A third-party audit of the new phishing filter built into the Internet Explorer 7 browser and the MSN Toolbar has given the technology a thumbs up on the sensitive issue of user privacy.
Jefferson Wells International, an IT auditing group, has validated Microsoft's assurances that the phishing filter does not transmit any personally identifiable information without explicit user consent and that any URL information sent from the user's browser cannot be traced back to the surfer's personal information.
The privacy thumbs up is a boost to Microsoft's mission to market IE 7 as a major security overhaul with features to thwart identity theft and drive-by spyware and Trojan installations. "We gave in-depth access to the technology and to the engineering team. After they studied the technology and interviewed the engineering team, they agreed that the claims we made about protecting your privacy are true and accurate," said Rob Franco, lead program manager for IE security at Microsoft.
The auditors confirmed that the phishing filter client only transmits URLs when the user wants to manually provide feedback on a URL, when the URL is not found in the Phishing Filter local data files, or when the phishing filter client heuristics determine a site as suspicious.