Slashdot Mirror
IE "Persistence" Tracks Without Warning
A reader writes "Never mind if you've shut off cookies. If you are using IE 5+, the browser can still be used to track you, with no warning. An IE 5+ feature, "persistence", allows the browser to remember information, such as search queries. Which of course means that you can be uniquely identified and tracked. And since it is a feature, there is no warning either that this information is being stored or when it is given. Shutting off scripting in theory stops it.
More on the story at www.news.c om ."
yeah, its called "view source". read the source, decide if its worth the effort to figure out what they intend to do with scripting, then go from there.
the only good thing about jscript is that you can always view source. can't say the same with java ;-(
--
--
"It is now safe to switch off your computer."
From Microsoft: "The consumer that enables first-party cookies is even more exposed. This should only be an issue for someone who has disabled all cookies and is concerned about unique identification."
Translation: only people who care about their privacy care about their privacy. Gee whiz, mister, that makes it all okay!
it's good that that works and that it's that simple, but the fact remains that the vast majority of computer users never change the defaults on any of their applications. if something doesn't work quite the way the want it to, they don't bother poking around in the preferences to fix it. my father complains about the recent versions of microsoft word because of those "annoying red and green squiggly lines all over the place." i say "dad, you can get rid of those in two steps." he doesn't bother. with respect to something like this, where you can't even tell that it's happening, i would wager that next to no one (outside of those reading this forum) are going to do anything about it.
But you're right. Most people couldn't care less. They'll give up their rights for conveinence. But that doesn't mean I should have to.
You don't have too... feel free to unplug your computer.
DrLunch.com The site that tells you what's for lunch!
Just as an exmaple.... advaya.com is doing this through spam (or as they call it, direct mail marketing). And they sell this service to other companies. The spams contain "1x1 gifs" along with links that point to places you wouldn't normally think they would point at. Like this:
? b=4BF5Y7ESKTJH34789T5HTJKLGN489EI495T> hot magazines for 90 days for FREE </A>
g if?b=56HJTY90JKHHJGGIJ5476">
:P
Check out these <A href=3D"http://bigstar.ad6.net:8080/jsp/t/bigstar
It points to some server which records that you have clicked on this link, using that funky long string as your identifier. The string possibly holds some sort of demographic information.
There's also a 1x1 gif that comes with the spam...
<IMG src=3D"http://bigstar.ad6.net:8080/jsp/t/bigstar.
who knows what that does
i'll let you judge for yourself if this is evil or not. i just wanted to point out a specific exmaple of where its being used. bye
Mozilla will never take the market from IE, unless someone starts paying folks to use it. Most people don't give a rat's ass about features/loopholes/etc. like the one described in the story. What percentage of web users browse without using cookies? I don't know the answer to this, but I'd put money on it being a relatively small minority.
Hehehe... You definitely bring up a good point. But remember here that the major issue is that when people go to the local porn shop, they know the privacy issues involved. What we're talking about here is that people have no idea what privacy issues are involved when they launch their browser. Most people will think that everything they're doing is totally anonymous, when in fact it's not. It is the responsibility of the software provider to make sure the user knows the privacy issues involved. That is the whole point of this discussion... (Well, I'm pretty sure anyway).
I modded the Troll Investigation and I got
I use IE 5.1 and there is an option in the advanced tab called "Enable Page Hit Counting". Here is what the Help says about it (emphasis is mine):
Specifies whether you want Internet Explorer to allow Web sites to track your Web page usage. Selecting this check box allows sites to create a log on your computer of which pages you view, even when you are viewing Web pages offline. That log is sent to the site the next time you go to it. By tracking the usage and popularity of specific Web pages, content providers can tailor future content to match your interests.
Looks like this has been around a while as M$ fishes for the most innocuous name possible.
"I will gladly pay you today, sir, and eat up
Sacred cows make the best burgers.
fwiw, I've done plenty of dynamic gifs on my servers (for network management stuff) and I've never seen it become a major load.
--
--
"It is now safe to switch off your computer."
It should be possible to get rid of all the non-functional buttons by finding url's imbedded in the javascript.
"rollover" buttons should be detectable by the multiple images in the javascript.
And otherwise, try to pick out quoted strings and display them as text.
Please, allow me to save potential readers time and summarize what the other replies to the parent will be stating/have stated in one form or another:
"No.. YOU'RE WRONG. OK U mite be Rite dood... but M$ STILL SUX!!!!!!!!! F.U.!! M$ sSXuXSxuSux. It's SUXK! Why? Because M$ is SuKkY!!!!!!!"
That's about it, except in different words.
Bugs to the left, Hacks to the right. Kill all VB-script, Fight, Fight, Fight!
Too many sites are using scripting in a way that makes it impossible to use the site with (java)-scripting turned off. Many 'submit' buttons actually invoke simple javascript-functions that check values and then submit your form.
Lately, I tried to turn off java-script in IE, but then turned it on within a few days again, after wondering why so many buttons and links didn't work. First thought my connection was just crap, but it wasn't...
So, if turning off scripting is not an option for you (as it is for many people), what can you do against this?
Every expression is true, for a given value of 'true'
My IE 5.5 special security edition beta or whatever it's called (the cookie-cutter one they released a few weeks ago) has this option.
--
Why didn't they place the controls for such a device in a more obvious location?
Yeah, I know! Who'd have ever thought to look under SECURITY SETTINGS for something like that?! Geez! What we're they thinking?!
(cough)
-- Dr. Eldarion --
The 1x1 gif confirms that your email address is active and that you viewed the email. Another strong argument for text based email readers, I'm afraid. I really home that both KDE and Gnome are taking this into account when they create their funky new email clients with the ability to read HTML content.
Matt. Want XML + Apache + Stylesheets? Get AxKit.
my local bookshop gets payed in cash. all they know is that some long-haired annoying geek sometimes buy porn. but since this isn't strange they won't remeber that either. they don't know where I live, what other stores I've recently visted, and what my favourite food is. even if they knew my name, they wouldn't be allowed to sell it. I would like the same anonymity on the net.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Agree with you partially - I think only source code should be copyrightable. Copyrights are intended to protect ideas, not a side effect of those ideas.
There's an interesting loophole in having binary files protected by copyrights: one could write a program that analyses an executable file, identifying all functions and respective calls. This software would then scramble the code, changing the position of the functions and fixing the calls accordingly. Would this be a copyright violation? To characterize a copyright violation should both files be absolutely identical, or would a certain sequence of identical bytes constitute a violation? If the latter, what about libraries -- a binary compiled with a certain library would make all subsequent programs linked with the same library illegal?
Yes, by all means, let's dump the best browser around because people can't dig a coupla dialogs to disable a convenience feature. People who haven't found that option or didn't care to turn it off, are mostly the same people that feature was designed for. This is not an MS bug; it's a double standard.
Sarkazmo is the assumed identity of a long-time
Neah... they're just feeding the Christians to the lions so to speak. How newsworthy is a bug in Mozilla? Half the people will repeat the many-eyes, shallow bugs thing all over again and then the page views would die down. Besides, the Slashdot Queue would have nothing else.
/.ers I meant.
Of course, they (that conglomerator of OSS sites, Andover.Net Inc) would much rather throw a beefy, meaty Microsoft bug at the starving flamers, err...
I mean you have to go *three* dialogs down to turn that feature off! Unbelievable! If RMS had designed IE, there would have been an option right there in ~/.ierc! Of course it would have been tab-sensitive and in ~/.ierc's unique little syntax, but you could definitely find it with a good man page and a text editor...
Double standards; not just for Redmond any more.
The current CVS version of KMail (for the upcoming KDE 2.0) has 'view as HTML' as a per-folder setting, and the default is off. The idea is that you create a folder with HTML enabled and a rule that moves email from trusted HTML-mail senders into that folder when you get new email. Its a pretty neat feature.
Persistence is futile! - You will be Mozillinated! ;)
"How much truth can advertising buy?" - iNsuRge - AK47
"How much truth can advertising buy?" - iNsuRge - AK47
It is not as easy as you think. The IE ActiveX control is pretty much built into the OS. This makes it pretty much a given that anyone who wants to render HTML in their app is going to be using IE. We aren't necessarily talking obvious browser apps, either. It is very, very likely that you are using IE at times and not even knowing it.
The cake is a pie
The capability, described as a "feature" by Microsoft, came to light on the BugTraq mailing list three days ago after an angry user revealed that his copy of IE 5.1 had phoned his wife to tell her about his subscription to hotmonkeylovin.com.
"This is a perfectly standard feature of any web browser," said a Microsoft spokesman. "As with all aspects of life on the internet, there is a tradeoff here between a very valuable capability and a vanishingly small, almost theoretical loss of privacy."
Free Software Foundation guru Richard M. Stallman was unavailable for comment. A source close to the programmer said that Stallman was "busy reformatting his Windows partition."
Carousel is a lie!
> > "This feature has a trade-off, like almost every other feature on the Web--in this case, between functionality and a minor, potential privacy exposure," said Michael Wallent, product unit manager for IE at Microsoft. "The consumer that enables first-party cookies is even more exposed. This should only be an issue for someone who has disabled all cookies and is concerned about unique identification."
<babblefish>Unless you find all the other security problems we built into IE, there's not much reason to worry about this one. If you use IE, they're going to get the information, one way or another.</babblefish>
--
Sheesh, evil *and* a jerk. -- Jade
While I agree, I think you're expecting too much from Microsoft's documentation group. They have different -- and Annoying(tm) -- ideas about what should go in a help system. Let me say up front that I neither agree or misunderstand why they dumb-down the docs -- we aren't thier main clients!
It's like an anti-man-page attitude; say How to do something not What something is or Why it is valuable. Much of the help provided is along the lines of "Print prints somethig to a printer" or worse "This button prints". In context, these might be OK...but the lack of extra details anywhere is just part of the design goal. Less is better...since it's not really necessary, is it? Anything more detailed would be confusing to a typical user.
MS is, after all, the company that don't document the switch /MBR for thier fdisk program (try it - fdisk /?)...why give detailed help on something that is much more of a user-level tool then a disk partitioning tool?
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
MSK
a) They are afraid that someone will actually see how shitty they made the program
b) Have no idea there is an open source movement out there
c) They want to keep all their eggs in one basket so to speak.
And don't forget:
d) Such decisions are made by lawyers and managers, who have no idea how software is created.
oh, say, bug files? Now you can't even turn those off.. for those of you who do not know, bug files are little 1x1 gifs (or any other image/html/etc format) that links to a page somethin like: ... very suspicious address? indeed. With the right server-side encoding (php can do it, asp can do it, cgi can do it) you can make the browser think its getting a 1x1 image, when in reality its sending unique identification information. Unfortunately i don't remember the link to the place that had a nice big write up on it. They had a list of some big and oft-visited sites which used this method. Next time you're bored check out some big sites's source and see if you see any questionable image tags. Makes local stored data from stupid searches seem kinda trivial now doesnt it?
when you're this sexy, do you really need a witty signature?
From the article
Hint, the link is there to remind you to read it
Not to rant, but I cannot understand how such specious reasoning would find its way out of the mouth of a Microsoft representative. How could they possibly argue that since users are already at much greater risk from other features/exploits, one more "minor" inconvenience shouldn't matter?
Clearly documented explanations of the security features that one can toggle in the Internet Options -> Security tab would be one thing, but the lack of context-specific, right-click help (try it and see) or even the word persistence in the indexed help file (search and see) is somewhat silly.
Why would I have to journey to the developer's corner (link lifted from article) to learn what features are present in my browser? Maybe it's time that end-users insist on better [more immediate] documentation from Microsoft, especially with regards to things categorized under the heading of security
ps - SlashDot still has its woes when dropping in long URLs. God bless the preview button
I don't think so, but more than one poster has mentioned something about a userdata persistence option...
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
Some people may not care who sees what websites you visit, etc., but I do. I don't want this information shared with other companies who can then use me as a target consumer for their products.
Think about how much this goes on in every day life......
If you have a supermarket discount card (like a Star Market Card), everytime you use it for purchases, retailers use it to track exactly what you've purchased, how much you spent and how often you shop. This information can then be shared (as with what website you visit) with product manufacturers who the feel you may be interested in their products.
Insurance claims. The information on your medical records is not protected by federal law, but something as inane as a video rental records are. Everytime you make an insurance claim and signing the form, you authorize doctors to release sensitive information to insurers and other third parties, like the Medical Information Bureau, which keeps records of health problems on some insurnace applictions and forms and informs insurers about pre-exisiting conditions, making it potentially harder to receive quality insurance. These records can be shared with various companies, but in half of the states in the US, you don't have the legal right to see your own medical records.
A practice that is picking up speed in restaurants is the use of cameras spying on diners. The chefs then watch the diners so they can time when to serve the next course. I find this pretty scary that someone is watching my every bite.....
Everyone knows that cell phones aren't safe, don't say anything on them or on portable phone that you don't want your worst enemy to hear. It can easily intercepted, and I know this from first hand experience, living in a dorm, a few of suitemates would sit around every night and listen in on numerous conversations going on the dorm every night!!!!
Consumer advocates and the Clinton Administration say financial privacy has been further endangered by a federal law passed last year that made it easier for banks to merge with other financial firms, such as brokerages and insurance companies. Though the law includes provisions to protect consumer privacy, critics say that there are loopholes that could lead, for example, to a bank denying a loan to a customer because its health-insurance affiliate's data reveals that he or she is being treated for a life-threatening illness.
There are hundreds of ways that the private citizen is becoming less and less private, and it is sickening.
For more, check out LHJ.
That "100 USA" strip inside the paper in the $100 bills is a beacon transmitter that can be tracked by the Space Shuttle. I saw it in a documentary.
I personally have taken the version of VIM with embedded Python, spliced in Python's built-in HTTP client classes, and use vi to view the source text, with the garbage tags stripped out.
/dev/web, which would map the Web's raw feed to a device that I can just cat to my standard out.
I would've used Emacs for this, but I cannot trust LISP (the language's emphasis on parenthesies is antithetical to a prototypical architecture of a secure steganographical system) and I am worried that RMS may one day demand that the pages I view be switched to the GPL since I am using a GPL program to look at them.
I am now working on a kernel patch for
Explorer kicks ass, BTW.
Frankly, I've got to agree with you here. As a society, we have created copyrights out of whole cloth (no Virginia, you aren't just entitled to them) to promote the further advancement of the arts and sciences.
So why should software be copyrightable if the part that permits the most significant advancement (the source) is kept under lock and key? They don't even need to supply it to users directly - just being required to deposit a copy with the Library of Congress in order to register the copyright would be enough to make me happy.
We already require this for patents; software is an amalgamation of a creative written work (copyright) and a functional device (patent) so why not require it? It's not as though it would be hard to find out who was copying the source code for non protected purposes (Fair use would of course apply)
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
>I tried to use the junkbuster proxy behind IE, and half the time, IE went directly to the site in question, bypassing junkbuster
:80 not one of them) so if IE were to ignore the connection settings (half the time?) I wouldn't be able to surf (the times when I use IE5).
How's that again? That doesn't seem likely. I've used IJB for a while as my proxy on my home firewall, IE doesn't have any other way out of my home LAN (masq set up for lots of things,
I do agree with the sentiment, 'when in doubt, diable'.
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Then, watch as it gobbles up RAM, chokes on the simplest pages, and, oh, don't forget to install the nightly builds!
---
DO NOT DISTURB THE SE
I'm confused. It looks like some weird version of Netscape -- except there's an "E" where the "N" should be, it has lots of security problems, and it doesn't seem to work on Linux. Is this somebody's idea of a joke?
--
Tired of FB/Google censorship? Visit UNCENSORED!
The real worth of your post, however, is this idea with Python used to use VI as your browser. Perhaps you have the source of this work up somewhere?
Got HTML? Want LaTeX? Try html2latex
I tried to buy some porn the other day at the local bookshop. But guess what - people look at you when you pick it up off the shelf - like everyone in the store! It's worse - when you go and pay you actually have to interact with another human! It's even worse - they remember who you are and the next time you go shopping there and your wife comes along it's very embarassing. I think there must be some kind of multinational corporation conspiracy thing going on with the retailers in cahoots with the publishers in order to track me. Scary stuff.
--
-- SIGFPE
Ah, well. We should have known Microsoft had an, uh, innovative definition of "locked".
--
Sheesh, evil *and* a jerk. -- Jade
So remove MSIE completely. In the future, return any software that turns out to require MSIE components.
The process is quite nicely automated by [98Lite] which, despite the site name, actually has utilities that will remove MSIE from Win95, Win98, WIN98SE, and WinME. It'll nuke MSIEv3 through v5.x, and it does it safely.
Worth a shot, at any rate!
--
--
Don't like it? Respond with words, not karma.
My personal hate is a numbered list where I want 1,2,3,3a,4 and Word wants 1,2,3,4,5.
I just looked at IE, and under security settings, it gives you the option of disabling "userdata persistence".
Hee, hee, I've had this turned off for forever. It's under the advanced options and I never really knew what it did, but I didn't like the sound of "Userdata Persistence"...
rm -rf /
Are Macs also being affected by this loophole? Is Gates trying to get everyone's information to make us buy more of his products?!
Just stop using IE. That's as simple as it can get. Besides all the security flaws that come out every hour, it's a nightmare for users.
I work with a government forensics lab, and you wouldn't believe how easy it is to find out exactly where you've been, locally. IE stores everything you do in index.dat/user.dat/temporary internet files/cookies/application data, and a dozen more places in un-readable locked files, and in the registry.
You would think, if it's THIS easy to grab from the local side, how many places are left open for the outside world to read?
Just drop IE. Use opera, then you just have to erase your vlink4/cache4, and a few other things to clear up most of your activities.
They might not be using it now, but they will be, if they can. Companies would love to have a tracking mechanism that can't be disabled by privacy-minded individuals.
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
-----------
"You can't shake the Devil's hand and say you're only kidding."
Check IE preferences. Make sure that the "Automagically check for Updates" (or something like that....) is not turned on. This setting will make it so that your browser doesn't call home before going to your start page. That is most likely what your experiencing.
And as far as the other response, "Local means Local Computer"... No, local means local network. I'm sure you knew that, but....
~Hammy
That Win95 Jump & Jive!
You're missing the point. Although news.com did not do a very good job of explaining the problem. You should read the security advisory and the related links at the advisory page. Basically, the web page author can put MS scripting into the page that loads and saves data in the persistence object just like you can do in cookies. A quote from the MS web page regarding this technology:
Sounds just like cookies, eh? I can tell you that I didn't know that IE5+ had this feature before reading this article. Did you?
I modded the Troll Investigation and I got
I was just at a ftp server that grabbed my IP and reverse-resolved my name even though I was logged in "anonymously". This could be used to track me too.
And no, it wasn't IIS.
- My password is slashdot
Good point. Hopefully the people wanting to know more information about methlabs might be a little more selective on their search. I mean if they searched for "marijuana", I don't see what the big deal. The feds aren't going to check out every dude looking for marijuana on the internet. ( I can't really say the people searching for it probably don't use it, because that is most definately not the case)
Only your last point (about why not just pirate the software) is at all valid, and even it is total nonsense. Your other points are merely worse.
If you have the source, you can more easily remove any copy protection methods. You think you see "cracks" of programs to remove a CD-check quickly now? Just watch how quickly that software hits the warez sites/newsgroups when the malicious "give-away-other-people's-software" types get their hands on the source.
Comparing people having the source to people having schematics for electronics or the plans to a car is also complete nonsense. With those things you have to acquire and frequently fabricate parts, and then go through a lengthy assembly process. Surely some people actually did this back in the day with those schematics of amplifiers and so on, but for the most part, it was not the case. But all you have to do to compile something from the source is to put it into the development environment and click (or select from the menu) the "Make" option. A few minutes later, you have all the libraries and executables, assuming their project/make files are set up correctly.
Also, Chilton's manuals are basically based on reverse engineering, but they do not actually tell you how to build a car, only how to service one. Furthermore, they suck compared to a Factory Service Manual, so they can only barely be seen as a competing product. They do not provide the level of detail you get from a FSM. In any case, those manuals are based on a tear-down and rebuild of the car in question, and they don't tell you how to build one - That would be arguably illegal.
In summary:
Mind you, they really ought to give away the source to free software...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Who really doesn't care if my movements on the web are tracked? I mean, what's the big deal?
DrLunch.com The site that tells you what's for lunch!
Just an aside..
But many people who use 'open-source' stuff would never read the source, and never look for things.
The key point is that, these days, if you do not seek to understand what is going on, you are vulnerable.
It seems that everytime some minimal flaw in a Microsoft product ignites the idea that much shame should be dropped upon the Redmonian company. Companies don't make mistakes, people do. Companies are made of people.. I am up to betting that developers of Linux and related software products have even introduced far more serious bugs.
anyways .. I'd prefer that Slashdot not obsolete my bugtraq subscription. We have already established that MSIE is introduced 5 bugs for every 1 fixed.. let it be .. and REMEMBER THE ALAMO! (i mean Bugtraq: http://www.securityfocus.com/ TOAST: Here's to hoping for the re-purification of Slashdot -- like in the past!
Anybody else getting the impression that there must not be too much newsworthy submissions in the queue causing Slashdot to resort to such posts as this? Has computing has gotten to the point that many topics are better understood by the "general public" for the niche that Slashdot once filled?
<constructive editorialism!/>
He was a famously bad speller.
A famously creative speller, you mean. An inspiration to us all; in that sense like Shakespeare, who even occasionally mis-spelled (? but wouldn't he be the authority?) his own name as "Shaxpere." You owe it to yourself to violate at least one law a day. I mean, whose language is it, theirs or yours?
Yours WDK - WKiernan@concentric.net
And you don't have to turn off javascript. It's just in the IE Preferences dialog, but it's enabled by default.
To turn it off, do the following in IE:
Click Tools->Internet Options.
Choose the 'Security' tab.
Click the 'Custom level' button
Search for 'Userdata persitence' (it's near the bottom, in the 'Miscellaneous' section)
Select the 'disable' option.
That's it!
Every expression is true, for a given value of 'true'
Just mouseover the cached queries and hit the delete key on your keyboard.
At the same time, I don't see this as that big of an issue. If somebody can come up with a worst-case scenario of an exploit for this 'feature' that will format my hard-drive, then I'll be concerned. Until then, I must accept the fact that I use Windows, and must therefore deal with this kind of crap.
---
---
Gort! Klatu Barata Nikto!
Try this yourself if you've got IE5 or higher... Go to www.microsoft.com, click on the Support menu up top, then click on Knowledgebase...
Enter some search terms and look through the wondrous bugzilla that MS runs... Just give it one or two search terms or something... Now close out, wipe out your History, wipe out your Temporary Files and all the hoohah. Then wipe out cookies.
Now come back in and check Knowledgebase. Hurrah! It remembers your search term, because you've got SECRET INFOES in some XML file buried deep somewhere.
BORING.
Then the whores come in, shaking their rumps for the menfolk.
Unless, of course, they're an Evil Genius.
The problem with the available open-source browsers is that they don't have IE's functionality. As lame as IE is, it has better standards support (And I don't mean the M$-defined standards, either) and more functionality (And here I am talking about Micro$haft-specific stuff, like activeX and client-side VBscript.) They also support CSS more fully than any other browser, and last I checked, that included arena, the W3C's (now yggdrasil's)standards-flagship buggy-as-all-hell featureless browser.
Of course, Arena is basically now all but dead. The only sign of life that I could see is that it still has a webpage. It's been replaced in the W3C with Amaya, which claims it "supports HTML 4.0, XHTML 1.0, HTTP 1.1, MathML 2.0, and many CSS 2 features". Amaya has an ungodly slow display engine.
By contrast, in a quote from the W3C website (C&P'd from Amaya, BTW) we see the following: "000327 Microsoft shipped Internet Explorer 5 for the Macintosh. It apparently supports full CSS1, the first browser to do so." IE5.5/windows still doesn't do this, reportedly. I don't have a test suite handy, so I can't verify any of this one way or another.
Mozilla is tres crashy. Netscape is agonizingly slow. Arena is slow and painful, ditto for Amaya. Opera finally has Java working properly, or so I hear (haven't run it recently) so I guess you can take it seriously, but the default layout made me shudder. It's also not as easy to customize (Or at least, to understand what you're doing) as I had thought it would naturally be. I guess the Mac users have a couple of other options, but they're missing major functionality, too, right?
So what's left? If you discount IE for privacy reasons - nothing. Though I do use Mozilla for Mail, and occasionally K-Meleon to check out a small webpage quickly, or to load something that IE has network problems with. And Netscape and Mozilla both have dramatically faster implementations of Javascript and GIF89a animation.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"