It is reasonably doubtful that Netscape has any nefarious plans for this feature (save what might probably be misguided, but benign, marketing or promotional activity). However, it is quite conceivable that a fixed IP address could be related to a set of URLs in the Netscape database and that information could be released or demanded based on a legally valid subpoena.

Cookie droppings
Unfortunately, it gets a bit worse. Communicator 4.5 is apparently sending a cookie along with your What's Related request. Winer describes the problem quite succinctly, "This would mean that Netscape could link your site preferences with your name and address, if you had registered with other services running on a Netscape server."

A slightly brighter future
According to Winer's discussion with Guha, there will be changes in the 4.5.1 release of Communicator. Apparently, that version will warn users that there's a potential security risk prior to sending back What's Related data to Netscape. And the cookie will not be used with What's Related information.

Future shock
These are reasonable improvements. But we're concerned about how these practices may be a harbinger of future privacy violations.

From a programmer's perspective, it is now quite simple to transparently send a chunk of data back to a server from an application. And there are many benign and seemingly perfectly reasonable technical justifications for doing so. For example, you might want to see which features of your program are used the most, so you can devote more engineering effort. Or you might want to validate serial numbers to be sure there aren't multiple users of your software. Or you may want to collect some statistical data with no intention of applying the individual records to real individuals.

But the problem is, benign plans may turn in unfortunate results. What if, as Winer suggested, management changes? What if the government wants to capture information for some reason? What happens if a hate group gets a hold of everyone visiting a gay rights site? What happens if you just don't want others to know what interests you?

It is important to stay diligent on these matters and "out" any software product behaving in this manner. If you know of such programs, or think there are other areas where a security alert is justified, please let us know. You can send detailed information to wecare@dominopower.com.