Microsoft Debated Privacy vs. Advertisers In Internet Explorer… And Advertisers Won

from the of-course-they-did dept

The Wall Street Journal has a story detailing how Microsoft developers had worked out a plan to add serious privacy capabilities to Internet Explorer 8, which would specifically be designed to try to block tracking efforts by advertisers. The default would recognize if a third-party service/cookie/script appeared on more than 10 visited websites and would then assume that was a tracking device of sorts. The idea was to make this the default and make it easy for users to control their privacy settings. However, when word filtered over to the side of Microsoft’s business that sold advertising, folks there went ballistic and forced the IE team to change its plans:

Executives in Microsoft’s new ad business were upset when the designers of Internet Explorer hatched the plan to block tracking activity, say people involved in the debate. At a meeting in the spring of 2008, Brian McAndrews, a Microsoft senior vice president who had been chief executive of aQuantive before Microsoft acquired it, complained to the browser planners. Their privacy plan, he argued, would disrupt the selling of Web ads by Microsoft and other companies, these people say.

The folks on the other side realized that people were quickly moving away from IE, and thought (probably correctly) that the way to attract users was to actually (what an idea!) fight for the users and what they wanted, such as by implementing strong privacy tools. After fighting it out back and forth in a series of meetings, the advertising folks won… and Internet Explorer will continue to lose users. Admittedly, other browsers don’t offer such privacy features standard either — and Google clearly has the same conflict of interest to deal with. However, these days, if you are concerned about privacy, using Firefox with NoScript, AdBlocker and various other privacy protection extensions can certainly help.

Filed Under: , , ,
Companies: microsoft

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Microsoft Debated Privacy vs. Advertisers In Internet Explorer… And Advertisers Won”

Subscribe: RSS Leave a comment
senshikaze (profile) says:

The difference with Google is that you can install all the nice little extensions that block this stuff, plus Google themselves supply an extension that disables the google analytics(and, yes, it does do the job correctly).
And while Google uses it as a base, chromium is just as removed from Google as firefox is.

Just the fact that IE doesn’t support extensions(add-ons & plugins are a joke compared to Firefox’s and Chrome’s implementation of extensions) is good enough reason to never use it (the fact that it is Windows only guarantees that for me). It would have been a good thing seeing the IE people actually trying to change for the better, but i would rather they work on bringing IE into this decade on the whole web standards front.

Anonymous Coward says:

Re: Re: Re: Re:

Yes they can, anything that can update itself without a warning is a accident waiting to happen.

Like the flash plugin in Linux that is located in the firefox folder and shared with all other browsers in the machine, that is just brilliant, if you managed to corrupt one browser, all other are corrupted too.

There are no Selinux polices in place to stop that at the moment. Same with JAVA(not Javascript)

senshikaze (profile) says:

Re: Re: Re:2 Re:

okay, yes, the flashplugin is a snafu, I heartedly agree with you there.

But chrome cannot run anything that will affect the *entire* system. unless you run chrome as root, there is absolutely nothing chrome can do outside your own home folder (assuming you haven’t done something incredibly stupid, like change security on everything to 777). Even the repo it adds on Ubuntu/Debian(assuming you are using the deb from google, not chromium) can only update chrome inside the confines of the dpkg system. For the most part *all* of the security problems with chrome are on Windows (maybe OS X too).

Does the java runtime run code with higher privileges than the user has on linux? if so, that is terrifying, and should be removed completely.

Anonymous Coward says:

Re: Re: Re:3 Re:

I real case in the real world that happened not so long ago.

Gnome-looks repositories where compromised and were distributing a screensaver with malware inside that got installed as root.

Fedora and Ubuntu repositories got hacked too.

Package manager today don’t use encryption and don’t try to verify the source, that is a problem, it is being worked on but still it is a problem.

Also most users create 2 accounts, the administrator(root) and the personal one, if you compromise their browser anything done inside that no matter what account is will get snooped, now many people browse the internet, download things and do banking and shopping from the same account what is stopping anyone from getting their credit cards numbers? How many people log out to another account to do shopping online?

There is a problem there, Linux unfortunately have limitations too.

JAVA or flash doesn’t need to have access to root powers when what you are looking for is shopping activity done in that account.

David says:

Re: Re: Re:

That’s not true; here’s the details about the Chrome update system:

and you’ll find the source code of the browsers near by.
It astonishes me that people keep generating these false assumptions about open source software where you can browse the code and give the crap Microsoft releases in closed source a pass.

Anonymous Coward says:

Re: Re: Re: Re:

Thanks for the technical view of how Google sends executable code directly to a PC. I don’t exactly see how this helps from a security perspective. In theory sending the bits automatically is a good idea, in practice you risk having code that breaks something, or what with Google being rooted earlier in the year, transcends to its users being rooted.

Chrome’s open Source is really Showing up Microsoft on the security front, what with all the remote exploit holes found 2x a week now with Chrome.

David says:

Mike, I’d take all the reporting from the WSJ on this matter with a grain of salt, they were acting astonished about the existence of browser cookies in an earlier article and were confusing some of the terminology.
The reason IE inPrivate mode is not on by default is because that it would block all kinds of local caching which would make surfing the web much more frustrating, also many websites host other sites components like fonts and images on different domains and that would also take a hit so all in all they made the right decision.

TtfnJohn (profile) says:

Re: Re:

Tracker cookies are a different breed of cat than most others and only, as near as I’ve ever discovered, served by ad sellers. Quite different than a log in cookie and so on.

Disabling or automatically deleting these little monsters wouldn’t make web serving as it wouldn’t affect the loading of fonts, images from the other domain only any ads found on that domain. (Yes, I realize that does go on and tend to avoid sites that “double ad” me rather like I avoid all other critters of genus “spammer”.)

Anonymous Coward says:

Re: Re:

The reason IE inPrivate mode is not on by default is because that it would block all kinds of local caching which would make surfing the web much more frustrating, also many websites host other sites components like fonts and images on different domains and that would also take a hit so all in all they made the right decision.

Except that’s not the way it was originally intended to work. As originally intended, it didn’t have those problems. Those problems were installed as “features” for the sake of the advertisers so as to make InPrivate more painful and thereby discourage people from using it very much. That way Microsoft could on the one hand publicly crow about IE’s privacy features while on the other hand keeping people from using them. “Broken by design”, or as Microsoft calls it, “win-win”.

Joel Coehoorn says:

It was a bad idea anyway

> “The default would recognize if a third-party
> service/cookie/script appeared on more than 10
> visited websites and would then assume that was
> a tracking device of sorts.”

I think not doing this is the right decision from a technical standpoint as well.

The ramifications of 1/4 of all web users blocking Google Analytics aside, there is a new trend in web development to take advantage of javascript “frameworks” that smooth over the incompatibilities among browsers and add power to the platform: scripts like jQuery, mooTools, Prototype, and others. Any of these would end up targeted by the technique described here. Sure, I suppose you could whitelist them, but as you sure you found not only the base scripts but also all of the plug-ins that go with them?

TtfnJohn (profile) says:

Re: It was a bad idea anyway

I’m sure the IE developers took that part of it into account. Assuming they aren’t complete dolts and coded around such things. To some extent AdBlockPlus does this already though NoScript. last time I looked at it, remains something of a nuclear device that toasts everything good and dangerous/bad.

While I agree that there are ramifications of 25% or more of browser users blocking Google Analytics about the only time I feel like doing that is when a site hangs waiting to contact the damned service which is happening more and more.

Anyway, it’s up to the browser user not the browser designer to make those decisions.

Still, the decision wasn’t made for technical reasons it was made so that the ad side of MS could sell ad space.

nasch (profile) says:

Re: Re: It was a bad idea anyway

NoScript does “nuke” everything by default, but it’s usually fairly easy to whitelist the stuff you need. I say usually because sometimes the really heavily ad-driven web pages will have scripts from many different domains, and it can be hard to pick out what you need to turn on. Generally if I can’t get what I want in a try or two, I just move on, but you can also temporarily allow everything for a page.

What’s irritating is the pages that show no content at all without javascript (I mean other than header images, etc). Why do you need javascript to display an article? I don’t get it.

Andrew (profile) says:

The problem of integration

The problem here is that Microsoft serves two masters (apart from the shareholders). They serve the consumer, in supplying software like IE; but they also serve the advertisers. And these two will often be at odds with each other. A similar problem comes from Sony – they not only serve the content consumers with DVD writers, but are also content makers who have a vested interest in people … not buying DVD writers. When you start to serve two masters, one will ultimately fail, and be split off.

darryl says:

Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this

Admittedly, other browsers don’t offer such privacy features standard either

Its nice of your to admit that,

That it is in fact ALL of them, who do not do this, but because its microsoft you have to have a rant, and that little line at the end says it all..

So why go after MS, and do you think the ‘other’ browsers would not have also made those kinds of decisions?

Sorry Mike, your bias is showing.

so it should be from the


Its surprising how high a quality products are from Microsoft, to the point where most others try to copy them, They have a huge client base that is the envy of all others, but because you dont like them, you create FUD like this, this is little more than fear mongering, really you should be above this Mike.. or not..

Chris Pratt (profile) says:

Sounds poorly thought out in the first place...

The IE team may have thought they had a novel idea, but it wouldn’t have worked out nearly as well as they planned. Seems they forgot about certain APIs online that have tons of installed users. Google’s AJAX API, Yahoo’s YUI, and things like Facebook Connect would have all been “caught” by this rather short-sighted plan. There’s also a good chance it would even catch things like calls to Google Maps API scripts, since they’re so prevalent around the web.

Sounds pretty typical of IE, though. Jump head first into the water with the first idea that comes to mind, no matter how ill-thought.

Anonymous Coward says:

Re: Sounds poorly thought out in the first place...

I’m confused.

I use TOR/privoxy with the TORButton addon from firefox, it blocks everything and I do mean everything and still I can surf the web without much problems.

I just don’t see anything that uses javascript, JAVA, Flash or other scripts but that is ok. Some webdesigners got smart and use CSS to design along with animated GIF’s so they don’t get blocked and it is pretty secure not to mention private.

Now tell me how that doesn’t work exactly?

When I do need to go anywhere that I need scripts enabled I jump to another browser inside a virtual machine.

Which leads me to another question, why the frak browser are not including sandbox(virtual spaces)? The closest thing to a sandbox is Google Chrome.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...