Microsoft Debated Privacy vs. Advertisers In Internet Explorer... And Advertisers Won

from the of-course-they-did dept

The Wall Street Journal has a story detailing how Microsoft developers had worked out a plan to add serious privacy capabilities to Internet Explorer 8, which would specifically be designed to try to block tracking efforts by advertisers. The default would recognize if a third-party service/cookie/script appeared on more than 10 visited websites and would then assume that was a tracking device of sorts. The idea was to make this the default and make it easy for users to control their privacy settings. However, when word filtered over to the side of Microsoft's business that sold advertising, folks there went ballistic and forced the IE team to change its plans:
Executives in Microsoft's new ad business were upset when the designers of Internet Explorer hatched the plan to block tracking activity, say people involved in the debate. At a meeting in the spring of 2008, Brian McAndrews, a Microsoft senior vice president who had been chief executive of aQuantive before Microsoft acquired it, complained to the browser planners. Their privacy plan, he argued, would disrupt the selling of Web ads by Microsoft and other companies, these people say.
The folks on the other side realized that people were quickly moving away from IE, and thought (probably correctly) that the way to attract users was to actually (what an idea!) fight for the users and what they wanted, such as by implementing strong privacy tools. After fighting it out back and forth in a series of meetings, the advertising folks won... and Internet Explorer will continue to lose users. Admittedly, other browsers don't offer such privacy features standard either -- and Google clearly has the same conflict of interest to deal with. However, these days, if you are concerned about privacy, using Firefox with NoScript, AdBlocker and various other privacy protection extensions can certainly help.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    senshikaze (profile), Aug 3rd, 2010 @ 8:20am

    The difference with Google is that you can install all the nice little extensions that block this stuff, plus Google themselves supply an extension that disables the google analytics(and, yes, it does do the job correctly).
    And while Google uses it as a base, chromium is just as removed from Google as firefox is.

    Just the fact that IE doesn't support extensions(add-ons & plugins are a joke compared to Firefox's and Chrome's implementation of extensions) is good enough reason to never use it (the fact that it is Windows only guarantees that for me). It would have been a good thing seeing the IE people actually trying to change for the better, but i would rather they work on bringing IE into this decade on the whole web standards front.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 8:28am

    Re:

    Google essentially has root to any system where it has Chrome installed. It updates when it wants, silently. It can upload any code it wants. Quite the dangerous software from a security perspective.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    senshikaze (profile), Aug 3rd, 2010 @ 8:40am

    Re: Re:

    maybe on windows, but they can't do much on linux.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    jjmsan (profile), Aug 3rd, 2010 @ 8:47am

    Re: Re:

    Don't you mean secretly? So far as I know no updating system makes noise while updating. Music might be nice though.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    David, Aug 3rd, 2010 @ 8:48am

    Re: Re:

    That's not true; here's the details about the Chrome update system:
    http://dev.chromium.org/developers/design-documents/software-updates-courgette

    and you'll find the source code of the browsers near by.
    It astonishes me that people keep generating these false assumptions about open source software where you can browse the code and give the crap Microsoft releases in closed source a pass.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 8:52am

    huh?

    what is this "internet explorer" you speak of?

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    David, Aug 3rd, 2010 @ 8:56am

    Mike, I'd take all the reporting from the WSJ on this matter with a grain of salt, they were acting astonished about the existence of browser cookies in an earlier article and were confusing some of the terminology.
    The reason IE inPrivate mode is not on by default is because that it would block all kinds of local caching which would make surfing the web much more frustrating, also many websites host other sites components like fonts and images on different domains and that would also take a hit so all in all they made the right decision.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    A Dan (profile), Aug 3rd, 2010 @ 8:59am

    Typo

    Headline says "Internet Exporer"

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Malodorous Intent (profile), Aug 3rd, 2010 @ 9:00am

    Re: huh?

    If I remember correctly from Microsoft's defense team in an anti-trust case years ago, it's the operating system.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 9:06am

    Re:

    Sorry that is not correct, IE does support plugins, but they are not easy to make and most are paid there is no community thing in there.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Joel Coehoorn, Aug 3rd, 2010 @ 9:07am

    It was a bad idea anyway

    > "The default would recognize if a third-party
    > service/cookie/script appeared on more than 10
    > visited websites and would then assume that was
    > a tracking device of sorts."

    I think not doing this is the right decision from a technical standpoint as well.

    The ramifications of 1/4 of all web users blocking Google Analytics aside, there is a new trend in web development to take advantage of javascript "frameworks" that smooth over the incompatibilities among browsers and add power to the platform: scripts like jQuery, mooTools, Prototype, and others. Any of these would end up targeted by the technique described here. Sure, I suppose you could whitelist them, but as you sure you found not only the base scripts but also all of the plug-ins that go with them?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 9:10am

    Re:

    I'm so sorry for people who don't have real broadband.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    TtfnJohn (profile), Aug 3rd, 2010 @ 9:11am

    Re:

    Tracker cookies are a different breed of cat than most others and only, as near as I've ever discovered, served by ad sellers. Quite different than a log in cookie and so on.

    Disabling or automatically deleting these little monsters wouldn't make web serving as it wouldn't affect the loading of fonts, images from the other domain only any ads found on that domain. (Yes, I realize that does go on and tend to avoid sites that "double ad" me rather like I avoid all other critters of genus "spammer".)

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 9:11am

    Re: Re: Re:

    That's not true; here's the details about the Chrome update system:...

    Nothing on that page disputes what was said. What, you didn't think anybody would check?

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 9:15am

    Re: Re: Re:

    Yes they can, anything that can update itself without a warning is a accident waiting to happen.

    Like the flash plugin in Linux that is located in the firefox folder and shared with all other browsers in the machine, that is just brilliant, if you managed to corrupt one browser, all other are corrupted too.

    There are no Selinux polices in place to stop that at the moment. Same with JAVA(not Javascript)

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 9:18am

    and which browser is dying off

    /.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    senshikaze (profile), Aug 3rd, 2010 @ 9:18am

    Re: Typo

    i think he meant "Internet Exploder"

    ;)

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    TtfnJohn (profile), Aug 3rd, 2010 @ 9:20am

    Re: It was a bad idea anyway

    I'm sure the IE developers took that part of it into account. Assuming they aren't complete dolts and coded around such things. To some extent AdBlockPlus does this already though NoScript. last time I looked at it, remains something of a nuclear device that toasts everything good and dangerous/bad.

    While I agree that there are ramifications of 25% or more of browser users blocking Google Analytics about the only time I feel like doing that is when a site hangs waiting to contact the damned service which is happening more and more.

    Anyway, it's up to the browser user not the browser designer to make those decisions.

    Still, the decision wasn't made for technical reasons it was made so that the ad side of MS could sell ad space.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Aaron Martin-Colby (profile), Aug 3rd, 2010 @ 9:30am

    Re: huh?

    It's a tool for exploring your personal internets when you get them in the e-mail. It's important because internets are really complex and need advanced tools for exploring the words.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 9:32am

    Re:

    The reason IE inPrivate mode is not on by default is because that it would block all kinds of local caching which would make surfing the web much more frustrating, also many websites host other sites components like fonts and images on different domains and that would also take a hit so all in all they made the right decision.

    Except that's not the way it was originally intended to work. As originally intended, it didn't have those problems. Those problems were installed as "features" for the sake of the advertisers so as to make InPrivate more painful and thereby discourage people from using it very much. That way Microsoft could on the one hand publicly crow about IE's privacy features while on the other hand keeping people from using them. "Broken by design", or as Microsoft calls it, "win-win".

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    TtfnJohn (profile), Aug 3rd, 2010 @ 9:39am

    Re: Re:

    Let me rephrase a the following, and I'll let you find the typo on your own!

    Disabling or automatically deleting these little monsters wouldn't make web surfing more difficult as the loading of fonts, images etc would not, I trust, include ads from that domain.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    ofb2632 (profile), Aug 3rd, 2010 @ 9:40am

    And thats why i use Firefox

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Nick Dynice (profile), Aug 3rd, 2010 @ 9:41am

    This is great ammo for the Firefox and Chrome promotion teams.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 9:59am

    Re: Re: Re:

    David,
    Thanks for the technical view of how Google sends executable code directly to a PC. I don't exactly see how this helps from a security perspective. In theory sending the bits automatically is a good idea, in practice you risk having code that breaks something, or what with Google being rooted earlier in the year, transcends to its users being rooted.

    Chrome's open Source is really Showing up Microsoft on the security front, what with all the remote exploit holes found 2x a week now with Chrome.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 10:00am

    Great example of using Free in your business model

    The software is free but you give something up to get it.

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    nasch (profile), Aug 3rd, 2010 @ 10:00am

    Re: Re: It was a bad idea anyway

    NoScript does "nuke" everything by default, but it's usually fairly easy to whitelist the stuff you need. I say usually because sometimes the really heavily ad-driven web pages will have scripts from many different domains, and it can be hard to pick out what you need to turn on. Generally if I can't get what I want in a try or two, I just move on, but you can also temporarily allow everything for a page.

    What's irritating is the pages that show no content at all without javascript (I mean other than header images, etc). Why do you need javascript to display an article? I don't get it.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 10:22am

    Re: Re: Re:

    "silent" is a term in IT that means without user interaction.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    senshikaze (profile), Aug 3rd, 2010 @ 10:29am

    Re: Re: Re: Re:

    okay, yes, the flashplugin is a snafu, I heartedly agree with you there.

    But chrome cannot run anything that will affect the *entire* system. unless you run chrome as root, there is absolutely nothing chrome can do outside your own home folder (assuming you haven't done something incredibly stupid, like change security on everything to 777). Even the repo it adds on Ubuntu/Debian(assuming you are using the deb from google, not chromium) can only update chrome inside the confines of the dpkg system. For the most part *all* of the security problems with chrome are on Windows (maybe OS X too).

    Does the java runtime run code with higher privileges than the user has on linux? if so, that is terrifying, and should be removed completely.

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    senshikaze (profile), Aug 3rd, 2010 @ 10:30am

    Re: Re:

    i did mention the IE plugins and, compared to extensions in the other borwsers, there is no comparison.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Andrew, Aug 3rd, 2010 @ 10:41am

    The problem of integration

    The problem here is that Microsoft serves two masters (apart from the shareholders). They serve the consumer, in supplying software like IE; but they also serve the advertisers. And these two will often be at odds with each other. A similar problem comes from Sony - they not only serve the content consumers with DVD writers, but are also content makers who have a vested interest in people ... not buying DVD writers. When you start to serve two masters, one will ultimately fail, and be split off.

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Nick Dynice (profile), Aug 3rd, 2010 @ 11:10am

    Re: Great example of using Free in your business model

    Not when the competition lets you have it both ways: free and you don't have to give anything up.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    bob, Aug 3rd, 2010 @ 11:26am

    I just installed the optout addon

    Thanks for downloading the Google Analytics Opt-out Browser Add-on (BETA).

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    darryl, Aug 3rd, 2010 @ 11:39am

    Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this

    Admittedly, other browsers don't offer such privacy features standard either

    Its nice of your to admit that,

    That it is in fact ALL of them, who do not do this, but because its microsoft you have to have a rant, and that little line at the end says it all..

    So why go after MS, and do you think the 'other' browsers would not have also made those kinds of decisions?

    Sorry Mike, your bias is showing.

    so it should be from the

    of-course-they-ALL-DO-IT-Department.

    Its surprising how high a quality products are from Microsoft, to the point where most others try to copy them, They have a huge client base that is the envy of all others, but because you dont like them, you create FUD like this, this is little more than fear mongering, really you should be above this Mike.. or not..

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    Modplan (profile), Aug 3rd, 2010 @ 11:45am

    Re: Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this

    Nice of you to ignore:

    and Google clearly has the same conflict of interest to deal with.

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    Modplan (profile), Aug 3rd, 2010 @ 11:48am

    Re: Re: Re: Re:

    How is this so significantly different from every other browsers automatic update system that it allows them to apparently send anything Google wants and such things that allow it to apparently lead to major security concerns?

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Ben, Aug 3rd, 2010 @ 11:57am

    IE marketshare increasing

    latest numbers show IE overall increasing month-over-month, with IE8 overtaking the others. Do the research.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 12:26pm

    Re: Re: Great example of using Free in your business model

    You just have not noticed what you are giving up yet.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 1:04pm

    Re: Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this

    So tell us darryl, why do you "hate MS"?

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    nasch (profile), Aug 3rd, 2010 @ 2:34pm

    Re: Re: Re: Great example of using Free in your business model

    What do you have to give up to use Firefox or Chromium?

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 3:45pm

    Re: Re: Re: Re: Re:

    I real case in the real world that happened not so long ago.

    Gnome-looks repositories where compromised and were distributing a screensaver with malware inside that got installed as root.

    Fedora and Ubuntu repositories got hacked too.

    Package manager today don't use encryption and don't try to verify the source, that is a problem, it is being worked on but still it is a problem.

    Also most users create 2 accounts, the administrator(root) and the personal one, if you compromise their browser anything done inside that no matter what account is will get snooped, now many people browse the internet, download things and do banking and shopping from the same account what is stopping anyone from getting their credit cards numbers? How many people log out to another account to do shopping online?

    There is a problem there, Linux unfortunately have limitations too.

    JAVA or flash doesn't need to have access to root powers when what you are looking for is shopping activity done in that account.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Chris Pratt, Aug 3rd, 2010 @ 3:46pm

    Sounds poorly thought out in the first place...

    The IE team may have thought they had a novel idea, but it wouldn't have worked out nearly as well as they planned. Seems they forgot about certain APIs online that have tons of installed users. Google's AJAX API, Yahoo's YUI, and things like Facebook Connect would have all been "caught" by this rather short-sighted plan. There's also a good chance it would even catch things like calls to Google Maps API scripts, since they're so prevalent around the web.

    Sounds pretty typical of IE, though. Jump head first into the water with the first idea that comes to mind, no matter how ill-thought.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 5:41pm

    Re: Sounds poorly thought out in the first place...

    I'm confused.

    I use TOR/privoxy with the TORButton addon from firefox, it blocks everything and I do mean everything and still I can surf the web without much problems.

    I just don't see anything that uses javascript, JAVA, Flash or other scripts but that is ok. Some webdesigners got smart and use CSS to design along with animated GIF's so they don't get blocked and it is pretty secure not to mention private.

    Now tell me how that doesn't work exactly?

    When I do need to go anywhere that I need scripts enabled I jump to another browser inside a virtual machine.

    Which leads me to another question, why the frak browser are not including sandbox(virtual spaces)? The closest thing to a sandbox is Google Chrome.

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    ferridder (profile), Aug 4th, 2010 @ 12:31am

    InPrivate Filtering is still in IE 8

    If you need to use IE, do activate InPrivate Filtering: Security menu or keyboard shortcut CTRL+Shift+F is your friend.

    As with most things MS, there is a registry hack that gives you the sane behaviour (ON) by default.
    http://www.vista4beginners.com/Keep-InPrivate-Filtering-Enabled-Forever

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    anonymous coward, Aug 4th, 2010 @ 8:22am

    Antitrust?

    I wonder if the lawyers had any say in this. If IE did come configured to block Google Analytics and other advertising information, I'd expect them to get sued for abuse of monopoly power. I'd certainly cry foul if I were Google, who would certainly be more hurt by this feature than Microsoft.

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    Anonymous Coward, Aug 4th, 2010 @ 8:58am

    Re: Re: Re: Re: Great example of using Free in your business model

    Unless you turn off all of the useful features, every browser I have used has privacy issues.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This