COMMAND

    netscape

SYSTEMS AFFECTED

    Netscape

PROBLEM

    According  to   a  tecChannel   feature  article,   the  functions
    "SmartDownload"  and  "Search,"  both  new  in  Netscapes  browser
    versions 4.7.x, protocol downloads and search queries and transfer
    these to  Netscape, a  subsidiary of  AOL.   The transfer includes
    file names, search terms and the user's email address without  any
    user consent.

    Primary  benefit  of  SmartDownload  is,  that  it can continue an
    interrupted  download  after  the  connection  has dropped.  Right
    after  a  download  starts,   SmartDownload  sends  a  packet   to
    "cgi.netscape.com".   Included  is  the  file  name and the server
    address, from where it is being loaded.  The user's IP address  is
    also  transfered.    Is   the  user   registered  for   Netscape's
    "Netcenter," the email address is also transfered.  Also the  name
    of  the  local  machine  and  the  operating system is revealed to
    AOL/Netscape.

    Netscape's search  function goes  even further:  it logs  what the
    user is searching and where  he finally finds it.   In combination
    with  the  downloads  information,  a  Netscape  user turns almost
    completely  into  a  transparent  surfer,  especially,  when these
    informations  include  the  email  address.   This  makes the data
    extremely interesting to advertising companies.  These could  bury
    the  user  in  spam  messages  without  providing  a clue how they
    compiled the information.

SOLUTION

    Nothing yet.