Is Mailcity Collecting User Data thru HTTP/HTTPS?

L.Conover asks: "I figured this would be a question best hashed out by Slashdotters - I frequently use www.Mailcity.com, a free e-mail portal sponsored by Lycos. Now, each time I receive an e-mail containing a link, an automated script inserts the string 'http://proxy-mail.mailcity.lycos.com/bin/redirector2.cgi' into the link. The only reason I can think of for forcing people to use a proxy server is to collect data on where people are linking to from Mailcity. I've e-mailed their customer support folk to find out how that data collection is being used, but gotten no reply. Lycos doesn't mention any such data collection in its privacy policy, and there's no way to 'opt out' of their proxy server intrusion without cutting and pasting URLs manually. (Which I often do, because I often receive 'secure' URLs in email that include autologins.) Lycos has a partnership with DoubleClick, so I find this data collection to be more than a little shady. Anyone care to shed some light on this - and do other 'free' e-mail portals indulge in similar proxy-practices with e-mailed URLs?"

Maybe user protection mesure

[Tester]

This resembles some kind of measure to protect the user against login-spoofing kind of techniques that have affected HotMail in the past... I suppose the other similar services had the same problem and the redirect cgi is supposed to someone sanitize the addresses.

But they could be very well logging them as well out of pure curiosity.

Why?

[Al Wold]

Why would they need to use a redirector? If there's code to put the redirector in the html, wouldn't that be all they need to collect a list of the links? Cutting and pasting to bypass the redirector won't help you there ! :)

hotmail does

[Just Your Average Li]

http://216.33.236.250:80/cgi-bin/linkrd?_lang=&lah =201988f516925c0cf1982e5161317ee3&lat=96 3254727&hm___action=http%3a%2f%2fwww%2ehotmail%2ec om

opens a frame with a now outside hotmail and the actual page.

Lycos Tracks You Across Network With Personal Data

[benshutman]

i use mailcity. i was reading a javascript tutorial at http: //hotwired.lycos.com/webmonkey/98/29/index1a_page1 1.html?tw=programming [lycos.com] when i came upon a "view my cookie" link and clicked it - only to see my FIRST AND LAST NAME, zip code, address, and more in the cookie. BE CAREFUL!

Re:Why?

[penguinboy]

Making a list of URLs that people get in their email probably isn't terribly useful - people get lots of spam, for example, that contains URLs, but never get visited. A redirector allows them to see which links people are actually following.

Net@ddress does this as well

[Wonko the Sane]

When viewing message from the web site (not downloaded via POP) all URL's are prefixed with:

http://www.netaddress.com/tpl/Info/Popup?hidden_ __url=http://

when you click on one of these links, it opens a new window titled "Info Popup" that contains two frames. The top frame contains the text:

You are visiting a site outside of Net@ddress. Please close this browser to return to Net@ddress.

Since this does not happen when you use POP access, I don't think it is a data-gathering practice. Maybe they think people are not smart enough to tell when they have left the Net@ddress site.

the reason

[happystink]

There are two reasons I think:

1. To open up a new window, so that you can tell you're not on the mailcity site still. Sort of a safeguard against anyone thinking they're looking at something on the mailcity site that isn't really on it.

2. To obscure the referring url when you go to the new site, so noone can log into the webmail system by knowing the session ID you were using (although that obviously shouldn't be an issue with a well-coded webmail app, but you know..)