I'd like to provide a background on what the genuine risks are in this treatise and how our continuing research on these issues have kept our customers years ahead of the curve, rather than belatedly responding to them as they unfold. I also suggest reading my testimony on behalf of our company to the Federal Trade Commission back in the summer of 1997 which you can find elsewhere in our library where we described the risks in detail a very long time ago. We were absolutely correct in all of our concerns and assertions as time has witnessed despite the charges of "promoting hysteria" we were accused of at the time. Now that our original assertions have been validated repeatedly combined with our corporate policy of never overemphasizing issues, I'd like to reflect on history and how we got to the concerns we face today and lay out the true cause and effect and how we've gotten to the dire straits the internet finds itself in today in terms of "trust" and how our company can help balance the equation for you as we have for so many other "users" while the solution seems to elude so many others in the "privacy and security arena."

Cookies are little bits of customized information kept in database files on your computer. In the Internet Explorer browser, there are additional files that backup the data outside of the cookies database itself. Cookies are often considered the "key" to the whole problem but cookies are merely one facet of a larger issue of interaction provided by both web browsers for the benefit of advertisers. It's a case of "you get what you pay for" and since people have expectations that web sites, software, and now music should be free, there still remains a need to pay the creation costs for all of these by some means. The answer is "demographics" and "advertising" as has successfully been the case in broadcasting for many years and many business plans assumed that advertising would fund the internet as lavishly as it had historically for the broadcasting industry.

At the same time, early advertising companies such as Doubleclick were placing advertising banners on some sites after observing WIRED magazine's success with banner ads on their own pages. Back when WIRED Magazine first went online in 1995, they placed small advertisements on top of their pages which linked to the site that placed the advertisement. WIRED got paid each time someone clicked on the link and doubleclick saw an opportunity since WIRED was apparently profitable. Banner ads promised to fund the wave of "dotcoms" even if the financial rewards were fleeting for most and promises of "dotcom wealth" were to remain elusive to investors.

Soon companies like focalink, Flycast and Pointcast saw the opportunity to take WIRED's idea and applied it to other sites and in a short time also became major advertising brokers. But they all had a problem. They had no means by which to determine which ads had already been seen and since few people actually clicked on their advertisements, they desired a means of making the ads more attractive and therefore more likely to be clicked on so everybody got paid. They needed a way to determine which ads would be more likely to be clicked on by any particular surfer and at the time, they didn't care about who the surfer was as long as they could be enticed to click.

Netscape developed a means to temporarily store data on the Netscape browser so that ads which had been seen could be marked on the browser so that the same ad would not be shown again in hopes that another ad might be clicked on instead. And if a means of determining what a particular user was interested in and presenting ads only within that parameter, it would be even likelier that some ad would get clicked on and everybody would get paid.

In cooperation with Doubleclick and other advertisers, Netscape developed a cookie standard (described elsewhere in the library on our site) which allowed an advertiser to write little notes to themselves which remain on your machine, a "persistent" cookie. Netscape, in its philosophy of making new features as flexible as possible, designed these cookies so that only the site that placed them could read them (with a few exceptions) and that any type of data that would fit the 4096 bytes permitted could be recorded in them and then sent back through the browser as transparently as possible. To Netscape, this was "magic" and thus the name Mac users know for these, "Magic cookies." Microsoft added cookies to their browser as well in their next version. The format of the data contained in a cookie was left open and completely flexible. This open source design allowed any site to do whatever they wanted with that little scratchpad known as a cookie as far as to what would be stored in their data area. The only limiting factor was the size of the data storage in the specification itself and 4k was considered more than adequate by all parties at the time. This was years ago after all.

In time, the givers of these cookies determined that cookies weren't able to store enough of the data they wanted and clickthrough rates continued to be low compared to their expectations and marketing plans. Doubleclick, Pointcast and focalink decided that cookies would best be left to store a "unique serial number" which could then be queried by a database on their premises which would contain a better "trail" of where that unique serial number had been, what it had seen, what it had clicked on and what it hadn't. For a while, just this level of knowledge was sufficient for them as they believed it would allow them to "target" advertising based on where people tended to go as a gauge of their own personal interests and what ads might appeal to their personal lifestyles, whoever they were.

At the same time and in a parallel effort, Dejanews (now deja.com) profiled people on usenet newsgroups and actually developed personality profiles with real names based on which newsgroups people visited and posted to and the topics they expressed opinions about. The data mining from usenet (a predecessor to "chat rooms") allowed deja to sell personality profiles on identified individuals by name based on what topics they wrote to people about or at minimum facilitated the ability of "spammers" to do so by allowing anyone to harvest email addresses and personal preferences associated with the email addresses and usernames in the usenet posts as well as the content and profile information. Anyone could (and still can) go to deja.com and have deja's database provide profiles on specific individuals who did not use false or "alias" identities when they posted to usenet. Today, deja plays this all down but they're still doing it. Our products have solved this problem for years as well in allowing our customers to always use an alias identity that could not be harvested and to change that identity at will.

Subsequently, Doubleclick and others sought to increase their profitability by taking the information they had gathered in their own databases and elsewhere to "put a face" on the data they had collected by combining surfing habits of an unknown serial number representing a particular machine and tying it to real-world data and a name, address, phone number and financial and other profiles. This is the situation we're in today. Where once you were relatively anonymous (other than the remote sites knowing that your MACHINE went here and there) now the marketing folks want all the real world data they can sell to others they can get their hands on as the ability to tie cookies to information already in their growing databases of personal information which used cookies as an electronic "dog tag" for visitors to sites.

When Microsoft decided to "remove Netscape's air supply" by positioning their Internet Explorer browser as a "free download," Netscape was also forced to give away their browser for free. Both browsers represented an enormous cost for both companies and recouping the expense required some ingenuity in finding an alternate funding means. As the economics of browsing began to fall apart for the software manufacturers (even Microsoft's nest egg couldn't completely absorb the costs of developing Internet Explorer) advertising was determined to be a practical means of income for both sites and the browser makers so that they could manage to give away "the internet" for free.

Hence "home.netscape.com" became a "portal" with advertising and when Netscape went bankrupt, AOL purchased Netscape not for the value of the browser product, but rather the "eyeballs" that the netscape.com site would deliver since every copy of Netscape out there defaulted to this location as a "home page." Microsoft did the same thing in their browser with msn.com. Eyeballs to view "web content" are still the rule in a failed paradigm since nobody clicked on the ads. Both companies battle over forcing people to come to their site in hopes of ad revenue that continues to not materialize. Today less than 1 in 100 visitors to web pages click on banners which only makes advertising companies and the pages and software they sponsor all the more desperate to provide "value" to the few who advertise.

"Web bugs" have also gotten a lot of publicity lately. These are single one by one pixel graphics, often served from an advertising company as an ALTERNATIVE to the advertising banner. Many sites provide indirect links to advertising brokers such as Doubleclick and others and they only get to plant a cookie when you actually click on the banner to go to their domain. "Web bugs" placed on a site serve up this 1x1 picture because it's very fast, doesn't show and allows them to serve a cookie along with the picture that you never get to see. This is also the same issue as the entire purpose of placing the "web bug" is to get their cookie on your system.

Now cookies are used to record usually a "unique identifier" which is associated with the entries in the database. Get rid of the cookies and you become someone else as the cookiegivers must now give you a brand new cookie with a brand new serial number. All the data which correlated to the contents of the cookie becomes useless to the marketers. Our products not only destroy the cookies, they make them completely unrecoverable. A deleted file CAN be recovered. A trashed file cannot. Our products destroy the data beyond recovery.

Lately a lot of noise has been heard about "spyware" which is former "shareware" which now serves up banner ads just like web sites do. And like web sites that serve banner ads, this so-called "spyware" does the same thing without the benefit of active links. So-called "spyware" is able to function WITHOUT being connected to the internet at the time you wish to run the software and the only reason why software companies provide this "adware" is because people are not willing to pay the producers of the software for the tremendous effort they've put into it.

In order to replace old advertisements with ones you're likely to click on, "spyware" will call in to the server to collect new advertisements for it to display when you use the software again. There is nothing more insidious to this than a banner ad on any web site you visit - it's the same thing except that the software needs to grab the ads when you go online so it can display them when you're not online. "Spyware" doesn't do anything more than regular websites you visit every day. Most of these same vendors will remove the advertising once they have been paid when you "register" the software and pay for it.

Once again, you get what you pay for. For shareware authors this is the only way they can expect to get paid for the time and effort they put in to create the program in the first place and to denigrate their ability to make money like most webmasters is disingenuous to say the least. Nothing is really "free" and the costs of maintaining large web sites and developing software is enormous. There is always a price, and it's your privacy. We charge for our software but we assure you that we're working for you when you give us money.

The promoters of the "spyware" scare don't seem to get it however - in their dire warnings, they claimed that advertising supported software such as Real Networks' products (another company forced into giving away their software for free by Microsoft), Netzip and others sent off cookies to the site they had downloaded it from. The cookie which was the basis for all this was a very old cookie from back when the party purchased the software many months earlier. Had this party been using NSClean or IEClean the cookie would have been long gone and there would not have been an issue. However, since the cookie was retained and cookies are designed to be sent back to the site that placed them, the old cookie was sent as designed. This didn't have to happen and it speaks volumes about the expertise of those who failed to understand how this all works, I'm embarassed to say.

While cookies are obviously a risk, there are other issues which we address for you in our software. In addition to cookies and web bugs which are also cookie-related, bad actors put up web sites in order to attack your system and gain entry. Our BOClean product is designed to defeat them if they succeed in placing a trojan horse remote control program on your computer successfully. These "trojan horses" offer outsiders more control of your computer than you can possibly attain and allow the theft of your personal information and the destruction of your system. Using BOClean along with either NSClean or IEClean (depending on which browser you use) offers ultimate protection of your privacy and your security.

Our browser managers also address a number of other issues. When you visit a site, they can determine if you've been there before from your caches and your history data which is kept by your browser. If files from the site are already in your cache, a site can determine that you've been there before and by tracking which page elements you DO download (because they're not in your cache) and sites that are "third partied" (particularly porn sites) can determine by the lack of a need to load links from other sites they're connected to whether or not you've been there. Once again profiling is possible and in this case without any cookies at all.

When your history files contain information about a previous visit, then your browser will not send "referrer data" since the browser already knows the site from the history file. Modern web site analysis software will report "no referrer" in this case. Again they know where you've been and although it isn't being widely done, this is yet another way of determining your surfing history and many sites are using this information now. This activity has been going on for years as well and hasn't yet been noticed. We've already solved this as well.

Browsers also contain other useful data to those who know how to make use of it such as "hit logging" and "GUID numbers" as used by Microsoft's Internet Explorer (both of these features, as of now,are not done in Netscape). Hit logging is a feature of the IE browser which is designed to "phone home." You don't need to have "spyware" installed for this to be used and "spyware" uses this feature of Internet Explorer which of course is already installed on most machines even if it is never used. Hit logging, which is part of Microsoft's WININET API (browser/OS integration) keeps track of all of your OFFLINE activities and when you click on a banner ad, a record is made of how long you look at it, which you click on as well as personal information stored by the IE browser.

GUID numbers are randomly generated "Guaranteed Unique" or "Globally Unique" ID numbers which are highly unlikely to ever occur twice across the planet. They are the ultimate "electronic dog tag" and can survive even if you kill the cookies and remove the "spyware" as others claim solve the problem. It does not. Our IEClean product DOES. IEClean allows you to shut down hit logging permanently and it also is able to generate a random new GUID to make you somebody else with the click of a single button in our product.

When you submit a form (a warning box comes up when you do this unless you tell it to never warn you again) it is often sent to the website by means of "method=post, action=email." When you submit a form this way, your web browser uses the email software which comes with it to send your NAME AND EMAIL ADDRESS to any site that requests it so long as you send the form. Our products allow you to set an alias identification and email address to these sites instead of your real identity.

In addition, our products allow you to clean out all the tracks of your surfing activities, removes the history, caches, cookies and registry entries which correspond to them. We also clean out the local databases that back up this data in case you decide to delete the files themselves which allows the deleted data to be recovered. If you use usenet newsgroups or visit porn sites, all traces of this too is removed if you wish so that your children can't accidentally access unsavory sites that have already been visited on your machine.

Naturally, these files can also be accessed directly from your machine. All it takes is a little basic computer skill, and this information can be accessed by anyone. If you're not comfortable with the thought of someone being able to riffle through your browser files, as well as being able to access what may be inappropriate sites (in the case of children), our products are for you. NSClean or IEClean will wipe out as much of that data as you wish and allows you to decide what goes and what stays without the need for "detailed technical specifications."

Finally, once again in regard to cookies, bear in mind what I explained about their only value to marketeers being their "persistence." You don't need to panic and refuse them all and there's no genuine need to remove them instantly or deny them either. The objective in foiling cookies is to deny them their "persistence" which is the reason why our products were deliberately designed to allow session and other short-lived cookies to function as these genuinely pose no risk, even when going from site to site with doubleclick on each page you visit. At your convenience, you can cause our products to kill off all cokies other than those you wish to keep because those chosen cookies contain customization information from trusted sites and thus you choose to trust those specific cookies.

Our NSClean v.4.50 product for Netscape Navigator/Communicator versions up to, and including 4.75 running on Windows95, 98, 2000 or WindowsNT allow you to protect your privacy without the need to resort to "anonymous" servers which run slowly and log your real identity on your way into them. For users of Microsoft Internet Explorer(up to version 5.01), we provide IEClean v5.00 for use with Windows95, 98, 2000 or WindowsNT. In a few weeks, a new IEClean 5.50 for Internet Explorer 5.5 will be released and anyone who has purchased IEClean 5.00 as of July 15, 2000 gets the new version for free. We apologize for the delay in its release, but we do not use our paying customers as "guinea pigs" and wait to release software until it is truly ready and stable. As a programmer here, I demand reliability for those who give us money. Thus we don't have to hide behind licensing disclaimers since we ensure that our software actually works and provide all the support needed in the rare circumstance where oddities DO crop up.

Depending on which browser you use, we have a product which will help you take control of your own privacy on the net and our years of experience in these issues provide software that actually works. In this treatise, we haven't covered remote control trojan horse programs which truly deserve the label of "spyware" in the most dangerous sense. In addition to examining our NSClean and IEClean products for browsers, we also encourage you to look into our BOClean product which protects you against trojan horses as well. We promise you that you'll get what you pay for with us.

Use of NSClean or IEClean can at least minimize the amount of stored data that can be pulled from your machine or looked over at your physical location.