Safe Computing and Communicator 4.5
Friday, October 30, 1998 by Dave Winer.
On the eve of Halloween, while there's lots of drinking and dressing up going on, elsewhere, we're getting to the bottom of an interesting story that involves privacy, Netscape's browser and the XML server app I wrote about last week.
As an aside, this pretty much proves that I don't sit on stories. It's been a long day, and the last thing I thought I'd be doing at 6:51PM on a Friday night is writing a detailed technical piece. But it's an important subject, and there's some exclusive news here, so stop the presses and let's get reallly deep..
Earlier this evening I spoke with Ramanathan Guha, firstname.lastname@example.org, the lead developer of the What's Related feature in Communicator 4.5. We talked about privacy concerns I raised yesterday on the Scripting News website.
After the talk I have some changes to make to my earlier statement, and they are making some changes in the next release, Communicator 4.5.1.
First, according to Guha, if you never click on the What's Related? button, your URLs will never be sent to their server.
If you do click on the button, it then sends the URL to the server, and gets back a menu of related sites, which it displays. It's at this point that you may be sending URLs, and may not realize it.
Then for the next three sites you visit, it pre-fetches the What's Related menu, sending the URLs to the server. Here too you will be sending links to the Netscape server and may not realize it.
Say you go to www.infoworld.com and click on the What's Related button. The server now knows that you were at www.infoworld.com.
Then you choose www.news.com from your Bookmarks menu. Because they pre-fetch the menu, their server knows you visited www.news.com. And the next two sites you visit too.
Maybe you like porn sites. Or maybe you support a controversial political cause, or are just interested in learning more about one. Maybe you or a loved one has a disease that you're researching. Maybe you're gay and you don't want anyone to know. These are the kinds of concerns people could reasonably have.
Further, in the current release, Netscape is sending a cookie along with the What's Related request. This would mean that Netscape could link your site preferences with your name and address, if you had registered with other services running on a Netscape server.
They say they are not recording this information, and that their servers are audited by Coopers and Lybrand, a famous accounting firm. But, of course, new management could come in at Netscape and change these policies. Users would have no way of verifying that such a change in policy had not occurred, and Netscape would be under no obligation to inform them.
According to Guha, there will be two changes in the next release of Communcator:
1. When it does a What's Related fetch, it will display a dialog warning of a possible security concern, similar to other such dialogs in their browser.
2. The browser will be modified to not send the cookie on the What's Related request.
If they make these changes, I'm satisfied. My main concern was that people would be transmitting possibly personal information to Netscape without knowing that they were.
The first change makes sure the user knows what's going on and the second change makes sure that Netscape can only gather aggregate data, and not relate it to individual users.
As I was putting this piece to bed, I got an email from Paul Nakada, email@example.com, a programmer at Netgravity who works on reporting and warehousing of exactly this kind of personal information. He asked me to say that he speaks only for himself, not for his company.
He says: "Even though there might be no cookie being sent, don't think they're not trying to determine who you are. Combine IP address, user agent, referrer, time of day, etc. and they can get pretty close to determining who you are. Correllate that with their user database, and bingo, who needs cookies.
"Also, how does this privacy concern compare to phone companies with records of every call I make and credit card companies with records of purchases I make and travel patterns. I freely give these services intimate details of my life, but for some reason a web browser gets me all uptight?
"And how does What's Related tracking differ from an ad network (Doubleclick, Linkexchange, Netgravity) tracking you from site to site?"
Those are good questions! If there was some way to avoid giving personal information to phone and credit card companies, I would. Those decisions were made a long time ago, before I was alive. We're exploring the issues with browser software now. Here I am, doing my thing. As for the other issues, you're the expert, I'm the student.