mark nottingham

WebCapture

Tuesday, 12 August 2003

Here’s something different. WebCapture “is a secure capture and playback system that records, in context, all web session pages that comprise an e-business transaction.”

“Capturing the INTENT and PROCESS is a centuries old and important standard essential in proving that transacting parties fully understand their actions. Additionally, using WebCapture transacting parties can easily play back the agreement and pre-empt any potential misunderstanding.”

In other words, it not only logs the pages you go to, it keeps copies of them. In itself, this is fine; compliance issues, especially in the finance industry, require that you keep records, and as we all know, Web pages’ representations change (even if they’re cool). The Web architecture and specifically HTTP allow this sort of thing with intermediaries.

Aside: one of the cool things you could do with a Web application description format (see previous post) is to define of the contract; i.e., “POSTing to this resource is the acceptance, the representation of that resource is our terms.” This would make applications like WebCapture much more efficient.

The problem that I have is that WebCapture is showing up in a significant portion of the logs for this site. Why is that? There isn’t any content on this site that someone would consider a “transaction,” except maybe for the contact form, and I’d know if it got a few thousand “transactions” this month.

More disturbingly, WebCapture’s literature indicates that it’s intended to be set up by the site’s authority (i.e. the content owner), to prove compliance, not to record people’s outbound surfing sessions. It seems like someone is misusing the software, probably at the urging of a desperate salesman. Luckily, it sets its own User-Agent header (despite the fact that it’s most likely an intermediary) and strips the referer, so it’s a simple matter to rectify.

Anybody else see this in logs?