IE9 and Privacy: Introducing Tracking Protection


The feedback and conversation on IE9’s Platform Previews and Beta to date from many different communities has made the IE9 development process, and product, substantially better than previous releases. The discussions around hardware-accelerated HTML5 and same markup with the developer community, for example, have informed many changes to the product. Thank you for using it and providing feedback.

In general, we’ve focused this blog on engineering issues. In this post, still continuing our pattern of transparency, let’s look at the increasingly important topic of privacy online through the lens of a consumer concerned about being tracked on the web. Here is a brief summary (warning, what follows it is long) of what we intend to deliver in the release candidate of IE9.

Today, consumers have very little awareness or control over who can track their online activity. Much has been written about this topic. With the release candidate:

  1. IE9 will offer consumers a new opt-in mechanism (“Tracking Protection”) to identify and block many forms of undesired tracking.
  2. “Tracking Protection Lists” will enable consumers to control what third-party site content can track them when they’re online.

We believe that the combination of consumer opt-in, an open platform for publishing of Tracking Protection Lists (TPLs), and the underlying technology mechanism for Tracking Protection offer new options and a good balance between empowering consumers and online industry needs. They further empower consumers and complement many of the other ideas under discussion. You can see how it might work in this video:

Some Recent Context

On December 1, 2010, the Federal Trade Commission released a major report on consumer privacy online.  You can read the report here. Microsoft has been engaged in dialogue with the FTC, the Article 29 Working Party in the EU, and others in the privacy arena for some time, and has long recognized the critical importance of privacy to our customers. Unlike other topics we’ve discussed on this blog, privacy involves additional complexities beyond technology and product engineering and interoperability. For privacy, many other aspects are at least as important for making progress: public policy, the law and its enforcement, and engagement across several other industries. This increased importance applies both in the recent US report as well as in similar efforts in places like the EU.

The FTC report looks at recommendations in areas like Do Not Track, and others in the industry have discussed potential Do Not Follow solutions. The report asked a series of questions, including:

  • How can such a mechanism be designed to be clear, easy-to-find, usable, and understandable to consumers?
  • How can such a mechanism be designed so that it is clear to consumers what they are choosing and what the limitations of the choice are?
  • What are the potential costs and benefits of offering a standardized uniform choice mechanism to control online behavioral advertising?
  • What is the likely impact if large numbers of consumers elect to opt out? How would it affect online publishers and advertisers, and how would it affect consumers?
  • In addition to providing the option to opt out of receiving ads completely, should a universal choice mechanism for online behavioral advertising include an option that allows consumers more granular control over the types of advertising they want to receive and the type of data they are willing to have collected about them?

Perhaps the briefest form of the question concerns consumers who want the option to say “no thank you” to being tracked… what happens to them?

Consensus and Innovation

On the IE team, we’ve asked similar questions and want to make progress operationally as well as in the public discussion. We want to develop (as the recent FTC report put it) “more effective technologies for consumer control” and make progress on the report’s recommendation of “a browser-based mechanism through which consumers could make persistent choices” regarding tracking.

Today, we’re offering an early look at a way to enable operational progress in the privacy discussion.

Let’s take a look at how this might work and then consider how it furthers the conversations we’ve been having with all interested private and public bodies. While the web browser is only one part of the online privacy experience, for many consumers, the browser is a key technology to manage their privacy choices.

By applying principles described in the FTC report like Transparency and Privacy by Design, we can make it easier for consumers to opt out of potential tracking experiences. There is no change to default behavior with respect to privacy and tracking, and consumers need to exercise choice for anything to change.

How (and Why) This Works

Today, consumers share information with more websites than the ones they see in the address bar in their browser. This is inherent in the design of the web and simply how the web works, and it has potentially unintended consequences. As consumers visit one site, many other sites receive information about their activities (you can read more details here). This situation results from how modern websites are built; typically a website today might bring together content from many other websites, leaving the impression that the website appears to be its own entity. When the browser calls any other website to request anything (an image, a cookie, HTML, a script that can execute), the browser explicitly provides information in order to get information. By limiting data requests to these sites, it is possible to limit the data available to these sites for collection and tracking.

A Tracking Protection List (TPL) contains web addresses (like msdn.com) that the browser will visit (or “call”) only if the consumer visits them directly by clicking on a link or typing their address. By limiting the calls to these websites and resources from other web pages, the TPL limits the information these other sites can collect.

You can look at this as a translation of the “Do Not Call” list from the telephone to the browser and web. It complements many of the other approaches being discussed for browser controls of Do Not Track.

What we describe here is providing a new browser mechanism for consumers to opt-in and exercise more control over their browsing information. By default the Tracking Protection List is empty, and the browser operates just as it does today. The list is empty by default for two reasons:

  • Controlling this aspect of the browser’s behavior is up to the consumer. The browser vendor provides the functionality and respects the consumer’s choices here.
  • Restricting content from external sites can make some functionality in sites stop working along with the other web mechanisms (cookies, web beacons, and the like) that might be essential to how the sites operate.

Anyone or any organization can create a TPL (it is just a file that can be placed on a website) and consumers can add and remove lists as they see fit, having more than one if they wish. To keep everyone’s experience up to date, the browser will automatically check for updates to lists on a regular basis. One change from similar features in IE8 is that once a consumer has added a list, Tracking Protection remains enabled across browsing sessions until the consumer turns it off.

In addition to “Do Not Call” entries that prevent information requests to some web addresses, lists can include “OK to Call” entries that permit calls to specific addresses. In this way, a consumer can make exceptions to restrictions on one list easily by adding another list that includes “OK to Call” overrides for particular addresses.

We designed this feature so that consumers have a clear, straight forward, opt-in mechanism to enable a higher degree of control over sharing their browsing information AND websites can provide easy to use lists to manage their privacy as well as experience full-featured sites.

There are many points of view to balance in the design of such a feature because the technologies involved create such a complex situation, going well beyond what typical consumers and even many web developers are fully aware of.

While “Do not track” is a meaningful consumer promise around data use, the web lacks a good precise definition of what tracking means. Until we get there, we can make progress by providing consumers with a way to limit or control the data collected about them on sites they don’t visit directly. That kind of control is already technically feasible today in a variety of ways. It is important to understand that the feature design makes no judgment about how information might be used. Rather, it provides the means for consumers to opt-out of the release of that information in the first place.

Tracking Protection lists are “curated” in that people (or organizations) make decisions about what sites are on the list. Internet Explorer 8’s InPrivate Filtering functionality relied on frequency heuristics to build a list as a consumer browses sites. By moving Tracking Protection to use curated lists, we improve the predictability of the consumer experience. Consumers are in position to choose whose lists (if any) they want and to exercise control over what information they share with which websites.

Looking Ahead

Tracking Protection and TPLs are a great way to start making progress as we work through the public discussion. They provide greater transparency about how the web operates and the opportunity to act on that information. Transparency and progress are important. This step forward may be too much for some even as it is not enough for others.

Today many view third-party cookies as the principal tracking mechanism. Consumers using IE today have tremendous control over cookies and can, if they choose to make a few clicks, “block all third party cookies,” “Block all cookies from example.com,” or with a little more work, “Discard all 3rd party cookies at the end of the browser session.” Of course, it is about more than cookies, and as an industry we will continue to have incomplete solutions until we agree on a clear definition of tracking, how it is and can be done, and what should be done in response. Do Not Track technologies, from cookie blockers to what’s described here, will continue to be incomplete until we have a clear definition of tracking. (At the same time they might overachieve at preventing non-tracking activities). "Do Not Track" itself is misnomer in that tracking is an inherent part of many experiences on the web (e.g. a shopping site showing me other items I’ve browsed to) and off (e.g. a credit card company calling you to confirm what it considers to be suspicious activity).

Also, many have recognized the progress being made in self-regulatory efforts and are hopeful to see more. For example, you can see this progress with sites like http://www.aboutads.info/ that involve giving “consumers a better understanding of and greater control over ads that are customized based on their online behavior.”

One potential downside is that some web site publishers and developers already have concerns with large numbers of visitors blocking some of the content today (usually ads). We understand this concern and have provided several ways to deal with this issue.

First, this functionality is opt-in, and by default consumers’ experience will remain the same as it is today, unless they make a decision to change it. Second, any site can make available a Tracking Protection List that creates exceptions (via “OK to Call” items) for external content that provides the full experience of the site. This TPL provides transparency to the consumer about the additional sites he will visit and share information with. Third, a site can pull external content into its own domain, so that a consumer has no need to call external sites. Lastly, networks of sites and associations can work together to create a TPL that they recommend broadly to consumers. We designed the feature so that there are ample opportunities for all the constituencies to engage in a manner consistent with their priorities and point of view.

We designed this functionality as a good start to enable consumer choice and protection from potential tracking. We provide a tool in the browser, and consumers choose how to use it. As with everything on the web, we expect it to evolve over time especially as the broader privacy dialog continues. We’re communicating about it now as part of our transparency in the software development process.

Thanks –
Dean Hachamovitch
Corporate Vice President, Internet Explorer

P.S. Here’s a preliminary file format for TPLs that shows both “Do Not Call” (block) and “OK to Call” (allow) items. We will make the format available under a Creative Commons Attribution license and the Microsoft Open Specification Promise.

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:wf="http://www.microsoft.com/schemas/webfilter/2008">
<channel>
<title>Demo</title>
<description>Tracking Protection List from ietestdrive.com </description>
<item><wf:blockRegex><![CDATA[msdn\.com/.*\.js]]></wf:blockRegex></item>
<item><wf:allowRegex><![CDATA[strikestrike\.com/.*\.js]]></wf:allowRegex></item>
</channel>
</rss>

P.P.S. One aspect of the larger tracking discussion involves a change to “HTTP headers.” The key thing to note is that such a change is the start but only part of delivering tracking protection. It’s a signal to the web site of the consumer’s preferences. The rest of that solution (defining what that signal from the consumer means, what to do with it, verification, enforcement, etc.) is still under construction.

List of articles referenced
Creative Commons Licenses
Do Not Track - Universal Web Tracking Opt-Out
FTC Staff Issues Privacy Report Offers Framework for Consumers, Businesses, and Policymakers
Google Chrome Gets Better at Blocking Ads | Maximum PC
Internet Explorer 8: Features
Microsoft Open Specification Promise
100 Million Adblock Plus Downloads « Mozilla Add-ons Blog
Online privacy, Tracking, and IE8’s InPrivate Filtering - IEBlog - Site Home - MSDN Blogs
Privacy Beyond Blocking Cookies: Bringing Awareness to Third-Party Content - IEBlog - Site Home - MSDN Blogs
Privacy Principles | Microsoft Privacy
Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers (Preliminary FTC Staff Report)
Selectively Filtering Content in Web Browsers - IEBlog - Site Home - MSDN Blogs
The Self-Regulatory Program for Online Behavioral Advertising
Understanding Cookie Controls - EricLaw's IEInternals - Site Home - MSDN Blogs
Your Privacy Online - What They Know - WSJ.com

Comments (73)

  1. Julian Reschke says:

    Sounds interesting so far. Question: why does this use RSS as format?

  2. Jim Brock says:

    This is a terrific development for consumer choice.

    PrivacyChoice has already leveraged the functionality in IE8 to block cookies based on our Tracking Company Index. See it in action here:

    http://www.privacychoice.org/…/ie

  3. Jim Brock says:

    This is a terrific development for consumer choice.

    PrivacyChoice has already leveraged the functionality in IE8 to block cookies based on our Tracking Company Index. See it in action here:

    http://www.privacychoice.org/…/ie

  4. Jo Dean says:

    The problem with IE is IE itself, its simply not for the person looking for real privacy.

    http://www.privacy-resources.edu.tc

  5. dave says:

    What is the "channel" tag for? and why is this an RSS document?

    e.g. why would this not be usable: http://pastebin.com/vRtyTZL6

    And should the root tag really be rss?

  6. SiSL says:

    Makes me think if it will effect largely used 3rd party analysis tools like Google Analytics…

  7. bob e says:

    Sounds like a good idea, keep em coming.

  8. MVE says:

    What's the difference between InPrivate Filtering and this?

  9. Paulo Oliveira says:

    Isn´t this the same as InPrivate Filtering on IE8?

    Regards,

    Paulo Oliveira.

  10. DaveN says:

    IMO block should trump allow – it appears from the video that if you have conflicting settings on different lists, content that's allowed by any list will be allowed even if blocked by another list.  But overall, this is a great idea and I'm glad it'll be implemented.

  11. Alon Arad says:

    nice 🙂

    alonarad.blogia.co.il

  12. Arieta says:

    You could've just called it "adblock" and get universally good feedback on this, instead of everyone wondering what the hell you guys are talking about.

  13. Jens says:

    If I understand things correctly, the scope of the article can be summarized in a sentence: to go beyond blocking just third-party cookies in the browser, you're providing a way for the browser to block third-party HTTP.

    As I was trying to understand this article, I mistakenly thought for a moment it was referring to real-time site scraping. There's technically nothing to prevent a website from taking first-party cookies and any other information it has available and performing third-party server-side HTTP requests with that information.

    HTTP proxying is another option: It's easy to imagine a backend framework that would allow ads to be served as first-party content and then allow the ads to proxy their HTTP communication through the first-party server to a third-party location.

    If you call it "partnering" rather than "spamming" or "advertising," then it flies under the radar. For example, isn't this how Facebook partners with other websites (i.e., through the backend)?

    Any time you browse to a website, you mustn't forget that you're ultimately putting your privacy in the hands of the backend code on the website.

  14. ugh says:

    here's a suggestion guys… get your ancient slob of a browser up to par with your peers before adding useless feature-list-check-mark nonsense like this

  15. Manosdoc says:

    Amazing work guys. Only for this, I'm choosing IE platform.

    Keep more of this work coming !

  16. Eric says:

    @MVE/Paulo Oliveira: This feature is somewhat similar to InPrivate Filtering in IE8, with a number of differences. In particular, this feature allows you to subscribe to lists of sites to block, and doesn't disable itself every time you restart.

    @DaveN: "block" doesn't trump "allow" because it's unlikely that any list that ppl actually use will contain any "allow" rules. The "allow" rules will effectively just be exceptions saying: "hey, this one file on that domain is necessary (e.g. jquery.js) while the rest of the files (e.g. tracker.js, evil.js, malware.js, etc, etc) are all unwanted." It's basically a performance enhancement to enable writing broadly-scoped "block" rules.

  17. Quincy Boolum says:

    You say you "…have provided several ways to deal with…" ad blocking. I will address these point by point:

    "First, this functionality is opt-in, and by default consumers’ experience will remain the same as it is today, unless they make a decision to change it. "

    If you make this functionality easy to activate (as you should), it will garner very high opt in rates, putting online advertising at risk.

    "Second, any site can make available a Tracking Protection List that creates exceptions (via “OK to Call” items) for external content that provides the full experience of the site. This TPL provides transparency to the consumer about the additional sites he will visit and share information with."

    List providers are not going to put in domain names of advertising technology companies into the "OK to call" list because doing so would allow those companies to track users. It would defeat the purpose of the list. Instead of focusing on blocking all calls to these companies, you should just block cookies, "flash cookies" (with Adobe's help), and HTML 5 database writes. That way, people in the "do not call" list will continue to see ads (which keep web sites free) yet not be tracked.

    "Third, a site can pull external content into its own domain, so that a consumer has no need to call external sites."

    This sounds like a nightmare. Sites would have to eat the bandwidth costs of ad serving for those on the do not track list. Even worse, sites would have to know what domains the browser is blocking to know which call to pull in thru its own domain. Is the browser going to pass a list of thousands of domains on the GET request on every call to load a web page from a site? I don't think so.

    "Lastly, networks of sites and associations can work together to create a TPL that they recommend broadly to consumers. We designed the feature so that there are ample opportunities for all the constituencies to engage in a manner consistent with their priorities and point of view."

    I don't think consumers would adopt a list from the online advertising ecosystem. The companies in the ecosystem have a vested interest in keeping the status quo, so why would consumers trust such a list?  Consumers  will take lists from privacy advocates and opportunists (think Spamhaus for email blacklists).

    Finally, be prepared to build a "remove domain name from list" feature when consumers visit a content sites and receive a message that they must allow certain domains to track them in order to view the free content on the site.

  18. RBJ says:

    Now you guys need to add a built in spell check and I won't need any other browser, ever.

  19. Captain Numerica says:

    Great stuff.  But I have a question:  does this apply to Flash Shared Object, Silverlight Isolated Storage and HTML databases as well?  (Read: will it kill the 'ever-cookie'?)

    So far, it sounds like 'no'.  I realize this isn't a straight-forward problem to solve without vendor support from Adobe… but still, worth asking the question.

  20. Captain Numerica says:

    Great stuff.  But I have a question:  does this apply to Flash Shared Object, Silverlight Isolated Storage and HTML databases as well?  (Read: will it kill the 'ever-cookie'?)

    So far, it sounds like 'no'.  I realize this isn't a straight-forward problem to solve without vendor support from Adobe… but still, worth asking the question.

  21. hAl says:

    @ Quincy Boolum

    Sites do not have to track other sites nor do you need to send them a full list of sites.

    Sites serve pages that have references to content in them from other domains which can include references that invoke tracking scripts. The browser normally follows those references to get the remaining content (including ad and tracking content).

    The browser can therefore decide based on a listto not get the tracking information from other domains.

  22. Dan F says:

    In actual fact this feature is a built in IE9 adblocker? I agree with Quincy Boolum – you should only block the cookies NOT the actual requests.

    For a company that owns Atlas (huge adserving company) and MSN (huge ad portal) this seems like an insane move??

  23. Oakpine says:

    Guys, this is the copy of AdBlock add-in for Firefox. Thanks for bringing it to IE!

    But Adblock works even better because when an ad is removed, the blank space will be removed too, and text will nicely reflow. Please add this capability also to the "Tracking Protection" feature.

  24. GG says:

    Here is the privacy bug with IE9 beta, related to facebook. Primary sites shows comments in iframe from facebook. I add primary site to block cookies, do not allow 3rd party cookies. And yet my name from facebook is still visible in that iframe. How and why is this possible?

  25. Drake says:

    @Eric

    "This feature is somewhat similar to InPrivate Filtering in IE8, with a number of differences. In particular, this feature allows you to subscribe to lists of sites to block, and doesn't disable itself every time you restart."  Er, sort-of like what InPrivate Filtering was going to do originally, you mean?  Have to agree with MVE and Paulo Oliveira here — it does sound an awful lot like InPrivate Filtering, so why just merge the functionallity of the two?

    Two immediate thoughts from the article spring to my mind though: first, this will be nightmare for IT Support guys when users add random lists and then find some sites stop working, and secondly, you say "Anyone or any organisation can create a TPL" — now if TPLs include lists of sites to trust as well as not trust what's to stop an advert firm getting you to download a file that has all their sites allowed?  Or a legit site using the auto-update to change the list in the future from what you originally accepted?  Also, what if one list says to trust a site and another not — which takes precedence in a conflict?

    I do wonder though if this is the right approach.  The latest Opera 11 beta has a feature now where controls on a website will be inactive (shown as dimmed) until a user clicks on them.  The rational is that pages will load faster (like ones with lots of Flash videos embedded) as they don't start to render until you ask them to.  So… why not just do the same for adverts?  Keep all adverts/external features off by default, load them behind-the-scenes in a separate IE session.  Then just show a dimmed inactive screenshot of the advert/feature on the webpage and let a user right-click them and choose "Activate this item on this webpage" or "Activate this item on all webpages" (and, if holding shift while right-clicking for IT Pros "Activate this item on all websites, except those in the Restricted Sites zone").

  26. Drake says:

    On a slightly different note regarding adverts, will some of the new forms of pop-ups be blocked in IE9?  Take for example the TV-listings website http://www.onthebox.com.  Go onto it, then click any of the four dropdowns that filter the table and a pop-up window launches — and I've had this happen in Firefox, Chrome, Safari and Opera (all on default pop-up settings and with no add-ons like AdBlock).  Blocking certain sites in the IE Restricted Sites stops it working — but I've seen numerous sites use this style nowadays and it's rather annoying.  Can't it be blocked by updating the pop-up blocker to realise some of the newer coding methods used to launch pop-ups?

  27. Drake says:

    @RBJ

    It does seem odd that over the years versions of Office would add certain things to the browser (like the "Send to OneNote" icon, the "Research" pane or the "Edit in Microsoft Word" icon) but yet not the Spell Check feature.  There are add-ons (like IeSpell) but, come on guys, why not allow Office to integrate it's Spell Checker into WIE?  (Yes, a native IE one — or even a Windows one for use in WIE, Notepad, WordPad, and any other app, would be better, but hey, I'd settle for if-you-install-Office-you-get-a-systemwide-spell-checker as a compromise).

  28. Brian says:

    Pffft.  Late to the party as usual, guys, but acting like it's another "innovation" all the same.

    Firefox+AdBlock already does this (and more) but without the usual MS bloat and spin.

  29. hAl says:

    @Brian

    Adblockers already exist for IE as well. For instance IE+ Simple-Adblock does something like as well.

    The new thing about this feature is that it will be a native feature to the browser and not trough plugin use only. So no thrid party executable software required.

    You only have to get hold of a good TPL list or possibly subscribe to one. That will make this feature also usefull for enterprise adoption where you do not want a lot of browser plugin software to manage.

  30. Norm says:

    @RBJ & @Drake – I couldn't agree more! IE not having a spellchecker feature built it is one of the key things keeping this browser in the dark ages.  It's not rocket science… just add it!  It's embarrassing that IE doesn't include it by default – in fact it is the ONLY browser that doesn't have it… once again ranking IE at the bottom of all available browsers… even IE9.

  31. Hmmm.... says:

    Shouldn't this be based on a whitelist, not a blacklist. If most users don't know who is tracking them I would think a blanket deny with the ability to add sites to an allow list is best. I love me some MS, but it seems like "Tracking Protection" is an oxymoron in this case.

  32. Aethec says:

    Nice feature, although it seems it can't really be used for ad blocking if it doesn't remove the blank space.

    On a completely unrelated note, you should really put Word's spell checker in IE9. It is way more powerful than all other spell checkers.

  33. Soon to be google says:

    Add Sandboxie to  isolate web browser from my real the hard drive!!!

    Add Deep freeze like features to keep the pc's performance steady sate!!!!!!

    you can make your computer uncrushable!!! "unless one you hard drive fails!!"

    prove me wrong Microsoft!!!!!

  34. Soon to be google says:

    you can put Raid1   !!!

  35. Drake says:

    @Brian

    Don't be silly, no-one here believes WIE9 is anything other-than a catchup effort — because it was sorely needed.  But if you look at all that Microsoft have done it really is a great effort — I mean, 20/100 Acid3 in WIE8 to 95/100 in WIE9 clearly shows they have been updating some things!  Yes, it's not perfect, but it's a good start for future IE versions (let's hope they do point releases, e.g. WIE9.1, and not wait y-e-a-r-s for WIE10).  Don't forget that AdBlock is a Firefox ADD-ON, not a native component: IE also supports add-ons and one like this might exist.  If not, it's not Microsoft's fault no-one has created one.  As for "MS bloat", Firefox isn't exactly trim thesedays (compare the startup speed of Chrome or the new Opera beta).  I mean, isn't this the same Firefox that many Linux fans are asking Canonical Ltd. to drop from Ubuntu 11.04 Natty Narwhal and replace with Chrome as a direct result of it's modern bloat?  Let's hope once the Firefox 4 beta is out in stable it's back to how it was.

    @Norm

    There are free spell-checker add-ons: the fact WIE9 won't have one (as far as we know…) isn't a showstopper for me: but with the power of Office's spell-checker there, coded for them, why it can't be integrated via ActiveX into IE I don't know.

    @Aethec

    Agreed.  And with Microsoft Works now dropped in-favour of Microsoft Office Starter Edition surely now most users could benefit from this, even with new PCs.

    @Soon to be google

    [1] You can run IE9 with Sandboxie, as with any other app, can't you?  If you're that concerned about isolating your real hard-disk you could also run your browser inside a Virtual Machine.  Microsoft Virtual PC, Windows Virtual PC (Windows 7 only), VMWare Player or Oracle VM VirtualBox will all do this for free (for non-business users).  [2] Not sure what by "Deep Freeze" but System Restore works very effectively in Vista or 7, and both (only some editions, for Vista) allow you to create image-based backups that really help guarantee roll-back-ability.  [3] Hard-disk will always fail, even solid-state, whether run Windows, Mac, UNIX or Linux.  Not an OS thing.  Windows supports software-RAID, but for faster performance use hardware-based.  Many BIOSes now support it, and as it is transparent to the OS any version of Windows will work with it running.

  36. John says:

    @Aethec I would actually prefer that any content-blockers preserve the format of the page, even if it means a blank box where an image used to be.

  37. Jay says:

    Looks promising but does it block fly-in/overlay ads to?

    I mean these are the really annoying ads and they aren't really blocked by just blocking the HTTP traffic. The markup/css has to be changed too (otherwise you have an empty div flying in).

    And as some others already mentioned, it would be cool if removed ads would not leave empty space on the page.

    BTW: Will the IE pop up blocker use the TPL lists too? This would be great because having a TPL list and a seperate (manually maintaned) list for the popup blocker would be semi perfect.

  38. Soon to be google says:

    @ Drake

    "Deep Freeze from Faronic " Google it!!   "it is bullet proof!!"

    Step one:

    Have Two widnows!! "dual boot"

    Step two:

    Install Deep Freeze from Faronic  "One one of them!!"

    Step 3:

    The drive with  no Deep Freeze is for work and important things!! "let you save file to hard drive!"

    The second drive with Deep Freeze is for all untusted users!!   "Won't let you save file to hard drive!"

    **Want  to get on the net and have fun and herpes????? use Frozen side!!!

    **Want to work??? "use none frozen widnows!! "

    "Faronic Wont let you save changes on restart it will be lost!!"

    Test it  and see!!

    This idea can almost elimantate IT industry!!

              sorry for my lame english!!!

  39. Soon to be google says:

    Deep Freeze will not give you a message saying you can not do this or that!!

    it will let you download and  install what ever you want!!!  As soon as you restart it will go a way!!!

    Full access to 3d video card unlike virtual machine!! "it  is a real PC deep freeze make it locked that is all!!"

    Get all file you want on PC before freezing it!!

    virtual machines are useless!!

  40. Soon to be google says:

    Who know Microsoft software can be this solid in some peoples hand!!

  41. RBJ says:

    @Drake

    @Norm

    Maybe they can hear us, HEY GUYS WE NEED A BUILT IN SPELL CHECKER IN HERE

    HELLO IE9 TEAM, WE NEED SPELL CHECKER

    SPELL CHECKER

    SPELL CHECKER

    SPELL CHECKER

    That should do it, yup.

  42. Steve says:

    I hate to repeat this here but once a post on the IE blog is not the latest post it gets ignored.

    Can someone from Microsoft please make a statement about shutting down the IE6/IE7/IE8/IE9 images at http://www.spoon.net/

    ======================================================================================================

    This was **THE** most useful resource for testing multiple versions of IE and the shutdown really ticked developers off!

    As a long time web developer of Enterprise Web Applications I've tried all the options out there to try and simplify testing IE and the lack of realistic options is a royal PITA.

    1.) Multiple IEs – IE8 breaks the functionality of IE6's textboxes – thus its a NO-GO

    2.) IETester – works great until you need to test popup interaction and then it fails – thus a NO-GO

    3.) Virtual PC with timebombed images of IE6, IE7, IE8 – works ok, but the 12Gigs of HD space needed is frustrating when each full image of Windows dies 4 times a year, running a full Windows image is slow and you have to beg for updates because the releases are not co-ordinated and announced well at all – thus its a NO-GO

    4.) IE Super Preview – Last I checked this did not allow full testing of IE user interaction, JavaScript DOM changes, popups etc. – thus its a NO-GO

    5.) Multiple PC's to run multiple versions of windows and IE.  With all the hardware, software, and physical space needed – its a NO-GO

    6.) Spoon.net IEs – They work, they work just like local native apps once running, and there's no hacking of my real local IE install. – the **ONLY** problem with these IE's is that Microsoft shut them down

    Please understand that we (developers) just want something that works.  Testing in multiple versions of IE is a pain to begin with and with IE9 on the horizon it is only getting worse.

    I'm not sure where the issue stands with Spoon, but I would really like a solution worked out fast.

    Steve

  43. DumbDown says:

    As long as the GUI isn't restoring the full customizability of IE8, nothing matters as I won't be installing IE9. IE9 is an unproductive UI with constant action required from the user for the notification bar. Things like clearing your history and cache show a notification which requires user action to go away. Microsoft needs to be taught the very fundamentals of GUI design which they used to get without any problem in the 90s.

  44. Soon to be google says:

    Get Deep freeze!!!

    Lock the PC down!!! "try it out!!" it will never loose performance or crash it!!!  

    have two windows!! one with it and one with out!!!

  45. Soon to be google says:

    you must have two windows!!

    one on each hard drive split!!

  46. Richard says:

    I think that IE9 should have an upload progress bar (or sth like that). In Chrome, it's very convenient to see the progress. But in IE9 beta, I can only sit there and wait, wondering if the window does not respond or the upload is in progress.

  47. James Gentile says:

    The TPL lists sound nice, but what about sites that don't have them but you still want to view external content on? You should have a button that says "trust all scripts/plug-ins on this site" regardless of source URL, or maybe a pop-up that allows to checkmark URLs you trust.  If I trust a site, I usually trust all content it uses. However, without this ability it is impossible to run with scripting disabled. I understand there is a security issue, but it's better than everyone never disabling scripting because it's utterly impossible to surf with.

  48. Dave says:

    The tracking protection indication is that per domain or a static indication which is the same for all websites the user visits? If the latter case that would probably we have to block IE9+ users. Did Microsoft FORGET that HTTP is STATELESS? Where the web is moving forward, Microsoft goes back in time where sessionids are part of the url which make them vulnerable for tempering.

    Maybe I missed something, but why does IE9 not follow the same-origin concept? Cookies from the website you visit are allowed, while external requests (not same-origin) are blocked unless permitted by the user. That would leave shoppings carts and many other web applications intact while still protecting the privacy of the user.

  49. Drake says:

    @Soon to be Google

    Having read what the Deep Freeze does on Wikipedia it basically images your OS so that any changes done past a committal point are reversed.  This is basically the same as the now discontinued Windows SteadyState (formerly the Shared Computer Toolkit).  While tools like this can be useful, I fail to see why we need one specifically for WIE.  Personally, I prefer using Virtual Machines — slower, yes, but making no changes at-all on the host file-system other than creating a single file to hold the guest file-system.  That said, with the image-based backup in Windows 7 (and pro/ultimate editions of Vista) it's easy to create a whole snapshot of your system you can use to roll-back: not as quickly, granted, but it's simple and works well.  System Restore also works using image-based snapshots in Vista and 7 though and really does reverse changes (even re-install removed software) reliably, compared to Me or XP's single-file backup approach.

    @DumbDown

    Hate to agree but on low-res screens having the tabs and address bar on one row really is a show-stopper for WIE9.  Microsoft should remember that casual, less knowledgeable users are more likely to just click agree on an "allow us to collect sample data" dialogue than IT pros who actually read dialogues.  And of course those users probably don't use many tabs.  Of course there is a work-around: open multiple windows and have tabs in each — which kinda defeats why tabs were originally introduced, no?

  50. Soon to be Google says:

    @Drake

    Yes it is just like steady state!! "Microsoft know steady state like software  will kill there Tech business!!"  Example: A+ Certification and so on!!!   "prove me wrong!!"

                You install windows the way you want tweak and Freeze it!! "it is greater for kids or users who do stupid things with PC!!!!"  i could give you a link to a real virus so could test this and see how power full this idea is!! As soon as i restart that virus is gone!!  "if any 0 day exploits  that got on your pc only will live up to the moment of restart!!"  It just lock your PC down with no annoying access denied messages!!  "you can unlock your PC if you want!!"

    This is no virtual machine!! it is real windows, so you got the freedom to do what ever!!  "test out software with out any trace left on your PC!!"

    perfect!!  

    one machine that never crashes or degrades over time!!  "Make sure to back up your work side windows!!"

  51. Björn Bummer says:

    So this is like the RequestPolicy addon for Mozilla Firefox?

  52. Björn Bummer says:

    …or rather like NoScript's ABE?

  53. Soon to be Google says:

    well  script or no script you will get a virus!!

    you don't get my point!! Deep freeze make virus scanner and script software unnecessary!!

  54. Drake says:

    @Soon to be Google

    We do get your points but please stop trolling on behalf of your company.  We can appreciate what Deep Freeze does, it's far from the only software that does such a feature (excluding Microsoft's own and Windows OS features Wikipedia gives six, alone).  Also, what's with your posting name, "Soon to be Google" — are you suggesting your company Faronics is about to be bought-out by Google Inc.?

  55. Drake says:

    @Soon to be Google

    Reading your post reply to me again I have to comment on your "Microsoft knows SteadyState-like software will kill their tech businesses".  Firstly, I'm not sure what the CompTIA A+ certification has to do with this: they don't endorse your product, or products of your nature, specifically, and they are (supposedly!) vendor-neutral, so why are they suddenly predicting Microsoft will fail?  Some may call that "libel".  But that aside, your original statement makes no sense: software your company makes runs ON Windows so you need Microsoft, not the other way-around.  How does your product making Windows, for some people, more reliable make Microsoft fail?  Remember that Microsoft make their big bucks through software sales, not tech support, so you're not affecting Microsoft at-all here really.

    As for your two main arguments, viruses and kids playing around with settings, I'll grant you the one about the viruses but as for changing settings (1) give your kids as limited account (heck, everyone on Vista or 7 should use one, really: software support for non-administrative accounts is so-much better now than in 2000/XP and below) so they can't change certain settings or install software globally, and (2) System Restore in Vista or 7 really does work well for restoring settings — try it.  You might just find it works so well at doing that there is less need to install Deep Freeze (or similar software) for this purpose… 😉

  56. zzz says:

    Continuing on the pattern of transparency, could you next look at the estimated delivery of full size smart address bar and more room to hold tabs directly visible/accessible.

  57. SomethingDifferent says:

    I know this is off the topic but:

    lifehacker.com/…/browser-speed-tests-ie-9-firefox-4-beta-chromes-crankshaft-and-opera-11-beta

    What happened? IE9 did very badly…

  58. Some guy says:

    How is this different for the average consumer at home to the "per site privacy" thats been available since ie6?

  59. Aethec says:

    @SomethingDifferent

    If Lifehacker wants to be credible, they have to say how they tested browsers. They don't give the JS benchmark name (I have a feeling it's Dromaeo, Kraken or the V8 Benchmark Suite)…how can MS improve if they don't know where IE crashed?

    Besides, Chrome's memory use might be big, but it has a reason…you can't simply run tests, do a nice Excel graph, give results and say "the best browser is…". That's called trolling for comments.

  60. 6205 says:

    What version of IE9 is in video this article. It seem little different that released Beta. Tabs looking somehow better or i am seeing things?

  61. Spell Checker please says:

    Please, please add spell check to IE9. With the number of enhancements that have been made to IE9, I just can't believe that MS still hasn't included this feature.

  62. IE8lover_IE9hater says:

    Really, even IE6 was far more *customizable* than IE9. IE6's rendering engine was *** but GUI fully user customizable. Now IE9 has good standards support but the GUI is a complete non-customizable dumbed down POS. Why can't Microsoft create an IE version with fully customizable UI+solid standards support in the same version is beyond me. Chrome evny? I have started writing my own Classic IE addon similar to Classic Shell which will try to bring back the removed stuff. Unfortunately, the IE9 address bar will have to replaced with my own. I fear not everything can be brought back. The god awful notification bar which constantly requires the user to close it to see underlying parts of the page will be here to stay I guess.

  63. Drake says:

    @IE8lover_IE9hater

    I too can't understand the massive lack of UI customisation.  Even the simple "large icons" choice has been removed.  The cleaner Status Bar is also less useful: it no-longer shows an icon if a pop-up has been blocked, nor InPrivate Filtering status, nor if cookies have been blocked nor what zone a website is in.  They should look at how the Office team did the Status Bar in Office 2007 and 2010: right-click and you can select what you want to be displayed here and what not.  So much better.

    Maybe after a final-version upgrade Microsoft will keep the WIE8 iexplore.exe executable so you can use that interface but the WIE9 rendering engine, like it did with WIE7, where the upgrade kept a copy of the MIE6 iexplore.exe in an update folder in the Windows directory.

  64. SC says:

    No spell checker, no support from me.

  65. Laco says:

    Who cares for spell checker if very basic, fundamental parts of IE9 are terrible. Things like font rendering, unlogical right favorites menu pointing outside of the browser window, tabs beside adress bar with ugly white line under tabs, inconsistent back/forward buttons, ugly favorites bar with possible doubled command bar on fav. toolbar and also on main window. This software is too bad and a big dissapointment for many users..

  66. SC says:

    It won't be a big disappointment if they can at least read our posts.

  67. SL says:

    @Laco There is an icon on favorites to stick it to the left and inbrowser,  would not hurt to try…

  68. Rob says:

    Google fixes security risks in urchin tracker/google analytics.

    <q class="google">

    While the immediate probability of this attack is low, we urge you to take action to protect your site.

    We have fixed the bug, and all new experiments are not susceptible. However, any experiments you are currently running need to be updated to fix the bug on your site. Additionally, if you have any Website Optimizer scripts from paused or stopped experiments created before December 3, 2010, you will need to remove or update that code as well.

    </q>

    My comment: more work has to be done, Google Web Apps next please. One needs to ask… why doesn't my Google Toolbar SideWiki or Side Talk bar not work in IE9 Beta… Press F12 to display the developer tool, then select the Script tab, press "Start Debugging"…. mmm permission denied errors. Come on Mr Google, you have Chrome, don't make the mistake of only targeting its security model.

    Glad to hear back from Connect that you are considering my issue ticket about missing notifications on the Status bar. I see a related comment has already been posted here.

    connect.microsoft.com/…/ViewFeedback.aspx

  69. R says:

    No Mention of Flash Cookies?

    to disable….

    1. Disable flash from the Manage addons applet.

    or

    2. Disable Global Storage in your flash settings… right-click on any flash content to deisplay the context menu. Select the Global Preferences option… this will take you to the Adobe online Flash settings console.http://www.macromedia.com/…/settings_manager.html

    select the Global Storage Settings Panel (http://www.macromedia.com/…/settings_manager03.html)

    uncheck "Allow third-party flash content to share data on your computer"

    Stange… LCIE tab recovery incidents fall to almost zero once I have done this. There is a connection between some IE Addons and their access to the Flash cookie store.

  70. JLV says:

    Kudos to Microsoft for taking this on! I felt betrayed by Mozilla's decision to not address this. This will make many people choose to default to IE when browsing.

    Users have no idea how much of their activity is being tracked while they are online. Clarity around personal data is a basic step toward integrity for all Web sites. Options to block tracking are therefore a necessary choice for consumers as well. If you don't like the policy, you can do more than not visit the site.

    This does not kill advertising on the Web. Contextual ads and semantic ad delivery is better anyway. Because I looked up a camera lens for my brother's birthday present, does not mean I need to see 50 ads for it around other Web sites for the next month. Or want you to know my facebook info.

    The IAB told Congress they will take care of the issue through industry self regulation. In a $51B advertising market, why would anyone dare to claim they CAN self regulate?

    I am seeing new thinking and policies from Microsoft that change my perspective on the company.

  71. Grinning Grammy says:

    The new IE 9 sounds great if it stops all that tracking.  I am very well pleased with that addition.  One other issue, which has driven me to Google Chrome (I don't much like Foxfire) is that IE 8 isn't compatible with Flash 10 or 11 since I'm using an 84 Bit Processor.  This might not be the exact technical language, but I can't interact with games and things using Flash 10.  That's a much bigger issue for me since we can actually block tracking through our security providers if we so choose.  Not being able to use IE 8 for anything which uses Flash is a much bigger problem for me.  I hope it will fix that issue as well.

  72. Orai says:

    Lpveyo.  Bu

Skip to main content