Netscape 6 is Spyware? 656
spoon00 writes: "AOL is collecting information on what Netscape 6 users are searching for on sites like google.com. IP address, the date Netscape was installed and a unique ID number are other bits of information AOL is also collecting."
Glad I use mozilla... (Score:2, Informative)
...Which I don't use because google is my homepage...
/ex
Big deal (Score:2, Informative)
Easy Solution (Score:5, Informative)
Netscape's been doing similar things for a while (Score:2, Informative)
http://www.netscape.com/escapes/smart_brow
Mozilla is not affected by this. (Score:2, Informative)
is some software phoning home really that bad? (Score:2, Informative)
Re:AOL/Netscape (Score:2, Informative)
Netscape 6 is definately NOT OSS
Re:Simple solution (Score:2, Informative)
info.netscape.com
It uses DNS, block it in /etc/hosts (Score:3, Informative)
Therefore, the temporary workaround would be to set info.netscape.com to 127.0.0.1 in your /etc/hosts (or c:\windows\hosts or whatever).
The solution is to use Mozilla and remove Netscape 6.
Re:Simple solution (Score:2, Informative)
echo "127.0.0.1" >> /etc/hosts
Otherwise, you wipe out the contents (which would not be good). Remeber boys and girls, don't run code you get off /. as root!
Re:Very old news. (Score:3, Informative)
Thing is, how many folks realize this is even happening? Whatever is being sent it's subtle, even for a dial-up connection.
Re:Easy Solution (Score:5, Informative)
That said, the "spyware" here is really annoying, but it's disabled easily enough. Open prefs.js and change pref("browser.tracking.enabled", true); to false, and you're done.
A better way to go if you do this a lot is to use the Netscape CCK to make your own CD without all the AOL crap included. The CCK won't let you edit this pref directly, but unzip browser.xpi and look for this line in all-ns.js. You can also make some interesting changes in the .js files in bin/defaults/pref -- like turning off all those AOL "partner" buttons by default and disabling the activation procedure.
Not a problem for Mozilla (Score:3, Informative)
Then, edit C:\Winnt\System32\drivers\etc\hosts and add:
127.0.0.1 info.netscape.com
Close and reopen Mozilla and try http://info.netscape.com and get Connection refused (unless you run a local web server, of course) to prove that info.netscape.com is no longer accessible.
Now, try a keyword search from the URL bar, which for me goes straight to google.com without a hitch.
Re:Doesn't XP/IE 6 Do The SameThing? (Score:5, Informative)
In IE 5.5 or 6.0, if you click the SEARCH button, then click CUSTOMIZE in the panel that appears, you can choose which engine that IE uses to search for you. If you then click AUTOSEARCH SETTINGS you can set a default search engine.
Once this is done, you can type search terms in the URL box, and if they can't be somehow interpreted as a hostname or domain name, they get routed to your favorite search engine.
But not directly! They go through the host auto.search.msn.com. You can see this quite easily even if you don't have a sniffer. Simply edit your HOSTS file under Windows to redirect the name auto.search.msn.com to some other address, like the loopback address (127.0.0.1). Once you do this, your auto-searches will start failing with 404's, and you will see the URL they use to do the redirection.
I've wondered for a long time what Microsoft does with this data. Fortunately, if you are willing to do a little registry hacking and a tiny bit of extra typing, you CAN avoid this in IE. You can create keywords like "google" that you type first in the URL box, before your search term, and these are redirected from your chosen registry setting to the search engine. These do NOT redirect through MSN so Microsoft can't spy on you. Instead of typing just the "my search term" in the URL box, you type "g my search term" and it goes right to google (or whatever).
This latter ability has existed since IE 3.0, but in current versions of IE it has NOTHING configured in it by default. However, if you download this free tool [microsoft.com] from Microsoft, it adds a way to configure them. Why is this hidden off as a free download instead of included with IE? Dunno, but feel free to insert your favorite conspiracy theory here.
Re:Glad I use mozilla... (Score:3, Informative)
If they even cared to give the illusion of privacy, they would apply a hash function to the address. This would still allow the search terms from one "session" of searching to be associated with each other--the only valid use of the IP address I can conjure up. Of course, all they would have to do is apply the same hash to the IP address when you log in to any AOL-TW service, and they can match them, so it really is nothing more than an illusion, and we'd be back where we started.
The lesson here, I think, is "Don't support companies that even attempt to compromise your privacy without explicit disclosure." It signifies dubious intent and even more dubious ethics.
* My favorite Moz feature (other than tabbed browsing) has to be the option to disallow unrequested popup windows.
Re:any surprise? (Score:2, Informative)
One word: Proxomitron [proxomitron.org]
Windows Solution (Score:2, Informative)
notepad \winnt\system32\drivers\etc\hosts
win9x/me:
notepad \windows\hosts
and add the line
206.224.72.99 info.netscape.com
or use 127.0.0.1 instead if you have a webserver.
Re:Glad I use mozilla... (Score:4, Informative)
Another person ran behind a firewall which asked about all connections. Netscape6 clearly went to an AOL address before connecting to Google. Mozilla went straight to Google.
So while I personally haven't looked in the code, I'm pretty confident Mozilla is playing it straight on this one.
Re:Glad I use mozilla... (Score:4, Informative)
You know if Mozilla is sending data to AOL or not by sniffing for it with tcpdump or ethereal, etc.
No funny packets? Don't bother sifting the source if you're not already involved.
Re:any surprise? (Score:4, Informative)
The only thing SPAMers invented was spam and new techiques to spam.
Cookies are not a part of the HTTP protocol. They are an extension that was originated at Netscape and deployed without any consultation in the IETF HTTP working group.
Netscape knew that there were privacy issues with cookies but simply did not care. Until PGP cookie cutter came out the only way to turn off cookies was to have the browser ask you each time if you would accept them.
NetscapeSearch.src in Mozilla (Score:2, Informative)
From the NetscapeSearch.src in your mozilla/searchplugins dir:
<SEARCH
name="Netscape Search"
description = "Netscape Search"
method="GET"
action="http://info.netscape.com/fwd/sidb_ns/http
queryCharset="UTF-8"
>
and from Google.src:
<search
name="Google"
description="Google Search"
method="GET"
action="http://www.google.com/search"
update="http://www.google.com/mozilla/google.src"
updateCheckDays=1
>
I never bothered to get Netscape 6, but I assume these files exist in there as well. It's plain text, so simply remove the http://info.netscape.com/fwd/sidb_ns/ part from the action of the searches and the problem should be fixed.
Re:Windows Solution (Score:2, Informative)
\windows\system32\hosts
is what makes the magic appen
Re:AOL/Netscape (Score:4, Informative)
Even though it was started by Netscape, and Netscape employees make up a significant portion of its developers, mozilla.org is the independent and nonprofit organization to oversee the open source development of the Mozilla browser and its related technologies. mozilla.org's products are free for any company, organization, or individual, to use. They are free to create their own branded products based on mozilla.org's goods. mozilla.org's products are all open source and are meant for developers and testers, not the average computer user.
Also keep in mind that mozilla.org recieves contributions from such large corporations such as IBM and Sun Microsystems, and countless small firms and volunteers.
Netscape Communications is a commercial company, and they make commercial products for regular computer users and businesses.
This is where the distinction between Mozilla and Netscape seems to blur to some people:
In order for Netscape to make Netscape 6 they have to use mozilla.org's work. This involves getting that code from mozilla.org, adding modifications and non-open source parts such as plug-ins, branding it with the appropriate logos and copyrights, testing and stabilizing it, and then release it for download. In other words, Netscape 6 is based on Mozilla, but Netscape 6 is not Mozilla, and Mozilla is not Netscape 6.
This method is similar to how Linux distributors, such as Red Hat, make their own branded and commercial releases of Linux, since Red Hat is not Linux, and Linux is not Red Hat. Red Hat merely uses Linux, and Linux developers have no control over what Red Hat does.
The nature of Mozilla and mozilla.org also allows anyone to create a product based on Mozilla. For example, Nokia and Intel demonstrated prototype Internet appliances in late-1999 using Mozilla. Because of Mozilla's modularity, a scaled down version of Mozilla was the browser used in these test products.
Simpler way to disable autosearch in IE5+ (Score:4, Informative)
security/more anonymous browsing
DISABLE Install On Demand
DISABLE Page Hit Counting
DISABLE Page Transitions
presentation
DON'T Show Friendly HTTP messages
(I want the plain servers response back, unedited, dammit!)
DON'T Show Friendly URLs
DON'T Use Smooth Scrolling (smooth scrolling makes my eyes SORE!!!)
Search From Address Toolbar:
DON'T Search From Address Toolbar
(This is the one that completely toggles the autosearch off.)
Security:
turn all the certificate checks and alerts on
also I use the "High" security zone settings for casual browsing
Re:Easy Solution (Score:5, Informative)
Preferences only allows you to ban domains from What's Related. To remove the tab entirely, open your sidebar, click the Tabs dropdown, then select Customize Sidebar.... If What's Related is in the Tabs in Sidebar list, remove it.
Not really an issue (Score:3, Informative)
How often the second link of the searching chain is invoked is pretty critical in netscape figuring out how effective their search engine is.
For those that remember the old Yahoo days when it used Altavista as a backup, it would appear to be a similiar situation. It would have been to Yahoo's advantage (and the end-users advantage) for Yahoo to track how well it's search engine performed and how often it had to default to alta vista.
Now, AOL has come out saying they don't collect the information (and most folks on the net are behind a firewall or using a dynamic IP anyway) so it's not as big of a deal as it's being made out to be. This article mentions the 'potential' to be Spyware but it doesn't make clear the fact that in practice, AOL is not tracking anything.
Besides, you can disable this feature if you are really nervous about it (as some folks mentioned previously). The fact of the matter is though, that by allowing AOL to collect this data, you are simpling improving your search results.
BTW: This article also doesn't make it clear that if you goto www.google.com, nothing is tracked. The only time it is actually tracked is if you only enter a word (instead of a URL) in the location bar. I don't think many people use this feature that frequently anyway though. It's been there for a while though.
Re:What's the betting... (Score:4, Informative)
Well, I just did packet traces, and the results are troubling.
It's for real. No error reporting, no background windows. Search with the button, info goes to Netscape. Search without it, and you don't see the spyware traffic. But it gets worse.
I haven't tested this with the Linux version of Mozilla, so this might be a weird code overlap issue, but Win32 Mozilla build 2002030403 does the same thing.
What's in that query bar packet? (Score:5, Informative)
GET
Host: info.netscape.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, image/png, image/jpeg, image/gif;q=0.2, text/plain;q=0.8, text/css, */*;q=0.1
Accept-Language: en-us
Accept-Encoding: gzip,deflate,compress,identity
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
There's also the usual data stuffed in the TCPIP header, such as IP address. There are some additional g'day requests to info.netscape.com which might contain unique ID information and would also be matched to TCPIP header info, but if there are any explicit UIDs in this packet i must be missing em.
The developers probably had a good reason for setting things up this way: If the URL for a search engine changed, they could always update their fwd script and prevent users from going to a broken page. Unfortunately, this means data gets sent to a site other than that intended by the user. A much better way of doing this would be for the client to check for updates to the search URLs and store them locally.
Just some thoughts.
Re:Simple solution (Score:1, Informative)
deny all from any to 198.95.251.10 via $oif
deny all from any to 64.12.151.213 via $oif
deny all from any to 207.200.73.80 via $oif
deny all from any to 149.174.213.7 via $oif
deny all from any to 64.12.184.25 via $oif
...works for me.
Re:Don't forget IE does the same (Score:2, Informative)
Problem solved.
Re:any surprise? (Score:2, Informative)
fucking reactionary privacy zelot.
Re:Doesn't XP/IE 6 Do The SameThing? (Score:1, Informative)
Re:any surprise? Remember "Smart Download" (Score:2, Informative)
On another note: You can block some of this activity out by going to the host(s) file and making your own entry.
127.0.0.1 alexa.com
or
0.0.0.0 flashpoint.com
...Just insert your target there and it will bounce back to local host. If you run a webserver you may want to put something else in that box. I'm not sure how to do it for products that field their query by IP and not names. Maybe you have to run your own DNS/NAT to get prevent those from getting access?
This also isn't the only way companies spy on you. Akamai/Lycos have a clever way of doing it with both referrer headers http://lycos.com/url?=realurl. Plus they own such a large portion of the network that they can get their cookies to work on any part of it. Go to say: http://www.wired.com and watch how many connections it makes to your computer, and watch the url handling in the right hand corner...
All this reminds me of the @ and %40 tricks that were used by porno spammers in IRC in the olden days.
Using Junkbuster to block this (Score:3, Informative)
s/'http://info.netscape.com/fwd/lksidus_gg/'///
Just remember to restart junkbuster.
Don't know what Junkbuster is? See junkbuster.com
Re:I overreact as much as the next guy... (Score:3, Informative)
That's right, kids and kid-ettes: every time you load a web page, your IP address is probably getting logged along with the request. Does that mean that Google could (if they cared, that is) associate every single pr0n search you've done with the IP address of your computer, find out that it was part of your employer's class-C block, and notify them? Damn straight, they could.
Do they? That's up to them (or a court-ordered search) to say; this information is certainly there, if they want it.
How to fix this (Score:1, Informative)
Re:What's in that query bar packet? (Score:1, Informative)
You neglected to post the most important part of the packet ... the final bits that include the cookie.
Example (source IP address munged)
Cookie: UIDC=20020306151357:ip.ip.ip.ip:10727; NSCPHPAD1=here
The user ID (UIDC) appears to contain the date the browser was installed followed by 6 digits which remain the same on each search.
Re:Excuse me (Score:1, Informative)
Ummm, best CSS2 support out there?!
According to the chart you linked to:
Konqueror does not support 'content':
Mozilla does.
Konqueror also does not support the related ':after' and ':before' psuedo-classes.
Mozilla does.
Konqueror does not support 'empty-cells'.
Mozilla does.
Konqueror does not support number values for 'font-weight'.
Mozilla does.
Konqueror does not support 'letter-spacing'.
Mozilla does.
Konqueror does not support 'max-height', 'max-width', 'min-height', 'min-width'.
Mozilla does.
Konqueror only has partial support for 'overflow'.
Mozilla has full support.
Konqueror has no support for 'quotes'.
Mozilla has partial support.
Konqueror does not support 'text-align: justify'.
Mozilla does.
Konqueror only supports 'white-space' in PRE or XMP elements.
Mozilla supports it in all block level elements (as per the spec).
Konqueror does not support 'word-spacing'.
Mozilla does.
Konqueror claims to support 'outline' and related properties. I cannot validate this because I don't use Konqueror. But if it draws outlines inside the border area, then it implements it incorrectly. As far as I know, there is no browser which supports this correctly. Mozilla does not draw it in the correct position (it draws inside the border as opposed to outside).
Everything else that Konqueror claims to support is also supported by Mozilla.
Mozilla obviously supports more of CSS2 than Konqueror. Don't make false claims.
Re:Easy Solution (Score:2, Informative)