Browsers May Invite Cyber-Sleuths

If you read an unsolicited e-mail, someone could be tracking your Web surfing. Enabled by a security loophole in your browser, this possible cyber-spying has privacy and consumer groups up in arms. The groups are asking the U.S. Federal Trade Commission to require software makers to take action and close the loophole. A letter and a detailed report of the security hole was sent this week to the FTC by organizations including the Electronic Privacy Information Center, Electronic Frontier Foundation, and antispam group Junkbusters, according to a joint statement issued Thursday. The problem affects people with e-mail readers formatted in HTML, which includes popular programs such as Outlook, Outlook Express, Netscape Messenger, Eudora, and Hotmail, according to the report, written by Richard Smith, a security consultant. Although most people know that when they visit a Web site, it creates a cookie, or unique serial number, which allows their surfing behavior to be traced, many do not know that a cookie can be created when they read an unsolicited e-mail via a Web browser, Smith says in the report. A cookie is created when users read such a message with graphics in it, such as a banner advertisement off the Web. These banner ad companies typically "hide" the recipient_s e-mail address in the Web address of the graphic, so that their servers can later match the cookie to the recipient_s e-mail address, Smith_s report says. This information is often sold to spammers, or senders of unsolicited commercial e-mails. The problem could be solved if Microsoft and Netscape Communications closed the security hole in their browsers, Smith_s report says.