Slashdot Mirror
Netscape 6 is Spyware?
spoon00 writes: "AOL is collecting information on what Netscape 6 users are searching for on sites like google.com. IP address, the date Netscape was installed and a unique ID number are other bits of information AOL is also collecting."
This is ridiculous...how can they have set this up without knowing that a) it would be discovered and b) it was thoroughly and completely Orwellian?
:)
I think that we should all write letters of protest...into the Google search field.
"Navigator users can avoid having Netscape log their searches by directly accessing a third-party search engine by typing its address into the browser rather than using the Search button or Sidebar."
Of course, this doesn't change the privacy issue.
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
In journalism schools, getting a name wrong earns you an automatic failure. Apparently Newsbytes doesn't hold its reporters to such a high standard.
...when you consider that the parent isn't just AOL, but AOL/TW.
Have you personally done an audit on the source to Mozilla? If not, how do you know it isn't doing the same thing?
Netscape needs to collect information about the frequency of searches in order to bill the search engines correctly.
What I don't understand is why Netscape needs to bill the search engines at all. It is stated in the article that this data is not collected if you navigate to the search site, but only if you use Netscape's search bar. Why is the search bar a paid feature? Under default settings, Netscape uses AOL's own search engine, which surely doesn't need to be billed. Other search engines apparently have to pay AOL if a user changes his preferences?
I don't see why search engines should have to pay for the privelege of being a user's favorite. Does anyone have any information when and why this practice started?
In a recent bugtraq post, someone mentioned IE also does similar things. If you type a wrong URL and cannot be resolved by the DNS. Your typed address will be sent to MSN for suggesting new URL. If MS logs all these requests, Similar results....
I can count to 31 on one hand (242 if i want to drive myself insane). I think the number of Mozilla developers who don't get a AOL paycheck is closer to the second number than the first (including me).
Don't use it. Uninstall NS6 and use Mozilla instead.
By chance would you happen to have the "Related Sites" tab enabled (as is by default) in your installation of Mozilla? Don't care if you've ever used the side bar or not, as it doesn't matter.
Even Moz sends back some kind of information Alexa. Came to discover this one day using my laptop off-line on a web site I had running locally. Couldn't figure out why I kept getting these intermittent "Can't connect to network" messages. Had me going nuts, thinking there was some glitch with my site code.
I haven't a clue what kind of information Alexa is having sent to them. I do know that if you turn that tab off, Moz stops feeding information that way.
The line must be drawn here. This far. No further.
Speak for yourself, I prefer mozilla to IE, as do quite a few of my friends, and for good reason.
.txt and the web server sending plain/text, shows up as a jpg! breaks other browsers that don't do this, so you have a lot of IE only pages because ie acts differently from EVERYTHING ELSE
I have many reasons to despise IE:
1. it likes ignore content types and looks at the contents of files instead. for instance, a jpg saved as
2. proprietary activex junk
3. insecure jscript active script junk, I see a serious jscript activescript type exploit at least every other month, some are fixed, some aren't
4. tied in with the OS/insecure smb protcol. You can hit a web page that will trick IE into giving your smb credentials to the malicious web site, the web site can then use smbrelay to log into your machine! omg! yes it's true. Which is why you should NEVER, EVER turn on smb sharing on a windows machine I care about. I had a friend set up a web page to do this as a proof of concept.
5. doesn't run on my os of choice: linux, but hey, I still have an XP partition for games.
There's many more, but I should get back to work.
I just hope that the Slashdot community will have the guts to go after AOL for this in the same way they would Microsoft.
Well, I agree with your sentiments, but what do you mean by "go after"?
Rant on slashdot? Piss on netscape 6?
Problem there is that it's built on Mozilla, so we can just use Mozilla instead. The fact that aol still sponsors Mozilla development under gpl and mpl makes people a bit more lenient in terms of what they do with their branded browser. With MS, it's a different story.
When in doubt, have a man come through a door with a gun in his hand.
Once you buy a subscription they have your real name and address. Then they begin the collection of what stories you hit the most, what types of posts you respond to, what you post yourself. Its like the political demographic data they collected during the election, only this is actually linked to you personally.
Don't think they don't, or won't. When some guy shows up with a bag of hundreds, and its accept the bag or shut the place down and miss the next mortgage payment, your ass is sold. Just like when they crowed about how wonderful the GPL was, then, when things aren't looking good on the P&L front, started selling proprietary extensions to their stuff.
Cunning linguists
Yes, it is a non-issue, here's why:
1. All http requests send your IP address, they are making normal functionality seem sinister.
2. No evidence is given that AOL is collecting the information.
3. The redirect of the search through AOL/Netscape is simply to verify that the search engine is correct. If google were to change their site, the search would still work. However, IE's search would break.
Who wrote this article?
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James
First off, Microsoft does the same thing. The only difference is that their automatic search goes to Microsoft and they log there rather than having to do the more obvious redirect.
Second off, this is only if you use the search button. If you go to google.com and type in your search then Netscape/AOL gets no information.
Now, let's imagine if they got all the information from you. A unique ID string and all your search queries. They compile this data on your for an entire year. Great. Now, what the hell do they do with it? The only possible use for this would be to detect your string, cross-reference and munge all of this data, and present you with a slightly more targeted pop-up ad.
Well, guess what, another company already tried this. Remember them? They were called DoubleClick. In that case they had hundreds of web sites helping them to gather all of this information about browsers and what did they do with it? They couldn't turn a profit, they couldn't even target ads very well (if at all).
Think about it people. Yeah, it stinks that they're gathering this information. Yeah, they should be more forthcoming about what happens when you hit that Search button. Sure you can go an boycott them and add this to the '1 bazillion + 1 reasons that AOL is evil' list, but in the end, what does this get them?
Nada.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Not only that, but IE's 'looking at content' thing that you describe is actually rather handy for tricking pages that don't allow offsite linking (Geocities for instance) into letting you do so.
As for all the insecure ActiveX stuff, I'd rather have 99.9% of pages work / look exactly as they were designed to (including all the diabolical ActiveX stuff that could kill my PC were I so foolish as to follow random links from ICQ messages) than have some degree of childminding from a more secure browser that doesn't look like Joe Webmaster designed it to look.
(Having said that, it's decided today that it can't auto-detect page encoding. This browser window is using Chinese Traditional at the moment. Gah.)
- Chris
>
> Can I sell it for $.35? 5.35? I'm just curious. Perhaps I could put that in Ebay.
Depends on what happens to Mount Washington, doesn't it?
What would you pay for a list of all "WTC evacuation shortest route" queries dated September 10th?
"They invented cookies so that advertisers could track readers "
Cookies primary use is to keep state information. Many legitimate sites use cookies, and most could care less about tracking you.
While its true cookies can be used to track user habits (and this is a stretch), modern browsers make this much more difficult. For example, for at least 2 versions IE hasn't allowed URL or javascript requests for out-of-domain requests.
In fact IE6 even eliminates this problem for the most part through its use of rejecting cookies that don't come from the primary URL the user is viewing.
There are a lot of threats to privacy. Cookies aren't the worst offender by a long shot.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
>>
>>You shouldn't.
>
>Sure you should, but not because they're "nice guys". They'll keep what they know about you private because to not do so is to admit what they know about you.
Good point. (And the spooks, unlike the marketroids, have not just a vested interest in keeping things secret, but they also have experience in doing so.)
The other point worth making is that I choose to trust the spooks with my info when I send mail without using PGP (whups, another /. thread), or post/read Slashdot, etc. Informed consent.
(No, Joe Sixpack isn't giving informed consent, because he might be surprised at the level of surveillance -- but anyone who's thought about it even pre-9/11 should realize that if it's loggable, it's reasonable to assume it's being logged.)
Back to the Netscape topic - I don't think people are as pissed about the redirect through the netscape.com search-logger, as they are about the fact that they were never told this was happening in the first place.
(Again, Joe Sixpack isn't giving informed consent -- but if I, having read this article, continued to use Netscape and used the search toolbar without disabling the redirect -- I'd then be giving informed consent to AOL to log my queries.)
"According to a network traffic analysis performed by Newsbytes, Netscape is capturing Navigator 6 users' search terms, along with their Internet protocol (IP) address, the date Navigator was installed and a unique identification number."
So your #1,
All http requests send your IP address, they are making normal functionality seem sinister.
misses out on the users' search terms, along with their Internet protocol (IP) address, (and) the date Navigator was installed and a unique identification number. One needs the former to perform the function. Tracking the date installed I could see them legitimately being concerned with if done anonomously for their stat.s. The private ID # lets them tag you and thats where it does potentially become sinister.
I wonder if there could be some way to represent the information in the article to users. The EULA would be the ideal place to put this, in the true sense of the word. Where 'ideal' meant 'never reflected in reality'. People wouldn't read it.
The point is, people aren't even really given the opportunity to find out about this. Only the technically-minded have found out about it, and only they will do something to address the situation. Shouldn't AOL/Netscape tell you what they are doing?
========================================
Death will come, and will have your eyes
-- Pavese
I can remember the days when logging someone's IP address was *never* used as a means of determining unique individuals because people who wrote this software actually understood how computers actually worked, and thus understood that one computer is not the same thing as one user. I used to run Netscape off of a server onto X-terminal
software, along with several office-mates at the same time. It used to work just fine, until sites started assuming one IP == one user, and got their cookies horribly confused when we'd both hit the same site. I remember once getting the shopping cart for someone else popping up on my screen at a computer parts seller website - sure enough it thought I was him because we had the same IP.
We would also have problems trying to reply to online surveys, which would falsely accuse us of being one person trying to double-vote.
But now that most people browse via Windows sites have started assuming that it's just plain impossible for two different people to have the same IP address.
Again, as always, I blame Microsoft for dumbing-down the computer industry and removing functionality by making their crippled system the only standard people have to bother supporting.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
It's been that way for a *long* time, and it can't be called "spyware" when it's blatantly obvious to anyone with any knowledge understanding of web browsers! And this is an extremely non-intrusive means of measuring web browser-generated referrals.
If it wasn't obvious to you, then you're pretty sad. I mean honestly, I wouldn't expect my *mother* to realize that netscape is collecting referal info when she sees the the URL in the status bar gets redirected through Netscape - but she also doesn't give a phuk.
On the other hand, if any person I work with in a tech position bounced into my office claiming to have discovered this "spyware", I'd immediately mark him off my mental list of those qualified to keep their jobs. Haven't you ever looked at your bookmarks and noticed that the ones that netscape supplies get passed through their redirector?
This is a perfectly valid means of gathering metrics on their own service and browser - and it is THEIR browser, after all. If you don't like it, change the bookmarks, change the search URL, and/or use the address bar.
This outcry over "spyware" has far too many qualities in common with the situation when the newbie internet users from AO(HEL)L first flooded onto the net and began bitching because they found pages they didn't like.
Just shut up till you get a clue. Newsbytes should have been knowledgeable not to post that crap.
http://rl.netscape.com/wtgn?www.yahoo.com
(Note that the XML won't display in all browsers.)
How do I know? Easy...I run rl.netscape.com.
-BK
Chemical Blog