-Caveat Lector- Deja News Monitors Email Links by Chris Oakes 4:30 p.m. 28.Apr.99.PDT -- Even the tiniest bit of code can have privacy implications on the Web. The latest thread of controversy comes from the way Deja News hyperlinks email addresses listed on newsgroup postings. A snippet of embedded HTML allows the discussion service to monitor what are supposed to be private exchanges. Programmer and code-sniffer Richard Smith noticed over the weekend that the email address hyperlinks that are on every message Deja News displays use "redirect" hypertext code, which makes a record of every email communication. "If you click on the email address of the person who wrote the message, they know [that] you -- you being an IP address -- are sending an email message to that person," said Smith, comparing it to an antenna that detects when a cell-phone user gets a call. To Smith -- and to the America Civil Liberties Union -- the activity inappropriately intercepts a private act of communication. "It's not like the sender or receiver is using Deja News for email, yet they're listening in," Smith said. "You can make the case of why to monitor links to Web sites -- for advertising. But why do they want to know that you're emailing someone?" Deja News includes redirects in all external links that are part of message postings. Web-server log files routinely record the redirects to indicate when a user leaves a Web site, in order to track the user's destination. "When someone sends a piece of email they [Deja News] get a hit," Smith said. "They may not record that, but they get it. If they chose to, Deja News could also record -- and log -- the use of the link, the IP address of the sender, and the addressee's email [address]." If the email's sender has registered with the site, Deja News could associate the sender's profile with the recipient's email address. It could even add details about the subject of the newsgroup message that prompted the email response. The potential for tracking correspondence is especially disconcerting to Smith because Deja News archives messages from Usenet, a discussion forum that is not proprietary to Deja News. The service simply provides one of several means of accessing Usenet discussions. The Deja News privacy policy states that the company will "give notice to everyone prior to collecting any personally identifiable information." The company is a member of TrustE, an oversight program designed to see that companies adhere to their privacy practices statements. Smith says that he has investigated behaviors at other Internet search sites, but that he hasn't found any using redirect code in email links in the same way. "We have jumps only to log when people leave our site," Deja News said in a statement. "That's it -- we do not record anything else. We have been using this method for over a year, and there have been no other complaints. No one is monitoring who's mailing who.... There is no privacy issue here." Smith says that it's not enough to take it on faith that Deja News doesn't log "mailto" clicks. The company's capability to do so is key. The America Civil Liberties Union agrees. "Plainly, there's a privacy concern when any service provider is recording the addressees of email," said Barry Steinhardt, associate director of the ACLU. "There's also a question of whether they're in violation of the Electronic Communication Privacy Act. This would be a novel question under that act." The 1986 law prohibits interception of electronic communications. Steinhardt said the ACLU might pursue the issue with Deja News. "We would want to know precisely what information they're collecting and how." "[The redirect link] does enable you to create a catalog of information about private communication," Steinhardt said. "[But] it's not like the recipient is on notice." Copyright © 1994-98 Wired Digital Inc. All rights reserved. ------------------------------------------------------------------------ Steve Wingate California Director SKYWATCH INTERNATIONAL ANOMALOUS IMAGES AND UFO FILES http://www.anomalous-images.com DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
