From 36749920f3d14e35385aa47aa553e18ad254208f Mon Sep 17 00:00:00 2001 From: "morse%netscape.com" Date: Mon, 28 Aug 2000 01:28:42 +0000 Subject: [PATCH] documentation change --- extensions/wallet/editor/privacy.html | 119 +++++++++++++++++++------- 1 file changed, 88 insertions(+), 31 deletions(-) diff --git a/extensions/wallet/editor/privacy.html b/extensions/wallet/editor/privacy.html index 3b55890f2510..7d17fd474c8b 100644 --- a/extensions/wallet/editor/privacy.html +++ b/extensions/wallet/editor/privacy.html @@ -17,12 +17,15 @@ in control explicitly allow them to.

There are various ways that a site has of obtaining information about you.  When you request a page from a site, a certain amount of information -is disclosed in the page-request that your browser makes on your behalf.  -While you are getting the page, the site could be taking notes about your -behavior (tracking you) and storing those notes on an area of your hard -disk which it can read back later.  And whenever you fill out and -submit a form, the information on that form is sent to the site.  -Each of these aspects are described below in detail. +is automatically disclosed in the page-request that your browser makes +on your behalf.  Once you've received the page, the site could ask +your browser for some additional information.  While you are getting +the page, the site could be tracking you by taking notes about your behavior +and storing those notes in an area of your hard disk (cookies) which it +can read back later.  And whenever you fill out and submit a form, +the information on that form is sent to the site.  Each of these aspects +are described below in detail. +
 

Requesting a Page

When you request a page from a site, a small amount of information about you is given to that site.  In particular, the site is told the three @@ -58,12 +61,52 @@ It is no more a part of your identity than is the phone number of a pay telephone which you happen to be using when making a phone call.

But if you are concerned and want to block your IP address from being given out, see the section on Hiding Your Internet Address. -

3. Who referred you +

3. Referrer

The site is also told where you just came from.  In other words, it knows which page you were reading when you clicked on the link to the page you are now requesting.  This allows the site to know which other site referred you to it.  Also, as you traverse the site, it allows the site to know where in the site you were most recently. +
  +

After the Page is Received +

After you receive a page from a site, that page is displayed.  +The page might contain programs, referred to as javascript code, which +will then execute on your machine.  Javascript code has the ability +to request some information about your machine and to send such information +back to the site. +

If you do not want any additional information given out, you can easily +prevent it.  Whether or not your browser allows javascript code to +execute is controlled by your preference settings.  That preference +is initially set to allow javascript to execute.  By changing that +preference, you will be preventing the site from requesting and transmitting +this information. +

The information that the site can request by using javascript code in +this manner is usually not very interesting.  It includes such things +as the number (but not the names) of the sites you previously visited, +whether or not your browser can execute programs written in a language +called  java, the number and type of plugins you have installed +in your browser, the height and width of the browser window, etc.. +

Javascript code is normally incapable of obtaining any information about +you that would seriously compromise your privacy.  However, with your +permission, javascript code can obtain much more personal information.  +In fact, it could even read information from arbitrary files on your hard +disk and transfer that information back to the site.  But you have +to grant your permission before any of this can happen.  You'll know +when the site is attempting to use javascript in this manner because a +box will appear asking you to grant your permission.  You should not +grant it unless you have absolute trust in that site.  If you refuse, +the javascript code is rendered harmless. +
  +

Downloading a File +

When you are requesting a file (as opposed to a viewable page), your +e-mail address might be divulged as a courtesy to the site.  You know +when you are requesting a file because its address starts with "ftp://" +instead of the more usual "http://". +

One of your preference settings determines if your e-mail address should +be sent as your password when you request files.  This preference +is initially set to not send your e-mail address so, unless you've changed +it, your e-mail address will not be divulged. +
 

Being Tracked by Cookies

Since the site does not know who you are, it cannot possibly be collecting any information on you and has no knowledge of any previous times that @@ -100,6 +143,7 @@ that it could tell you if a new dog book became available since your last visit.  It would be a bad thing if it then sold that information to the local dog pound so they could cross-check for potential dog owners who do not have valid dog licenses. +
 

Encountering Foreign Cookies

When a site stores a cookie, it is the only site that is able to read that cookie in the future.  That permits a site to build up a profile @@ -111,7 +155,7 @@ is site specific and nobody can build up a universal database on you. stored not by sheep.com but by some marketing site called wolf.com.  And sheep.com can cause that to happen very simply by having an image from wolf.com displayed on its home page.  So when you visit sheep.com, -you are really making a side-trip to wolf.com  to get the image and +you are really making a side trip to wolf.com  to get the image and wolf.com can store the cookie at that time.  Suppose that wolf.com has enlisted many other sites to also display its cookie-storing image.  Now wolf.com will be building up a cookie that contains information about @@ -123,6 +167,7 @@ think you are visiting are called foreign cookies.  If you are concerned about the privacy implications of  foreign cookies but not concerned about ordinary cookies, you could give permission for sites to store ordinary cookies only but not store foreign ones. +
 

Controlling Your Cookies

The way you give permission for a site to use (store and/or read) cookies is by your preference settings.  Your preference could be that your @@ -160,30 +205,39 @@ reject all future cookie-storing attempts from this site. that have been stored on your hard disk as well as a  list of sites  for which you have asked to have the cookie-storing decisions remembered.  And you can selectively delete any of the cookies or sites in these lists. +
 

Evading Cookies

It should be mentioned that even if you have disabled cookies, the site -still has a way of tracking you, at least while you remain at that site. -It does this by storing the information not in a cookie on your machine +still has ways of tracking you, at least while you remain at that site. +Presented here is one example. +

The site could store the information not in a cookie on your machine but rather in the links that it lets you fetch.  Each link that it -presents for you to click on contains the name of the next page to fetch.  +presents for you to click on contains the address of the next page to fetch.  But the site could customize that link specifically for you so that it contains a bit of tracking information as well. -

To make this clear, suppose that you visit a site called x1.com.  -That site presents you with its home page that has a link to a second page.  -What you see on your screen is some text describing the link (for example, -"visit our second page").  In addition to the visible text, the link -also contains the address of the second page, such as x2.com.    -But suppose the link on the home page doesn't contain just"x2.com but contains -something like x2.com?0 instead.  The "?0" might be a code saying -that you haven't visited x2.com yet.  Suppose you click on this link -and then return back to the home page via a link on the second page.  -The home page that the site presents to you this time differs from the -one it sent you previously in that the link back to x2.com now contains -x2.com?1. +

To make this clear, suppose that you visit a site called trackme.com.  +That site presents you with its home page and that page contains a link +to a second page.  What you see on your screen is some text describing +the link (for example, "visit our second page").  In addition to the +visible text, the link also contains the address of the second page, such +as trackme.com/secondpage.    But suppose the link on the +home page doesn't contain just trackme.com/secondpage but contains something +like trackme.com/secondpage?0 instead.  The "?0" might be a code saying +that you haven't visited the second page yet.  Suppose you click on +this link and view the second page.  Then you click on a link on the +second page that gets you back to the home page.  The home page that +the site presents to you this time differs from the one it sent you previously +in that the link back to trackme.com/secondpage now contains trackme.com/secondpage?1.  +The site is now using the page itself (rather than a cookie) to keep track +of where you've been and what things you've clicked on.

The good news is that this sort of tracking works only as long as you remain at the site and visit its related pages.  Once you leave the site all of this information is lost.  If you should then return again -later you will be presented with the "x2.com?0" link all over again. +later you will be presented with the "trackme.com/secondpage?0" link all +over again.  (Of course if you bookmark a page from such a site, when +you return to that page via the bookmark that tracking information will +still be there.) +
 

Submitting Information on Forms

Of course if you voluntarily chose to divulge information to the site, such as by submitting a form that the site presents to you, you are knowingly @@ -212,17 +266,18 @@ machine and not on any website.  When the Form Manager prefills a form with the saved information, that information is not sent to the site until you submit the form.  Once again you are in control -- no information is released until you say so. +
 

Divulging your Password

If you are like most users, you've registered for services at various sites.  The registration consisted of selecting a user name and password.  Each time you return to such a site, you fill out and submit a form containing -the user name and password that you selected for that site.  You might -not want to be burdened with having to remember a different password for -each site, especially those you don't visit often, so you probably used -the same password for each site.  And the same goes for your user -name, providing somebody else hadn't already taken it. -

So now each site that you register with has a record of two important -pieces of information about you, your user name and password.  And +the user name and password that you selected for that site.  To avoid +having to remember a different password for each site, especially those +you don't visit often, you might have used the same password everywhere.  +And the same goes for your user name, providing somebody else hadn't already +taken it. +

So each site that you registered with has a record of two important +pieces of information about you -- your user name and password.  And if this is the same user name and password that you always use, an unscrupulous site administrator at any one of these sites has enough information to go impersonating you by logging in to other sites at which you are registered.  @@ -242,6 +297,7 @@ or change them before submitting if they are not what you want.

The Password Manager also allows you to see which user names you have stored for which sites.  And it allows you to selectively delete any of these items if you wish. +
 

Hiding Your Internet Address

When you request to see a page from a site, your browser needs to tell the site your internet address (IP address) so the site knows where to @@ -268,5 +324,6 @@ you.  The site that supplied the page never gets to see your IP address.

There are several sites that provide such services.  Use your favorite search engine to find them -- try search words such as "anonymous" and "surfing". +