IE8 and Privacy

[BajiRav]

IE8 and Privacy

As others have written here before, users should be in control of their information. That?s at the core of privacy. Privacy has two aspects: disclosure and choice. Disclosure means informing users in plain language about the data collected about them and how it?s used. Choice means putting users in control of their data and giving them tools to protect it.

Have you ever wanted to take your web browsing ?off the record?? Perhaps you?re using someone else?s computer and you don?t want them to know which sites you visited. Maybe you need to buy a gift for a loved one without ruining the surprise. Maybe you?re at an Internet kiosk and don?t want the next person using it to know at which website you bank.

What if you want to delete your browsing history after the fact, but you don?t want to lose your preferences at websites that you use frequently?

When we began planning IE8, we took a hard look at our customers? concerns about privacy on the web. As evidenced by some of the comments on this blog during the IE7 days, many users are concerned about so-called ?over-the-shoulder privacy?, or the ability to control what their spouses, friends, kids, and co-workers might see.

What about your privacy as you browse the web? As Dean outlined is his post earlier to^rd so-called ?3^rd-party? content on websites, some of which can gather data about how you browse the web. How do you know what that is, or how to control it?

With respect to privacy, IE8 gives users more choice about controlling what information they keep and exchange. In the first part of this post I?ll describe two Internet Explorer 8 features that help you control your history, cookies, and other information that Internet Explorer stores on your behalf. In the latter part, I?ll describe two more features that can help you control how your browsing history is shared by websites. By default, IE8 browses the webInPrivate? Browsing

• InPrivate? Browsing lets you control whether or not IE saves your browsing hisDelete Browsing History/li>
  
• Delete Browsing History helps you control your browsing history aInPrivate? Blockingites.
  
• InPrivate? Blocking informs you about content that is in a position to observe your browsing history, and InPrivate Subscriptionsl>
  • InPrivate Subscriptions allow you to augment the capability of InPrivate Blocking by subscribing to lists InPrivate Browsingsing[/color]
    If you are using a shared PC, a borrowed laptop from a friend, or a public PC, sometimes you don?t want other people to know where you?ve been on the web. Internet Explorer 8?s InPrivate Browsing makes that ?over the shoulder? privacy easy by not storing history, cookies, temporary Internet files, or other data.
    Using InPrivate Browsing is as easy as launching a new InPrivate Browsing window. When you?re done, just close the window and IE will take care of the rest.
    
    While InPrivate Browsing is active, the following takes place:
    
    • New cookies are not stored
      • All new cookies become ?session? cookies
        
      • Existing cookies can still be read
        
      • The new DOM storage feature behaves the same way
        

      [*]New history entries will not be recorded

      [*]New temporary Internet files will be deleted after the Private Browsing window is closed

      [*]Form data is not stored

      [*]Passwords are not stored

      [*]Addresses typed into the address bar are not stored

      [*]Queries entered into the search box are not sDelete Browsing Historyete Browsing History[/color]

      In Internet Explorer 7, we added a feature called Delete Browsing History that lets you delete in one click all of the information that IE saves. This is a necessary tool that is a standard feature in all modern web browsers. If there are things in your web browsing past that you want to erase, you can do that easily.

      The problem is that usually you don?t want to delete everything! Cookies, in particular, are really useful for storing preferences on websites that you use frequently. Many sites have a ?remember me? option, which stores a cookie on your PC and identifies your user account. Other sites, particularly financial websites, will store a cookie on each computer that you use to eliminate extra challenge questions (i.e. ?What was your high school mascot??).

      IE8 solves this problem by adding an option that lets you keep cookies and temporary Internet files from websites saved in your Favorites list:

      

      To avoid having your favorite sites ?forget you?, simply add them to your Favorites, and make sure the ?Preserve Favorites website data? checkbox is selected. IE will preserve any cookies or cache files that were created by websites in your favorites.

      Oh ? and by the way ? we heard your feedback about checkboxes! Now Delete Browsing History will remember your preferences. We also added a ?Delete Browsing History on Exit? feature if you really want to keep your history squeaky-clean! To do so, click Tools->Internet Options:

      

      In his post earlier today, Dean outlined some of the privacy issues surrounding third-party content, which powers some of the rich experiences you get on the web today, such as interactive shared by multiple websitests (?add to Digg?).

      Some third-party content is shared by multiple websites. If you happen to browse to sites that refer to the same third-party resource, i.e. a script, image, stylesheet, information is sent to that third-party. Over time, the third-party can create a profile of which websites you go to, what links you click on, etc. It?s hard to know exactly how your data will be used and with whom it will be shared without reading and understanding the privacy policy of each third-party site providing content to the website you visit,.

      Consider this hypothetical example. You walk into a shopping mall. In the middle of the shopping mall, there is someone in front of a kiosk who asks you if he can record what stores you visit while you?re there as part of a survey. In order to do so, he writes down a description of what you look like ? not your name ? but what you?re wearing, your height, etc. In several of the stores throughout the mall, there are people who identify you based on this data, and record whether or not you visit a particular store. When the mall closes, the surveyors in the store report their tallies back to the kiosk. What the surveyor ends up with is a list of some of the stores you visit while you?re at the mall.

      This is analogous to how some third-party content works on the web today. Again, without reading specific privacy policies, it?s hard to say in general what third-parties do with the data (or whether or not they record it at all).

      The first difference between this mall example and the real world is that the mall survey is hypothetical. Again, different third-party sites do different things with the data they can collect, and the best way to understand what they actually do is reading their privacy policy. The other major difference between this example and the web is how explicitly users are presented with a choice about sharing their information. Clearly there are benefits to sharing your information, starting with richer experiences. Many web sites rely on third-parties to provide content and services like interactive maps and financial data, or analytics and advertising in order to operate effectively. These third-party services often collect information in order to do their jobs. There are also potential drawbacks, such as privacy risks (who has what information?) and increased exposure to malicious content. Put simply, the web relies on a trade, or value exchange, between users and sites. Information goes back and forth: in exchange for ?free? services and content, users ?pay? with information, not money. InPrivate Blocking :#008080-->InPrivate Blocking[/color]

      InPrivate Blocking is a feature designed to help give you information about third-party content that has a line of sight into your web browsing, and gives you a choice about what information you share with these sites. As Dean mentioned in his post, it?s possible for sites to track users without cookies. The only way to ensure that your data is not disclosed is to block content and prevent communication to sites.

      While you browse the web, your IE keeps a local record of which third-party items your browser accesses, and where they were accessed from. For example, if you visit http://www.contoso.com/index.html, which contains the following snippet:

      <html>
      <head> <title> Contoso.com Homepage </head>
      ?
      <script src=http://www.woodgrove-int.com/tracking.js>
      ?
      </html>

      and then visit http://www.wingtiptoys.com/, which contains the same snippet:

      <html>
      <head> <title> Great deals at Wingtiptoys.com </head>
      ?
      <script src=http://www.wood
      in a position
      ng.js>
      ?
      </html>

      Woodgrove-int.com is now in a position to know that you?ve been to both contoso.com and wingtiptoys.com.

      InPrivate Blocking keeps a record of third-party items like the one above as you browse. When you choose to browse with InPrivate, IE automatically blocks sites that have ?seen? you across more than ten sites.

      You can also manually choose items to block or allow, or obtain information about the third-party content directly from the site by clicking the ?More information from this website? link. Note that Internet Explorer will only record data for InPrivate Blocking when you are in ?regular? browsing mode, as no browsing history is retained while browsing InPrivate. An easy way to think of it is that your normal browsing deteInPrivate Subscriptionsmg]

      InPrivate Subscriptions

      Users can augment the capability of InPrivate Blocking with InPrivate Subscriptions. Some users want to protect their privacy, but don?t want to make granular decisions about content to block or allow. Users can delegate these decisions to publishers of InPrivate Subscriptions. Users can subscribe to a list the same way they add an Accelerator, Web Slice, or search provider to IE: by clicking a link on a web page and confirming that they want this functionality:

      

      Under the covers, InPrivate Subscriptions are simply RSS feeds of Regular Expressions that specify sub-downloads to block or allow. Anyone can publish an InPrivate Subscription on their website, just as they can offer an AcceleratConclusion??s Guide with Beta 2.

      Conclusion

      IE8 helps put you in control of your data, both on your PC and on the Web. IE8 Beta 2 is coming soon, and I encourage you to download it and give us feedback.

      Andy Zeigler

      Program Manager

      Published Monday, August 25, 2008 12:02 PM by ieblog Filed under: General IE Information, Security

Source: IEBlog

[BajiRav]

Privacy Beyond Blocking Cookies: Bringing Awareness to Third-Party Content

Previous posts have covered trustworthy principles in general and some product specifics as well. Privacy is an important part of trustworthy computing. This post discusses one aspect of privacy on the web: third-party content.

When most people browse the web, they think what they see in the address bar and the site they are visiting are the same thing. However, web sites today typically incorporate content from many different web sites. For the sake of clear terminology, the site the user browses to directly (seen in the address bar) is the first-party site; the other sites that the first-party site incorporates in its site experience (but that the user hasn?t navigated to directly) are third-party sites.

When you browse to a first-party site, you know that it can collect information about how you use the site. What many users don?t realize is that technically, third-party sites can collect information about users as well. Users aren?t typically well-informed about which third-party sites are collecting what information, how the sites use this information today, or how the sites could use the information in the futurIdentifying Third-party Siteses

Most websites today are actually mosaics, or mash-ups, of several different sites. To see this, you can bring up the Privacy Report in Internet Explorer (from IE7?s Page menu or IE6?s View menu, choose the Web Page Privacy Policy menu item) for any site you visit. Here?s part of the report for a news site, and another from a credit card site:

While the address bar shows the address of the current, first-party, site, this dialog shows the aallf all the different web sites (including third-party sites) that the current web page includes content from. The browser visits every one of these sites in order to show the current web page?s content.

The way that sites can pull content in from other sites is useful and powerful and typical on the web today. It?s part of the underlying design and structure of the web, and enables functionality (like an interactive map in the middle of a restaurant?s website, or a ?share this? link in the middle a news article) Third-Party Sites and Privacy Sites and Privacy

At the same time, bringing information together from different websites has privacy implications. A good example of this issue that most people have experienced involves email. Many email systems treat email messages that come from unknown senders in a special way, blocking images in them and displaying a warning like this one:

The message body typically has some missing images (?red X?s?) with text nearby, like ?Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.?

Why do email systems block these external images? The sender may have programmed some information in the external image that is ?unique to the recipient ? for example, having the image?s file name or location include the recipient?s email address. When the sender sees that a particular image was downloaded, then the sender knows which email message arrived in a valid account and was opened. By not downloading the content, the email recipient prevents his email system from disclosing information and protects his privacy from the unknown sender. Potentially, the recipient protects himself from more unsolicited email.

In general, every piece of web content that a computer requests from a website discloses information to that website. This basic technique enables a third-party site to track visitors across different first-party websites that include content from the same third-party. When several websites show content (like a syndicated photo or article) from the same third-party website, that third-party site can determine which of the websites a particular visitor has browsed to.

For example, say two totally unrelated sites, Site1.com and Site2.com, both include images from MySyndicatedPhotos.com. The user browses to both Site1.com and Site2.com, and the user?s browser calls MySyndicatedPhotos.com in order to get the images these sites include. MySyndicatedPhotos.com can figure out (by various means) that the same machine visited these two different sites.

As the user visits additional sites that show content from this same third-party site, this third-party site is in position to build a profile of the user?s activity across the different sites that include its content.

While cookies can definitely contribute here, and there?s been long-standing concern and confusion about ?tracking cookies,? the fact is that any content coming from a third-party site can function like a tracking cookie. The intent of the content (a photo, article, logo, or site-specific analytics; image, text, or script) is technologically irrelevant to its potential use as a tracking mechanism. Note that even if the user had blocked all cookies, other content on third-party websites could still be used to build a profile. Third-party content isn?t inherently good or bad; it?Actually Happening or Just Technically Possible, and Other Questionsor Just Technically Possible, and Other Questions

To be clear, this post is about what a website can do when several other websites use content from it. It?s not what all third-party sites actually do when other sites refer to content on them. What is actually done with the available information is up to the third-party site, and in some ways very hard for anyone else to figure out. The third-party site could have a clear, well-written, and prominently posted privacy policy that guides its operations. It might not. The site could have an employee who loses a laptop with the data collected, or has malware on his machine and discloses collected information against policy. The site could have business arrangements with other sites that involve pooling data.

Also, this blog post isn?t meant as a technical deep-dive on the techniques sites can use to track users, or the different counter-measures technically-savvy users might take to avoid being tracked. The common technical theme here (as described above in the email case and here) involves ways that first-party sites enable information that can uniquely identify site visitors to flow to third-party sites. For example, many of the web addresses you?ll find in the Web Page Privacy Policy dialog are often quite long and contain unique identifiers. There are better discussions of this topic elsewhere. For example, a recent IRC discussion about developing new standards for rich websites covered aspects of this topic. While it?s quite long, some parts are very relevant, like this one (that people ?are being tracked whether they send cookies or not?) and this one (?anyone who wants to track people across the web can trivially do so at this point, even without cookies?. you can pretty easily ?fingerprint? people through things like their user-agent string, ip address, screen size, other js- and http- accessible prefs, etc and then with a simple set of analysis scripts you can easily work out who is who just look at the ?anonymised? search query string data aol released?).

Web browsing isn?t anonymous or perfectly private even without third-party sites. For example, the provider of Internet access (to a person?s home, hotel room, caf? table, or desk at school or work) can observe where the computer goes on the Internet. These providers typically provide terms of use, so users have clear notice and can choose to accept or decline connectivity under the stated terms. Any software running on the user?s machine can determine the websites the machine has visited; this is the basis of features like History, or toolbars that copy a user?s browser history up to the web so users can get at it from different machines. Again, terms of use and privacy policies are important tools here for users. The websites a user visits can determine information about the user (for example, the user?s likely location). Also, users give the hird-Party Sites and Trust Issues<terms of what they click on and choose to do.

Third-Party Sites and Trust Issues

Given that web browsing isn?t anonymous and in some ways this is ?how things work? on the web, what exactly is the trust issue? For many people, trust begins with security. The security risk here is plain: visiting one website exposes the user to potentially malicious content from other websites. The user visits one site and sees content on it that seems trustworthy (it?s on the site!) but actually comes from a different source. Finding examples of this problem on the web isn?t hard; it?s happened to visitors of several top tier websites.

Trust includes privacy as well. The privacy concern involves users having a choice, and being able to exercise control about what information they share. Today, users are not in control of which websites can get information about their browsing activities. As a result, web sites that users aren?t aware that they?ve visited and don?t have a well-defined relationship with are in position to build a profile of the users? browsing patterns.

A guiding principle for Internet Explorer (and Microsoft overall, as part of Trustworthy Computing) is that the user should be in control. Consumers have come to expect security protections from their browsers, and are starting to have higher expectations about privacy protections as well. Control here means that users have clear notice and can tell what sites they may be disclosing information to and under what terms. Control also means that users can exercise choice about what information they disclose to whom. Preventing information disclosure means blocking content; blocking content creates a possible impact to the appearance and functionality of the page.

Beyond these issues, accountability is a question here as well. When a user visits one site after another, and each one includes some third-party content, who is accountable and who takes responsibility for the information collected about the user? On today?s web, that?s not at all clear.

The privacy and trust issues around third-party content are complex and important. As discussed in this blog before, trustworthy browsing involves many industry challenges, and, like many other efforts (e.g. interoperability), requires cooperation and trade-offs. Web privacy involves more than just blocking cookies. Enabling users to be in control starts with making users aware of the issues. In another post, we?ll cover IE8 functionality that helps users stay in control of their information.

Dean Hachamovitch

General Manager

Source: IEBlog : Privacy beyond blocking cookies.

[ViperAFK]

Ie8 seems to be shaping up well.

[Punio4]

And I see it still isn't using WPF...

[tsupersonic]

Looks very nice.

[NEVER85]

Throw this on top of running in Protected Mode and IE8 will seem very secure. Good to see.

[ViperAFK]

And I see it still isn't using WPF...

When was it ever stated IE was going to use WPF and why does it need to? Are you sure you aren't thinking of msn messenger 9?

[revvo]

As others have written here before, users should be in control of their information.

And developers want to be in control of developing, so that's all I hope for with IE8, and from what they've told us it seems way better than in IE7.

[Mordkanin]

When was it ever stated IE was going to use WPF and why does it need to? Are you sure you aren't thinking of msn messenger 9?

It would be sort of cool to have the web content itself rendered as vector graphics.

Of course, I imagine that would be a pretty huge overhaul, and maybe not that necessary right now.

[Argi]

They've really gone way beyond what was expected on them. The concept of blocking those tracking scripts is really great, particuarly in their implementation (as apposed to noscript which blocks everything - good in different situations). I'm really left wondering how that'll affect those marketting companies that exploit other websites' users once IE8 [presumably] becomes the default browser in Windows 7.

[primexx]

love the blocking feature. will try it out when i get my hands on it to see how it works.

[random_n]

The features of IE8 are shaping up *very* nicely. If the performance is good, I think the only complaint I really have is that the default toolbar configuration leaves room for maybe two tabs. :rofl:

[EduardValencia]

Damn you beat me to it :D

[The_Decryptor Veteran]

Looks good, The feature that blocks files that are requested from multiple sites is a great idea. This'll force Firefox to get a private browsing mode now :p (to match IE and Safari)

It would be sort of cool to have the web content itself rendered as vector graphics.

Of course, I imagine that would be a pretty huge overhaul, and maybe not that necessary right now.

It already is (well, should be, but IE still has some issues with scaling some things I think)

[primexx]

what's private browsing actually used for? afaik it's just a few options that every browser already has put into one single panel, aka not all that useful.

[EduardValencia]

what's private browsing actually used for? afaik it's just a few options that every browser already has put into one single panel, aka not all that useful.

Very useful and it's unified -extended feature from other browsers,certainly a leap ahead.

[ViperAFK]

what's private browsing actually used for? afaik it's just a few options that every browser already has put into one single panel, aka not all that useful.

pr0n

I mean

banking

[Srugie Veteran]

Is there any other use for this besides for PORN?

[giga Veteran]

Is there any other use for this besides for PORN?

What is PORN?

[NEVER85]

Yeah, it's obviously pr0n, not PORN. (N)

[NoneAvail]

lol, FF3 anyone?

and yeah I use Safari for my pr0n!

[Scirwode]

What is PORN?

Good question, but there's Distrust on Firefox 3 :shifty: .

Scirwode

[The_Decryptor Veteran]

Yeah, it's obviously pr0n, not PORN. (N)

pr0n (libpr0n actually) is the image decoding library FX uses (libpr0n is designed to render images efficiently, i.e. less wait for porn)

lol, FF3 anyone?

and yeah I use Safari for my pr0n!

While the one dialog is designed like Firefox's, I think it's an improvement (it actually explains what each radio/checkbox means)

[NEVER85]

All joking aside, when is Beta 2 actually due out? Wikipedia says August 28th, but I take that with a grain of salt.

[BajiRav]

All joking aside, when is Beta 2 actually due out? Wikipedia says August 28th, but I take that with a grain of salt.

yea all bets are on this friday...