[8311] in bugtraq
Re: Netscape "What's Related"
daemon@ATHENA.MIT.EDU (Ramanathan Guha)
Tue Oct 27 14:48:16 1998
Date: Mon, 26 Oct 1998 15:06:40 -0800
Reply-To: Ramanathan Guha <guha@NETSCAPE.COM>
From: Ramanathan Guha <guha@NETSCAPE.COM>
X-To: "Flemming S. Johansen" <fsj@terma.com>
To: BUGTRAQ@NETSPACE.ORG
The default configuration on a fresh install or upgrade
is "After first use".
Really, Netscape cannot track what you are doing
if you never click on that button. And if you really
don't like that button, you can disable that feature
in which case even the button will disappear.
Guha
"Flemming S. Johansen" wrote:
> Starting with version 4.06, the Netscape browser has a new "What's
> Related?" button next to the Location: field. After having tried it
> in the new 4.5, I am more than a little worried by the functionality
> behind it.
>
> Briefly, the user clicks on this button, and is presented with a
> list of sites which are hopefully related to the page currently
> on display, plus some ads for Netscape.
>
> As far as I have been able to deduce (helped by a packet sniffer), this
> works by opening a HTTP connection to www-rl.netscape.com and making a
> query modelled on this template: GET /wtgn?CurrentURL/ HTTP/1.0, where
> CurrentUrl is the URL of the page currently displayed. The server
> responds with a list of URLs it believe to be related. There are four
> modes for this function, settable through preferences->navigator->smart
> browsing:
>
> - "Always" The browser always downloads the list of 'related'
> URLS, beginning while the page in question is loading.
>
> - "Never" The browser starts downloading the list of 'related'
> URLS when the user clicks on the 'What's related?' button.
>
> - "After first use" Automatically fetches the URL list for
> a page if the user has ever clicked the button for that
> page.
>
> - Completely disabled.
>
> The default setting is "Always". So, the unsuspecting user who upgrades
> to the latest Netscape will automatically and unknowingly begin sending
> out a detailed log of pages viewed.
>
> Netscapes privacy statement notwithstanding, I don't like the fact that
> anyone is able to compile a list of every single web page I visit. I
> don't like the fact that someone with a sniffer anywhere on the path
> from here to netscape.com is able to do so either. And the company I
> work for is not too thrilled about the name of every single document on
> our internal, not-for-public-viewing web server leaking out on the Net,
> once our users begin installing this release on their PCs.
>
> I would like to control this "feature" globally for my LAN, but as far
> as I can see, there are only two ways of doing it: Fascist control of
> Netscape preferences settings on every PC on my LAN, or block
> www-rl.netscape.com in the firewall.
>
> --
> ----------------------------------------------------------------------
> Flemming S. Johansen
> fsj@terma.com
