Experts Claim Netscape Browser 'Spies' on Users

14 July 2000

While politicians on Capitol Hill debate the FBI's controversial e-mail snooping device known as "Carnivore," Internet-privacy fans are taking an even closer look at technology bundled with the Netscape browser that may have been sinking its teeth into copious quantities of personal information for some time.

On June 30, New Jersey photographer and Webmaster Christopher Specht began what he hopes will be a class-action lawsuit against America Online Inc. [NYSE:AOL], owners of Netscape, claiming the company has used a popular file-download module to "spy" on browser users as they retrieve certain kinds of files from servers across the Internet.

Now a team at German Internet publication tecChannel - part of the IDG network - has also looked under the hood of what Netscape calls its SmartDownload feature and confirmed Specht's claim that the system forwards to a Netscape server information on every file it helps users download via the Web, even when those files are not hosted on Netscape or AOL servers.

What's more, tecChannel reported that their analysis of communications between the browser and the Netscape server also showed similar behavior when a user took advantage of the "Search" button on the application's tool bar.

"Not only does Netscape log who downloads what files from the Internet, the search feature of the Netscape browser even takes the whole story one step further," tecChannel said. "So here Netscape even records how surfers have searched for interesting offers - and what they were looking for in the Web."

Specht's lawsuit, filed in US District Court in New York, claims that kind of spying on third-party communications contravenes both the Electronic Communications Privacy Act (ECPA) and the Computer Fraud and Abuse Act (CFAA).

Specht's lawyer, Joshua Rubin, said the ECPA opens the door to civil action in instances where electronic communication has been intercepted and where the contents of such intercepted communications is used. Statutory penalties under the ECPA can be up to $10,000.

Rubin says SmartDownload contravenes the CFAA by amounting to unauthorized access to a computer by AOL during an interstate communication.

Rubin told Newsbytes said that Specht is concerned AOL is in a position to monitor his activity on Web sites not related to AOL or Netscape and that the company can track certain downloads of visitors to his own Web site, LawPhoto.com.

SmartDownload has been available as part of the Netscape offering since version 4.7. The technology was originally developed as Download Demon by the folks at NetZip, whose Windows-platform browser plug-in could resume failed downloads of executable files and archives - files with .EXE and .ZIP extensions, for example.

NetZip was purchased by RealNetworks Inc. [NASDAQ: RNWK] and the technology has become part of that media-player company's RealDownload product. RealNetworks licensed the technology to Netscape for its SmartDownload.

Computer security expert Steve Gibson, of Gibson Research Corp., said in a report this week that his tests showed all three products - Download Demon, RealDownload and SmartDownload - all exhibit the behavior of alerting a mother ship server when a user downloads a file from anywhere on the Net.

The Specht lawsuit points out that the SmartDownload software is prominently promoted on the Netscape site when visitors begin the process of obtaining the latest version of the company's Communicator browser.

"Once SmartDownload is downloaded and running on an Internet user's computer, it automatically connects to Netscape's file servers and downloads the installation program for Communicator," the suit says. "Thereafter ... SmartDownload assumes from Communicator the task of downloading various files. Communicator itself could and would perform these downloading tasks if SmartDownload were not installed."

"The first time that an Internet user runs Communicator after installing it, Communicator automatically sends an electronic transmission to Netscape." the suit says. "Netscape responds by sending to and storing on the Internet user's computer a small text file known as a 'cookie.' This cookie contains a unique and unchanging string of characters that is different from the string placed by Netscape in any other cookie on any other computer."

The lawsuit claims - as do tecChannel and Gibson - that each download of a file handled by SmartDownload thereafter is reported to the Netscape server "cgi.netscape.com." SmartDownload transmits to the server the name of the file being downloaded, the Internet protocol (IP) address of the user's computer, and unique identifier originally installed with the cookie.

The tecChannel team also reported that, if the browser user is a subscriber to Netscape's Netcenter portal, SmartDownload also transmits the user's personal Netcenter e-mail address.

Specht's suit claims that the personal data has nothing to do with SmartDownload's ability to restart aborted downloads.

An AOL spokesperson did not return phone calls inquiring about the claims.

Reported by Newsbytes, www.newsbytes.com.

< Gaming News

CASINO CITY NETWORK: Casino City | Online Casino City | Casino City TV | iGaming News | Poker Zone | Casino City Press | Casino Vendors

Casino City is an independent directory and information service free of any gaming operator's control. Warning: You must ensure you meet all age and other regulatory requirements before entering a Casino or placing a wager. There are hundreds of jurisdictions in the world with Internet access and hundreds of different games and gambling opportunities available on the Internet. YOU are responsible for determining if it is legal for YOU to play any particular games or place any particular wager.

Terms of Use | Privacy Policy Copyright © 2002-2025 Casino City, Inc. or its affiliates.