and correllated with another DB, : which links IP to somehting else, eg telephone numbers (perhaps from a : contest run on the internet?). Pretty soon we are at serious : profiling.... Well, I'm the one who wrote the server extension in question; I will describe exactly how it works. Let me start off by saying that it does not work by IP address, and I would not have implemented anything I thought was violating privacy. Originally, the program was called a bean counter. Why? Because there is exactly one file kept on the server: a file with a number in it. This number is the total number of "cookies" given out. When a client connects to www.netscape.com, the server checks to see if the client sent a cookie with the request. This cookie has no information in it, and even if it did, the server doesn't look at it. If the client sent a cookie, the server simply goes on to the next task in completing the request. If it does not send a cookie, the extension increments the counter, and sends the cookie back to the client. The client records the cookie and sends it in the future when it is connecting to the server. So all it does is count the number of "unique" browser installations there are. That's all. The very most information you could get from this is that "this particular browser has connected to netscape.com once in the past." Of course this method isn't foolproof, but it gives us a ballpark figure of how many people are using our browser, which is all we wanted. I hope this clears things up. --MLM -- Mike McCool * mlm@netscape.com * http://www.netscape.com/people/mlm/
With all respect to you and to Netscape (I am one who thinks that the Netscape participation on this list has reflected very well on the participants and the company), I think that the reply "we only collect IP addresses" is not fully responsive to the issue. While I recognize that there are implementations that assign a new IP address to every login, I understand the current norm to be static IP addresses. I sure have one. Thus, if you keep a file of my IP address, and a fact about that address, you have a database that can be purchased and correllated with another DB, which links IP to somehting else, eg telephone numbers (perhaps from a contest run on the internet?). Pretty soon we are at serious profiling.... **** PLEASE NOTE NEW E-MAIL ADDRESS: froomkin@law.miami.edu ********* A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | New address, but it's still just as hot here.
In article <9509290026.AA08282@toad.com>, csmyth@blaze.cs.jhu.edu (Chris Smyth) writes:
It is true that a user automatically contacts the Netscape Web cite when starting the browser if he or she has not reset the default home page. I reset my home page long ago, but I do not know if the Netscape site is still contacted anyway. Nor do I know if Netscape is contacted when I quit the browser, or if elapsed usage time is tracked.
We are counting unique installations of netscape. We have no way of mapping that information to a user name. We don't save any information about you when you contact our web site. The Navigator doesn't make connections to our site behind your back.
The future Clark posits for his corporation depends on people adopting Netscape software for a wide variety of tasks. He wants the browser to evolve toward being a general multimedia web browser, mail handler, newsreader, and collaboration tool. Such a tool would handle large amounts of private and/or proprietary information and the creator of such a tool must be extremely sensitive to privacy concerns in my opinion. Collecting and relaying information about usage is potentially a significant violation of the privacy users will expect.
We are very sensitive to privacy concerns. A bunch of folks now working here revolted against an effort to track keystrokes and mouse clicks in Mosaic while they were at NCSA. One of those folks was marca himself. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (5)
-
csmyth@blaze.cs.jhu.edu -
Jon Mittelhauser -
jsw@neon.netscape.com -
Michael Froomkin -
mlm@netscape.com