1995-10-02 - Re: Netscape and privacy

Header Data

From: mlm@netscape.com (Mike McCool)
To: cypherpunks@toad.com
Message Hash: 9b171a918eeeb7482a939b5b4f0b831613b5d6134b9e0936f5fc7068658ccb7f
Message ID: <44pjd7$22b@tera.mcom.com>
Reply To: <44fin4$rdq@tera.mcom.com>
UTC Datetime: 1995-10-02 20:52:22 UTC
Raw Date: Mon, 2 Oct 95 13:52:22 PDT

Raw message

From: mlm@netscape.com (Mike McCool)
Date: Mon, 2 Oct 95 13:52:22 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape and privacy
In-Reply-To: <44fin4$rdq@tera.mcom.com>
Message-ID: <44pjd7$22b@tera.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin (froomkin@law.miami.edu) wrote:
: With all respect to you and to Netscape (I am one who thinks that the
: Netscape participation on this list has reflected very well on the
: participants and the company), I think that the reply "we only collect IP
: addresses" is not fully responsive to the issue.  While I recognize that
: there are implementations that assign a new IP address to every login, I
: understand the current norm to be static IP addresses.  I sure have one. 
: Thus, if you keep a file of my IP address, and a fact about that address,
: you have a database that can be purchased and correllated with another DB,
: which links IP to somehting else, eg telephone numbers (perhaps from a
: contest run on the internet?).  Pretty soon we are at serious
: profiling.... 

Well, I'm the one who wrote the server extension in question; I will 
describe exactly how it works.  Let me start off by saying that it does
not work by IP address, and I would not have implemented anything I 
thought was violating privacy.

Originally, the program was called a bean counter.  Why?  Because there
is exactly one file kept on the server: a file with a number in it.  This
number is the total number of "cookies" given out.

When a client connects to www.netscape.com, the server checks to see if
the client sent a cookie with the request.  This cookie has no information
in it, and even if it did, the server doesn't look at it.  If the client
sent a cookie, the server simply goes on to the next task in completing
the request.

If it does not send a cookie, the extension increments the counter, and 
sends the cookie back to the client.  The client records the cookie and
sends it in the future when it is connecting to the server.

So all it does is count the number of "unique" browser installations there
are.  That's all.  The very most information you could get from this is 
that "this particular browser has connected to netscape.com once in the 
past."  Of course this method isn't foolproof, but it gives us a ballpark
figure of how many people are using our browser, which is all we wanted.

I hope this clears things up.  
	--MLM
--
  Mike McCool * mlm@netscape.com * http://www.netscape.com/people/mlm/  





Thread