Hi Henry, An interesting topic! and one that makes me want to put in my 2 escudos worth.

a) Every "HTTP" transaction leaves a trace on the server log, and I think most people do realise this. What they may not realise is that one can also leave information such as the OS, your machine type, the browser you use etc. What the server webmaster does with this information is the crunch. I suspect that many commercial web sites do a great deal of analysis of such logs. We certainly looked at who was browsing the ECTOC conference, but I think that commercial publishers in particular value the client profiles they can obtain by looking at server logs. True? (well, if it was, they presumably would not confess in public!)

Although I do not completely understand who you mean by the term 'commercial publishers', I must say that BetaCyte tries to find out as much of the 'surfer' as possible. However, the information supplied though by the log files is not _extremely_ useful. I would compare it to knowing what car someone drove to visit a store, or the way he/she dressed. Unless you are interested in this (like for example Netscape would be in the browser-agent stats), the information is relatively useless and should (IMHO) not be considered 'lack of privacy'.

b) Some Web sites are a little more pro-active in information gathering. In return for some "free gift" such as software, one has to part with an e-mail address, postal address etc. Of course one does this in the knowledge it might be used, and sometimes indeed a package comes in the post a week or so later bearing information of a greater or lesser usefulness. Perhaps this is a business model of the Internet that we will also see more of in the future? What do people think?

This problem is ofcourse not only valid on the Internet. In 'real life' this happens all too often (I am still trying to figure out how Readers Digest got my mailing address after I moved to Portugal a month earlier). I guess people should be aware of this. What people might not know is that all the mailings on UseNet groups and even on (some) mailing lists can be used by 'third parties' so they can try to sell you 'get rich quick' merchandise. They use the achives (like for example at dejanews (http://www.dejanews.com)) to 'fish out' potential customers with a certain interest.

c) The least well known mechanism for garnering information about the user is the Persistent State Cookie. This is implemented at the server side using some CGI program or script, and supported at the Client side by e.g Netscape. Its a way of remembering some state requested by the user and writing it in the user's local file base, normally into a file called Cookie or "Magic Cookie". Next time the user connects to a site, the server can retrieve the information in this file (via the browser) and act accordingly. At its simplest, a Web page can request you identify your Browser. Next time you connect, it will know this, and take you to the correct page immediately. At its darkest, a visit to site (b) can interrogate the Cookie file created by site (a), and let site (b) know who you have visited previously. If of course the user deletes the cookie file between visits, this mechanism is stopped, but HOW MANY DO? (PS there are programs that can do this automatically. I run one for example on my Mac).

That might be a larger, but still not really harmful, lack of privacy. I could see some harm being done if the user visits X-rated sites where changes to the cookie file are made. But still, I think it is nothing to worry about. I am more worried about unknown security holes in Java, but that is another story... Like I said, just my two escudos (2$00) worth. Patrick +----------------------------------+ | Patrick M. van der Valk, M.Sc. | | BetaCyte | | | | Complete Internet Service | | for the Chemical Community | | | | 0------------------------------------------0 +--------------| http://www.betacyte.pair.com (North Am.) | | http://www.betacyte.pt (Europe) | | fax: +351-1-458.07.91 | 0------------------------------------------0 ----- chemweb: A list for Chemical Applications of the Internet. Archived as: http://www.ch.ic.ac.uk/hypermail/chemweb/ To unsubscribe, send to listserver@ic.ac.uk the following message; unsubscribe chemweb List coordinator, Henry Rzepa (rzepa@ic.ac.uk)