Netscape 6 is Spyware?

spoon00 writes: "AOL is collecting information on what Netscape 6 users are searching for on sites like google.com. IP address, the date Netscape was installed and a unique ID number are other bits of information AOL is also collecting."

Now it's time..

[dimer0]

Now it's time to skew their numbers, .. I think I'm going to have to do about 14million automated searches for "CROSSDRESSING MONKEY PORNO" using their search bar..

Re:Now it's time..

[prizzznecious]

Considering that your IP is included in that info-bundle they get, you should expect to see some very exotic targeted advertising if you embark on that campaign.

Re:Now it's time..

[smoondog]

Here's the link for that:

Google Search: Crossdressing Monkey Porno

Just doing my part. (I think its funny how google suggests that I meant porn. Anyway,
shouldn't that be pr0n?)

-Sean

Easy Solution

[BurritoWarrior]

Don't use it. Uninstall NS6 and use Mozilla instead. Same browser - without the unnecessary extra crud AOL bundles into it anyhow.

Re:Easy Solution

[Metrol]

Don't use it. Uninstall NS6 and use Mozilla instead.

By chance would you happen to have the "Related Sites" tab enabled (as is by default) in your installation of Mozilla? Don't care if you've ever used the side bar or not, as it doesn't matter.

Even Moz sends back some kind of information Alexa. Came to discover this one day using my laptop off-line on a web site I had running locally. Couldn't figure out why I kept getting these intermittent "Can't connect to network" messages. Had me going nuts, thinking there was some glitch with my site code.

I haven't a clue what kind of information Alexa is having sent to them. I do know that if you turn that tab off, Moz stops feeding information that way.

Re:Easy Solution

[DeadMeat+(TM)]

That's a good idea for most /. readers, but Mozilla isn't really an end-user product; it lacks some of the polish of commerical browsers. Also Netscape 6.x has the advantage that, after branching, the Netscape team beats some of the bugs out of it. I personally use Mozilla, but when I "evangelize" a Windows browser, it's Netscape 6.2.1.

That said, the "spyware" here is really annoying, but it's disabled easily enough. Open prefs.js and change pref("browser.tracking.enabled", true); to false, and you're done.

A better way to go if you do this a lot is to use the Netscape CCK to make your own CD without all the AOL crap included. The CCK won't let you edit this pref directly, but unzip browser.xpi and look for this line in all-ns.js. You can also make some interesting changes in the .js files in bin/defaults/pref -- like turning off all those AOL "partner" buttons by default and disabling the activation procedure.

Re:Easy Solution

[Keith+Russell]

Preferences only allows you to ban domains from What's Related. To remove the tab entirely, open your sidebar, click the Tabs dropdown, then select Customize Sidebar.... If What's Related is in the Tabs in Sidebar list, remove it.

Very old news.

[Doktor+Memory]

Netscape's internal search components have been collecting information (to be processed by Alexa) since the late 4.x versions.

Doesn't XP/IE 6 Do The SameThing?

[Tesser]

According to IE 6/XP's "Search Companion", this feature "provides task suggestions and automatically sends your search to other search engines."

How does this occur if it doesn't transmit the information to Microsoft as well?

Sure, if I add a search engine into the preferences, I can type "google keyword" all I want to go directly to Google. I suspect, though, that if I rely on the "features" that Microsoft provides, they have access to exactly the same information-- regardless of what the article might claim.

Re:Doesn't XP/IE 6 Do The SameThing?

[Krelnik]

Yes, the article got this wrong. IE does the exact same thing if you use what they call "Auto Search".

In IE 5.5 or 6.0, if you click the SEARCH button, then click CUSTOMIZE in the panel that appears, you can choose which engine that IE uses to search for you. If you then click AUTOSEARCH SETTINGS you can set a default search engine.

Once this is done, you can type search terms in the URL box, and if they can't be somehow interpreted as a hostname or domain name, they get routed to your favorite search engine.

But not directly! They go through the host auto.search.msn.com. You can see this quite easily even if you don't have a sniffer. Simply edit your HOSTS file under Windows to redirect the name auto.search.msn.com to some other address, like the loopback address (127.0.0.1). Once you do this, your auto-searches will start failing with 404's, and you will see the URL they use to do the redirection.

I've wondered for a long time what Microsoft does with this data. Fortunately, if you are willing to do a little registry hacking and a tiny bit of extra typing, you CAN avoid this in IE. You can create keywords like "google" that you type first in the URL box, before your search term, and these are redirected from your chosen registry setting to the search engine. These do NOT redirect through MSN so Microsoft can't spy on you. Instead of typing just the "my search term" in the URL box, you type "g my search term" and it goes right to google (or whatever).

This latter ability has existed since IE 3.0, but in current versions of IE it has NOTHING configured in it by default. However, if you download this free tool from Microsoft, it adds a way to configure them. Why is this hidden off as a free download instead of included with IE? Dunno, but feel free to insert your favorite conspiracy theory here.

I overreact as much as the next guy...

[quinto2000]

but the article is pretty clear that the data are anonymized and for billing purposes only. Microsoft might not need to collect data on how often their users use affiliated search engines, but Netscape isn't in a position where they are free to lose money.

Netscape needs to collect information about the frequency of searches in order to bill the search engines correctly. The very fact that it only occurs in the "Search bar" shows that they are very likely to be telling the truth. It wouldn't be hard to log much much more data than they apparently do.

The commment about the ip address was misleading as well. Any time that information is sent to my computer, I can log the IP address. It doesn't mean that I am going to be doing anything with it.

Re:I overreact as much as the next guy...

[sjames]

Netscape needs to collect information about the frequency of searches in order to bill the search engines correctly.

If all they need is aggregate information, why is there a unique id number and date of installation? Why not have it send a packet saying for example "google search" and then send the search itself directly to google?

Any data mining a product does on user

[Vicegrip]

behavior and information is something a product should clearly and regularly identify it is doing to the customer. Customers are generally willing to cooperate when they perceive there is value to the free product/service they are getting-- but only if they understand exactly what is being recorded, when, and how.

Having to worry about software doing stuff behind your back without informing you is exactly the reason why I go to great lengths to avoid using Windows Media and why I don't use a number of current gnutella clients.

Sloppy Journalism

[guttentag]

From the article:

According to a network traffic analysis performed by Newsbytes, Netscape is capturing Navigator 6 users' search terms, along with their Internet protocol (IP) address, the date Navigator was installed and a unique identification number.

This should be easy for AOL to deny, since there is no product called Navigator 6. It's simply called "Netscape 6" now. You could argue that this is a minor detail the reporter screwed up, but I think you have to question the reporter's understanding of a subject if he doesn't know the name of the product he's writing about.

In journalism schools, getting a name wrong earns you an automatic failure. Apparently Newsbytes doesn't hold its reporters to such a high standard.

Re:And the #1 search term intercepted by AOL?

[TheMatt]

I was going to say: "uninstalling Netscape".

Maybe that will be today's!

Re:any surprise?

[Zeinfeld]

Really once aol took over is this any real surprise?

I hope so because that is what any privacy suit would turn on. Does the user expect AOL to intercept searches and log the results?

The Windows XP 'powertool' has a very useful feature that allows you to enter a shortcut for a search engine. So if I type 'g privacy' it sends off a search to Google for 'privacy'.

I just hope that the Slashdot community will have the guts to go after AOL for this in the same way they would Microsoft. As it is I suspect the response will be a bit like the response in Congress to administration stonewalling or the like. Outrage at the actions if it is the other party, appologism if it is their own party, or even outrage that people would even complain.

Netscape has never been pro-privacy. They invented cookies so that advertisers could track readers and now they are tracking them directly themselves.

Re:For God's sake

[Tackhead]

> And you're bitching about AOL collecting some lousy anonymized demographics???

With the unique identifier, and having every search query you ever enter pass through a netscape.com redirector, yeah, he's got a right to bitch.

What's anonymous about this? It's one cookie (from a bank, or a broker, or some other site to which he's given real data) and one SQL join away from having his entire search history linked to him.

A redirector is transparently intercepting and logging the user's search queries.

Whether it's www.netscape.com, www.fbi.gov, or www.doubleclick.net doing the intercept and redirect isn't the point. My search queries are transactions between me and Google. I can log 'em. Google can log 'em. They're nobody else's fsckin' business.

Don't be stupid

[Hrothgar+The+Great]

While this argument does tend to be extremely one-sided at times on good ol' Slashdot, your implication that it should be a non-issue to people is preposterous.

What you're basically saying is that AOL can do anything it wants with their browser, and anyone who thinks otherwise should either

A. Stuff it
B. Write a browser

While just about anyone could choose (A), I believe you have greatly overestimated/exaggerated the amount of people who are capable of (B). Perhaps there are quite a few on Slashdot; certainly there would be a greater concentration of such people here than in the average American suburb; however, reacting to every argument over the ethics of data gathering in application software with "WRITE IT YUORSLEF!!!!!" might not be the most intelligent way to join the discussion. No one is going to listen to you in a debate if you act as if there is no debate and your point is totally obvious. Not everyone can write a browser; and most people are just going to use what's on their computer when they buy it. Arguing that spying on people who don't know any better and have no way to protect themselves *might* just be a little shady certainly is valid and does not warrant your instant dismissal.

Re:Simple solution

[photon317]

Real men use vi.

What's in that query bar packet?

[jscribner]

So i was curious about what was actually being sent to AOL when one did a google search from the netscape bar. Here's the HTTP request:
GET /fwd/lksidus_gg/http://www.google.com/search?q=tes tpriv9&sourceid=mozilla-search HTTP/1.1
Host: info.netscape.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
Accept-Language: en-us
Accept-Encoding: gzip,deflate,compress,identity
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive

There's also the usual data stuffed in the TCPIP header, such as IP address. There are some additional g'day requests to info.netscape.com which might contain unique ID information and would also be matched to TCPIP header info, but if there are any explicit UIDs in this packet i must be missing em.

The developers probably had a good reason for setting things up this way: If the URL for a search engine changed, they could always update their fwd script and prevent users from going to a broken page. Unfortunately, this means data gets sent to a site other than that intended by the user. A much better way of doing this would be for the client to check for updates to the search URLs and store them locally.

Just some thoughts.

Re:mozilla source search

[Fweeky]

> What follows is my commentary as I tried to get this post under the lameness filter -- resulting in the useless shit post you see above.

Ugh, yeah, the lameness filter truely is the most evil bit of code Mr Taco ever made/approved. Probably.

At the very least it should be turned off (or tuned down significantly) for users with lots of karma; if I get to post at +2 I think it's also reasonable to expect I'm not going to post ASCII penis birds etc.

A few weeks ago I wrote a nice little comment that was mostly a list of points; obviously liking to get proper formatting I threw in the required HTML and was instantly hit by the lameness filter, basically making the HTML formatted mode entirely useless.

And yes, I admit, my train of thought wasn't entirely different from yours :)

(said HTML mode also removes a lot of useful HTML I like to use; titles for links in order to describe what I'm linking to better, <abbr> and <acronym> which are nice when using a lot of TLA's and ETLA's, <small> which is useful for notes and something I might even have used for this piece of text, etc. Yet I'm allowed to use elements like <div> that have pretty much zero use? Blegh)

Changing face of computing

[DunbarTheInept]

I can remember the days when logging someone's IP address was *never* used as a means of determining unique individuals because people who wrote this software actually understood how computers actually worked, and thus understood that one computer is not the same thing as one user. I used to run Netscape off of a server onto X-terminal
software, along with several office-mates at the same time. It used to work just fine, until sites started assuming one IP == one user, and got their cookies horribly confused when we'd both hit the same site. I remember once getting the shopping cart for someone else popping up on my screen at a computer parts seller website - sure enough it thought I was him because we had the same IP.
We would also have problems trying to reply to online surveys, which would falsely accuse us of being one person trying to double-vote.

But now that most people browse via Windows sites have started assuming that it's just plain impossible for two different people to have the same IP address.

Again, as always, I blame Microsoft for dumbing-down the computer industry and removing functionality by making their crippled system the only standard people have to bother supporting.