IE8 and Trustworthy Browsing

This blog post frames our approach in IE8 for delivering trustworthy browsing. The topic is complicated enough that some context and even history (before we go into any particular feature) is important, and so some readers may find this post a bit basic as it’s written for a wide audience. In previous posts here, we’ve written about IE8 for developers: the work in standards support, developer tools, script performance, and more. In future posts, we’ll write about IE8 for end-users (beyond the benefits of improved performance, activities, and Web Slices). This post starts a series about trustworthy browsing, a topic important for developers and end-users and everyone on the web. By setting the context and motivation with this post, the next posts that dive into the details of IE8 will build on this foundation.

Trustworthy refers to one of our overall goals: provide the most secure and most reliable browser that respects user choice and keeps users in control of their machine and their information. For reference, Microsoft’s framework for Trustworthy Computing in general spans four areas: security, privacy, reliability, and business practices.

Security is often where the trust discussion begins. Narrowly, security in this context means “as the user browses the web, the only code that runs on the user’s machine is code that the user allows to run". For example, when the user visits “www.somebadsite.com” the site should not be able to just run “virus.exe” and infect the user’s machine with malware. IE7 made a lot of progress on security, starting with Protected Mode and developing IE to be “secure by design, secure by default” as part of the following SDL requirements. IE7 was the first browser to support Extended Validation certificates to help protect users from deceptive websites, as well as delivering anti-phishing protection, International Domain Name support with protection from deceptive websites, a richer SSL experience and support for stronger SSL cipher algorithms, ActiveX opt-in, and great integration with Parental Controls in Windows Vista. We have done even more security work in IE8 to address the evolving threat environment.

Privacy is a complex topic that more often than not puts one party in conflict with another. If security boils down to “the user is in control of what code runs on the machine,” then privacy boils down to “the user is in control of what information the browser makes available to websites". Many people immediately think of “cookies” at this point because so much discussion and early work around privacy focused on the specific implementation of cookies. Cookies and cookie protection are definitely one aspect of the online privacy discussion. IE6 included innovative work implementing the P3P web standard (from the W3C), and both IE6 and IE7 use it to block cookies from websites that don’t have a privacy policy that complies with the user’s settings. It’s a great example of a privacy protection in use today on the web. In IE7, deleting cookies as well as other information that shows where the user has been on the web is much easier.  That said, there’s more to online privacy than cookies, as cookies are only one implementation of content that can disclose information to websites. In some discussions, people have also described IE7’s Phishing Filter as a privacy feature because it helps protect users from sharing information. The larger challenge here is notifying users clearly about what sites they’re disclosing information to and enabling them to control that disclosure if they choose. As we talk more about privacy, we will broaden the discussion to include additional protections from sharing information that the browser can offer users.

Reliability is relatively simple: the browser should always start, find the Internet, and show web sites without crashing. We define reliability to mean “as the user browses the web, the browser performs well and does not terminate unexpectedly". End-users really don’t care about the cause of instability in the system – malformed web pages (see the old Slashdot article that this post refers to, for example) or third-party extensions (like toolbars; see this post about IE7’s “No Add-ons” functionality) – they just want the browser to work. In addition, when something does go wrong, an important part of reliability is how gracefully the browser recovers from the unexpected. Another aspect of reliability is that sites continue to render correctly. We’ll post more here about the work we’ve done to make IE8 more robust, as well as more interoperable and compatible at the same time.

Business practices guide decisions we make in designing and distributing our products. The key principle here is respecting user choice. For example, when a user installs a new version of IE, IE respects the user’s choice of default search engine. In IE, the user can add or remove different search providers using OpenSearch, a public and open standard that some other browsers have chosen to support as well. IE respects the user’s choice of system defaults (Windows Vista’s “Default Programs” functionality, as well as Windows XP’s Set Program Access Defaults). Explicitly asking the user before installing a new version of IE is key to respecting the user’s browser choice. 

Ultimately, trustworthy browsing is about enabling users to be in control and respecting the choices users make. Specifically, it’s about enabling users to be in control of their machine, of their browser, of their settings, of their experience, of what data they share with whom when. Each part of trustworthy browsing involves an industry-wide challenge. For example, security is an industry challenge; every browser on the web faces attacks.

While all these statements may sound inherently obvious to some readers, these topics are so important that we thought it would be good to talk in general about how we think about them overall.  Over the coming weeks this blog series will talk about how we’re making progress against these challenges, to set the stage for the release of IE8 Beta 2 in August.

Thanks,

Dean Hachamovitch
General Manager
Internet Explorer

Edit: removed hyperlink