A little discussed feature of the web is the privacy (or more accurately lack of it) that one has when "browsing". Because it is so little discussed, I though I woud set the ball rolling with one or two observations a) Every "HTTP" transaction leaves a trace on the server log, and I think most people do realise this. What they may not realise is that one can also leave information such as the OS, your machine type, the browser you use etc. What the server webmaster does with this information is the crunch. I suspect that many commercial web sites do a great deal of analysis of such logs. We certainly looked at who was browsing the ECTOC conference, but I think that commercial publishers in particular value the client profiles they can obtain by looking at server logs. True? (well, if it was, they presumably would not confess in public!) b) Some Web sites are a little more pro-active in information gathering. In return for some "free gift" such as software, one has to part with an e-mail address, postal address etc. Of course one does this in the knowledge it might be used, and sometimes indeed a package comes in the post a week or so later bearing information of a greater or lesser usefulness. Perhaps this is a business model of the Internet that we will also see more of in the future? What do people think? c) The least well known mechanism for garnering information about the user is the Persistent State Cookie. This is implemented at the server side using some CGI program or script, and supported at the Client side by e.g Netscape. Its a way of remembering some state requested by the user and writing it in the user's local file base, normally into a file called Cookie or "Magic Cookie". Next time the user connects to a site, the server can retrieve the information in this file (via the browser) and act accordingly. At its simplest, a Web page can request you identify your Browser. Next time you connect, it will know this, and take you to the correct page immediately. At its darkest, a visit to site (b) can interrogate the Cookie file created by site (a), and let site (b) know who you have visited previously. If of course the user deletes the cookie file between visits, this mechanism is stopped, but HOW MANY DO? (PS there are programs that can do this automatically. I run one for example on my Mac). There are security aspects to cookies; see http://home.netscape.com../newsref/std/cookie_spec.html However, this is largely written in programmingspeak, and not easily comprehensible. It is not obvious to me what sort of information could be stored in cookie headers, or garnered by Javascript or whatever (ie SMILES strings?) Where I do worry is that Netscape does not seem to implement any mechanism for switching the persistent cookie state off. Anyway, I think that "privacy" on the Internet should be a bigger issue. I know some people will say that by "browsing", you loose all rights to privacy, but as I think I indicate above, there are various levels of potential infringement Dr Henry Rzepa, Dept. Chemistry, Imperial College, LONDON SW7 2AY; rzepa@ic.ac.uk; Tel (44) 171 594 5774; Fax: (44) 171 594 5804. URL: http://www.ch.ic.ac.uk/rzepa/ (Eudora Pro 3.0) ----- chemweb: A list for Chemical Applications of the Internet. Archived as: http://www.ch.ic.ac.uk/hypermail/chemweb/ To unsubscribe, send to listserver@ic.ac.uk the following message; unsubscribe chemweb List coordinator, Henry Rzepa (rzepa@ic.ac.uk)