AOL/Netscape spies on surfers

Invitation for spam

Netscape's snooping activities turn into a particularly sensitive issue when downloads and search queries can be allocated to e-mail addresses. In many corporate networks, one only needs to use the "finger" command to identify a person's real name in no time at all. But even the combination of e-mail address and knowledge of what a specific surfer is interested in alone will suffice to turn this data into material that greatly appeals to advertising companies. The latter might then start their mass mailshots (what is generally referred to as spam), thus spoiling a surfer's day. And surfers will not even know how these companies managed to get hold of their data. Read up on how to protect yourselves against spam in general in a report provided by tecChannel. The feature is currently only available in German - please bear with us.

But at least the transmission of your e-mail address is something the Netscape Browser can be cured of. According to what we've learnt so far, the Netscape Browser will only transmit this piece of information if the user has logged on to Netscape's Netcenter.

In the process, the Netcenter stores a so-called "cookie" in the form of a text file on the user's local drive. For years, this procedure has sparked controversial discussions but there's hardly been any avoiding it so far. Web sites may for example make it easier for surfers to log on to a protected section if the browser in question sends the cookie that has already been stored on the surfer's disk to the corresponding site during a later visit to this very web site.

Netscape's Netcenter, however, uses the cookie improperly. The data stored in the cookie, among other things the user's e-mail address, are sent to Netscape with every SmartDownload and every search query initiated via the "Search" button in conjunction with information on the actions taken by the surfer in question.

Frankly, this is unnecessary. Information as to what file has been transferred and where it was downloaded may be easily filed away on the local disk. There is no need to store it on the Netscape server without even informing the user about it. After all, the Netscape Browser also stores other browser data, such as what sites the user visited last, on the user's local disk in the files named "prefs.js" and "liprefs.js" among others. And this is where the download logs belong, too.