Slashdot Mirror
Netscape 6 is Spyware?
spoon00 writes: "AOL is collecting information on what Netscape 6 users are searching for on sites like google.com. IP address, the date Netscape was installed and a unique ID number are other bits of information AOL is also collecting."
...But this is a non-issue. According to the article it only affects those that type it into the search bar...
...Which I don't use because google is my homepage...
/ex
You're getting a product for free. If netscape needs information to sell/share to it's partners so it can get more revenue and keep producing great products, that's fine. You don't have to use their browser. A more interesting question is that did you agree to it in the EULA?
there are no stupid questions, but there are a lot of inquisitive idiots
Don't use it. Uninstall NS6 and use Mozilla instead. Same browser - without the unnecessary extra crud AOL bundles into it anyhow.
Netscape's "smart browsing" sends the addresses of sites you visit to them.s ing/
http://www.netscape.com/escapes/smart_brow
I just did a bit of digging around in Mozilla and it definately does *NOT* use the search button in the same way as Netscape 6. So it appears that us Mozilla users are not affected. :)
You wouldn't happen to have a link to the NS 6.2.1 source code would you? There isn't one.
... Mozilla is.
Netscape 6 is definately NOT OSS
that wont work... use this domain instead
info.netscape.com
Therefore, the temporary workaround would be to set info.netscape.com to 127.0.0.1 in your /etc/hosts (or c:\windows\hosts or whatever).
The solution is to use Mozilla and remove Netscape 6.
echo "127.0.0.1" >> /etc/hosts
Otherwise, you wipe out the contents (which would not be good). Remeber boys and girls, don't run code you get off /. as root!
Visit me on #weirdness on the Galaxynet.
Wish I saw this post prior to mine on an earlier thread. Mozilla is still doing this very same thing by default. At least with Moz you can turn it off though.
Thing is, how many folks realize this is even happening? Whatever is being sent it's subtle, even for a dial-up connection.
The line must be drawn here. This far. No further.
First, type http://info.netscape.com into URL bar, abd get forwarded to http://home.netscape.com.
Then, edit C:\Winnt\System32\drivers\etc\hosts and add:
127.0.0.1 info.netscape.com
Close and reopen Mozilla and try http://info.netscape.com and get Connection refused (unless you run a local web server, of course) to prove that info.netscape.com is no longer accessible.
Now, try a keyword search from the URL bar, which for me goes straight to google.com without a hitch.
I am not your blowing wind, I am the lightning.
In IE 5.5 or 6.0, if you click the SEARCH button, then click CUSTOMIZE in the panel that appears, you can choose which engine that IE uses to search for you. If you then click AUTOSEARCH SETTINGS you can set a default search engine.
Once this is done, you can type search terms in the URL box, and if they can't be somehow interpreted as a hostname or domain name, they get routed to your favorite search engine.
But not directly! They go through the host auto.search.msn.com. You can see this quite easily even if you don't have a sniffer. Simply edit your HOSTS file under Windows to redirect the name auto.search.msn.com to some other address, like the loopback address (127.0.0.1). Once you do this, your auto-searches will start failing with 404's, and you will see the URL they use to do the redirection.
I've wondered for a long time what Microsoft does with this data. Fortunately, if you are willing to do a little registry hacking and a tiny bit of extra typing, you CAN avoid this in IE. You can create keywords like "google" that you type first in the URL box, before your search term, and these are redirected from your chosen registry setting to the search engine. These do NOT redirect through MSN so Microsoft can't spy on you. Instead of typing just the "my search term" in the URL box, you type "g my search term" and it goes right to google (or whatever).
This latter ability has existed since IE 3.0, but in current versions of IE it has NOTHING configured in it by default. However, if you download this free tool from Microsoft, it adds a way to configure them. Why is this hidden off as a free download instead of included with IE? Dunno, but feel free to insert your favorite conspiracy theory here.
Does anybody else want an application-proxy for the desktop?
One word: Proxomitron
winnt/2k/xp:
notepad \winnt\system32\drivers\etc\hosts
win9x/me:
notepad \windows\hosts
and add the line
206.224.72.99 info.netscape.com
or use 127.0.0.1 instead if you have a webserver.
Use my userscript to add story images to Slashdot. There's no going back.
The only thing SPAMers invented was spam and new techiques to spam.
Cookies are not a part of the HTTP protocol. They are an extension that was originated at Netscape and deployed without any consultation in the IETF HTTP working group.
Netscape knew that there were privacy issues with cookies but simply did not care. Until PGP cookie cutter came out the only way to turn off cookies was to have the browser ask you each time if you would accept them.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
When searching in Mozilla, your search request only gets sent to Netscape this way if you actually search using the Netscape search (why they then still do this is beyond me, but okay... 's probably to simply have all the data in one place or something... whatever)
: //search.netscape.com/search.psp"
From the NetscapeSearch.src in your mozilla/searchplugins dir:
<SEARCH
name="Netscape Search"
description = "Netscape Search"
method="GET"
action="http://info.netscape.com/fwd/sidb_ns/http
queryCharset="UTF-8"
>
and from Google.src:
<search
name="Google"
description="Google Search"
method="GET"
action="http://www.google.com/search"
update="http://www.google.com/mozilla/google.src"
updateCheckDays=1
>
I never bothered to get Netscape 6, but I assume these files exist in there as well. It's plain text, so simply remove the http://info.netscape.com/fwd/sidb_ns/ part from the action of the searches and the problem should be fixed.
Mozilla and Netscape may seem identical, but they are very different:
Even though it was started by Netscape, and Netscape employees make up a significant portion of its developers, mozilla.org is the independent and nonprofit organization to oversee the open source development of the Mozilla browser and its related technologies. mozilla.org's products are free for any company, organization, or individual, to use. They are free to create their own branded products based on mozilla.org's goods. mozilla.org's products are all open source and are meant for developers and testers, not the average computer user.
Also keep in mind that mozilla.org recieves contributions from such large corporations such as IBM and Sun Microsystems, and countless small firms and volunteers.
Netscape Communications is a commercial company, and they make commercial products for regular computer users and businesses.
This is where the distinction between Mozilla and Netscape seems to blur to some people:
In order for Netscape to make Netscape 6 they have to use mozilla.org's work. This involves getting that code from mozilla.org, adding modifications and non-open source parts such as plug-ins, branding it with the appropriate logos and copyrights, testing and stabilizing it, and then release it for download. In other words, Netscape 6 is based on Mozilla, but Netscape 6 is not Mozilla, and Mozilla is not Netscape 6.
This method is similar to how Linux distributors, such as Red Hat, make their own branded and commercial releases of Linux, since Red Hat is not Linux, and Linux is not Red Hat. Red Hat merely uses Linux, and Linux developers have no control over what Red Hat does.
The nature of Mozilla and mozilla.org also allows anyone to create a product based on Mozilla. For example, Nokia and Intel demonstrated prototype Internet appliances in late-1999 using Mozilla. Because of Mozilla's modularity, a scaled down version of Mozilla was the browser used in these test products.
There's 10 types of people in this world, those who understand binary and those who don't.
Whenever I am forced to use an IE on yet another corporate PC I get, I always go to the Tools/Internet Options/Advanced, and change some things to suit my taste on presentation and security (to the extent you can get the latter with IE...)
security/more anonymous browsing
DISABLE Install On Demand
DISABLE Page Hit Counting
DISABLE Page Transitions
presentation
DON'T Show Friendly HTTP messages
(I want the plain servers response back, unedited, dammit!)
DON'T Show Friendly URLs
DON'T Use Smooth Scrolling (smooth scrolling makes my eyes SORE!!!)
Search From Address Toolbar:
DON'T Search From Address Toolbar
(This is the one that completely toggles the autosearch off.)
Security:
turn all the certificate checks and alerts on
also I use the "High" security zone settings for casual browsing
VKh
The netscape search bar is meant to perform a search first of the netscape homepage IIRC, and then if relavant results aren't found, another search engine is chained.
How often the second link of the searching chain is invoked is pretty critical in netscape figuring out how effective their search engine is.
For those that remember the old Yahoo days when it used Altavista as a backup, it would appear to be a similiar situation. It would have been to Yahoo's advantage (and the end-users advantage) for Yahoo to track how well it's search engine performed and how often it had to default to alta vista.
Now, AOL has come out saying they don't collect the information (and most folks on the net are behind a firewall or using a dynamic IP anyway) so it's not as big of a deal as it's being made out to be. This article mentions the 'potential' to be Spyware but it doesn't make clear the fact that in practice, AOL is not tracking anything.
Besides, you can disable this feature if you are really nervous about it (as some folks mentioned previously). The fact of the matter is though, that by allowing AOL to collect this data, you are simpling improving your search results.
BTW: This article also doesn't make it clear that if you goto www.google.com, nothing is tracked. The only time it is actually tracked is if you only enter a word (instead of a URL) in the location bar. I don't think many people use this feature that frequently anyway though. It's been there for a while though.
int func(int a);
func((b += 3, b));
Well, I just did packet traces, and the results are troubling.
It's for real. No error reporting, no background windows. Search with the button, info goes to Netscape. Search without it, and you don't see the spyware traffic. But it gets worse.
I haven't tested this with the Linux version of Mozilla, so this might be a weird code overlap issue, but Win32 Mozilla build 2002030403 does the same thing.
So i was curious about what was actually being sent to AOL when one did a google search from the netscape bar. Here's the HTTP request: /fwd/lksidus_gg/http://www.google.com/search?q=tes tpriv9&sourceid=mozilla-search HTTP/1.1
GET
Host: info.netscape.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
Accept-Language: en-us
Accept-Encoding: gzip,deflate,compress,identity
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
There's also the usual data stuffed in the TCPIP header, such as IP address. There are some additional g'day requests to info.netscape.com which might contain unique ID information and would also be matched to TCPIP header info, but if there are any explicit UIDs in this packet i must be missing em.
The developers probably had a good reason for setting things up this way: If the URL for a search engine changed, they could always update their fwd script and prevent users from going to a broken page. Unfortunately, this means data gets sent to a site other than that intended by the user. A much better way of doing this would be for the client to check for updates to the search URLs and store them locally.
Just some thoughts.
JS - IBM Metaverse devteam
The opinions expressed here are mine & not necessarily representative of IBM
But that doesn't do anything useful, other than stop you from accessing www.netscape.com. The search tool most likely works like their SmartDownload tool. I stopped using Netscape, but I do use their SmartDownload product. The spyware included in that uses a combination of ip addresses and netscape nameservers. Put a packet sniffer on your computer some time, you'll find some interesting tidbits. Just sniff packets for a while and add some rules to your firewall, if you have one.
deny all from any to 198.95.251.10 via $oif
deny all from any to 64.12.151.213 via $oif
deny all from any to 207.200.73.80 via $oif
deny all from any to 149.174.213.7 via $oif
deny all from any to 64.12.184.25 via $oif
...works for me.
Or you can go to Tools->Internet Options->Advanced->Don't Search From address Bar and disable it.
Problem solved.
Cookies were not invented to so that advertisers could track users. They were invented to give the web a semblance of statefulness.
fucking reactionary privacy zelot.
b
or you can just get the google toolbar.
"Shut up brain or ill stab you with a Q-tip" Homer Simpson
That sent them a list of any files you were downloading? ... It shouldn't surprise anyone that Alexa is involved in this. Alexa was the same company that put out a combo web browser buddy + stock market valuator. (At the risk of a lawsuit) This gave them the ability to not only track where users surfed to, but also monitor those who used the features stock portfolios to see which way the sheep were herding. (If you can't see how information like this can be used for fun and profit you just aren't dark enough yet). They even got the nice people at CNET to plug it for them.
:)
On another note: You can block some of this activity out by going to the host(s) file and making your own entry.
127.0.0.1 alexa.com
or
0.0.0.0 flashpoint.com
...Just insert your target there and it will bounce back to local host. If you run a webserver you may want to put something else in that box. I'm not sure how to do it for products that field their query by IP and not names. Maybe you have to run your own DNS/NAT to get prevent those from getting access?
This also isn't the only way companies spy on you. Akamai/Lycos have a clever way of doing it with both referrer headers http://lycos.com/url?=realurl. Plus they own such a large portion of the network that they can get their cookies to work on any part of it. Go to say: http://www.wired.com and watch how many connections it makes to your computer, and watch the url handling in the right hand corner...
All this reminds me of the @ and %40 tricks that were used by porno spammers in IRC in the olden days.
Freedom is merely privilege extended unless enjoyed by one and all.
I think I've got an entry for Junkbuster's re_filterfile that will strip the info.netscape.com stuff and just take you directly to google's search results:
i g
s/'http://info.netscape.com/fwd/lksidus_gg/'///
Just remember to restart junkbuster.
Don't know what Junkbuster is? See junkbuster.com
Competition Good, Monopoly Bad.
It's been mentioned in other parts of this discussion, but I'd just like to re-iterate a simple, important concept: every HTTP request includes the client IP address as a component. In fact, most web servers automatically log the address of the client making each and every request.
That's right, kids and kid-ettes: every time you load a web page, your IP address is probably getting logged along with the request. Does that mean that Google could (if they cared, that is) associate every single pr0n search you've done with the IP address of your computer, find out that it was part of your employer's class-C block, and notify them? Damn straight, they could.
Do they? That's up to them (or a court-ordered search) to say; this information is certainly there, if they want it.
Go to your MOZILLA_HOME/dist/bin/searchplugins/ and look for the file called "NetscapeSearch.src", and comment out the action commands, or nuke the whole damn script.
Ummm, best CSS2 support out there?!
According to the chart you linked to:
Konqueror does not support 'content':
Mozilla does.
Konqueror also does not support the related ':after' and ':before' psuedo-classes.
Mozilla does.
Konqueror does not support 'empty-cells'.
Mozilla does.
Konqueror does not support number values for 'font-weight'.
Mozilla does.
Konqueror does not support 'letter-spacing'.
Mozilla does.
Konqueror does not support 'max-height', 'max-width', 'min-height', 'min-width'.
Mozilla does.
Konqueror only has partial support for 'overflow'.
Mozilla has full support.
Konqueror has no support for 'quotes'.
Mozilla has partial support.
Konqueror does not support 'text-align: justify'.
Mozilla does.
Konqueror only supports 'white-space' in PRE or XMP elements.
Mozilla supports it in all block level elements (as per the spec).
Konqueror does not support 'word-spacing'.
Mozilla does.
Konqueror claims to support 'outline' and related properties. I cannot validate this because I don't use Konqueror. But if it draws outlines inside the border area, then it implements it incorrectly. As far as I know, there is no browser which supports this correctly. Mozilla does not draw it in the correct position (it draws inside the border as opposed to outside).
Everything else that Konqueror claims to support is also supported by Mozilla.
Mozilla obviously supports more of CSS2 than Konqueror. Don't make false claims.