Slashdot Mirror
Netscape 6 is Spyware?
spoon00 writes: "AOL is collecting information on what Netscape 6 users are searching for on sites like google.com. IP address, the date Netscape was installed and a unique ID number are other bits of information AOL is also collecting."
...But this is a non-issue. According to the article it only affects those that type it into the search bar...
...Which I don't use because google is my homepage...
/ex
You're getting a product for free. If netscape needs information to sell/share to it's partners so it can get more revenue and keep producing great products, that's fine. You don't have to use their browser. A more interesting question is that did you agree to it in the EULA?
there are no stupid questions, but there are a lot of inquisitive idiots
I mean how many people actually use NS6?
Anytime a Navigator user performs a search by typing terms into the browser's URL bar and pressing the adjacent Search button, or by using the Search tab on the browser's My Sidebar feature
And out of those that do, how many use the URL bar to search?
Personally, I don't give a rip, 'cos I don't use NS and never will...
--
Some weasel took the cork out of my lunch.
Now it's time to skew their numbers, .. I think I'm going to have to do about 14million automated searches for "CROSSDRESSING MONKEY PORNO" using their search bar..
Don't use it. Uninstall NS6 and use Mozilla instead. Same browser - without the unnecessary extra crud AOL bundles into it anyhow.
Netscape gives you the browser for free.
Netscape pays dozens of engineers to keep improving the browser and gives you the source code. (You can count on one hand the number of Mozilla developers who don't get an AOL paycheck).
And you're bitching about AOL collecting some lousy anonymized demographics???
If you don't like it, write your own damn browser. And stop making companies that contribute to the Open Source movement feel like they're wasting their time.
When will we all finally be so fed up at the consistent invasions of our privacy by media moguls like Real networks, AOL, Netscape (yeah one and the ame..)? We neeed to contact our legislators and demand these practices stop. Maybe if anonymous data was gathered, but to tie it with an IP address really goes beyond any justifiable data collection.
'mmmmmmmmm.... forbidden donut'
This is ridiculous...how can they have set this up without knowing that a) it would be discovered and b) it was thoroughly and completely Orwellian?
:)
I think that we should all write letters of protest...into the Google search field.
News for Nerds. Stuff that Matters? Like hell.
This sure makes me glad that MS products never "phone home". E.T.^H^H^H^H N.N. phone home.
"Navigator users can avoid having Netscape log their searches by directly accessing a third-party search engine by typing its address into the browser rather than using the Search button or Sidebar."
Of course, this doesn't change the privacy issue.
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
According to IE 6/XP's "Search Companion", this feature "provides task suggestions and automatically sends your search to other search engines."
How does this occur if it doesn't transmit the information to Microsoft as well?
Sure, if I add a search engine into the preferences, I can type "google keyword" all I want to go directly to Google. I suspect, though, that if I rely on the "features" that Microsoft provides, they have access to exactly the same information-- regardless of what the article might claim.
If these companies really think that everyone is stupid and will never figure it out.
I mean, sure, if you're running AOL there's a pretty good chance you're not exactly the sharpest tool in the shed. But to design software, which grabs so much information and sends it to central servers, and think that no one out there will figure it out, it seems to me they are the ones a few french fries short of a happy meal(tm).
---
I'm a few morsels short of a toll-house cookie myself...
I was just thinking, I need more spyware on my PC. A browser is a great idea. Why doesn't AOL just surf for me. Put out an automated browser, and the sites just come up randomly. That way, I don't have to decide what sites I want to pull up. At every site that comes up, they ask you for Name, Address, Zip Code, Date of Birth, Mother's Maiden Name, SSN, Credit Card number, shoe size, and sexual preference.
I can't wait.
-------------------------------------------
Saving baby carrots around the globe.
Correct... the next wave is a browser that goes to the site you wanted based off your past browsing pattern. Load up Nutscrape at 4am and it knows your looking for porn, and BAM! it's in your face as the startup page. :P
Causing Chaos Everywhere,
Nik J.
The strange world of a loner, in a populous city, drowning in society
pico /etc/hosts
127.0.0.1 www.netscape.com
Knowledge is like ignorance.. too much can be just as bad as not enough.
is that AOL will have logs of all 5 Netscape users.... they aren't marketing genius's for nuthin!!!!
Netscape needs to collect information about the frequency of searches in order to bill the search engines correctly. The very fact that it only occurs in the "Search bar" shows that they are very likely to be telling the truth. It wouldn't be hard to log much much more data than they apparently do.
The commment about the ip address was misleading as well. Any time that information is sent to my computer, I can log the IP address. It doesn't mean that I am going to be doing anything with it.
Ceci n'est pas un post
It shouldn't be tolerated. People shouldn't be informed they are being spied on and say, "Eh, I figured as much anyway." Would you say that if you found that the CIA had been wiretapping your phone line and/or DSL/Cable line for the past 6 months? /. headline, "MS-AOL using tiny dust-sized robot probes that ship with Windows 3K that get into your nostrils, sit behind your eyes and monitor everything you do." *shutter*
I haven't read the licence agreement to Netscape 6 recently, but I don't care if it says anything about monitoring your browsing trends (it's hard to call them 'habits' due to the very definition of the word). It almost appears as people are becoming complacient about this. If you get used to it, they will just push further once they have their hand in your privacy and you don't flinch. Eventually, it may come down to a
Once more a large company is stepping on your rights and your privacy, and while maybe you shouldn't be suprised, you should be outraged.
Please?
Pretty please?
Netscape's "smart browsing" sends the addresses of sites you visit to them.s ing/
http://www.netscape.com/escapes/smart_brow
I just did a bit of digging around in Mozilla and it definately does *NOT* use the search button in the same way as Netscape 6. So it appears that us Mozilla users are not affected. :)
behavior and information is something a product should clearly and regularly identify it is doing to the customer. Customers are generally willing to cooperate when they perceive there is value to the free product/service they are getting-- but only if they understand exactly what is being recorded, when, and how.
Having to worry about software doing stuff behind your back without informing you is exactly the reason why I go to great lengths to avoid using Windows Media and why I don't use a number of current gnutella clients.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
Am I the only one who doesn't see this as an issue? The unique ID number is a bit much, but the url forwarding system?
Don't get me wrong, I dispise AOL/TW and I haven't used Netscape since version 5 because I don't like the way it works - (Shoot me - I like IE) but I just don't see what the big deal of using a url forward is. If you can, according to the article, disable it by typing "http://www.google.com" directly into the address bar, whats the deal?
quis custodiet ipsos custodes - Juvenal
We're talking AOL here. Did you expect a big sloppy kiss?
In journalism schools, getting a name wrong earns you an automatic failure. Apparently Newsbytes doesn't hold its reporters to such a high standard.
Who here has been locked in jail or harassed or abused by AOL or the authorities because of what they typed into their netscape 6 search bar? Hm, nobody? Okay, nothing to see here. Move along. - A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
You wouldn't happen to have a link to the NS 6.2.1 source code would you? There isn't one.
... Mozilla is.
Netscape 6 is definately NOT OSS
...when you consider that the parent isn't just AOL, but AOL/TW.
I was going to say: "uninstalling Netscape".
Maybe that will be today's!
Fortran programmer...oh yeah. Array math for life!
Dear sources, please stop giving us reasons to use Netscape, we already know it's a horrible browser with rapidly declining market share. Adding insult to injury is almost .. sad.
Please subscribe to see the more insightful version of th
News for Nerds. Stuff that Matters? Like hell.
I hope so because that is what any privacy suit would turn on. Does the user expect AOL to intercept searches and log the results?
The Windows XP 'powertool' has a very useful feature that allows you to enter a shortcut for a search engine. So if I type 'g privacy' it sends off a search to Google for 'privacy'.
I just hope that the Slashdot community will have the guts to go after AOL for this in the same way they would Microsoft. As it is I suspect the response will be a bit like the response in Congress to administration stonewalling or the like. Outrage at the actions if it is the other party, appologism if it is their own party, or even outrage that people would even complain.
Netscape has never been pro-privacy. They invented cookies so that advertisers could track readers and now they are tracking them directly themselves.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Uh, no. This was reported in Risks Digest a couple of days ago. If you type a search into the location bar, even if you have selected Google as your search engine, the request is also sent to Netscape. It was verified by watching the data go through a proxy - the browser was contacting Google and Netscape/AOL.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Therefore, the temporary workaround would be to set info.netscape.com to 127.0.0.1 in your /etc/hosts (or c:\windows\hosts or whatever).
The solution is to use Mozilla and remove Netscape 6.
I am going to type "AOL sucks" a thousand times in the search engine. Spy on that!
The most searched topics are adult oriented.
Basically, everyone is usually searching for porn.
Wish I had a link to some of the studies. Does anyone have any links to back me up?
I tried to search for a link to back you up, but the damn search bar kept looking for porn.
Furthermore, N6 requires you to establish an @netscape.com email address/login to install (yes, there's ways around it, but it's not a click-to-decline). Using N6 or any version of Mozilla using that profile to access sites like CNN or CNNSI leads to your @netscape login being rendered in the HTML in the Netscape Bar (with Mail, Maps, IM, Search, Shopping, Netscape Presents) at the top of the page (right above the CNNSI banner, for instance).
Don't get me wrong, I'd rather see it in HTML that they know who I am than find out they knew when I thought they didn't; but I'd much rather have some way to avoid them knowing at all.
And don't even get me started on all the spam I'm getting to an address I only used one time (in N4.xx, not N6 or Mozilla) to register for a NCAA bracket challenge at CNNSI in 1999...
Of course Mozilla made it possible - they gave them the source code ;)
It's not like this kind of "feature" takes more than a minute to do.
Engineering and the Ultimate
Have they released any of the collected information about what Netscape 6 users are searching for on Google?
I thought that recently Google released a top 10 list of search patterns (5ex, Britney, MP3, etc.) but I was wondering if Netscape 6 users were any different from the net users at large.
"Provided by the management for your protection."
In a recent bugtraq post, someone mentioned IE also does similar things. If you type a wrong URL and cannot be resolved by the DNS. Your typed address will be sent to MSN for suggesting new URL. If MS logs all these requests, Similar results....
Unfortunately for people like the person who made this general statement, privacy is probably unattainable.
Web privacy is possible. Open source encryption programs i.e. OpenSSH (Secure SHell) allow users to pore over the code for security holes. I download all of my mail with SSH connections to the individual mail servers (even my yahoo.com address). This is obvoiusly not a total security solution but it does keep employers, coffee shops, etc... from reading bits of my mail.
I just wanted to give an example of how your privacy fate is in your own hands...I find it very ironic that a story mere weeks ago about Microsoft spyware had such a negative bent, while it's okay for Netscape. Hypocrites.
This pops up in IE for just a split second when you mistype a hostname or for some other reason it cannot be resolved.
u nk nownhost.someunknowndomain.com&srch=3&prov=&utf8
http://auto.search.msn.com/response.asp?MT=some
From which they can get all the connection request information and headers, as well as use pattern matching and best guess techniques to determine what people are searching for.
But it seems even sleazier for AOL to directly collect info from successful searches as well as from failed ones.
Netscape sucks. Sorry. Mozilla is marginally better but I think they've gone too far with options... there's an option for every 'action' that you can perform on the internet. otherwise it's pretty decent. I use galeon/knoqueror depending on if i feel like using sawfish or kde for that day. today i couldn't decide so i'm using galeon from KDE. to me, netscape is a non-player now. But thanks for the source code. Otherwise galeon wouldn't have been possible (uses mozilla i believe.)
While this argument does tend to be extremely one-sided at times on good ol' Slashdot, your implication that it should be a non-issue to people is preposterous.
What you're basically saying is that AOL can do anything it wants with their browser, and anyone who thinks otherwise should either
A. Stuff it
B. Write a browser
While just about anyone could choose (A), I believe you have greatly overestimated/exaggerated the amount of people who are capable of (B). Perhaps there are quite a few on Slashdot; certainly there would be a greater concentration of such people here than in the average American suburb; however, reacting to every argument over the ethics of data gathering in application software with "WRITE IT YUORSLEF!!!!!" might not be the most intelligent way to join the discussion. No one is going to listen to you in a debate if you act as if there is no debate and your point is totally obvious. Not everyone can write a browser; and most people are just going to use what's on their computer when they buy it. Arguing that spying on people who don't know any better and have no way to protect themselves *might* just be a little shady certainly is valid and does not warrant your instant dismissal.
Remember, Netscape Engineers Are Weenies, and won't have the guts to actually abuse this info.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
First, type http://info.netscape.com into URL bar, abd get forwarded to http://home.netscape.com.
Then, edit C:\Winnt\System32\drivers\etc\hosts and add:
127.0.0.1 info.netscape.com
Close and reopen Mozilla and try http://info.netscape.com and get Connection refused (unless you run a local web server, of course) to prove that info.netscape.com is no longer accessible.
Now, try a keyword search from the URL bar, which for me goes straight to google.com without a hitch.
I am not your blowing wind, I am the lightning.
Netscape has never been pro-privacy. They invented cookies so that advertisers could track readers and now they are tracking them directly themselves.
That makes about as much sense as saying "Spammers invented open relays so they could spew their crap across the Internet."
Reality isn't your forte, is it?
satire, n: 1) witty language used to convey insults or scorn; 2) a form of humor lost on most slashdot moderators.
I just hope that the Slashdot community will have the guts to go after AOL for this in the same way they would Microsoft.
Well, I agree with your sentiments, but what do you mean by "go after"?
Rant on slashdot? Piss on netscape 6?
Problem there is that it's built on Mozilla, so we can just use Mozilla instead. The fact that aol still sponsors Mozilla development under gpl and mpl makes people a bit more lenient in terms of what they do with their branded browser. With MS, it's a different story.
When in doubt, have a man come through a door with a gun in his hand.
Netscape 6.X hasn't really impressed me all that much, I have to admit,and I don't think this new Spyware scandal will do them any good, although knowing the media, it is most likely blown out of proportion anyway.
Unfortunately, the browser market seems to be in a bit of a slump... IE is also not a perfect browser, but unfortunately I find it the lesser of two evils at this point. There is a hack that I have devised for avoiding URL post reversing to sites that the URL search requests did not originate from, and also set the Search Provider in the Windows Registry, thus avoiding two pitfalls with one peice of code.
return S_OK;}
I reviewed some of the Mozilla project's source code, and I was quite disgusted by what I found. The threading implementation (or lack thereof, or replacement therefore) is ill-designed and most users will find the browser unusable after more than 20 windows are opened. I don't really understand why the Mozilla developers haven't looked into this and fixed the problem. I would sumbit patches myself, but I am too busy with several new projects at J-J-J-Julius, including "Star Trek: Return to Phylos" as well as the next-generation game engine that Cinemaware has contracted my company to write for them to aid their revival in the game market.
cheers,
Steven WostoenLead Programmer,
J-j-j-julius Games
Once you buy a subscription they have your real name and address. Then they begin the collection of what stories you hit the most, what types of posts you respond to, what you post yourself. Its like the political demographic data they collected during the election, only this is actually linked to you personally.
Don't think they don't, or won't. When some guy shows up with a bag of hundreds, and its accept the bag or shut the place down and miss the next mortgage payment, your ass is sold. Just like when they crowed about how wonderful the GPL was, then, when things aren't looking good on the P&L front, started selling proprietary extensions to their stuff.
Cunning linguists
It seems to me that it might just be that AOL/Netscape sends the search info "home" to make sure the search is correct. This way if Google (or any of the other possible search engines) decides to change how searches work, then you browser doesn't break.
Also, all we know is what is sent, not what AOL collects.
And finally, the search in Netscape is NOT sending the IP address of your computer, this is how HTTP connections work. The packet's origin is always included. Netscape 6 is also sending your IP address to every site you visit. As is IE, Opera, Mozilla, etc.
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James
Does anybody else want an application-proxy for the desktop?
One word: Proxomitron
The juxtaposition of "Netscape 6 is Spyware" immediately below this banner ad was amusing. I wonder if AOL realizes how this probably would not entice a /.er to download the latest/greatest Netscape dev tools?
(Apologies to George Carlin for the subject line.)
winnt/2k/xp:
notepad \winnt\system32\drivers\etc\hosts
win9x/me:
notepad \windows\hosts
and add the line
206.224.72.99 info.netscape.com
or use 127.0.0.1 instead if you have a webserver.
Use my userscript to add story images to Slashdot. There's no going back.
I understand that people have concerns about their patterns being watched or 'spied on', but I'm really curious about what their reasoning is.
Let's say hypothetically that Netscape was logging every single website you go to or posts you make at a forum etc, what's the worst case scenario of they could do with that information? I'm asking because I'm genuinely curious, not because I'm saying it's not a big deal. I just want to understand the privacy point of view.
Personally, I'm not bothered by it. The reason that I'm not worried about it is that if they're doing it to me, they're doing it to everybody. Seems like there's safety in numbers. The only useful data they could mine out if it is statistics. I don't mind being a statstic in this case.
Could somebody explain to me what's missing in my perspective?
"Derp de derp."
http://info.netscape.com/fwd/lksidus_gg/http://www .google.com/search?hl=en&q=aol+sucks
The only thing SPAMers invented was spam and new techiques to spam.
Cookies are not a part of the HTTP protocol. They are an extension that was originated at Netscape and deployed without any consultation in the IETF HTTP working group.
Netscape knew that there were privacy issues with cookies but simply did not care. Until PGP cookie cutter came out the only way to turn off cookies was to have the browser ask you each time if you would accept them.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
When searching in Mozilla, your search request only gets sent to Netscape this way if you actually search using the Netscape search (why they then still do this is beyond me, but okay... 's probably to simply have all the data in one place or something... whatever)
: //search.netscape.com/search.psp"
From the NetscapeSearch.src in your mozilla/searchplugins dir:
<SEARCH
name="Netscape Search"
description = "Netscape Search"
method="GET"
action="http://info.netscape.com/fwd/sidb_ns/http
queryCharset="UTF-8"
>
and from Google.src:
<search
name="Google"
description="Google Search"
method="GET"
action="http://www.google.com/search"
update="http://www.google.com/mozilla/google.src"
updateCheckDays=1
>
I never bothered to get Netscape 6, but I assume these files exist in there as well. It's plain text, so simply remove the http://info.netscape.com/fwd/sidb_ns/ part from the action of the searches and the problem should be fixed.
Mozilla and Netscape may seem identical, but they are very different:
Even though it was started by Netscape, and Netscape employees make up a significant portion of its developers, mozilla.org is the independent and nonprofit organization to oversee the open source development of the Mozilla browser and its related technologies. mozilla.org's products are free for any company, organization, or individual, to use. They are free to create their own branded products based on mozilla.org's goods. mozilla.org's products are all open source and are meant for developers and testers, not the average computer user.
Also keep in mind that mozilla.org recieves contributions from such large corporations such as IBM and Sun Microsystems, and countless small firms and volunteers.
Netscape Communications is a commercial company, and they make commercial products for regular computer users and businesses.
This is where the distinction between Mozilla and Netscape seems to blur to some people:
In order for Netscape to make Netscape 6 they have to use mozilla.org's work. This involves getting that code from mozilla.org, adding modifications and non-open source parts such as plug-ins, branding it with the appropriate logos and copyrights, testing and stabilizing it, and then release it for download. In other words, Netscape 6 is based on Mozilla, but Netscape 6 is not Mozilla, and Mozilla is not Netscape 6.
This method is similar to how Linux distributors, such as Red Hat, make their own branded and commercial releases of Linux, since Red Hat is not Linux, and Linux is not Red Hat. Red Hat merely uses Linux, and Linux developers have no control over what Red Hat does.
The nature of Mozilla and mozilla.org also allows anyone to create a product based on Mozilla. For example, Nokia and Intel demonstrated prototype Internet appliances in late-1999 using Mozilla. Because of Mozilla's modularity, a scaled down version of Mozilla was the browser used in these test products.
There's 10 types of people in this world, those who understand binary and those who don't.
It seems like they do this via a re-direct, so they need the search terms. So certainly they are in a position to collect them if they want, but that's somewhat different than saying the are collecting them.
Glad I use mozilla and not Netscape though.
Whenever I am forced to use an IE on yet another corporate PC I get, I always go to the Tools/Internet Options/Advanced, and change some things to suit my taste on presentation and security (to the extent you can get the latter with IE...)
security/more anonymous browsing
DISABLE Install On Demand
DISABLE Page Hit Counting
DISABLE Page Transitions
presentation
DON'T Show Friendly HTTP messages
(I want the plain servers response back, unedited, dammit!)
DON'T Show Friendly URLs
DON'T Use Smooth Scrolling (smooth scrolling makes my eyes SORE!!!)
Search From Address Toolbar:
DON'T Search From Address Toolbar
(This is the one that completely toggles the autosearch off.)
Security:
turn all the certificate checks and alerts on
also I use the "High" security zone settings for casual browsing
VKh
Considering that the old versions of ICQ are ten times better than the bloated adware that now passes for an ICQ client, I'd say quite a few. I think AOL's been deliberately trying to kill ICQ, anyway --- why would they want to keep two IM systems operating at once?
The netscape search bar is meant to perform a search first of the netscape homepage IIRC, and then if relavant results aren't found, another search engine is chained.
How often the second link of the searching chain is invoked is pretty critical in netscape figuring out how effective their search engine is.
For those that remember the old Yahoo days when it used Altavista as a backup, it would appear to be a similiar situation. It would have been to Yahoo's advantage (and the end-users advantage) for Yahoo to track how well it's search engine performed and how often it had to default to alta vista.
Now, AOL has come out saying they don't collect the information (and most folks on the net are behind a firewall or using a dynamic IP anyway) so it's not as big of a deal as it's being made out to be. This article mentions the 'potential' to be Spyware but it doesn't make clear the fact that in practice, AOL is not tracking anything.
Besides, you can disable this feature if you are really nervous about it (as some folks mentioned previously). The fact of the matter is though, that by allowing AOL to collect this data, you are simpling improving your search results.
BTW: This article also doesn't make it clear that if you goto www.google.com, nothing is tracked. The only time it is actually tracked is if you only enter a word (instead of a URL) in the location bar. I don't think many people use this feature that frequently anyway though. It's been there for a while though.
int func(int a);
func((b += 3, b));
In xpfe components search datasets NetscapeSearch dot src there are 6 matches (see below).
Looks to me like if you enable Netscape searches in Mozilla you get the same thing, but I don't see Mozilla reporting other searches to Netscape.
As far as Alexa goes, since I see people asking about that too (results removed due to lameness filter), there is only one match of relevance, in the xpfe components related resources related-paned (dot) js file (see below).
So, it looks like the "What's Related" panel is the only place where Alexa gets info from the browser.
I had posted a find and grep command which showed 6 hits for the Netscape info information, and 5 hits for Alexa information in the Mozilla 0.9.8 source tree. Informative, terse, useful (IMHO). What follows is my commentary as I tried to get this post under the lameness filter -- resulting in the useless shit post you see above.
Now evidently the last part of this triggered the wondrous lameness filter, so I'd like to say a few things here in hopes of getting this post past: first of all CmdrTaco is a fucking moron. Second what is the deal (and yes, I clearly have the source) with Mozilla's textarea entry widget? This thing is a nightmare to use. Don't even pretend to try to cut-and-paste into this thing if you want to produce readable results.
That doesn't appear to be sufficient so I've removed the lines from the Alexa grep which just provide a copyright notice. CmdrTaco is a fucking mongoloid retard. Still no dice. Fucktard. Lamer fucking idiot. Fuck you and your monolithic Perl script.
Ok. Gone are the info search lines which are in the layout bug tests (and not part of searching). Here's hoping. Nope, no dice. God I wish I were as fucking 1337 as CmdrTaco. I bet I'd get my ass slammed by homeless guys every fucking weekend. This site has become a shithole. How fucking useless. Censoring fucking retard. As if they have any fucking taste.
Now I've taken out all the non-matching Alexa hits. Still no dice. Oh the fucking wisdom in enabling intellectual exchange by censoring trolls and spammers. Oh you've really done the community a fucking service by making it possible for us to edit our posts 12 times so we can have a truly enlightened exchange. You back-assed Michigan Nazi fuck.
Took out the search path, no help, still too many "junk" characters. Too many junk-addicted assholes running this fucking site. I've now actually taken out the find and grep command I used to perform the searches, since I guess that's not informative. Let's see if that works. Nope. Colon off the end of the first sentence... Nope. I removed the path info for the files matching the netscape site... no help.
This is the stupidest shit I have ever seen. I just took out all the matches for info.netscape.com and I'm still triggering the lameness filter. Finally, I removed the Alexa results as well and now the post passes the lameness filter.
So, basically I can't provide a post with any information in it if I want it to appear on the site.
Bye, slashdot, and CmdrTaco -- one last FUCK YOU to you. Shithead.
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
First off, Microsoft does the same thing. The only difference is that their automatic search goes to Microsoft and they log there rather than having to do the more obvious redirect.
Second off, this is only if you use the search button. If you go to google.com and type in your search then Netscape/AOL gets no information.
Now, let's imagine if they got all the information from you. A unique ID string and all your search queries. They compile this data on your for an entire year. Great. Now, what the hell do they do with it? The only possible use for this would be to detect your string, cross-reference and munge all of this data, and present you with a slightly more targeted pop-up ad.
Well, guess what, another company already tried this. Remember them? They were called DoubleClick. In that case they had hundreds of web sites helping them to gather all of this information about browsers and what did they do with it? They couldn't turn a profit, they couldn't even target ads very well (if at all).
Think about it people. Yeah, it stinks that they're gathering this information. Yeah, they should be more forthcoming about what happens when you hit that Search button. Sure you can go an boycott them and add this to the '1 bazillion + 1 reasons that AOL is evil' list, but in the end, what does this get them?
Nada.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
I just installed Netscape 6.2.1 on a computer the other day. On the first startup, it asks for your Netscape.com user info, and offers to sign you up if you don't have any. You can just click cancel or decline (forget exactly), then it'll give you an "Are you sure?" type thing, and you answer that and that's the last you'll hear of it.
Well, I just did packet traces, and the results are troubling.
It's for real. No error reporting, no background windows. Search with the button, info goes to Netscape. Search without it, and you don't see the spyware traffic. But it gets worse.
I haven't tested this with the Linux version of Mozilla, so this might be a weird code overlap issue, but Win32 Mozilla build 2002030403 does the same thing.
one, the information they collect is not personally identifiable. Did you sign-in to use the browser. No. Then how do they know who you are. (and don't say IP address). two, if you're netscape, how do you bill those people that are getting placement in the browser, like a google, goto, just put them in for free? Do you really think that Netscape wants to rely on google logs and let them tell netscape how much they really should be paying? Right... three, it's not like you can't go to mycroft.mozdev.org and configure a sherlock plug-in without the Netscape redirects in there... four, what the hell are they going to do with search information on an individual basis? Not a damn thing. Can you imagine the size of the logs and the data warehouse that this needs for them to truly track your every move. The only entity that can do this is the gov't. Even AOL can't afford to do this. give it up. You guys make no sense. Oh, and far as the cookie comment...Netscape created cookies to establish a means to provide saving information for cross-sessions not for advertising.
I use a Meta-Engine Program on Windows called Copernic to do 99% of my searchs. I don't do my searches through a browser. Copernic 2001 Basic for windows is free. I basically does the same thing as goggle but it allows you to select the engines you go to (including google), how many results to return from each search engine and how many results in total. You can also choose how you sort the data. There are a lot more options if you buy!
At the next eco-hypocrisy-meeting, count the private jets used to get to the meeting. Should be interesting to see that
So i was curious about what was actually being sent to AOL when one did a google search from the netscape bar. Here's the HTTP request: /fwd/lksidus_gg/http://www.google.com/search?q=tes tpriv9&sourceid=mozilla-search HTTP/1.1
GET
Host: info.netscape.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
Accept-Language: en-us
Accept-Encoding: gzip,deflate,compress,identity
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
There's also the usual data stuffed in the TCPIP header, such as IP address. There are some additional g'day requests to info.netscape.com which might contain unique ID information and would also be matched to TCPIP header info, but if there are any explicit UIDs in this packet i must be missing em.
The developers probably had a good reason for setting things up this way: If the URL for a search engine changed, they could always update their fwd script and prevent users from going to a broken page. Unfortunately, this means data gets sent to a site other than that intended by the user. A much better way of doing this would be for the client to check for updates to the search URLs and store them locally.
Just some thoughts.
JS - IBM Metaverse devteam
The opinions expressed here are mine & not necessarily representative of IBM
Not only that, but IE's 'looking at content' thing that you describe is actually rather handy for tricking pages that don't allow offsite linking (Geocities for instance) into letting you do so.
As for all the insecure ActiveX stuff, I'd rather have 99.9% of pages work / look exactly as they were designed to (including all the diabolical ActiveX stuff that could kill my PC were I so foolish as to follow random links from ICQ messages) than have some degree of childminding from a more secure browser that doesn't look like Joe Webmaster designed it to look.
(Having said that, it's decided today that it can't auto-detect page encoding. This browser window is using Chinese Traditional at the moment. Gah.)
- Chris
He never said that it was an innovation of Windows. You did.
Which is exactly why I didn't say he did. I wasn't aware of the searches abck in Netscape 4 though. Thanks for the info.
No, simply having the source does not ensure that the product is any better unless you can read the source. However, if the opensource project takes on the dimensions that Apache, MySQL, or mozilla do--you almost be sure that someone will catch on that "freeing up disk space" = rm -rf /.
THAT is one of the "securities" behind using opensource. You get an entire community as QA for the software you're using.
Compliling Windows XP from source will not make it any more stable or secure, but releasing it to the opensource community to work on would. Bug patches would come out, stability would be increased, security would be made a priority, and "bumpy" areas would be ironed out. (and hopefully the default style would be replaced by something less repulsive.)
-Sara
Exactly! I thank God for shortcuts like:
gg:privacy
or ggg:privacy netscape (deja search)
I've even added my own--sl: for slashdot:)
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
You run ./configure as root??? BAD Linux user. I have NO need to go into root except doing a make install or sysadmin functions..thats IT! (Oh..and nmap too :)
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
>
> Can I sell it for $.35? 5.35? I'm just curious. Perhaps I could put that in Ebay.
Depends on what happens to Mount Washington, doesn't it?
What would you pay for a list of all "WTC evacuation shortest route" queries dated September 10th?
Not in Netscape, you can't.
/. OSS supporting company A does something that is terrible. Huge security hole, gathering of data, etc. It is brought up and defended here.
Netscape is a comercial product. Mozilla is not, but that's not what we're talking about.
The hypocracy here is that people are saying "oh, it's Netscape, so I'll believe whatever they tell me and think it's ok."
Let's face it, if IE sent information about your searches back to Microsoft, you would have a screaming fit. Even if there was an option to turn that off, you would still be cry foul.
I have seen this many times on
If Microsoft does it, all hell is raised.
The PR release for both can be the same, basically saying "look, we're not actually doing anything with this information. it goes to our servers, sits there and is eventually used to get a general profile of our users without any specific information being applied to anyone." If OSS supporting company does, that's fine. Microsoft does it, it's a lie and a furthering of their monopolistic strategies.
I'm not defending Microsoft. All I'm doing is pointing out the double standard of many here.
"All the things I really like to do are either immoral, illegal, or fattening."
- Alexandar Woolcot
"They invented cookies so that advertisers could track readers "
Cookies primary use is to keep state information. Many legitimate sites use cookies, and most could care less about tracking you.
While its true cookies can be used to track user habits (and this is a stretch), modern browsers make this much more difficult. For example, for at least 2 versions IE hasn't allowed URL or javascript requests for out-of-domain requests.
In fact IE6 even eliminates this problem for the most part through its use of rejecting cookies that don't come from the primary URL the user is viewing.
There are a lot of threats to privacy. Cookies aren't the worst offender by a long shot.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
I'm then free to stop using it.
I agree that Google can (and probably does, and should) log search query requests. I decided that Google's history of not caving in to the interests of intrusive advertisers, plus their action in resurrecting the Deja archives, etc. etc. have made them worthy of my trust.
I've also decided that AOL/TW's actions do not meet my standards for trustworthiness. If I'm going to use a Mozilla derivative, it'll be Mozilla instead of Netscape.
(The reasoning is even similar -- I trust the Mozilla developers' code more than I trust the Netscape developers' code. Netscape is Mozilla with stuff I neither want nor need. And before someone mentions IE, I don't trust their developers at all ;-)
The only thing SPAMers invented was spam and new techiques to spam.
"The only thing advertisers invented was new techniques to advertise."
And the point you fell so short of making is?
satire, n: 1) witty language used to convey insults or scorn; 2) a form of humor lost on most slashdot moderators.
Cookies were not invented to so that advertisers could track users. They were invented to give the web a semblance of statefulness.
fucking reactionary privacy zelot.
b
When I use IE on a really slow network connection, when you put the URL into the 'Search' bar on IE -- it contacts somewhere -- Microsoft I guess -- to "search" for the URL you just put in.
has no one else seen this?
Well, no. Cookies are commonly used to track you -- but only within a single domain. And who cares, really? This data is used by companies and designers to tell what areas of the site attract the most attention and to create patterns of usage. This data is then used by good web crews to streamline the process, eliminate confusing links and add new features based on what you want.
Sure, we can mine some of this data from the logs, but using cookies has the offshoot of opting out of our tracking: turn off your damn cookies.
Hey freaks: now you're ju
I don't believe you were involved in the development of the Web at the time. I was.
All Netscape cared about was pushing as many features into the browser that they could to support their corporate customers business plans. Protecting privacy was not a consideration.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Wow. Comparing Microsoft to a rapist. Let me guess: you're a guy, and you probably don't even *know* any women.
Am I right?
I *knew* it!
Here's a tip: If you want to make clever analogies, avoid glib references to crimes of sexual violence that destroy lives. Half the population will appreciate your effort.
And maybe chicks will finally talk to you.
Java is the blue pill
Choose the red pill
That sent them a list of any files you were downloading? ... It shouldn't surprise anyone that Alexa is involved in this. Alexa was the same company that put out a combo web browser buddy + stock market valuator. (At the risk of a lawsuit) This gave them the ability to not only track where users surfed to, but also monitor those who used the features stock portfolios to see which way the sheep were herding. (If you can't see how information like this can be used for fun and profit you just aren't dark enough yet). They even got the nice people at CNET to plug it for them.
:)
On another note: You can block some of this activity out by going to the host(s) file and making your own entry.
127.0.0.1 alexa.com
or
0.0.0.0 flashpoint.com
...Just insert your target there and it will bounce back to local host. If you run a webserver you may want to put something else in that box. I'm not sure how to do it for products that field their query by IP and not names. Maybe you have to run your own DNS/NAT to get prevent those from getting access?
This also isn't the only way companies spy on you. Akamai/Lycos have a clever way of doing it with both referrer headers http://lycos.com/url?=realurl. Plus they own such a large portion of the network that they can get their cookies to work on any part of it. Go to say: http://www.wired.com and watch how many connections it makes to your computer, and watch the url handling in the right hand corner...
All this reminds me of the @ and %40 tricks that were used by porno spammers in IRC in the olden days.
Freedom is merely privilege extended unless enjoyed by one and all.
I think I've got an entry for Junkbuster's re_filterfile that will strip the info.netscape.com stuff and just take you directly to google's search results:
i g
s/'http://info.netscape.com/fwd/lksidus_gg/'///
Just remember to restart junkbuster.
Don't know what Junkbuster is? See junkbuster.com
Competition Good, Monopoly Bad.
I wonder if there could be some way to represent the information in the article to users. The EULA would be the ideal place to put this, in the true sense of the word. Where 'ideal' meant 'never reflected in reality'. People wouldn't read it.
The point is, people aren't even really given the opportunity to find out about this. Only the technically-minded have found out about it, and only they will do something to address the situation. Shouldn't AOL/Netscape tell you what they are doing?
========================================
Death will come, and will have your eyes
-- Pavese
If netscape needs information to sell/share to it's partners so it can get more revenue and keep producing great products, that's fine. You don't have to use their browser. A more interesting question is that did you agree to it in the EULA?
I'm glad you asked that question. No, he did not.
I happen to maintain an archive of licence agreements for common proprietary Linux software, including the one for Netscape 6.1. It includes a clause that the "he Product may automatically send information relating to the download and install process to Netscape", but nothing about post-installation spying.
Rick Moen
rick@linuxmafia.com
It's not a gnome. It's a crossdressed troll.
I can remember the days when logging someone's IP address was *never* used as a means of determining unique individuals because people who wrote this software actually understood how computers actually worked, and thus understood that one computer is not the same thing as one user. I used to run Netscape off of a server onto X-terminal
software, along with several office-mates at the same time. It used to work just fine, until sites started assuming one IP == one user, and got their cookies horribly confused when we'd both hit the same site. I remember once getting the shopping cart for someone else popping up on my screen at a computer parts seller website - sure enough it thought I was him because we had the same IP.
We would also have problems trying to reply to online surveys, which would falsely accuse us of being one person trying to double-vote.
But now that most people browse via Windows sites have started assuming that it's just plain impossible for two different people to have the same IP address.
Again, as always, I blame Microsoft for dumbing-down the computer industry and removing functionality by making their crippled system the only standard people have to bother supporting.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
The icon for this story seems eerily appropriate.
I did the search for Crosssdressing Monkey Porno but there was no way that I was going to hit the I'm Feeling Lucky button!
Way to invoke Godwin's Law there, sport.
Corporations have had the ability to spy on us for years. My auto insurance company knows everything about my driving history. My health insurance company knows everything about my medical history. My bank knows the date, time, and place of every purchase I've ever made and every dollar I've ever withdrawn from my account. Do I give a flying fuck if AOL knows that, on Sunday, March 10th, I typed in "large-breasted women" into my Search box? Hey, did you know that anyone sitting in a NOC anywhere along the route from my computer to www.google.com's CIDR block can do the same thing?
Why do you morons only trust certain companies??? Put your money where your mouth is; hide it under your mattress. Drive without a license or insurance. Never go to a doctor. People can and will collect information about you, with and without your knowledge. What are you going to do about it? Sit here on slashdot and preach to the choir?
Put up, shut up, or do something about it.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
But IE4 and later sometimes *do* send info back to a M$ server. This was documented and the info posted to alt.privacy.spyware about a year ago (can't find the article offhand, but others reproduced the finding). Seems if IE4+ hits a webpage containing a certain CLSID string, it relays your current location (and I forget what all else) to a server that proved part of the M$-owned IP block. No one knew what this is supposed to accomplish, tho it sounds like some sort of market-tracking.
Tho I agree there is too much kneejerk "M$ is evil!" reaction around here. Like every company, they do good things and bad things, each often defined solely by one's point of view.
Being a neanderthal, I still use NS3.04 by *preference*. And I dearly wish for a NS3 interface and menu structure that could be skinned or otherwise applied to NS6.x or Mozilla 6.x. I don't use IE mainly because I can't stand how it operates, not because of any evil habits it may have.
~REZ~ #43301. Who'd fake being me anyway?
http://rl.netscape.com/wtgn?www.yahoo.com
(Note that the XML won't display in all browsers.)
How do I know? Easy...I run rl.netscape.com.
-BK
Chemical Blog
Since Netscape's own search seems to be taking about 1.75 seconds tonight, this extra delay makes Google look slower than Netscape, when it's actually faster.
Try it yourself. Search Google from the Netscape toolbar, then from the Google site.
Open your HOSTS file (found in C:\WINDOWS for 9x or C:\WINT\SYSTEM32\DRIVERS\ETC for NT\2k) and add the following line:
127.0.0.0 info.netscape.com
That will prevent any information from going to or from that server. Since it's only function appears to be to receive spy data, problem solved.
"Da ist ein Technölüst in mein Unterpanten!"