browsers and trojan-like behaviour

[Bogdan Hamciuc <hb () p16 pub ro>]

  Hi,

  I have always been aware that certain applications might develop
'initiatives' such as sending information about the host machine/system
to their home sites. Until now, I thought of that as of an abstract
thing, but today I accidentally dumped such a 'conversation', started by
my 'Opera' browser. Here's an excerpt of what it sent:


------------

POST http://rps2.opera.com/scripts/cms/xrps.asp HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Linux 2.4.19 i686) Opera
6.02  [en]
Host: rps2.opera.com

[...]

<?xml version="1.0" encoding='ISO-8859-1'?>
<xacp version="1.0.0">
  <activity_report vendor="Opera" product="Opera_Linux"
product_version="600" distribution="Lin_602"
user_code="a8c01805104863399445821" tag="0000000   en0731">
<client_connection last="2003-03-25" units="days" count="1"/><acpo code="3">
<exposure location="top" date="2003-03-25" count="3"/>
</acpo>
<profile>
<property name="Language" val="en"/>
</profile>
</activity_report></xacp>

--------------


  I honestly consider this a trojan-like behaviour, since I have not
been asked about it, and I do not expect a web browser to initiate TCP
connections on its own.

  The fact that, as stated in their EULA, 'IN NO EVENT SHALL OPERA
SOFTWARE [...] BE LIABLE FOR ANY [...] LOSS OF BUSINESS INFORMATION,
PERSONAL INJURY, LOSS OF PRIVACY OR OTHER PECUNIARY OR OTHER LOSS
WHATSOEVER) ARISING OUT OF USE OR INABILITY TO USE THE SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES' does not entitle them to
disclose information about my operating system, kernel version or
anything else about my machine or myself, as this was the case. The very
thought that it could have uploaded any file that I could access
concerns me.

  If you don't mind, I would like to read a few other opinions on this
issue.



  Sincerely,
  Bogdan Hamciuc