Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Netscape The Internet

Netscape 6 is Spyware? 656

Posted by michael
from the green-dinosaur-now-more-threatening dept.
spoon00 writes: "AOL is collecting information on what Netscape 6 users are searching for on sites like google.com. IP address, the date Netscape was installed and a unique ID number are other bits of information AOL is also collecting."
This discussion has been archived. No new comments can be posted.

Netscape 6 is Spyware?

Comments Filter:
  • by Exantrius (43176)
    ...But this is a non-issue. According to the article it only affects those that type it into the search bar...

    ...Which I don't use because google is my homepage...
    /ex
    • by reaper20 (23396) on Friday March 08, 2002 @03:19PM (#3131995) Homepage
      True, but considering that a lot of people still think that Mozilla == Netscape, it still becomes a problem for Mozilla, granted it's only perception, but try explaining that to the "average" user.

    • by AlexDeGruven (565036) on Friday March 08, 2002 @03:22PM (#3132031) Homepage
      The problem with that is, it works exactly the way they want it to. The computer savvy people in the world know what they want to search for, and how to find the engine of their choice. What they're targeting are the inexperienced users who don't know any better. They are the ones that will actually use the Netscape search function, and not notice the fact that your information is being redirected to the parent company before it actually goes where you intended it.
      It falls under the same category as the Ameritech/SBC debacle here in MI. People who don't read all the way through their phone bill may not have noticed the "SBC/Ameritech intends to sell it's customer data to a 3rd party marketing firm, if you don't want your information to be included, be sure to call 800-xxx-xxxx to be removed from the list." in very fine print in an obscure section of the bill.
      Hardline marketing strikes again.
      • Not only will the unsuspecting "common" users not notice this, but they are also the only ones roped in by pop-under windows, gimmicky banner ads, spam, etc. AOL likely doesn't care upsetting the geeks because 1) We're in the minority, 2) We are mostly immune to the obnoxious advertising tactics described above*, and 3) The few friends we have don't listen to our rants anymore, anyway. :-) The scary part about this whole mess is that AOL has the ability to personally identify a user (even on a dynamic IP address) if a cookie is present, the user is logged into AIM, an AOL dialup account is being used, etc. Of course, we can't prove they do this, but can you think of any other reason to capture IP address along with the search terms?

        If they even cared to give the illusion of privacy, they would apply a hash function to the address. This would still allow the search terms from one "session" of searching to be associated with each other--the only valid use of the IP address I can conjure up. Of course, all they would have to do is apply the same hash to the IP address when you log in to any AOL-TW service, and they can match them, so it really is nothing more than an illusion, and we'd be back where we started.

        The lesson here, I think, is "Don't support companies that even attempt to compromise your privacy without explicit disclosure." It signifies dubious intent and even more dubious ethics.

        * My favorite Moz feature (other than tabbed browsing) has to be the option to disallow unrequested popup windows.

    • by Anonymous Coward
      Have you personally done an audit on the source to Mozilla? If not, how do you know it isn't doing the same thing?
      • One thing's for certain, somebody's going to now...

        The fact is that Mozilla is a prime example of pointless bloat. I have big problems with anything with a tarball that big; the spyware code could easily be hidden right under our noses in a module nobody ever looks at.

        That said, I still feel more secure with Mozilla than the commercial version; the Mozilla M logo is pretty ugly (I'd rather have the Communist T-Rex) but that's about the only complaint I have...

        /Brian
      • by vondo (303621) on Friday March 08, 2002 @04:23PM (#3132512)
        I asked on the mozilla newsgroups, someone did look at the code and saw nothing.

        Another person ran behind a firewall which asked about all connections. Netscape6 clearly went to an AOL address before connecting to Google. Mozilla went straight to Google.

        So while I personally haven't looked in the code, I'm pretty confident Mozilla is playing it straight on this one.
    • Yes, it is a non-issue, here's why:
      1. All http requests send your IP address, they are making normal functionality seem sinister.
      2. No evidence is given that AOL is collecting the information.
      3. The redirect of the search through AOL/Netscape is simply to verify that the search engine is correct. If google were to change their site, the search would still work. However, IE's search would break.

      Who wrote this article?

  • Big deal (Score:2, Informative)

    by cnkeller (181482)
    You're getting a product for free. If netscape needs information to sell/share to it's partners so it can get more revenue and keep producing great products, that's fine. You don't have to use their browser. A more interesting question is that did you agree to it in the EULA?
    • by Vicegrip (82853) on Friday March 08, 2002 @03:19PM (#3132008) Journal
      behavior and information is something a product should clearly and regularly identify it is doing to the customer. Customers are generally willing to cooperate when they perceive there is value to the free product/service they are getting-- but only if they understand exactly what is being recorded, when, and how.

      Having to worry about software doing stuff behind your back without informing you is exactly the reason why I go to great lengths to avoid using Windows Media and why I don't use a number of current gnutella clients.
    • Re:Big deal (Score:4, Insightful)

      by jilles (20976) on Friday March 08, 2002 @05:28PM (#3132892) Homepage
      In some countries there are laws against collecting data that can be related to individuals without the individuals permission. Also in most countries, upholding a "click to agree" license in court would be tricky at best.

      These two combined probably makes netscape's actions illegal in some countries. Why are people making a fuss about it? After all netscape's intentions are probably pretty harmless.

      However, there's no way of knowing for sure and would you really want your queries for porn of a very dubious nature logged by AOL? What if you're a chinese and you enter "falung gong" in the search field? In China that information about you is likely to get you some very special attention of the local authority.

      In short, privacy matters. You own your data and stealing it (i.e. taking it without your knowledge) violates your privacy since you are not in control of what is stored and who has access to it.

      Suppose you want to apply for a job at AOL (ok that's a bit extreme, I know) and the nice guy who does the interviews does a query on the netscape DB to see what kind of searches you've been doing and subsequently shows you the door. So, first they invade your privacy and then they use that information against you.

      This kind of scenario's is of course not very likely but Murphy's law tells us that if it can happen it will happen. Allowing companies to secretely log privacy sensitive data will at some point have negative consequences. All that data will just be sitting there waiting to be used by whomever has access to it. The data is valuable (that's why it's being collected) and customers of that data will want to use that data for whatever is in their interest.

      That's why you don't want any spyware on your computer.

      Now probably Netscape's intentions are pretty harmless. Probably netscape's programmers are just as clueless about privacy as most other computer users.
    • cnkeller wrote:

      If netscape needs information to sell/share to it's partners so it can get more revenue and keep producing great products, that's fine. You don't have to use their browser. A more interesting question is that did you agree to it in the EULA?

      I'm glad you asked that question. No, he did not.

      I happen to maintain an archive [linuxmafia.com] of licence agreements for common proprietary Linux software, including the one for Netscape 6.1. It includes a clause that the "he Product may automatically send information relating to the download and install process to Netscape", but nothing about post-installation spying.

      Rick Moen
      rick@linuxmafia.com

  • I mean how many people actually use NS6?

    Anytime a Navigator user performs a search by typing terms into the browser's URL bar and pressing the adjacent Search button, or by using the Search tab on the browser's My Sidebar feature

    And out of those that do, how many use the URL bar to search?

    Personally, I don't give a rip, 'cos I don't use NS and never will...
  • by dimer0 (461593) on Friday March 08, 2002 @03:12PM (#3131914)
    Now it's time to skew their numbers, .. I think I'm going to have to do about 14million automated searches for "CROSSDRESSING MONKEY PORNO" using their search bar..

  • Easy Solution (Score:5, Informative)

    by BurritoWarrior (90481) on Friday March 08, 2002 @03:12PM (#3131915)
    Don't use it. Uninstall NS6 and use Mozilla instead. Same browser - without the unnecessary extra crud AOL bundles into it anyhow.
    • Re:Easy Solution (Score:2, Insightful)

      by TheMatt (541854)
      Actually, a better browser, usually, since NS6 is often far behind the latest Mozilla. In fact, now that Mozilla Mail is so nice, there went the last vestige of Netscape on my XP box.

      Kinda sad, really. I can still remember laughing at MS because "mighty" Netscape was beating them -- especially be putting out a better product. Now, though, IE is tons better than the bloat that is NS6.
    • Re:Easy Solution (Score:5, Interesting)

      by Metrol (147060) on Friday March 08, 2002 @03:43PM (#3132221) Homepage
      Don't use it. Uninstall NS6 and use Mozilla instead.

      By chance would you happen to have the "Related Sites" tab enabled (as is by default) in your installation of Mozilla? Don't care if you've ever used the side bar or not, as it doesn't matter.

      Even Moz sends back some kind of information Alexa. Came to discover this one day using my laptop off-line on a web site I had running locally. Couldn't figure out why I kept getting these intermittent "Can't connect to network" messages. Had me going nuts, thinking there was some glitch with my site code.

      I haven't a clue what kind of information Alexa is having sent to them. I do know that if you turn that tab off, Moz stops feeding information that way.
    • Re:Easy Solution (Score:5, Informative)

      by DeadMeat (TM) (233768) on Friday March 08, 2002 @03:49PM (#3132265) Homepage
      That's a good idea for most /. readers, but Mozilla isn't really an end-user product; it lacks some of the polish of commerical browsers. Also Netscape 6.x has the advantage that, after branching, the Netscape team beats some of the bugs out of it. I personally use Mozilla, but when I "evangelize" a Windows browser, it's Netscape 6.2.1.

      That said, the "spyware" here is really annoying, but it's disabled easily enough. Open prefs.js and change pref("browser.tracking.enabled", true); to false, and you're done.

      A better way to go if you do this a lot is to use the Netscape CCK to make your own CD without all the AOL crap included. The CCK won't let you edit this pref directly, but unzip browser.xpi and look for this line in all-ns.js. You can also make some interesting changes in the .js files in bin/defaults/pref -- like turning off all those AOL "partner" buttons by default and disabling the activation procedure.

    • by Roundeye (16278) on Friday March 08, 2002 @04:44PM (#3132661) Homepage
      For those wondering whether this applies to Mozilla

      In xpfe components search datasets NetscapeSearch dot src there are 6 matches (see below).

      Looks to me like if you enable Netscape searches in Mozilla you get the same thing, but I don't see Mozilla reporting other searches to Netscape.

      As far as Alexa goes, since I see people asking about that too (results removed due to lameness filter), there is only one match of relevance, in the xpfe components related resources related-paned (dot) js file (see below).

      So, it looks like the "What's Related" panel is the only place where Alexa gets info from the browser.

      I had posted a find and grep command which showed 6 hits for the Netscape info information, and 5 hits for Alexa information in the Mozilla 0.9.8 source tree. Informative, terse, useful (IMHO). What follows is my commentary as I tried to get this post under the lameness filter -- resulting in the useless shit post you see above.

      Now evidently the last part of this triggered the wondrous lameness filter, so I'd like to say a few things here in hopes of getting this post past: first of all CmdrTaco is a fucking moron. Second what is the deal (and yes, I clearly have the source) with Mozilla's textarea entry widget? This thing is a nightmare to use. Don't even pretend to try to cut-and-paste into this thing if you want to produce readable results.

      That doesn't appear to be sufficient so I've removed the lines from the Alexa grep which just provide a copyright notice. CmdrTaco is a fucking mongoloid retard. Still no dice. Fucktard. Lamer fucking idiot. Fuck you and your monolithic Perl script.

      Ok. Gone are the info search lines which are in the layout bug tests (and not part of searching). Here's hoping. Nope, no dice. God I wish I were as fucking 1337 as CmdrTaco. I bet I'd get my ass slammed by homeless guys every fucking weekend. This site has become a shithole. How fucking useless. Censoring fucking retard. As if they have any fucking taste.

      Now I've taken out all the non-matching Alexa hits. Still no dice. Oh the fucking wisdom in enabling intellectual exchange by censoring trolls and spammers. Oh you've really done the community a fucking service by making it possible for us to edit our posts 12 times so we can have a truly enlightened exchange. You back-assed Michigan Nazi fuck.

      Took out the search path, no help, still too many "junk" characters. Too many junk-addicted assholes running this fucking site. I've now actually taken out the find and grep command I used to perform the searches, since I guess that's not informative. Let's see if that works. Nope. Colon off the end of the first sentence... Nope. I removed the path info for the files matching the netscape site... no help.

      This is the stupidest shit I have ever seen. I just took out all the matches for info.netscape.com and I'm still triggering the lameness filter. Finally, I removed the Alexa results as well and now the post passes the lameness filter.

      So, basically I can't provide a post with any information in it if I want it to appear on the site.

      Bye, slashdot, and CmdrTaco -- one last FUCK YOU to you. Shithead.

      • by Fweeky (41046) on Friday March 08, 2002 @06:23PM (#3133133) Homepage
        > What follows is my commentary as I tried to get this post under the lameness filter -- resulting in the useless shit post you see above.

        Ugh, yeah, the lameness filter truely is the most evil bit of code Mr Taco ever made/approved. Probably.

        At the very least it should be turned off (or tuned down significantly) for users with lots of karma; if I get to post at +2 I think it's also reasonable to expect I'm not going to post ASCII penis birds etc.

        A few weeks ago I wrote a nice little comment that was mostly a list of points; obviously liking to get proper formatting I threw in the required HTML and was instantly hit by the lameness filter, basically making the HTML formatted mode entirely useless.

        And yes, I admit, my train of thought wasn't entirely different from yours :)

        (said HTML mode also removes a lot of useful HTML I like to use; titles for links in order to describe what I'm linking to better, <abbr> and <acronym> which are nice when using a lot of TLA's and ETLA's, <small> which is useful for notes and something I might even have used for this piece of text, etc. Yet I'm allowed to use elements like <div> that have pretty much zero use? Blegh)
  • For God's sake (Score:2, Insightful)

    by Anonymous Coward
    Netscape gives you the browser for free.

    Netscape pays dozens of engineers to keep improving the browser and gives you the source code. (You can count on one hand the number of Mozilla developers who don't get an AOL paycheck).

    And you're bitching about AOL collecting some lousy anonymized demographics???

    If you don't like it, write your own damn browser. And stop making companies that contribute to the Open Source movement feel like they're wasting their time.
    • Re:For God's sake (Score:5, Insightful)

      by Tackhead (54550) on Friday March 08, 2002 @03:40PM (#3132200)
      > And you're bitching about AOL collecting some lousy anonymized demographics???

      With the unique identifier, and having every search query you ever enter pass through a netscape.com redirector, yeah, he's got a right to bitch.

      What's anonymous about this? It's one cookie (from a bank, or a broker, or some other site to which he's given real data) and one SQL join away from having his entire search history linked to him.

      A redirector is transparently intercepting and logging the user's search queries.

      Whether it's www.netscape.com, www.fbi.gov, or www.doubleclick.net doing the intercept and redirect isn't the point. My search queries are transactions between me and Google. I can log 'em. Google can log 'em. They're nobody else's fsckin' business.

    • Don't be stupid (Score:5, Insightful)

      by Hrothgar The Great (36761) on Friday March 08, 2002 @03:47PM (#3132255) Journal
      While this argument does tend to be extremely one-sided at times on good ol' Slashdot, your implication that it should be a non-issue to people is preposterous.

      What you're basically saying is that AOL can do anything it wants with their browser, and anyone who thinks otherwise should either

      A. Stuff it
      B. Write a browser

      While just about anyone could choose (A), I believe you have greatly overestimated/exaggerated the amount of people who are capable of (B). Perhaps there are quite a few on Slashdot; certainly there would be a greater concentration of such people here than in the average American suburb; however, reacting to every argument over the ethics of data gathering in application software with "WRITE IT YUORSLEF!!!!!" might not be the most intelligent way to join the discussion. No one is going to listen to you in a debate if you act as if there is no debate and your point is totally obvious. Not everyone can write a browser; and most people are just going to use what's on their computer when they buy it. Arguing that spying on people who don't know any better and have no way to protect themselves *might* just be a little shady certainly is valid and does not warrant your instant dismissal.
  • by CitznFish (222446) on Friday March 08, 2002 @03:12PM (#3131917) Homepage Journal
    When will we all finally be so fed up at the consistent invasions of our privacy by media moguls like Real networks, AOL, Netscape (yeah one and the ame..)? We neeed to contact our legislators and demand these practices stop. Maybe if anonymous data was gathered, but to tie it with an IP address really goes beyond any justifiable data collection.
  • Letters of Protest! (Score:2, Interesting)

    by gspeare (470147)
    This is ridiculous...how can they have set this up without knowing that a) it would be discovered and b) it was thoroughly and completely Orwellian?

    I think that we should all write letters of protest...into the Google search field. :)
  • Very old news. (Score:5, Insightful)

    by Doktor Memory (237313) on Friday March 08, 2002 @03:12PM (#3131924) Journal
    Netscape's internal search components have been collecting information (to be processed by Alexa [alexa.com]) since the late 4.x versions.

    • Re:Very old news. (Score:3, Informative)

      by Metrol (147060)
      Wish I saw this post prior to mine on an earlier thread. Mozilla is still doing this very same thing by default. At least with Moz you can turn it off though.

      Thing is, how many folks realize this is even happening? Whatever is being sent it's subtle, even for a dial-up connection.
    • Re:Very old news. (Score:3, Insightful)

      by HiThere (15173)
      It's only old news if you've already heard it. I hadn't.
      .
  • This sure makes me glad that MS products never "phone home". E.T.^H^H^H^H N.N. phone home.
  • Worth noting from the article:
    "Navigator users can avoid having Netscape log their searches by directly accessing a third-party search engine by typing its address into the browser rather than using the Search button or Sidebar."

    Of course, this doesn't change the privacy issue.

  • by Tesser (177743) on Friday March 08, 2002 @03:13PM (#3131938) Homepage
    According to IE 6/XP's "Search Companion", this feature "provides task suggestions and automatically sends your search to other search engines."

    How does this occur if it doesn't transmit the information to Microsoft as well?

    Sure, if I add a search engine into the preferences, I can type "google keyword" all I want to go directly to Google. I suspect, though, that if I rely on the "features" that Microsoft provides, they have access to exactly the same information-- regardless of what the article might claim.
    • Yes, the article got this wrong. IE does the exact same thing if you use what they call "Auto Search".

      In IE 5.5 or 6.0, if you click the SEARCH button, then click CUSTOMIZE in the panel that appears, you can choose which engine that IE uses to search for you. If you then click AUTOSEARCH SETTINGS you can set a default search engine.

      Once this is done, you can type search terms in the URL box, and if they can't be somehow interpreted as a hostname or domain name, they get routed to your favorite search engine.

      But not directly! They go through the host auto.search.msn.com. You can see this quite easily even if you don't have a sniffer. Simply edit your HOSTS file under Windows to redirect the name auto.search.msn.com to some other address, like the loopback address (127.0.0.1). Once you do this, your auto-searches will start failing with 404's, and you will see the URL they use to do the redirection.

      I've wondered for a long time what Microsoft does with this data. Fortunately, if you are willing to do a little registry hacking and a tiny bit of extra typing, you CAN avoid this in IE. You can create keywords like "google" that you type first in the URL box, before your search term, and these are redirected from your chosen registry setting to the search engine. These do NOT redirect through MSN so Microsoft can't spy on you. Instead of typing just the "my search term" in the URL box, you type "g my search term" and it goes right to google (or whatever).

      This latter ability has existed since IE 3.0, but in current versions of IE it has NOTHING configured in it by default. However, if you download this free tool [microsoft.com] from Microsoft, it adds a way to configure them. Why is this hidden off as a free download instead of included with IE? Dunno, but feel free to insert your favorite conspiracy theory here.

      • by BACbKA (534028) on Friday March 08, 2002 @04:29PM (#3132550) Homepage Journal
        Whenever I am forced to use an IE on yet another corporate PC I get, I always go to the Tools/Internet Options/Advanced, and change some things to suit my taste on presentation and security (to the extent you can get the latter with IE...)

        security/more anonymous browsing
        DISABLE Install On Demand
        DISABLE Page Hit Counting
        DISABLE Page Transitions

        presentation
        DON'T Show Friendly HTTP messages
        (I want the plain servers response back, unedited, dammit!)
        DON'T Show Friendly URLs
        DON'T Use Smooth Scrolling (smooth scrolling makes my eyes SORE!!!)

        Search From Address Toolbar:
        DON'T Search From Address Toolbar

        (This is the one that completely toggles the autosearch off.)

        Security:
        turn all the certificate checks and alerts on

        also I use the "High" security zone settings for casual browsing
  • If these companies really think that everyone is stupid and will never figure it out.

    I mean, sure, if you're running AOL there's a pretty good chance you're not exactly the sharpest tool in the shed. But to design software, which grabs so much information and sends it to central servers, and think that no one out there will figure it out, it seems to me they are the ones a few french fries short of a happy meal(tm).

    ---
    I'm a few morsels short of a toll-house cookie myself...
  • I was just thinking, I need more spyware on my PC. A browser is a great idea. Why doesn't AOL just surf for me. Put out an automated browser, and the sites just come up randomly. That way, I don't have to decide what sites I want to pull up. At every site that comes up, they ask you for Name, Address, Zip Code, Date of Birth, Mother's Maiden Name, SSN, Credit Card number, shoe size, and sexual preference.

    I can't wait.
  • by Vortran (253538) <aol_is_satan@hotmail.com> on Friday March 08, 2002 @03:14PM (#3131951) Homepage
    pico /etc/hosts

    127.0.0.1 www.netscape.com
  • is that AOL will have logs of all 5 Netscape users.... they aren't marketing genius's for nuthin!!!!
  • by quinto2000 (211211) on Friday March 08, 2002 @03:16PM (#3131964) Homepage Journal
    but the article is pretty clear that the data are anonymized and for billing purposes only. Microsoft might not need to collect data on how often their users use affiliated search engines, but Netscape isn't in a position where they are free to lose money.

    Netscape needs to collect information about the frequency of searches in order to bill the search engines correctly. The very fact that it only occurs in the "Search bar" shows that they are very likely to be telling the truth. It wouldn't be hard to log much much more data than they apparently do.

    The commment about the ip address was misleading as well. Any time that information is sent to my computer, I can log the IP address. It doesn't mean that I am going to be doing anything with it.

    • by Zeinfeld (263942) on Friday March 08, 2002 @03:36PM (#3132170) Homepage
      The commment about the ip address was misleading as well. Any time that information is sent to my computer, I can log the IP address. It doesn't mean that I am going to be doing anything with it.

      Netscape should know that logging of IP addresses has severe privacy issues, they were a major source of controversy in the early days of the Web.

      This could easily be abused for corporate espionage. It is very easy to correlate addresses with companies - particularly if they have a NAT box and reverse DNS.

      This is also introducing a single point of interception for law enforcement, including in police states. People in China trying to access Google to find out about "Tiannamen Square Massacre" could be redirected to the communist party search engine by simply redirecting a single DNS record.

      • It's been mentioned in other parts of this discussion, but I'd just like to re-iterate a simple, important concept: every HTTP request includes the client IP address as a component. In fact, most web servers automatically log the address of the client making each and every request.

        That's right, kids and kid-ettes: every time you load a web page, your IP address is probably getting logged along with the request. Does that mean that Google could (if they cared, that is) associate every single pr0n search you've done with the IP address of your computer, find out that it was part of your employer's class-C block, and notify them? Damn straight, they could.

        Do they? That's up to them (or a court-ordered search) to say; this information is certainly there, if they want it.
    • Netscape needs to collect information about the frequency of searches in order to bill the search engines correctly.

      What I don't understand is why Netscape needs to bill the search engines at all. It is stated in the article that this data is not collected if you navigate to the search site, but only if you use Netscape's search bar. Why is the search bar a paid feature? Under default settings, Netscape uses AOL's own search engine, which surely doesn't need to be billed. Other search engines apparently have to pay AOL if a user changes his preferences?

      I don't see why search engines should have to pay for the privelege of being a user's favorite. Does anyone have any information when and why this practice started?
    • by sjames (1099) on Friday March 08, 2002 @05:16PM (#3132815) Homepage

      Netscape needs to collect information about the frequency of searches in order to bill the search engines correctly.

      If all they need is aggregate information, why is there a unique id number and date of installation? Why not have it send a packet saying for example "google search" and then send the search itself directly to google?

  • by Muddie (72996) <.larry. .at. .runswithscissors.com.> on Friday March 08, 2002 @03:16PM (#3131966) Homepage
    It shouldn't be tolerated. People shouldn't be informed they are being spied on and say, "Eh, I figured as much anyway." Would you say that if you found that the CIA had been wiretapping your phone line and/or DSL/Cable line for the past 6 months?
    I haven't read the licence agreement to Netscape 6 recently, but I don't care if it says anything about monitoring your browsing trends (it's hard to call them 'habits' due to the very definition of the word). It almost appears as people are becoming complacient about this. If you get used to it, they will just push further once they have their hand in your privacy and you don't flinch. Eventually, it may come down to a /. headline, "MS-AOL using tiny dust-sized robot probes that ship with Windows 3K that get into your nostrils, sit behind your eyes and monitor everything you do." *shutter*
    Once more a large company is stepping on your rights and your privacy, and while maybe you shouldn't be suprised, you should be outraged.
    Please?
    Pretty please?
    • by Tackhead (54550) on Friday March 08, 2002 @03:46PM (#3132246)
      > People shouldn't be informed they are being spied on and say, "Eh, I figured as much anyway." Would you say that if you found that the CIA had been wiretapping your phone line and/or DSL/Cable line for the past 6 months?

      Hell yes, I'd be surprised! The 6-month anniversary of 9/11 is still three days away! (You'll have to ask me again Monday morning ;-)

      Then again, I trust the spooks to keep whatever they know about me private; that is, I trust them a hell of a lot more than I trust AOL/TW's marketing department.

  • Netscape's "smart browsing" sends the addresses of sites you visit to them.
    http://www.netscape.com/escapes/smart_brows ing/

  • I just did a bit of digging around in Mozilla and it definately does *NOT* use the search button in the same way as Netscape 6. So it appears that us Mozilla users are not affected. :)
  • Anytime a Navigator user performs a search by typing terms into the browser's URL bar and pressing the adjacent Search button, or by using the Search tab on the browser's My Sidebar feature, the user data is sent to a server at info.netscape.com using a uniform resource locator (URL) forwarding system.

    Am I the only one who doesn't see this as an issue? The unique ID number is a bit much, but the url forwarding system?

    Don't get me wrong, I dispise AOL/TW and I haven't used Netscape since version 5 because I don't like the way it works - (Shoot me - I like IE) but I just don't see what the big deal of using a url forward is. If you can, according to the article, disable it by typing "http://www.google.com" directly into the address bar, whats the deal?

  • Well? (Score:2, Funny)

    by Anonymous Coward
    We're talking AOL here. Did you expect a big sloppy kiss?
  • Sloppy Journalism (Score:5, Interesting)

    by guttentag (313541) on Friday March 08, 2002 @03:20PM (#3132013) Journal
    From the article:
    According to a network traffic analysis performed by Newsbytes, Netscape is capturing Navigator 6 users' search terms, along with their Internet protocol (IP) address, the date Navigator was installed and a unique identification number.
    This should be easy for AOL to deny, since there is no product called Navigator 6. It's simply called "Netscape 6" now. You could argue that this is a minor detail the reporter screwed up, but I think you have to question the reporter's understanding of a subject if he doesn't know the name of the product he's writing about.

    In journalism schools, getting a name wrong earns you an automatic failure. Apparently Newsbytes doesn't hold its reporters to such a high standard.

  • I use Google toolbat in IE. I have installed it with the "advanced features" that relay the URL that I am looing at to Google. I find it funny that I search for something that is on the page that I'm on and my page is the first one up. Do I feel threatened by this? No, actually, I feel special for helping the best search engine in the world get better.
  • So? (Score:2, Troll)

    by Wakko Warner (324)
    Who here has been locked in jail or harassed or abused by AOL or the authorities because of what they typed into their netscape 6 search bar? Hm, nobody? Okay, nothing to see here. Move along. - A.P.
  • More of an issue... (Score:2, Interesting)

    by joshjs (533522)
    ...when you consider that the parent isn't just AOL, but AOL/TW.
  • Enough Already (Score:2, Insightful)

    by erasmus_ (119185)
    Dear sources, please stop giving us reasons to use Netscape, we already know it's a horrible browser with rapidly declining market share. Adding insult to injury is almost .. sad.
  • by BlowCat (216402) on Friday March 08, 2002 @03:27PM (#3132087)
    The article says that Netscape goes to Google by loading a URL beginning with "http://info.netscape.com/"

    Therefore, the temporary workaround would be to set info.netscape.com to 127.0.0.1 in your /etc/hosts (or c:\windows\hosts or whatever). The solution is to use Mozilla and remove Netscape 6.

  • I am going to type "AOL sucks" a thousand times in the search engine. Spy on that!
  • by 4of12 (97621)

    Have they released any of the collected information about what Netscape 6 users are searching for on Google?

    I thought that recently Google released a top 10 list of search patterns (5ex, Britney, MP3, etc.) but I was wondering if Netscape 6 users were any different from the net users at large.

  • In a recent bugtraq post, someone mentioned IE also does similar things. If you type a wrong URL and cannot be resolved by the DNS. Your typed address will be sent to MSN for suggesting new URL. If MS logs all these requests, Similar results....
  • by Kiaser Zohsay (20134) on Friday March 08, 2002 @03:57PM (#3132325)
    First, type http://info.netscape.com into URL bar, abd get forwarded to http://home.netscape.com.

    Then, edit C:\Winnt\System32\drivers\etc\hosts and add:

    127.0.0.1 info.netscape.com

    Close and reopen Mozilla and try http://info.netscape.com and get Connection refused (unless you run a local web server, of course) to prove that info.netscape.com is no longer accessible.

    Now, try a keyword search from the URL bar, which for me goes straight to google.com without a hitch.
  • by blazerw11 (68928) <blazerw&bigfoot,com> on Friday March 08, 2002 @04:06PM (#3132393) Homepage
    It seems to me that it might just be that AOL/Netscape sends the search info "home" to make sure the search is correct. This way if Google (or any of the other possible search engines) decides to change how searches work, then you browser doesn't break.

    Also, all we know is what is sent, not what AOL collects.

    And finally, the search in Netscape is NOT sending the IP address of your computer, this is how HTTP connections work. The packet's origin is always included. Netscape 6 is also sending your IP address to every site you visit. As is IE, Opera, Mozilla, etc.

  • Not really an issue (Score:3, Informative)

    by lkaos (187507) <anthonyNO@SPAMcodemonkey.ws> on Friday March 08, 2002 @04:33PM (#3132583) Homepage Journal
    The netscape search bar is meant to perform a search first of the netscape homepage IIRC, and then if relavant results aren't found, another search engine is chained.

    How often the second link of the searching chain is invoked is pretty critical in netscape figuring out how effective their search engine is.

    For those that remember the old Yahoo days when it used Altavista as a backup, it would appear to be a similiar situation. It would have been to Yahoo's advantage (and the end-users advantage) for Yahoo to track how well it's search engine performed and how often it had to default to alta vista.

    Now, AOL has come out saying they don't collect the information (and most folks on the net are behind a firewall or using a dynamic IP anyway) so it's not as big of a deal as it's being made out to be. This article mentions the 'potential' to be Spyware but it doesn't make clear the fact that in practice, AOL is not tracking anything.

    Besides, you can disable this feature if you are really nervous about it (as some folks mentioned previously). The fact of the matter is though, that by allowing AOL to collect this data, you are simpling improving your search results.

    BTW: This article also doesn't make it clear that if you goto www.google.com, nothing is tracked. The only time it is actually tracked is if you only enter a word (instead of a URL) in the location bar. I don't think many people use this feature that frequently anyway though. It's been there for a while though.
  • Tempest in a teapot? (Score:3, Interesting)

    by TheConfusedOne (442158) <the.confused.one@nOspam.gmail.com> on Friday March 08, 2002 @04:46PM (#3132671) Journal
    First off, Microsoft does the same thing. The only difference is that their automatic search goes to Microsoft and they log there rather than having to do the more obvious redirect.

    Second off, this is only if you use the search button. If you go to google.com and type in your search then Netscape/AOL gets no information.

    Now, let's imagine if they got all the information from you. A unique ID string and all your search queries. They compile this data on your for an entire year. Great. Now, what the hell do they do with it? The only possible use for this would be to detect your string, cross-reference and munge all of this data, and present you with a slightly more targeted pop-up ad.

    Well, guess what, another company already tried this. Remember them? They were called DoubleClick. In that case they had hundreds of web sites helping them to gather all of this information about browsers and what did they do with it? They couldn't turn a profit, they couldn't even target ads very well (if at all).

    Think about it people. Yeah, it stinks that they're gathering this information. Yeah, they should be more forthcoming about what happens when you hit that Search button. Sure you can go an boycott them and add this to the '1 bazillion + 1 reasons that AOL is evil' list, but in the end, what does this get them?

    Nada.
  • by jscribner (546453) on Friday March 08, 2002 @05:14PM (#3132806) Homepage
    So i was curious about what was actually being sent to AOL when one did a google search from the netscape bar. Here's the HTTP request:
    GET /fwd/lksidus_gg/http://www.google.com/search?q=tes tpriv9&sourceid=mozilla-search HTTP/1.1
    Host: info.netscape.com
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
    Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
    Accept-Language: en-us
    Accept-Encoding: gzip,deflate,compress,identity
    Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
    Keep-Alive: 300
    Connection: keep-alive

    There's also the usual data stuffed in the TCPIP header, such as IP address. There are some additional g'day requests to info.netscape.com which might contain unique ID information and would also be matched to TCPIP header info, but if there are any explicit UIDs in this packet i must be missing em.

    The developers probably had a good reason for setting things up this way: If the URL for a search engine changed, they could always update their fwd script and prevent users from going to a broken page. Unfortunately, this means data gets sent to a site other than that intended by the user. A much better way of doing this would be for the client to check for updates to the search URLs and store them locally.

    Just some thoughts.
  • I think I've got an entry for Junkbuster's re_filterfile that will strip the info.netscape.com stuff and just take you directly to google's search results:

    s/'http://info.netscape.com/fwd/lksidus_gg/'///i g

    Just remember to restart junkbuster.

    Don't know what Junkbuster is? See junkbuster.com
  • by DunbarTheInept (764) on Friday March 08, 2002 @08:15PM (#3133502) Homepage
    I can remember the days when logging someone's IP address was *never* used as a means of determining unique individuals because people who wrote this software actually understood how computers actually worked, and thus understood that one computer is not the same thing as one user. I used to run Netscape off of a server onto X-terminal
    software, along with several office-mates at the same time. It used to work just fine, until sites started assuming one IP == one user, and got their cookies horribly confused when we'd both hit the same site. I remember once getting the shopping cart for someone else popping up on my screen at a computer parts seller website - sure enough it thought I was him because we had the same IP.
    We would also have problems trying to reply to online surveys, which would falsely accuse us of being one person trying to double-vote.

    But now that most people browse via Windows sites have started assuming that it's just plain impossible for two different people to have the same IP address.

    Again, as always, I blame Microsoft for dumbing-down the computer industry and removing functionality by making their crippled system the only standard people have to bother supporting.

In the sciences, we are now uniquely priviledged to sit side by side with the giants on whose shoulders we stand. -- Gerald Holton

Working...