IE9 'Do Not Track' feature prone to user error

Microsoft introduced a feature in IE9 to protect privacy online, but it relies on the user to configure and maintain it

Microsoft today revealed a new security control in Internet Explorer 9 which will enable users to restrict sites from tracking them. The ability to control access to tracking data from within the browser is a welcome addition, but the feature is not exactly fool-proof.

Earlier this month the United States Federal Trade Commission (FTC) issued a scathing report on the state of online consumer privacy, coupled with a call for a Web-surfing equivalent to the "Do Not Call" list. The "Do Not Track" initiative as a government policy is still embryonic, but the privacy features in IE9 let users exercise similar control over which sites have access to personal data like the Web browsing history.

A post on Microsoft's IEBlog explains, "Today, consumers share information with more Web sites than the ones they see in the address bar in their browser. This is inherent in the design of the Web and simply how the Web works, and it has potentially unintended consequences. As consumers visit one site, many other sites receive information about their activities," adding, "When the browser calls any other Web site to request anything (an image, a cookie, HTML, a script that can execute), the browser explicitly provides information in order to get information. By limiting data requests to these sites, it is possible to limit the data available to these sites for collection and tracking."

In a nutshell, the IE9 "Do Not Track" capability is essentially just an evolution of security controls that are already present in Internet Explorer 8. The privacy control enables users to create Tracking Protection Lists (TPL) of domain names that will only be visited if directly clicked or typed in the browser address bar. But, the domains in the TPL will not be able to surreptitiously receive information as a third-party to a different site that is overtly visited.

The Microsoft Advertising Blog describes an important limitation of the IE9 security control, though. "IE9's privacy settings, like those contained in IE8, will not be on by default, but they will allow users to create lists of sites they wish to share information with, as well as sites they do not wish to share information with. The settings do not take a position on managing information; instead, they provide an improved platform for consumers to exercise choice."

At face value, that sounds fine. Users have control and can choose when and how to share information rather than having Microsoft, or some other third-party decide for them and dictate which sites can or can not receive privacy data. The problem is that the vast majority of users lack the privacy savvy, tech skill, and drive to devote the time and energy to properly configuring and maintaining these lists.

I am not suggesting that Microsoft's approach is wrong, just that it's also not a silver bullet. Unfortunately for average users, very little in security is. Businesses and consumers need to understand that much of security and privacy is subjective and that implementing and maintaining security controls is a somewhat complex process that can't be driven by a third-party.

Microsoft's approach with TPLs to block tracking efforts by unauthorized sites is as good as any other solution out there. It just requires a little up front effort to understand and configure it, and some ongoing administration to manage access for authorized sites and add new offending sites to the TPL.

Microsoft should be commended both for its ongoing collaboration with the FTC and other organizations to develop policies and controls that protect users, and for proactively introducing privacy features in IE9 that give users the ability to exercise some control over their personal information.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Federal Trade Commissionapplicationsbrowser securityMicrosoftonline privacysoftwaredata protection

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?