How AOL Netscape spies on surfers

The fact that Netscape Communications collects data about surfers has been known for some time. Germany's TecChannel has found out how they do it.

          The fact that Netscape Communications collects data about surfers has been known for some time. TecChannel has found out how they do it. The "SmartDownload" and "Search" features on the Netscape browser download and search queries and send this data to Netscape, thus transferring file names, search criteria and the user's e-mail address without asking for permission to do so.

          TecChannel has been unable to reach Netscape for a comment since the company no longer is represented in Germany.

          Since the launch of version 4.7x, the Netscape browser has been equipped with the SmartDownload feature as an option that is either automatically installed during the download of the browser or as a plug-in. If installed, SmartDownload starts every time the user downloads a file from the Web. It opens a new dialog box in which the download can be seen and also displays a banner ad.

          SmartDownload offers the advantage of not having to initiate a completely new transfer of files if the connection is terminated abnormally. The routine continues the download, starting at the last valid data packet.

          Behind the scenes, however, the routine transmits a series of data to the Netscape server without informing the user on this process.

          The editors of used the analysis tool "Sniffer" by Network Associates International in order to monitor such a SmartDownload operation. Sniffer is capable of storing the individual data packets sent via an Internet connection on the local drive, thus recording exactly what data is transmitted.

          Shortly after the download has started, SmartDownload sends a packet to the "" server. This packet includes a reference to the server from which the file is downloaded, the file name and the user's IP address. If the user had logged on to the "Netcenter" Netscape page before, his e-mail address is also transferred. A large number of Netscape users are registered with Netcenter since this registration renders it particularly easy to install new versions of the Netscape software. In addition, information about the computer name used in the local network and the operating system used is transmitted to America Online Inc./Netscape.

          Search queries are transmitted

          Not only does Netscape log who downloads what files from the Internet, the search feature of the Netscape browser even takes the whole story one step further. Here Netscape even records how surfers have searched for interesting offers - and what they were looking for on the Web.

          Search button: Clicking the button starts Netscape's very special search query.

          The Search button of the Netscape browser hides a mechanism that is similar to the one used by SmartDownload. As soon as the user clicks on this button, a Netscape Web page with a search screen is displayed. Anything users enter on this search screen is automatically fed by Netscape not only to several search engines but also to Netscape's own operations.

          The same mechanism we already know from SmartDownload is used to send a data packet to "" in conjunction with the search request. As the Sniffer has shown here, too, this data packet does not only include the search words but also the user's e-mail address.

          The combination of logging the downloads and spying on users' search requests turns users into transparent surfers under the eye of the Netscape browser: whatever users are looking for on the Web, whatever files users ultimately download to their own computers -- it is all eagerly recorded by Netscape.

          The fact that the Smart Browsing feature, which has button of its own in the "What's Related" Netscape dialog box, produces the same side effects merely rounds off the picture. However, users can at least switch off this feature via the Edit/Preferences menu.

          Invitation to spam

          Netscape's snooping activities turn into a particularly sensitive issue when downloads and search queries can be tracked to e-mail addresses. In many corporate networks, one only needs to use the "finger" command to identify a person's real name in no time at all. The combination of an e-mail address and knowledge of what a specific surfer is interested in will suffice to turn this data into material that greatly appeals to advertising companies. The latter might then start their mass mail send-outs (what is generally referred to as spam), thus spoiling a surfer's day. And surfers will not even know how these companies managed to get hold of their data. See how to protect yourselves against spam in general in a report provided by TecChannel. The feature is currently only available in German - please bear with us.

          But at least the transmission of your e-mail address is something the Netscape browser can be cured of. According to what we've learned so far, the Netscape browser will only transmit this piece of information if the user has logged on to Netscape's Netcenter.

          In the process, the Netcenter stores a so-called cookie in the form of a text file on the user's local drive. For years, this procedure has sparked controversial discussions, but there's hardly been any way to avoid it so far. Web sites may, for example, make it easier for surfers to log on to a protected section if the browser in question sends the cookie that has already been stored on the surfer's disk to the corresponding site during a later visit to this very Web site.

          Netscape's Netcenter, however, uses the cookie improperly. The data stored in the cookie, containing, among other things, the user's e-mail address, is sent to Netscape with every SmartDownload and every search query initiated by the Search button in connection with information on the actions taken by the surfer in question.

          Frankly, this is unnecessary. Information about which file has been transferred and where it was downloaded may be easily filed away on the local disk. There is no need to store it on the Netscape server without even informing the user about it. After all, the Netscape browser also stores other browser data, such as which sites the user visited last, on the user's local disk in the files named "prefs.js" and "liprefs.js," among others. And this is where the download logs belong, too.

          Since this combined information on downloads, search queries and e-mail addresses works on the basis of the Netcenter cookie, this cookie should be deleted. Switching off cookies altogether will only result in complaints from a large number of Web pages, since they use cookies in a sensible manner.

          The Netscape browser stores all cookies in a file called "cookies.txt", which can be modified with any text editor. One cookie always takes up at least one entire line.

          If you delete the lines that include "" in this file, the nosy Netscape cookie crumbles - and it remains switched off -- at least until you log on to Netcenter again. Then you will have to delete the cookie again.

          However, this will not switch off the transmission of file names and search queries to Netscape altogether. We recommend starting downloads by right-clicking on the file and clicking on "Save Link as" to those of you who would like to continue using the Netscape browser. This will prevent the SmartDownload feature from starting. Initiate any search queries directly with the search engines and avoid using the "Search" button provided by the Browser.

          If you want to get rid of SmartDownload completely, you may uninstall it through the Windows control panel using the button "Software." The browser, however, has no menu options for turning the feature off temporarily. One should keep in mind that once SmartDownload is uninstalled, the Search button still transfers data to Netscape without asking. To date, we have found no way to prevent the browser from doing so.

          As our tests have shown, even the use of a service aimed at keeping you anonymous will not protect you against Netscape nosing around. The most important information comes from the Netcenter cookie. So when you use one of these services, Netscape will also receive the information saying that you use the service.

          See a previous TecChannel report on details about how "anonymizing" services work and how you can use them in the best way. This feature is currently only available in German - please bear with us.


          The features we discovered in the Netscape browser constitute a severe intrusion upon a surfer's privacy, which is scarce anyhow. But this is even worse since users are not warned against this intrusion when starting the aforementioned features.

          One may only guess what Netscape uses the transferred data for. However, the information collected, i.e. "user A is interested in B and downloads the corresponding files from server C", in connection with the e-mail and IP addresses, provides an almost complete profile of the surfer in question. In addition to the notorious spammers, any marketing company should be interested in having access to this data - not to mention government agencies. Incidentally, in November 1998 Netscape was acquired by AOL, the largest Internet service provider in the world. Even record companies may want to lay their hands on the data Netscape collects, as downloading illegal MP3 files from the Web is getting more and more popular.

          We can only hope that Netscape's snooping activities will come to an end with the Netscape browser's open source version 6.0, which is still being developed.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments