IE8 and Privacy

As others have written here before, users should be in control of their information. That’s at the core of privacy. Privacy has two aspects: disclosure and choice. Disclosure means informing users in plain language about the data collected about them and how it’s used. Choice means putting users in control of their data and giving them tools to protect it.

Have you ever wanted to take your web browsing “off the record”? Perhaps you’re using someone else’s computer and you don’t want them to know which sites you visited. Maybe you need to buy a gift for a loved one without ruining the surprise. Maybe you’re at an Internet kiosk and don’t want the next person using it to know at which website you bank.

What if you want to delete your browsing history after the fact, but you don’t want to lose your preferences at websites that you use frequently?

When we began planning IE8, we took a hard look at our customers’ concerns about privacy on the web. As evidenced by some of the comments on this blog during the IE7 days, many users are concerned about so-called “over-the-shoulder privacy”, or the ability to control what their spouses, friends, kids, and co-workers might see.

What about your privacy as you browse the web? As Dean outlined is his post earlier today, there is so-called “3rd-party” content on websites, some of which can gather data about how you browse the web. How do you know what that is, or how to control it?

With respect to privacy, IE8 gives users more choice about controlling what information they keep and exchange. In the first part of this post I’ll describe two Internet Explorer 8 features that help you control your history, cookies, and other information that Internet Explorer stores on your behalf. In the latter part, I’ll describe two more features that can help you control how your browsing history is shared by websites. By default, IE8 browses the web the same way IE7 does.

  • InPrivate™ Browsing lets you control whether or not IE saves your browsing history, cookies, and other data

  • Delete Browsing History helps you control your browsing history after you’ve visited websites.

  • InPrivate™ Blocking informs you about content that is in a position to observe your browsing history, and allows you to block it

  • InPrivate Subscriptions allow you to augment the capability of InPrivate Blocking by subscribing to lists of websites to block or allow.

InPrivate Browsing

If you are using a shared PC, a borrowed laptop from a friend, or a public PC, sometimes you don’t want other people to know where you’ve been on the web. Internet Explorer 8’s InPrivate Browsing makes that “over the shoulder” privacy easy by not storing history, cookies, temporary Internet files, or other data.

Using InPrivate Browsing is as easy as launching a new InPrivate Browsing window. When you’re done, just close the window and IE will take care of the rest.

InPrivate Browsing Homepage

While InPrivate Browsing is active, the following takes place:

  • New cookies are not stored
    • All new cookies become “session” cookies
    • Existing cookies can still be read
    • The new DOM storage feature behaves the same way
  • New history entries will not be recorded
  • New temporary Internet files will be deleted after the Private Browsing window is closed
  • Form data is not stored
  • Passwords are not stored
  • Addresses typed into the address bar are not stored
  • Queries entered into the search box are not stored
  • Visited links will not be stored
Delete Browsing History

In Internet Explorer 7, we added a feature called Delete Browsing History that lets you delete in one click all of the information that IE saves. This is a necessary tool that is a standard feature in all modern web browsers. If there are things in your web browsing past that you want to erase, you can do that easily.

The problem is that usually you don’t want to delete everything! Cookies, in particular, are really useful for storing preferences on websites that you use frequently. Many sites have a “remember me” option, which stores a cookie on your PC and identifies your user account. Other sites, particularly financial websites, will store a cookie on each computer that you use to eliminate extra challenge questions (i.e. “What was your high school mascot?”).

IE8 solves this problem by adding an option that lets you keep cookies and temporary Internet files from websites saved in your Favorites list:

IE8 Delete Browsing History Settings

To avoid having your favorite sites “forget you”, simply add them to your Favorites, and make sure the “Preserve Favorites website data” checkbox is selected. IE will preserve any cookies or cache files that were created by websites in your favorites.

Oh – and by the way – we heard your feedback about checkboxes! Now Delete Browsing History will remember your preferences. We also added a “Delete Browsing History on Exit” feature if you really want to keep your history squeaky-clean! To do so, click Tools->Internet Options:

IE8 Delete Browsing History Preferences

In his post earlier today, Dean outlined some of the privacy issues surrounding third-party content, which powers some of the rich experiences you get on the web today, such as interactive maps and social networking shortcuts (“add to Digg”).

Some third-party content is shared by multiple websites. If you happen to browse to sites that refer to the same third-party resource, i.e. a script, image, stylesheet, information is sent to that third-party. Over time, the third-party can create a profile of which websites you go to, what links you click on, etc. It’s hard to know exactly how your data will be used and with whom it will be shared without reading and understanding the privacy policy of each third-party site providing content to the website you visit,.

Consider this hypothetical example. You walk into a shopping mall. In the middle of the shopping mall, there is someone in front of a kiosk who asks you if he can record what stores you visit while you’re there as part of a survey. In order to do so, he writes down a description of what you look like – not your name – but what you’re wearing, your height, etc. In several of the stores throughout the mall, there are people who identify you based on this data, and record whether or not you visit a particular store. When the mall closes, the surveyors in the store report their tallies back to the kiosk. What the surveyor ends up with is a list of some of the stores you visit while you’re at the mall.

This is analogous to how some third-party content works on the web today. Again, without reading specific privacy policies, it’s hard to say in general what third-parties do with the data (or whether or not they record it at all).

The first difference between this mall example and the real world is that the mall survey is hypothetical. Again, different third-party sites do different things with the data they can collect, and the best way to understand what they actually do is reading their privacy policy. The other major difference between this example and the web is how explicitly users are presented with a choice about sharing their information. Clearly there are benefits to sharing your information, starting with richer experiences. Many web sites rely on third-parties to provide content and services like interactive maps and financial data, or analytics and advertising in order to operate effectively. These third-party services often collect information in order to do their jobs. There are also potential drawbacks, such as privacy risks (who has what information?) and increased exposure to malicious content. Put simply, the web relies on a trade, or value exchange, between users and sites. Information goes back and forth: in exchange for “free” services and content, users “pay” with information, not money. There is nothing wrong with such a trade, as long as users are informed and are in control of the choice.

InPrivate Blocking

InPrivate Blocking is a feature designed to help give you information about third-party content that has a line of sight into your web browsing, and gives you a choice about what information you share with these sites. As Dean mentioned in his post, it’s possible for sites to track users without cookies. The only way to ensure that your data is not disclosed is to block content and prevent communication to sites.

While you browse the web, your IE keeps a local record of which third-party items your browser accesses, and where they were accessed from. For example, if you visit https://www.contoso.com/index.html, which contains the following snippet:

<html>
<head> <title> Contoso.com Homepage </head>

<script src=https://www.woodgrove-int.com/tracking.js>

</html>

and then visit https://www.wingtiptoys.com/, which contains the same snippet:

<html>
<head> <title> Great deals at Wingtiptoys.com </head>

<script src=https://www.woodgrove-int.com/tracking.js>

</html>

Woodgrove-int.com is now in a position to know that you’ve been to both contoso.com and wingtiptoys.com.

InPrivate Blocking keeps a record of third-party items like the one above as you browse. When you choose to browse with InPrivate, IE automatically blocks sites that have “seen” you across more than ten sites.

You can also manually choose items to block or allow, or obtain information about the third-party content directly from the site by clicking the “More information from this website” link. Note that Internet Explorer will only record data for InPrivate Blocking when you are in “regular” browsing mode, as no browsing history is retained while browsing InPrivate. An easy way to think of it is that your normal browsing determines which items to block when you browse InPrivate.

InPrivate Blocking Settings

InPrivate Subscriptions

Users can augment the capability of InPrivate Blocking with InPrivate Subscriptions. Some users want to protect their privacy, but don’t want to make granular decisions about content to block or allow. Users can delegate these decisions to publishers of InPrivate Subscriptions. Users can subscribe to a list the same way they add an Accelerator, Web Slice, or search provider to IE: by clicking a link on a web page and confirming that they want this functionality:

InPrivate Blocking Subscription Settings

Under the covers, InPrivate Subscriptions are simply RSS feeds of Regular Expressions that specify sub-downloads to block or allow. Anyone can publish an InPrivate Subscription on their website, just as they can offer an Accelerator or Web Slice on their website. We’ll post details about the file format as part of the updated IE8 Developer’s Guide with Beta 2.

Conclusion

IE8 helps put you in control of your data, both on your PC and on the Web. IE8 Beta 2 is coming soon, and I encourage you to download it and give us feedback.

Andy Zeigler
Program Manager

P.S. Check out Dean and Andy talking about IE8 and Privacy on Channel 9.

Edit: Added a P.S.