Even the tiniest bit of code can have privacy implications on the Web.
The latest thread of controversy comes from the way Deja News hyperlinks email addresses listed on newsgroup postings. A snippet of embedded HTML allows the discussion service to monitor what are supposed to be private exchanges.
Programmer and code-sniffer Richard Smith noticed over the weekend that the email address hyperlinks that are on every message Deja News displays use "redirect" hypertext code, which makes a record of every email communication.
"If you click on the email address of the person who wrote the message, they know [that] you -- you being an IP address -- are sending an email message to that person," said Smith, comparing it to an antenna that detects when a cell-phone user gets a call.
To Smith -- and to the America Civil Liberties Union -- the activity inappropriately intercepts a private act of communication.
"It's not like the sender or receiver is using Deja News for email, yet they're listening in," Smith said. "You can make the case of why to monitor links to Web sites -- for advertising. But why do they want to know that you're emailing someone?"
Deja News includes redirects in all external links that are part of message postings. Web-server log files routinely record the redirects to indicate when a user leaves a Web site, in order to track the user's destination.
"When someone sends a piece of email they [Deja News] get a hit," Smith said. "They may not record that, but they get it. If they chose to, Deja News could also record -- and log -- the use of the link, the IP address of the sender, and the addressee's email [address]."
If the email's sender has registered with the site, Deja News could associate the sender's profile with the recipient's email address. It could even add details about the subject of the newsgroup message that prompted the email response.
The potential for tracking correspondence is especially disconcerting to Smith because Deja News archives messages from Usenet, a discussion forum that is not proprietary to Deja News. The service simply provides one of several means of accessing Usenet discussions.
