Microsoft Debated Privacy vs. Advertisers In Internet Explorer... And Advertisers Won

from the of-course-they-did dept

The Wall Street Journal has a story detailing how Microsoft developers had worked out a plan to add serious privacy capabilities to Internet Explorer 8, which would specifically be designed to try to block tracking efforts by advertisers. The default would recognize if a third-party service/cookie/script appeared on more than 10 visited websites and would then assume that was a tracking device of sorts. The idea was to make this the default and make it easy for users to control their privacy settings. However, when word filtered over to the side of Microsoft's business that sold advertising, folks there went ballistic and forced the IE team to change its plans:
Executives in Microsoft's new ad business were upset when the designers of Internet Explorer hatched the plan to block tracking activity, say people involved in the debate. At a meeting in the spring of 2008, Brian McAndrews, a Microsoft senior vice president who had been chief executive of aQuantive before Microsoft acquired it, complained to the browser planners. Their privacy plan, he argued, would disrupt the selling of Web ads by Microsoft and other companies, these people say.
The folks on the other side realized that people were quickly moving away from IE, and thought (probably correctly) that the way to attract users was to actually (what an idea!) fight for the users and what they wanted, such as by implementing strong privacy tools. After fighting it out back and forth in a series of meetings, the advertising folks won... and Internet Explorer will continue to lose users. Admittedly, other browsers don't offer such privacy features standard either -- and Google clearly has the same conflict of interest to deal with. However, these days, if you are concerned about privacy, using Firefox with NoScript, AdBlocker and various other privacy protection extensions can certainly help.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    senshikaze (profile), Aug 3rd, 2010 @ 8:20am

    The difference with Google is that you can install all the nice little extensions that block this stuff, plus Google themselves supply an extension that disables the google analytics(and, yes, it does do the job correctly).
    And while Google uses it as a base, chromium is just as removed from Google as firefox is.

    Just the fact that IE doesn't support extensions(add-ons & plugins are a joke compared to Firefox's and Chrome's implementation of extensions) is good enough reason to never use it (the fact that it is Windows only guarantees that for me). It would have been a good thing seeing the IE people actually trying to change for the better, but i would rather they work on bringing IE into this decade on the whole web standards front.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 3rd, 2010 @ 8:28am

      Re:

      Google essentially has root to any system where it has Chrome installed. It updates when it wants, silently. It can upload any code it wants. Quite the dangerous software from a security perspective.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        senshikaze (profile), Aug 3rd, 2010 @ 8:40am

        Re: Re:

        maybe on windows, but they can't do much on linux.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Aug 3rd, 2010 @ 9:15am

          Re: Re: Re:

          Yes they can, anything that can update itself without a warning is a accident waiting to happen.

          Like the flash plugin in Linux that is located in the firefox folder and shared with all other browsers in the machine, that is just brilliant, if you managed to corrupt one browser, all other are corrupted too.

          There are no Selinux polices in place to stop that at the moment. Same with JAVA(not Javascript)

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            senshikaze (profile), Aug 3rd, 2010 @ 10:29am

            Re: Re: Re: Re:

            okay, yes, the flashplugin is a snafu, I heartedly agree with you there.

            But chrome cannot run anything that will affect the *entire* system. unless you run chrome as root, there is absolutely nothing chrome can do outside your own home folder (assuming you haven't done something incredibly stupid, like change security on everything to 777). Even the repo it adds on Ubuntu/Debian(assuming you are using the deb from google, not chromium) can only update chrome inside the confines of the dpkg system. For the most part *all* of the security problems with chrome are on Windows (maybe OS X too).

            Does the java runtime run code with higher privileges than the user has on linux? if so, that is terrifying, and should be removed completely.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Aug 3rd, 2010 @ 3:45pm

              Re: Re: Re: Re: Re:

              I real case in the real world that happened not so long ago.

              Gnome-looks repositories where compromised and were distributing a screensaver with malware inside that got installed as root.

              Fedora and Ubuntu repositories got hacked too.

              Package manager today don't use encryption and don't try to verify the source, that is a problem, it is being worked on but still it is a problem.

              Also most users create 2 accounts, the administrator(root) and the personal one, if you compromise their browser anything done inside that no matter what account is will get snooped, now many people browse the internet, download things and do banking and shopping from the same account what is stopping anyone from getting their credit cards numbers? How many people log out to another account to do shopping online?

              There is a problem there, Linux unfortunately have limitations too.

              JAVA or flash doesn't need to have access to root powers when what you are looking for is shopping activity done in that account.

               

              reply to this | link to this | view in chronology ]

      •  
        icon
        jjmsan (profile), Aug 3rd, 2010 @ 8:47am

        Re: Re:

        Don't you mean secretly? So far as I know no updating system makes noise while updating. Music might be nice though.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        David, Aug 3rd, 2010 @ 8:48am

        Re: Re:

        That's not true; here's the details about the Chrome update system:
        http://dev.chromium.org/developers/design-documents/software-updates-courgette

        and you'll find the source code of the browsers near by.
        It astonishes me that people keep generating these false assumptions about open source software where you can browse the code and give the crap Microsoft releases in closed source a pass.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Aug 3rd, 2010 @ 9:11am

          Re: Re: Re:

          That's not true; here's the details about the Chrome update system:...

          Nothing on that page disputes what was said. What, you didn't think anybody would check?

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Aug 3rd, 2010 @ 9:59am

          Re: Re: Re:

          David,
          Thanks for the technical view of how Google sends executable code directly to a PC. I don't exactly see how this helps from a security perspective. In theory sending the bits automatically is a good idea, in practice you risk having code that breaks something, or what with Google being rooted earlier in the year, transcends to its users being rooted.

          Chrome's open Source is really Showing up Microsoft on the security front, what with all the remote exploit holes found 2x a week now with Chrome.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Modplan (profile), Aug 3rd, 2010 @ 11:48am

            Re: Re: Re: Re:

            How is this so significantly different from every other browsers automatic update system that it allows them to apparently send anything Google wants and such things that allow it to apparently lead to major security concerns?

             

            reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 3rd, 2010 @ 9:06am

      Re:

      Sorry that is not correct, IE does support plugins, but they are not easy to make and most are paid there is no community thing in there.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 8:52am

    huh?

    what is this "internet explorer" you speak of?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    David, Aug 3rd, 2010 @ 8:56am

    Mike, I'd take all the reporting from the WSJ on this matter with a grain of salt, they were acting astonished about the existence of browser cookies in an earlier article and were confusing some of the terminology.
    The reason IE inPrivate mode is not on by default is because that it would block all kinds of local caching which would make surfing the web much more frustrating, also many websites host other sites components like fonts and images on different domains and that would also take a hit so all in all they made the right decision.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 3rd, 2010 @ 9:10am

      Re:

      I'm so sorry for people who don't have real broadband.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      TtfnJohn (profile), Aug 3rd, 2010 @ 9:11am

      Re:

      Tracker cookies are a different breed of cat than most others and only, as near as I've ever discovered, served by ad sellers. Quite different than a log in cookie and so on.

      Disabling or automatically deleting these little monsters wouldn't make web serving as it wouldn't affect the loading of fonts, images from the other domain only any ads found on that domain. (Yes, I realize that does go on and tend to avoid sites that "double ad" me rather like I avoid all other critters of genus "spammer".)

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        TtfnJohn (profile), Aug 3rd, 2010 @ 9:39am

        Re: Re:

        Let me rephrase a the following, and I'll let you find the typo on your own!

        Disabling or automatically deleting these little monsters wouldn't make web surfing more difficult as the loading of fonts, images etc would not, I trust, include ads from that domain.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 3rd, 2010 @ 9:32am

      Re:

      The reason IE inPrivate mode is not on by default is because that it would block all kinds of local caching which would make surfing the web much more frustrating, also many websites host other sites components like fonts and images on different domains and that would also take a hit so all in all they made the right decision.

      Except that's not the way it was originally intended to work. As originally intended, it didn't have those problems. Those problems were installed as "features" for the sake of the advertisers so as to make InPrivate more painful and thereby discourage people from using it very much. That way Microsoft could on the one hand publicly crow about IE's privacy features while on the other hand keeping people from using them. "Broken by design", or as Microsoft calls it, "win-win".

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    A Dan (profile), Aug 3rd, 2010 @ 8:59am

    Typo

    Headline says "Internet Exporer"

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Joel Coehoorn, Aug 3rd, 2010 @ 9:07am

    It was a bad idea anyway

    > "The default would recognize if a third-party
    > service/cookie/script appeared on more than 10
    > visited websites and would then assume that was
    > a tracking device of sorts."

    I think not doing this is the right decision from a technical standpoint as well.

    The ramifications of 1/4 of all web users blocking Google Analytics aside, there is a new trend in web development to take advantage of javascript "frameworks" that smooth over the incompatibilities among browsers and add power to the platform: scripts like jQuery, mooTools, Prototype, and others. Any of these would end up targeted by the technique described here. Sure, I suppose you could whitelist them, but as you sure you found not only the base scripts but also all of the plug-ins that go with them?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      TtfnJohn (profile), Aug 3rd, 2010 @ 9:20am

      Re: It was a bad idea anyway

      I'm sure the IE developers took that part of it into account. Assuming they aren't complete dolts and coded around such things. To some extent AdBlockPlus does this already though NoScript. last time I looked at it, remains something of a nuclear device that toasts everything good and dangerous/bad.

      While I agree that there are ramifications of 25% or more of browser users blocking Google Analytics about the only time I feel like doing that is when a site hangs waiting to contact the damned service which is happening more and more.

      Anyway, it's up to the browser user not the browser designer to make those decisions.

      Still, the decision wasn't made for technical reasons it was made so that the ad side of MS could sell ad space.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        nasch (profile), Aug 3rd, 2010 @ 10:00am

        Re: Re: It was a bad idea anyway

        NoScript does "nuke" everything by default, but it's usually fairly easy to whitelist the stuff you need. I say usually because sometimes the really heavily ad-driven web pages will have scripts from many different domains, and it can be hard to pick out what you need to turn on. Generally if I can't get what I want in a try or two, I just move on, but you can also temporarily allow everything for a page.

        What's irritating is the pages that show no content at all without javascript (I mean other than header images, etc). Why do you need javascript to display an article? I don't get it.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 9:18am

    and which browser is dying off

    /.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    ofb2632 (profile), Aug 3rd, 2010 @ 9:40am

    And thats why i use Firefox

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Nick Dynice (profile), Aug 3rd, 2010 @ 9:41am

    This is great ammo for the Firefox and Chrome promotion teams.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2010 @ 10:00am

    Great example of using Free in your business model

    The software is free but you give something up to get it.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Nick Dynice (profile), Aug 3rd, 2010 @ 11:10am

      Re: Great example of using Free in your business model

      Not when the competition lets you have it both ways: free and you don't have to give anything up.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Aug 3rd, 2010 @ 12:26pm

        Re: Re: Great example of using Free in your business model

        You just have not noticed what you are giving up yet.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          nasch (profile), Aug 3rd, 2010 @ 2:34pm

          Re: Re: Re: Great example of using Free in your business model

          What do you have to give up to use Firefox or Chromium?

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Aug 4th, 2010 @ 8:58am

            Re: Re: Re: Re: Great example of using Free in your business model

            Unless you turn off all of the useful features, every browser I have used has privacy issues.

             

            reply to this | link to this | view in chronology ]

  •  
    identicon
    Andrew, Aug 3rd, 2010 @ 10:41am

    The problem of integration

    The problem here is that Microsoft serves two masters (apart from the shareholders). They serve the consumer, in supplying software like IE; but they also serve the advertisers. And these two will often be at odds with each other. A similar problem comes from Sony - they not only serve the content consumers with DVD writers, but are also content makers who have a vested interest in people ... not buying DVD writers. When you start to serve two masters, one will ultimately fail, and be split off.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    bob, Aug 3rd, 2010 @ 11:26am

    I just installed the optout addon

    Thanks for downloading the Google Analytics Opt-out Browser Add-on (BETA).

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    darryl, Aug 3rd, 2010 @ 11:39am

    Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this

    Admittedly, other browsers don't offer such privacy features standard either

    Its nice of your to admit that,

    That it is in fact ALL of them, who do not do this, but because its microsoft you have to have a rant, and that little line at the end says it all..

    So why go after MS, and do you think the 'other' browsers would not have also made those kinds of decisions?

    Sorry Mike, your bias is showing.

    so it should be from the

    of-course-they-ALL-DO-IT-Department.

    Its surprising how high a quality products are from Microsoft, to the point where most others try to copy them, They have a huge client base that is the envy of all others, but because you dont like them, you create FUD like this, this is little more than fear mongering, really you should be above this Mike.. or not..

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Modplan (profile), Aug 3rd, 2010 @ 11:45am

      Re: Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this

      Nice of you to ignore:

      and Google clearly has the same conflict of interest to deal with.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 3rd, 2010 @ 1:04pm

      Re: Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this

      So tell us darryl, why do you "hate MS"?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Ben, Aug 3rd, 2010 @ 11:57am

    IE marketshare increasing

    latest numbers show IE overall increasing month-over-month, with IE8 overtaking the others. Do the research.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Chris Pratt, Aug 3rd, 2010 @ 3:46pm

    Sounds poorly thought out in the first place...

    The IE team may have thought they had a novel idea, but it wouldn't have worked out nearly as well as they planned. Seems they forgot about certain APIs online that have tons of installed users. Google's AJAX API, Yahoo's YUI, and things like Facebook Connect would have all been "caught" by this rather short-sighted plan. There's also a good chance it would even catch things like calls to Google Maps API scripts, since they're so prevalent around the web.

    Sounds pretty typical of IE, though. Jump head first into the water with the first idea that comes to mind, no matter how ill-thought.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 3rd, 2010 @ 5:41pm

      Re: Sounds poorly thought out in the first place...

      I'm confused.

      I use TOR/privoxy with the TORButton addon from firefox, it blocks everything and I do mean everything and still I can surf the web without much problems.

      I just don't see anything that uses javascript, JAVA, Flash or other scripts but that is ok. Some webdesigners got smart and use CSS to design along with animated GIF's so they don't get blocked and it is pretty secure not to mention private.

      Now tell me how that doesn't work exactly?

      When I do need to go anywhere that I need scripts enabled I jump to another browser inside a virtual machine.

      Which leads me to another question, why the frak browser are not including sandbox(virtual spaces)? The closest thing to a sandbox is Google Chrome.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    ferridder (profile), Aug 4th, 2010 @ 12:31am

    InPrivate Filtering is still in IE 8

    If you need to use IE, do activate InPrivate Filtering: Security menu or keyboard shortcut CTRL+Shift+F is your friend.

    As with most things MS, there is a registry hack that gives you the sane behaviour (ON) by default.
    http://www.vista4beginners.com/Keep-InPrivate-Filtering-Enabled-Forever

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    anonymous coward, Aug 4th, 2010 @ 8:22am

    Antitrust?

    I wonder if the lawyers had any say in this. If IE did come configured to block Google Analytics and other advertising information, I'd expect them to get sued for abuse of monopoly power. I'd certainly cry foul if I were Google, who would certainly be more hurt by this feature than Microsoft.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This