"Flemming S. Johansen" <fsjat_private> wrote: >Starting with version 4.06, the Netscape browser has a new "What's >Related?" button next to the Location: field. After having tried it >in the new 4.5, I am more than a little worried by the functionality >behind it. ...snip... >Netscapes privacy statement notwithstanding, I don't like the fact that >anyone is able to compile a list of every single web page I visit. I >don't like the fact that someone with a sniffer anywhere on the path >from here to netscape.com is able to do so either. And the company I >work for is not too thrilled about the name of every single document on >our internal, not-for-public-viewing web server leaking out on the Net, >once our users begin installing this release on their PCs. > >I would like to control this "feature" globally for my LAN, but as far >as I can see, there are only two ways of doing it: Fascist control of >Netscape preferences settings on every PC on my LAN, or block >www-rl.netscape.com in the firewall. > >-- > ---------------------------------------------------------------------- > Flemming S. Johansen > fsjat_private Particularly concerning is the fact that a cookie is passed with each of these www-rl requests. We've been digging into this topic for quite a while now. You might be interested in our paper on this topic: http://www.interhack.net/pubs/whatsrelated/ and additional commentary at: http://www.vortex.com/privacy/priv.07.17 You'd also be wise to be watchful of usage of the "Alexa Internet" (www.alexa.com) tool within your "internal, not-for-public-viewing" environment. Doug Monroe
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:06 PDT