Microsoft Debated Privacy vs. Advertisers In Internet Explorer… And Advertisers Won
from the of-course-they-did dept
The Wall Street Journal has a story detailing how Microsoft developers had worked out a plan to add serious privacy capabilities to Internet Explorer 8, which would specifically be designed to try to block tracking efforts by advertisers. The default would recognize if a third-party service/cookie/script appeared on more than 10 visited websites and would then assume that was a tracking device of sorts. The idea was to make this the default and make it easy for users to control their privacy settings. However, when word filtered over to the side of Microsoft’s business that sold advertising, folks there went ballistic and forced the IE team to change its plans:
Executives in Microsoft’s new ad business were upset when the designers of Internet Explorer hatched the plan to block tracking activity, say people involved in the debate. At a meeting in the spring of 2008, Brian McAndrews, a Microsoft senior vice president who had been chief executive of aQuantive before Microsoft acquired it, complained to the browser planners. Their privacy plan, he argued, would disrupt the selling of Web ads by Microsoft and other companies, these people say.
The folks on the other side realized that people were quickly moving away from IE, and thought (probably correctly) that the way to attract users was to actually (what an idea!) fight for the users and what they wanted, such as by implementing strong privacy tools. After fighting it out back and forth in a series of meetings, the advertising folks won… and Internet Explorer will continue to lose users. Admittedly, other browsers don’t offer such privacy features standard either — and Google clearly has the same conflict of interest to deal with. However, these days, if you are concerned about privacy, using Firefox with NoScript, AdBlocker and various other privacy protection extensions can certainly help.
Filed Under: advertisers, browsers, internet explorer, privacy
Companies: microsoft
Comments on “Microsoft Debated Privacy vs. Advertisers In Internet Explorer… And Advertisers Won”
The difference with Google is that you can install all the nice little extensions that block this stuff, plus Google themselves supply an extension that disables the google analytics(and, yes, it does do the job correctly).
And while Google uses it as a base, chromium is just as removed from Google as firefox is.
Just the fact that IE doesn’t support extensions(add-ons & plugins are a joke compared to Firefox’s and Chrome’s implementation of extensions) is good enough reason to never use it (the fact that it is Windows only guarantees that for me). It would have been a good thing seeing the IE people actually trying to change for the better, but i would rather they work on bringing IE into this decade on the whole web standards front.
Re: Re:
Google essentially has root to any system where it has Chrome installed. It updates when it wants, silently. It can upload any code it wants. Quite the dangerous software from a security perspective.
Re: Re: Re:
maybe on windows, but they can’t do much on linux.
Re: Re: Re: Re:
Yes they can, anything that can update itself without a warning is a accident waiting to happen.
Like the flash plugin in Linux that is located in the firefox folder and shared with all other browsers in the machine, that is just brilliant, if you managed to corrupt one browser, all other are corrupted too.
There are no Selinux polices in place to stop that at the moment. Same with JAVA(not Javascript)
Re: Re: Re:2 Re:
okay, yes, the flashplugin is a snafu, I heartedly agree with you there.
But chrome cannot run anything that will affect the *entire* system. unless you run chrome as root, there is absolutely nothing chrome can do outside your own home folder (assuming you haven’t done something incredibly stupid, like change security on everything to 777). Even the repo it adds on Ubuntu/Debian(assuming you are using the deb from google, not chromium) can only update chrome inside the confines of the dpkg system. For the most part *all* of the security problems with chrome are on Windows (maybe OS X too).
Does the java runtime run code with higher privileges than the user has on linux? if so, that is terrifying, and should be removed completely.
Re: Re: Re:3 Re:
I real case in the real world that happened not so long ago.
Gnome-looks repositories where compromised and were distributing a screensaver with malware inside that got installed as root.
Fedora and Ubuntu repositories got hacked too.
Package manager today don’t use encryption and don’t try to verify the source, that is a problem, it is being worked on but still it is a problem.
Also most users create 2 accounts, the administrator(root) and the personal one, if you compromise their browser anything done inside that no matter what account is will get snooped, now many people browse the internet, download things and do banking and shopping from the same account what is stopping anyone from getting their credit cards numbers? How many people log out to another account to do shopping online?
There is a problem there, Linux unfortunately have limitations too.
JAVA or flash doesn’t need to have access to root powers when what you are looking for is shopping activity done in that account.
Re: Re: Re:
Don’t you mean secretly? So far as I know no updating system makes noise while updating. Music might be nice though.
Re: Re: Re: Re:
“silent” is a term in IT that means without user interaction.
Re: Re: Re:
That’s not true; here’s the details about the Chrome update system:
http://dev.chromium.org/developers/design-documents/software-updates-courgette
and you’ll find the source code of the browsers near by.
It astonishes me that people keep generating these false assumptions about open source software where you can browse the code and give the crap Microsoft releases in closed source a pass.
Re: Re: Re: Re:
That’s not true; here’s the details about the Chrome update system:…
Nothing on that page disputes what was said. What, you didn’t think anybody would check?
Re: Re: Re: Re:
David,
Thanks for the technical view of how Google sends executable code directly to a PC. I don’t exactly see how this helps from a security perspective. In theory sending the bits automatically is a good idea, in practice you risk having code that breaks something, or what with Google being rooted earlier in the year, transcends to its users being rooted.
Chrome’s open Source is really Showing up Microsoft on the security front, what with all the remote exploit holes found 2x a week now with Chrome.
Re: Re: Re:2 Re:
How is this so significantly different from every other browsers automatic update system that it allows them to apparently send anything Google wants and such things that allow it to apparently lead to major security concerns?
Re: Re:
Sorry that is not correct, IE does support plugins, but they are not easy to make and most are paid there is no community thing in there.
Re: Re: Re:
i did mention the IE plugins and, compared to extensions in the other borwsers, there is no comparison.
huh?
what is this “internet explorer” you speak of?
Re: huh?
If I remember correctly from Microsoft’s defense team in an anti-trust case years ago, it’s the operating system.
Re: huh?
It’s a tool for exploring your personal internets when you get them in the e-mail. It’s important because internets are really complex and need advanced tools for exploring the words.
Mike, I’d take all the reporting from the WSJ on this matter with a grain of salt, they were acting astonished about the existence of browser cookies in an earlier article and were confusing some of the terminology.
The reason IE inPrivate mode is not on by default is because that it would block all kinds of local caching which would make surfing the web much more frustrating, also many websites host other sites components like fonts and images on different domains and that would also take a hit so all in all they made the right decision.
Re: Re:
I’m so sorry for people who don’t have real broadband.
Re: Re:
Tracker cookies are a different breed of cat than most others and only, as near as I’ve ever discovered, served by ad sellers. Quite different than a log in cookie and so on.
Disabling or automatically deleting these little monsters wouldn’t make web serving as it wouldn’t affect the loading of fonts, images from the other domain only any ads found on that domain. (Yes, I realize that does go on and tend to avoid sites that “double ad” me rather like I avoid all other critters of genus “spammer”.)
Re: Re: Re:
Let me rephrase a the following, and I’ll let you find the typo on your own!
Disabling or automatically deleting these little monsters wouldn’t make web surfing more difficult as the loading of fonts, images etc would not, I trust, include ads from that domain.
Re: Re:
The reason IE inPrivate mode is not on by default is because that it would block all kinds of local caching which would make surfing the web much more frustrating, also many websites host other sites components like fonts and images on different domains and that would also take a hit so all in all they made the right decision.
Except that’s not the way it was originally intended to work. As originally intended, it didn’t have those problems. Those problems were installed as “features” for the sake of the advertisers so as to make InPrivate more painful and thereby discourage people from using it very much. That way Microsoft could on the one hand publicly crow about IE’s privacy features while on the other hand keeping people from using them. “Broken by design”, or as Microsoft calls it, “win-win”.
Typo
Headline says “Internet Exporer”
Re: Typo
i think he meant “Internet Exploder”
😉
It was a bad idea anyway
> “The default would recognize if a third-party
> service/cookie/script appeared on more than 10
> visited websites and would then assume that was
> a tracking device of sorts.”
I think not doing this is the right decision from a technical standpoint as well.
The ramifications of 1/4 of all web users blocking Google Analytics aside, there is a new trend in web development to take advantage of javascript “frameworks” that smooth over the incompatibilities among browsers and add power to the platform: scripts like jQuery, mooTools, Prototype, and others. Any of these would end up targeted by the technique described here. Sure, I suppose you could whitelist them, but as you sure you found not only the base scripts but also all of the plug-ins that go with them?
Re: It was a bad idea anyway
I’m sure the IE developers took that part of it into account. Assuming they aren’t complete dolts and coded around such things. To some extent AdBlockPlus does this already though NoScript. last time I looked at it, remains something of a nuclear device that toasts everything good and dangerous/bad.
While I agree that there are ramifications of 25% or more of browser users blocking Google Analytics about the only time I feel like doing that is when a site hangs waiting to contact the damned service which is happening more and more.
Anyway, it’s up to the browser user not the browser designer to make those decisions.
Still, the decision wasn’t made for technical reasons it was made so that the ad side of MS could sell ad space.
Re: Re: It was a bad idea anyway
NoScript does “nuke” everything by default, but it’s usually fairly easy to whitelist the stuff you need. I say usually because sometimes the really heavily ad-driven web pages will have scripts from many different domains, and it can be hard to pick out what you need to turn on. Generally if I can’t get what I want in a try or two, I just move on, but you can also temporarily allow everything for a page.
What’s irritating is the pages that show no content at all without javascript (I mean other than header images, etc). Why do you need javascript to display an article? I don’t get it.
and which browser is dying off
/.
And thats why i use Firefox
This is great ammo for the Firefox and Chrome promotion teams.
Great example of using Free in your business model
The software is free but you give something up to get it.
Re: Great example of using Free in your business model
Not when the competition lets you have it both ways: free and you don’t have to give anything up.
Re: Re: Great example of using Free in your business model
You just have not noticed what you are giving up yet.
Re: Re: Re: Great example of using Free in your business model
What do you have to give up to use Firefox or Chromium?
Re: Re: Re:2 Great example of using Free in your business model
Unless you turn off all of the useful features, every browser I have used has privacy issues.
The problem of integration
The problem here is that Microsoft serves two masters (apart from the shareholders). They serve the consumer, in supplying software like IE; but they also serve the advertisers. And these two will often be at odds with each other. A similar problem comes from Sony – they not only serve the content consumers with DVD writers, but are also content makers who have a vested interest in people … not buying DVD writers. When you start to serve two masters, one will ultimately fail, and be split off.
I just installed the optout addon
Thanks for downloading the Google Analytics Opt-out Browser Add-on (BETA).
Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this
Admittedly, other browsers don’t offer such privacy features standard either
Its nice of your to admit that,
That it is in fact ALL of them, who do not do this, but because its microsoft you have to have a rant, and that little line at the end says it all..
So why go after MS, and do you think the ‘other’ browsers would not have also made those kinds of decisions?
Sorry Mike, your bias is showing.
so it should be from the
of-course-they-ALL-DO-IT-Department.
Its surprising how high a quality products are from Microsoft, to the point where most others try to copy them, They have a huge client base that is the envy of all others, but because you dont like them, you create FUD like this, this is little more than fear mongering, really you should be above this Mike.. or not..
Re: Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this
Nice of you to ignore:
Re: Admittedly, other browsers don't offer such privacy features standard either !!!! But I hate MS so here read this
So tell us darryl, why do you “hate MS”?
IE marketshare increasing
latest numbers show IE overall increasing month-over-month, with IE8 overtaking the others. Do the research.
Sounds poorly thought out in the first place...
The IE team may have thought they had a novel idea, but it wouldn’t have worked out nearly as well as they planned. Seems they forgot about certain APIs online that have tons of installed users. Google’s AJAX API, Yahoo’s YUI, and things like Facebook Connect would have all been “caught” by this rather short-sighted plan. There’s also a good chance it would even catch things like calls to Google Maps API scripts, since they’re so prevalent around the web.
Sounds pretty typical of IE, though. Jump head first into the water with the first idea that comes to mind, no matter how ill-thought.
Re: Sounds poorly thought out in the first place...
I’m confused.
I use TOR/privoxy with the TORButton addon from firefox, it blocks everything and I do mean everything and still I can surf the web without much problems.
I just don’t see anything that uses javascript, JAVA, Flash or other scripts but that is ok. Some webdesigners got smart and use CSS to design along with animated GIF’s so they don’t get blocked and it is pretty secure not to mention private.
Now tell me how that doesn’t work exactly?
When I do need to go anywhere that I need scripts enabled I jump to another browser inside a virtual machine.
Which leads me to another question, why the frak browser are not including sandbox(virtual spaces)? The closest thing to a sandbox is Google Chrome.
InPrivate Filtering is still in IE 8
If you need to use IE, do activate InPrivate Filtering: Security menu or keyboard shortcut CTRL+Shift+F is your friend.
As with most things MS, there is a registry hack that gives you the sane behaviour (ON) by default.
http://www.vista4beginners.com/Keep-InPrivate-Filtering-Enabled-Forever
Antitrust?
I wonder if the lawyers had any say in this. If IE did come configured to block Google Analytics and other advertising information, I’d expect them to get sued for abuse of monopoly power. I’d certainly cry foul if I were Google, who would certainly be more hurt by this feature than Microsoft.