Slashdot Mirror
Netscape 6 is Spyware?
spoon00 writes: "AOL is collecting information on what Netscape 6 users are searching for on sites like google.com. IP address, the date Netscape was installed and a unique ID number are other bits of information AOL is also collecting."
Don't use it. Uninstall NS6 and use Mozilla instead. Same browser - without the unnecessary extra crud AOL bundles into it anyhow.
Therefore, the temporary workaround would be to set info.netscape.com to 127.0.0.1 in your /etc/hosts (or c:\windows\hosts or whatever).
The solution is to use Mozilla and remove Netscape 6.
Wish I saw this post prior to mine on an earlier thread. Mozilla is still doing this very same thing by default. At least with Moz you can turn it off though.
Thing is, how many folks realize this is even happening? Whatever is being sent it's subtle, even for a dial-up connection.
The line must be drawn here. This far. No further.
First, type http://info.netscape.com into URL bar, abd get forwarded to http://home.netscape.com.
Then, edit C:\Winnt\System32\drivers\etc\hosts and add:
127.0.0.1 info.netscape.com
Close and reopen Mozilla and try http://info.netscape.com and get Connection refused (unless you run a local web server, of course) to prove that info.netscape.com is no longer accessible.
Now, try a keyword search from the URL bar, which for me goes straight to google.com without a hitch.
I am not your blowing wind, I am the lightning.
In IE 5.5 or 6.0, if you click the SEARCH button, then click CUSTOMIZE in the panel that appears, you can choose which engine that IE uses to search for you. If you then click AUTOSEARCH SETTINGS you can set a default search engine.
Once this is done, you can type search terms in the URL box, and if they can't be somehow interpreted as a hostname or domain name, they get routed to your favorite search engine.
But not directly! They go through the host auto.search.msn.com. You can see this quite easily even if you don't have a sniffer. Simply edit your HOSTS file under Windows to redirect the name auto.search.msn.com to some other address, like the loopback address (127.0.0.1). Once you do this, your auto-searches will start failing with 404's, and you will see the URL they use to do the redirection.
I've wondered for a long time what Microsoft does with this data. Fortunately, if you are willing to do a little registry hacking and a tiny bit of extra typing, you CAN avoid this in IE. You can create keywords like "google" that you type first in the URL box, before your search term, and these are redirected from your chosen registry setting to the search engine. These do NOT redirect through MSN so Microsoft can't spy on you. Instead of typing just the "my search term" in the URL box, you type "g my search term" and it goes right to google (or whatever).
This latter ability has existed since IE 3.0, but in current versions of IE it has NOTHING configured in it by default. However, if you download this free tool from Microsoft, it adds a way to configure them. Why is this hidden off as a free download instead of included with IE? Dunno, but feel free to insert your favorite conspiracy theory here.
Not only will the unsuspecting "common" users not notice this, but they are also the only ones roped in by pop-under windows, gimmicky banner ads, spam, etc. AOL likely doesn't care upsetting the geeks because 1) We're in the minority, 2) We are mostly immune to the obnoxious advertising tactics described above*, and 3) The few friends we have don't listen to our rants anymore, anyway. :-) The scary part about this whole mess is that AOL has the ability to personally identify a user (even on a dynamic IP address) if a cookie is present, the user is logged into AIM, an AOL dialup account is being used, etc. Of course, we can't prove they do this, but can you think of any other reason to capture IP address along with the search terms?
If they even cared to give the illusion of privacy, they would apply a hash function to the address. This would still allow the search terms from one "session" of searching to be associated with each other--the only valid use of the IP address I can conjure up. Of course, all they would have to do is apply the same hash to the IP address when you log in to any AOL-TW service, and they can match them, so it really is nothing more than an illusion, and we'd be back where we started.
The lesson here, I think, is "Don't support companies that even attempt to compromise your privacy without explicit disclosure." It signifies dubious intent and even more dubious ethics.
* My favorite Moz feature (other than tabbed browsing) has to be the option to disallow unrequested popup windows.
One of the reasons that I became a lawyer was to avoid ever having to hire one. -SPYvSPY
I asked on the mozilla newsgroups, someone did look at the code and saw nothing.
Another person ran behind a firewall which asked about all connections. Netscape6 clearly went to an AOL address before connecting to Google. Mozilla went straight to Google.
So while I personally haven't looked in the code, I'm pretty confident Mozilla is playing it straight on this one.
You know if Mozilla is sending data to AOL or not by sniffing for it with tcpdump or ethereal, etc.
No funny packets? Don't bother sifting the source if you're not already involved.
Johnny Quest has two Daddies.
The only thing SPAMers invented was spam and new techiques to spam.
Cookies are not a part of the HTTP protocol. They are an extension that was originated at Netscape and deployed without any consultation in the IETF HTTP working group.
Netscape knew that there were privacy issues with cookies but simply did not care. Until PGP cookie cutter came out the only way to turn off cookies was to have the browser ask you each time if you would accept them.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Mozilla and Netscape may seem identical, but they are very different:
Even though it was started by Netscape, and Netscape employees make up a significant portion of its developers, mozilla.org is the independent and nonprofit organization to oversee the open source development of the Mozilla browser and its related technologies. mozilla.org's products are free for any company, organization, or individual, to use. They are free to create their own branded products based on mozilla.org's goods. mozilla.org's products are all open source and are meant for developers and testers, not the average computer user.
Also keep in mind that mozilla.org recieves contributions from such large corporations such as IBM and Sun Microsystems, and countless small firms and volunteers.
Netscape Communications is a commercial company, and they make commercial products for regular computer users and businesses.
This is where the distinction between Mozilla and Netscape seems to blur to some people:
In order for Netscape to make Netscape 6 they have to use mozilla.org's work. This involves getting that code from mozilla.org, adding modifications and non-open source parts such as plug-ins, branding it with the appropriate logos and copyrights, testing and stabilizing it, and then release it for download. In other words, Netscape 6 is based on Mozilla, but Netscape 6 is not Mozilla, and Mozilla is not Netscape 6.
This method is similar to how Linux distributors, such as Red Hat, make their own branded and commercial releases of Linux, since Red Hat is not Linux, and Linux is not Red Hat. Red Hat merely uses Linux, and Linux developers have no control over what Red Hat does.
The nature of Mozilla and mozilla.org also allows anyone to create a product based on Mozilla. For example, Nokia and Intel demonstrated prototype Internet appliances in late-1999 using Mozilla. Because of Mozilla's modularity, a scaled down version of Mozilla was the browser used in these test products.
There's 10 types of people in this world, those who understand binary and those who don't.
Whenever I am forced to use an IE on yet another corporate PC I get, I always go to the Tools/Internet Options/Advanced, and change some things to suit my taste on presentation and security (to the extent you can get the latter with IE...)
security/more anonymous browsing
DISABLE Install On Demand
DISABLE Page Hit Counting
DISABLE Page Transitions
presentation
DON'T Show Friendly HTTP messages
(I want the plain servers response back, unedited, dammit!)
DON'T Show Friendly URLs
DON'T Use Smooth Scrolling (smooth scrolling makes my eyes SORE!!!)
Search From Address Toolbar:
DON'T Search From Address Toolbar
(This is the one that completely toggles the autosearch off.)
Security:
turn all the certificate checks and alerts on
also I use the "High" security zone settings for casual browsing
VKh
The netscape search bar is meant to perform a search first of the netscape homepage IIRC, and then if relavant results aren't found, another search engine is chained.
How often the second link of the searching chain is invoked is pretty critical in netscape figuring out how effective their search engine is.
For those that remember the old Yahoo days when it used Altavista as a backup, it would appear to be a similiar situation. It would have been to Yahoo's advantage (and the end-users advantage) for Yahoo to track how well it's search engine performed and how often it had to default to alta vista.
Now, AOL has come out saying they don't collect the information (and most folks on the net are behind a firewall or using a dynamic IP anyway) so it's not as big of a deal as it's being made out to be. This article mentions the 'potential' to be Spyware but it doesn't make clear the fact that in practice, AOL is not tracking anything.
Besides, you can disable this feature if you are really nervous about it (as some folks mentioned previously). The fact of the matter is though, that by allowing AOL to collect this data, you are simpling improving your search results.
BTW: This article also doesn't make it clear that if you goto www.google.com, nothing is tracked. The only time it is actually tracked is if you only enter a word (instead of a URL) in the location bar. I don't think many people use this feature that frequently anyway though. It's been there for a while though.
int func(int a);
func((b += 3, b));
Well, I just did packet traces, and the results are troubling.
It's for real. No error reporting, no background windows. Search with the button, info goes to Netscape. Search without it, and you don't see the spyware traffic. But it gets worse.
I haven't tested this with the Linux version of Mozilla, so this might be a weird code overlap issue, but Win32 Mozilla build 2002030403 does the same thing.
So i was curious about what was actually being sent to AOL when one did a google search from the netscape bar. Here's the HTTP request: /fwd/lksidus_gg/http://www.google.com/search?q=tes tpriv9&sourceid=mozilla-search HTTP/1.1
GET
Host: info.netscape.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
Accept-Language: en-us
Accept-Encoding: gzip,deflate,compress,identity
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
There's also the usual data stuffed in the TCPIP header, such as IP address. There are some additional g'day requests to info.netscape.com which might contain unique ID information and would also be matched to TCPIP header info, but if there are any explicit UIDs in this packet i must be missing em.
The developers probably had a good reason for setting things up this way: If the URL for a search engine changed, they could always update their fwd script and prevent users from going to a broken page. Unfortunately, this means data gets sent to a site other than that intended by the user. A much better way of doing this would be for the client to check for updates to the search URLs and store them locally.
Just some thoughts.
JS - IBM Metaverse devteam
The opinions expressed here are mine & not necessarily representative of IBM
I think I've got an entry for Junkbuster's re_filterfile that will strip the info.netscape.com stuff and just take you directly to google's search results:
i g
s/'http://info.netscape.com/fwd/lksidus_gg/'///
Just remember to restart junkbuster.
Don't know what Junkbuster is? See junkbuster.com
Competition Good, Monopoly Bad.
It's been mentioned in other parts of this discussion, but I'd just like to re-iterate a simple, important concept: every HTTP request includes the client IP address as a component. In fact, most web servers automatically log the address of the client making each and every request.
That's right, kids and kid-ettes: every time you load a web page, your IP address is probably getting logged along with the request. Does that mean that Google could (if they cared, that is) associate every single pr0n search you've done with the IP address of your computer, find out that it was part of your employer's class-C block, and notify them? Damn straight, they could.
Do they? That's up to them (or a court-ordered search) to say; this information is certainly there, if they want it.