Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Internet Explorer Mozilla Privacy

Microsoft Adds 'Do Not Track' Option For IE9 179

devbox writes "Microsoft says it will offer a privacy setting in the next version of Internet Explorer that will make it easy for users to keep their browsing habits from being tracked by advertising networks and other third-party websites. 'By designing these sorts of enhancements with privacy in mind at the design phase, we're able to deliver a functionality that provides consumers additional levels of control over what they want to engage in and how they choose to do so,' Microsoft Chief Privacy Strategist Peter Cullen blogged. Previously, Mozilla stopped working on a similar feature for Firefox after pressure from advertisers and other OSS projects as it would hurt their revenue sources from advertisers."
This discussion has been archived. No new comments can be posted.

Microsoft Adds 'Do Not Track' Option For IE9

Comments Filter:
  • by retech ( 1228598 ) on Tuesday December 07, 2010 @06:39PM (#34480632)
    (except for us)
  • If the tracking is all done on the server side, who's to know if it's a meaningful feature or not?
    • by Bucky24 ( 1943328 ) on Tuesday December 07, 2010 @06:45PM (#34480710)
      Tracking done on the server side relies on environment variables that the server gets by querying the browser. If the browser refuses to give those variables, tracking can't be done.
      • It can be done, by IP address, but it's trickier. People change IPs sometimes, and multible users may share an IP.
        • by devbox ( 1919724 ) on Tuesday December 07, 2010 @07:04PM (#34480950)
          Sure, but that's far fetched from the ability that cookies and the likes of Google Analytics offer for marketers. It's stupid to say "this won't end it all" and think it's better to do nothing. Every bit helps, and this is huge step forward. Especially for normal and clueless users.

          Beside, while maybe not relevant for the whole world, I'm currently living in Asia and every country I've been has heavy proxies for surfing. Squid everywhere, you basically cannot get your own ip. And because Asia as a region has billions of users and so few ip's, tracking by ip just doesn't work on individual basis.
          • Those squid proxies include the originating IP in an HTTP header on outgoing connections. Do you think the ISP would take the legal risk of providing some type of real anonyminity for it's users, and be unable to respond to subpoenas (Or their Asian equvilents, I don't know anything of the legal system there)?
          • The problem is that this solution is stupid. A "do not track" flag for browsers makes exactly as much sense as a "do not hack" flag for computers:


        • by Eskarel ( 565631 )

          All you can do with that is track who(for a given value of who) came to your site and when. I don't really have a problem with people hosting a website knowing that I visited it. It's all this cross tracking garbage where someone like Google knows every website I've visited that bothers me.

        • by mwvdlee ( 775178 )

          If it's good enough for the RIAA/MPAA to sue people and get away with it, it's surely good enough for ad tracking.

      • The server doesn't need to query anything. Enough info comes in by default to at very least track a household's web browsing in almost real time. Look into it in more detail.
      • I highly doubt that this "do not track" option prevents all environment variables from being sent. Browser data is quite often as unique as a thumbprint, even data that has nothing to do with cookies or privacy []. Preventing the transmission of this data would break a lot of functionality designed for IE - think of all those messages on "enterprise websites" that say "Your browser does not have [control]. Please go here to download." That data in itself can make you trackable.
    • by Monkeedude1212 ( 1560403 ) on Tuesday December 07, 2010 @06:54PM (#34480798) Journal

      I don't think you quite understand how it works - the idea is not only to keep them from reading stuff off your machine but also some level of anonymization on the net.

      Right now the big practice is to put tracking cookies on your computer. Seriously, let your parents browse the web unfiltered and unrestricted for about a month, then do a good Antivirus scan and if you come back with any less than 100 tracking cookies I'll be surprised.

      So thats one issue they are trying to tackle. The other one is as you said, what happens when my information is being tracked on the server? That's where anonymizing protocols come in handy. You are never the same person twice when visiting the web site, you always appear to be a new client. As such, they'll never have previous records on your computer.

      Couple that with an increase usage of HTTPS possibly built into the browser, and no third party adserver can "snoop" what goes on between you and the server. Brilliant.

      • by Anonymous Coward
        Antivirus scanners look at browser cookies? No wonder nobody uses that stuff anymore.
      • by micheas ( 231635 ) on Tuesday December 07, 2010 @07:29PM (#34481204) Homepage Journal

        The question is do people really want the lack of personalization that anonymity implies.

        Turn on anonymity and get google in a random language, based on the country of the proxy server you are connecting to google from, or get search results that are skewed based on what you have searched for and to a lesser extent, what has been searched for from your ipaddress. If a slashdot searches on google for boa, one of the top results is an IDE for python. I suspect that for a user that spends most of their time searching for the interests of seven year olds they could get a harry potter link in the top ten.

        For a website that makes no personalization, and is just looking to scrape data to sell to advertisers, sure, there is basically no reason not to use anonymization software.

        The reason that google gets so much information is that their services work better if you give them a fair amount of information, The fact that they do this quietly without you having to click a million checkboxes is viewed as a good thing by people that are stressed for time.

        The viability of anonymization is very dependent on what the user is doing, and which sites they are using. The problems for people promoting anonymity also include: anonymizing tends to be slower than regular browsing (tor, for example); Anonymization tends to be work; Most people, most of the time, don't care about their surfing habits.

        Another problem is the lack of awareness that the net is not all love and happiness. For example, most reporters, including several linux focused reporters, first reported that the solution to firesheep was to use WEP, without understanding that as soon as the packet goes out on the net it is at least as vulnerable as an unprotected wireless lan, and possibly more so, as wireless networks are somewhat more unstable due to electrical interference an dpor signal quality on a lot of wireless networks.

        I just don't see how anonymous browsing gets traction, unless there is civil unrest NATO countries, or some other compelling external event to make people care about their privacy.

        I don't mean to be a downer, but I have watched a lot of not too difficult things never catch on. (https on all authenticated connections, pgp, tor, personalized certificates, and more)

        • by Malc ( 1751 )

          Google already does that kind of thing. I was based in Shanghai for four weeks in the summer, and even though I'd explicitly go to, I'd get results from their .hk domain, or results in Chinese. I started having to go through a proxy I managed to set up on our network in California, which at least gave me something approximating English.

          Incidentally, Google's doing a lot of annoying things at the moment... like disabling 100 results per search by default.

        • That's all well and good if you like the personalization and don't mind the tracking. Then have at it. The thing is, it should be a choice.

          The reason that google gets so much information is that their services work better if you give them a fair amount of information

          No the reason they get so much information is that they have gone out of their way to figure out a huge number of different ways to get as much of that information as possible. As an incentive, they also make some of their services work better with it.

          I just don't see how anonymous browsing gets traction, unless there is civil unrest NATO countries, or some other compelling external event to make people care about their privacy.

          This is your better point. It's not that most people like the personalization that much, it's just that they can't be ars

      • by c0lo ( 1497653 )

        and no third party adserver can "snoop" what goes on between you and the server. Brilliant.

        Except if you are tricked to loging on your WindowsLive account. Or Facebook. Or whatever "cloud".
        While "inside the cloud", you won't see the trackers - but not because they don't exists.

        Wanna bet that MS will offer you the option of "login in the cloud when computer starts"? (if they are not doing it already by default, with a very hard to find way to opt-out).

  • by nametaken ( 610866 ) * on Tuesday December 07, 2010 @06:42PM (#34480660)

    I'm a more than a little impressed that MS is going ahead with this. Hopefully this is all the excuse they need over at Mozilla to reconsider their decision.

    • by SuricouRaven ( 1897204 ) on Tuesday December 07, 2010 @07:04PM (#34480952)
      Perhaps the other way around? Microsoft realised how dependant OSS projects are on advertising, and tried to find a good way to hurt them? Though rather pointless, as the people who visit sites like Slashdot arn't going to be running IE anyway.
      • Microsoft realized how dependent OSS projects are on advertising, and tried to find a good way to hurt them? Though rather pointless, as the people who visit sites like Slashdot aren't going to be running IE anyway.

        But your employer may be more comfortable with a company that sells a product and not the user.*

        It's an attitude that can filter down to others.

        * - "With business users, IE6 share has dropped even more substantially as IE8 has the largest usage share of any browser in businesses with 34.1% usage

      • by h4rm0ny ( 722443 )

        as the people who visit sites like Slashdot arn't going to be running IE anyway.

        I'll admit that I'm using Konqueror at the moment, but when I happen to be booted up into Windows, I use IE8 for /.. It's pretty zippy and I became irritated with Firefox as it gets ever larger. I only use it for web-development now as the combo of Firebug and the Web Developer toolbar are unrivalled.

    • by amicusNYCL ( 1538833 ) on Tuesday December 07, 2010 @07:20PM (#34481120)

      I'm a more than a little impressed that MS is going ahead with this. Hopefully this is all the excuse they need over at Mozilla to reconsider their decision.

      While I like this move, I don't think MS is being truly altruistic about this. They're looking at their bottom line. MS is not an advertiser, and they don't operate open source projects that are dependent on advertising. So, they have very little to lose by implementing this. On the other side, their rivals have a lot to lose. Look at their main rivals - open source in general (in the form of OpenOffice, Linux, Firefox, and MySQL to name a few), Google (an advertiser), and Apple. Allowing their browser to block advertising directly affects the viability of open source projects and affects the bottom line of Google. It doesn't hurt Apple, but they'll just need to find another way to stick it to Apple when they can.

      I just find it a little bit ironic that open source communities are advocating for advertising while mega-corp Microsoft is now in favor of allowing users to block it. It seems a little weird on the surface, but it makes financial sense. I doubt Mozilla will reconsider because they rely more on advertising revenue than Microsoft does. I could see Opera or Apple implementing this though, for the same reasons. I highly doubt Mozilla or Google would add this into their browsers, although the presence of AdBlock makes the point sort of moot for Mozilla. I would be pretty shocked if a version of Chrome showed up with this feature though.

      • by alvinrod ( 889928 ) on Tuesday December 07, 2010 @09:29PM (#34482266)
        MS isn't being altruistic about this at all. It's a direct shot at Google, most specifically targeting how Google generates revenue. If they really wanted to turn the heat up, they could ship the browser with an ad blocker as well. Microsoft has finally realized that it's not going to unseat Google. If they can't have that money, why not deprive Google of it as well?

        If the strategy worked ideally, it would demolish Google's revenues because they're unable to collect information about users and their ads aren't being seen by as many eyeballs. That's Google's bread and butter business right there. The reason for the existence of both Android and Chrome OS is to prevent this kind of lockout from happening. Android isn't completely under Google's control so it is possible to lock them out (See the Android phone that uses Bing for search and stories about Verizon possibly considering replacing the Android Marketplace with their own store.) if various third parties wanted to, but Chrome OS seems to be under Google's control to a larger extent at this point.

        Google is smart and they realize that their position is open to attack, which is part of the reason they've been expanding into so many other areas and will continue to look for new ways to expose customers to their ads or gather information about users that can be used for targeted advertisements.
      • Um... Microsoft is actually an advertiser (well, ad provider). They're much less famous for it than Google, but they nonetheless have search-related and context-related ads on web pages.

        There's a feature in IE8 (and IE9 beta) called "InPrivate Filtering" (It's under the "Safety" icon/menu). IPF causes the browser to block third-party content that shows up on more than a few websites - such as scripts that track you by cookies, or advertisers where the client pulls data from a third-party server. It's disabl

        • Um... Microsoft is actually an advertiser (well, ad provider).

          I understand that, but it's not their bread and butter. This is the Microsoft breakdown for 2010, in revenue, in billions, by division. Advertising is included in online services:

          Windows/Windows Live - 18.4
          Server/Tools - 14.8
          Online Services - 2.1
          Business - 18.6
          Devices/Entertainment - 8.0

          Out of the 2.1 billion made from online services, 1.9 billion of that was from advertising. So, out of Microsoft's 2010 revenue of 62.4 billion, 1.9 billion, or 3%, came from advertising. Compare that with Google's incom

      • I think they may have done this to knock Google down a peg, Google is much more dependent on advertising and analytics than Microsoft.
      • Not everyone is all or nothing about ads.
        I see a checkbox to disable ads on this site, but I don't click it.

        On common sites I visit that I feel are worth visiting, I don't block their ads either.

        All random sites, ads blocked unless I find them to be unobtrusive or worthy of my support.

        I'm OK with advertising. It has to overcome a few barriers but it's not something that is altogether horrible everywhere. What really matters is whether I am in control or not.

    • I'm happy to see this too and also hope that FF and others follow this cue. But I don't think it's for the reasons others are mentioning here. To me, this is a case of MS hoping to head off Government intervention in this area. Even the folks on Capitol Hill have come to realize that tracking in its current form is a problem. There was a bureaucrat the other day talking about needing to address the "Flash cookie problem" and saying they're working with Adobe on it. This is just like the major sport bike mak

    • Being an old paranoid fart, I guess it means they have long stopped using that method to track people.

  • by Monkeedude1212 ( 1560403 ) on Tuesday December 07, 2010 @06:43PM (#34480668) Journal

    How many companies even HAVE a Chief Privacy Strategist? Where do you go to school for that? I can only imagine a Computer Science Degree with a high focus on networking and security - but even those don't always focus on the issues of PRIVACY on the internet.

    Can I get a job at Apple as their Chief Privacy Strategist? I know I could totally just point the Safari team at HTTPS Everywhere, tell them to get crackin', get a better "Secure viewing" mode in that browser. Then walk away with my 6 figure paycheck and get a mention on Slashdot!

  • by SaidinUnleashed ( 797936 ) on Tuesday December 07, 2010 @06:43PM (#34480676)
    Also, this just in, there are predictions for snowfall in Hell, this evening...

    In all seriousness, IT'S ABOUT GODDAMN TIME. Someone needs to stand up to the constant intrusion into our personal habits, and if Microsoft is going to be the first to do so, more power to them. If they do as good of a job on IE9 as they have on Windows 7, it will end up being an awesome browser, anyway.

    5 years ago, I would have never believed that those words would have come out of my mouth. Of course, back then, WinXP was their offering, and I was a student intern writing Linux kernel code for credit. Everything changes...
    • A little humility can go a long way... even for huge corporations.

      They didn't have any real competition back then. Now they have to TRY to keep people, instead of having them by default. We can thank Google and Mozilla for that (among others).

    • I promise you that many people are surprised. I was an XP user after ME, then Vista, then I just said screw it. Your browser sucks and you can't make a decent OS. My opinion changed with W7 and what M$ is trying to do with IE. They have always been a giant, but as somebody stated earlier, that competition is helping them avoid travesties like ie6. At least they are making better progress now
      • Absolutely, but it's still weird, isn't it?
      • Re: (Score:2, Interesting)

        by Anonymous Coward
        What was wrong with IE6 exactly? The only thing wrong with IE6 is that it was ahead of it's time and it was the best internet browser for quite some time (with usage of more than 90%). It's almost 10 years old and people are still using it.

        Sure you can complain about IE6 not meeting the HTML and CSS standards, but you'd be wrong. Because there were no standards, MS tried to push web into new era (and succeeded! - think AJAX), but W3C was slow to publish standards.
        • IE6 was fine when it was released. Nothing wrong with it now except that it is based on 10 year old tech and standards. MS did not update it. That's the real problem. They had a lot of opportunity. Even when they did update it they did all the wrong things and for all this time the Windows default browser has been holding back the web in all kinds of ways and still is.

          Go here: []

          Scroll down and see how IE stacks up. Then think about the installed base of IE 6/7/8 users.

          It will be anothe

    • by makomk ( 752139 )

      Of course they are, it's in their interests to do so. They don't make their money from advertising, they make it from Windows - and if this helps sell Windows licenses it's good for the bottom line. Even if this doesn't help sell Windows directly, increasing the number of IE9 users helps decrease the number of people who can easily switch to a different OS, since it's the only major browser that's Windows-only.

    • first to do so? What can this do that a Firefox add-in cannot?
    • by c0lo ( 1497653 )

      Also, this just in, there are predictions for snowfall in Hell, this evening...
      Everything changes...

      Hope the change worked well for you.

      Because, a heads up message to you, we are moving into the cloud: we won't need cookies to track the users anymore.

      Yours: S. Ballmer

  • More Theater (Score:2, Insightful)

    by SirAstral ( 1349985 )

    This is pointless for systems designed to collect fingerprints of your systems in ways that "iesnare" does. Each time you visit a site your computer gets "processed" and that information is stored on a remote server and shared to all in network servers. There is zero need to store it on your computer because your computers fingerprint will remain static enough to track you anyways. There are so many ways to track and catalog machines its not even funny. This is PURE THEATER designed to do nothing more t

  • by Distan ( 122159 ) on Tuesday December 07, 2010 @06:47PM (#34480734)

    This proposal seems to be all about cookies. This doesn't address the real problems of computer fingerprinting and flash objects.

    Ideally, it would be impossible for a web server to leave any persistent data on your machine, and impossible to determine anything about your machine other than your IP address and possibly your browser version.

    • The reason they are announcing this is most likely because cookies are not really necessary for robust tracking anymore, so they can throw both the public and the FTC a stale bone to gnaw on for a few years.
  • by muphin ( 842524 ) on Tuesday December 07, 2010 @06:48PM (#34480738) Homepage
    I use Ghostery [] and Adblock Plus [] to stop all my tracking and doesnt slow me down one bit, in fact not having to load all those ads speeds up your browsing.
    If websites wanted to make money from advertising DO IT FROM YOUR OWN SITE and dont take the cheap way out, and people relying on generic advertising for an income better get some business sense and stop complaining your not making any money.
    • Thanks for the tip on Ghostery! I'll add that the Anonymizer Nevercookie addon is now in the Mozilla addon directory, version 0.1 mind you. []

      Do not want; ads. I can find a product just fine. Make more noise, and I avoid your product. Pretty simple. Advertising is a waste of time and money, but not people. The people in advertising are just a waste of air and should be sewn together to make a protective CME shield for the Earth. Thank you.

    • Ghostery is also available as a Chrome extension [].
    • You can also use
      * EasyPrivacy: abp:subscribe?location=
      * Social Annoyances: abp:subscribe?location=
      which are both lists for Adblock+. Of course one can't prevent cloud-providers (Amazon, Microsoft, ...) from tracking if web sites continue to rely on them to host their content.

  • So how is this any different from Forcing InPrivate Filtering on and adding a filter list to it like you can with IE8?

    Is it going to have a constantly updated list like AdBlockPlus?

    • Hell, I'd be glad if they just stop turning off IPF on new browser sessions.

      For those who don't know: InPrivate Filtering is a very cool (but never-used) IE8 feature where third-party content embedded in sites is tracked, and if the same content is used in more than a specificed threshold of sites, it gets blocked. For example, Google Analytics is blocked, because their script is embedded on so many sites. It also makes a decent ad-blocker, since either the ad-embedding script or the ad itself is almost alw

    • Basically, yes, it will have constantly updated lists like AdBlock Plus. I can't tell for sure whether Microsoft intends to actually provide a list themselves, but it looks like the user can opt into any number of them. This as opposed to InPrivate filtering's heuristic identification.

  • It will have one or more of the following issues:

    * It will be defective by design from day one.
    * It will be easily disabled remotely.
    * MS will share some way to detect it with advertisers, who will then add functionality which refuses to display a page until you disable it.
    * It will have one or more security holes, allowing compromise of PII.
    * It will be dropped, at the last minute, from the release.

    • * It will attract ridiculous speculation on what it may or may not do or be.

    • by FatLittleMonkey ( 1341387 ) on Tuesday December 07, 2010 @09:01PM (#34482042)

      Actually, it's in Microsoft's interest for something like this to work, and work well.

      I've mentioned before that I believe this is the best way for MS to fight Google. (Since MS is a software company, Google is an ad company. Why try to fight them with a search engine, it misses the point.)

      Add an ad-blocker to IE, built in, on by default (in addition to this bug-blocker.) Single button on the toolbar to turn ads back on, with options for finer-grained settings.

      Microsoft can then go further. Allow an opt-in user-requested ad feature, where the ads are served by the browser for participating websites. Users can set what type of ads they want (no anim, no sound, for example), white- or black-list products or companies, and list areas of interest. Advertisers will hate the user control, but because people have asked for the ads, and are thus more likely to trust the network, that increases both click-through and sales, so advertisers would generally pay more. That also means more money per-ad for websites, increasing their participation. etc etc. Users win, websites win, advertisers win.

      Meanwhile, if most Firefox users use ABP, and all IE-default-setting users have ads blocked, that leaves only Chrome users to give Google their ad-revenue. Less money means less research, less innovation, more rivals, fragmented market. Microsoft wins.

  • A Do-Not-Track Law [] is still very necessary to spell out what rights users have (over their own frickin' data) and to create a bright line that companies can be clear about staying behind or getting sued.

    Of course, I trust Congress to create such a law balanced in the interests of individual citizens about as much as I trust Microsoft to implement this feature with benign intent.

    • Careful what you wish for... Remember what happened when we finally got a so-called "anti-spam" law...

    • by ewhenn ( 647989 )
      I'm glad that anti-spam law stopped spam from coming into my inbox... oh wait.

      Just because the US passes some law, it won't prevent tracking from happening. This is ironically both a negative and positive attribute. It's a global network, it can't truly be "policed".
    • Why should Congress pass a law balanced in the interests of individual citizens? How does this help big corporations? Why should they care about individuals at all? Are individuals going to give them generous campaign contributions like big corporations do?

    • Then just move servers outside the united states where the law doesn't exist.

  • HTTP header (Score:4, Interesting)

    by Todd Knarr ( 15451 ) on Tuesday December 07, 2010 @08:23PM (#34481738) Homepage

    How about we just have an HTTP header that, if present in the request, states exactly which tracking the user consents to? No ambiguity, easy to implement on both the browser and the server side. End of problem. At least for users, and since it's our data I don't see where any other party should be getting a say in how it's used.

    • by thijsh ( 910751 )
      We have that already, it's called a 'From' field and this is the spec (emphasis mine):

      The From request-header field, if given, SHOULD contain an Internet e-mail address for the human user who controls the requesting user agent. The address SHOULD be machine-usable, as defined by "mailbox" in RFC 822 [9] as updated by RFC 1123 [8]:

      From = "From" ":" mailbox

      An example is:


      This header field MAY be used for logging purposes and as a means for identifying the source of invalid or unwanted requests. It SHOULD NOT be used as an insecure form of access protection. The interpretation of this field is that the request is being performed on behalf of the person given, who accepts responsibility for the method performed. In particular, robot agents SHOULD include this header so that the person responsible for running the robot can be contacted if problems occur on the receiving end.

      The Internet e-mail address in this field MAY be separate from the Internet host which issued the request. For example, when a request is passed through a proxy the original issuer's address SHOULD be used.

      The client SHOULD NOT send the From header field without the user's approval, as it might conflict with the user's privacy interests or their site's security policy. It is strongly recommended that the user be able to disable, enable, and modify the value of this field at any time prior to a request.

      We could amend this definition to include the definition: No from field implies that the user wishes not to be tracked. Or to prevent ambiguity that a standard value of 'anonymous@anonymous' would be used by all browsers indicating the same. For all users wishing to be tracked a value of UNIQUE_GENERATED_CODE@ORGANIZATION would be used to allow anonymous tracking. No cookies needed and adheres to current HTTP spec.

  • I do not understand why there is a Slashdot article for every IE9 feature.

    Microsoft is very well known for announcing products that were released very late or even never in some cases.

    Why do we have to comment on a such a feature, obviously designed to piss off Google ?
    And who cares about IE9, when the other browsers are better in every way ?

    Instead of announcing every future functionality, to let us believe that they work on their browser and care about us, why not simply release an upgraded browser every

  • The problem is that we have the idea that everything on the web should be free. So the idea of "ad supported" has come about. Well, advertising brings along a host of evils because it has to be pervasive and intrusive in order to work to the best benefit for the advertiser.

    Also, while you might think it is handy to not have to pay for anything, the web sites that are trying to be ad supported are finding the money a bit thin. Advertising rates are down and ad blocking is up. End result is the web sites

  • Mozilla stopped working on a similar feature for Firefox after pressure from advertisers

    This is the first I am hearing about this. Such behavior from Mozilla is a serious problem. I thought FireFox was supposed to be the new and better way to do web browsing, and now I find out that this project is just as beholden to moneyed interests as other browsers. Not cool, Mozilla. Not cool.

  • This is coming very shortly after the congressional hearing where Eben Moglen gave testimony [] among others (see C-SPAN [] at 1:37:52). He actually explained AdblockPlus to counter the argument that the advertisment industry would collapse if privacy in the Internet would be restored.