Web Tracking Protection: An Emerging Internet Standard that Helps Protect Consumers from Tracking


Today, the W3C has accepted and published Microsoft’s member submission for an Internet standard to help protect consumer privacy. This announcement from the Web standards body responsible for HTML5 is an important step forward for people and businesses that interact online.

The privacy concerns from consumers and academics and governments world-wide have both technical and non-technical aspects. Addressing these concerns will involve technology. The W3C’s involvement provides the best forum possible for that technology discussion. Just as the community has worked together at the W3C on interoperable HTML5, we can now work together on an interoperable (or universal, to use the FTC privacy report’s term) way to help protect consumers’ privacy.

Addressing these privacy concerns will also involve much more than technology. Governments and regulators and law enforcement have a crucial role to plan in addressing the public’s privacy concerns. There’s a large and growing body of work that shows the complexities of the non-technical issues they face. Some examples are the privacy report from the US Federal Trade Commission in December 2010, the work of the EU’s Article 29 working group and EU ePrivacy directives, and public discussions like the recent one at the UC Berkeley

The technology solutions we work on as an industry need to work well with the social, economic, and political discussions that occur world-wide outside the W3C. The FTC’s report, for example, provided a context that made our announcement of IE9’s Tracking Protection functionality much easier for many to understand. That report also notes the following issues and questions about technical solutions:

  • A universal mechanism should not undermine the benefits of online behavioral advertising, including funding free online content and providing personalized advertisements that many consumers want.
  • A universal mechanism should be different from the Do Not Call program (which has a registry of consumer phone numbers) in one key regard:   it should not require a registry of unique identifiers as that could negatively impact privacy.  Instead, the FTC recommended a browser-based mechanism.
  • Should a universal choice mechanism go beyond a total opt-out and include an option that lets consumers make granular choices about the types of data they are willing to have collected from them and the type of advertising they wish to receive?
  • Universal choice mechanisms should be understandable, simple, easy to find and very clear about what the choices mean.
  • There are a number of questions about the mechanics of a universal mechanism, including how it should be publicized, how it can be as clear as possible, how many consumers are likely to choose to opt out of targeted advertising, what will happen if many opt out and whether legislation should be passed if the private sector does not implement a universal mechanism voluntarily.

Through this lens, the W3C’s Web Tracking Protection, based on the IE9 Tracking Protection functionality, is a strong step forward.

The proposal with the W3C is a significant step toward enabling an industry standard way for Web sites to (1) detect when consumers express their intent not to be tracked, and (2) help protect themselves from sites that do not respect that intent. Enabling consumers merely to express their intent to not be tracked is just not sufficient. It’s a subset of what effective tracking protection should do. IE9’s Tracking Protection also enables consumers to block the content that does the tracking. You can see some initial examples of Tracking Protection lists here. This diagram illustrates how a browser that supports Web Tracking Protection works with lists:

We look forward to working with the community through the W3C on a common standard for Internet Privacy. It will help consumers who use browsers that support it.

—Dean Hachamovitch, Corporate Vice President, Internet Explorer

Updated 2/24: added link to announcement of IE9’s Tracking Protection


Comments (40)

  1. Matthew says:

    Does this mean IE9 is more standards compliant than Mozilla Firefox for web tracking then?

    I appreciate that's unfair comment (as it is so new), but it is also amusing.

  2. jabcreations says:

    Safari is more customizable than IE9! Look, lots of great work on Trident and that's appreciated though at the end of the day I'm still moving clients to different browsers because I can customize them to be easy to use. Friendly icon with text labels? You bet! Tech savvy people like those? Probably not but they aren't my paying clients.

    Firefox toolbar: Back, Forward, Reload, Stop, Home | Bookmarks, Downloads, History, New Tab, Print

    My clients don't ask me repetitive questions that other people with clients do because I understand their needs, make their computers easy to use and show them how to use them with the easy-to-see buttons. Result? Happy clients and happy clients trust me word and only spend their money if I say a product will help them. What I say matters to my clients, what I say doesn't matter to Microsoft. Is that a savvy business decision?

    Should we presume that 99% of the devs on the IE team did NOT totally dislike the merged tabs toolbar move or do the devs only have three tabs open at max?

    Vista destroyed the GUI and 7 compounded it…big massive bulky start menus? A search feature for the programs folder? REALLY? I click twice (start->program) in XP, how many times do you have to click in your start menu for notepad in example?

    Who's in charge of the IE and Windows departments? If you spend time investing in features like protection from tracking why make the GUI so bad that people like me will move clients away from your software?

    Firefox 4, Chrome 9, likely Safari 6 and likely Opera 12 will have GPU acceleration on XP and none of those companies have near the size of the financial war-chest to invest in to their browsers.

    I'll obviously get criticisms from people who don't matter. Who matters? Paying clients, people who use their computers for their businesses or to keep in touch with family, no one calls me if they consider their computer a hobby. Making money by resolving the same problems for clients deceitful, my clients return because their needs increase as their ability to use the computer has been increased by me making their computers easy to use.

    I teach my tech friends how to make their clients computers more usable and they make more money by helping people instead of making blind guesses.

    This stuff compounds, imagine the thousands of licenses not sold that could have. Now imagine fixing the GUI and making the software easy to use…maybe even desirable to use. Do that and I'll move clients to your software, continue doing the opposite and I'll continue moving my clients away from your software, all of it because most of us who like using computers have noted the damage done to IE, Office, Windows and other Microsoft products.

    At the end of the day clients as in people matter and Microsoft needs to pull a 180 in the GUI department or you can expect more things like XP's market share to always be greater than 7 well in to 8's RTM.

  3. Aethec says:

    @JAB Creations : There is no content HA on XP. Period. The only HA on XP is the compositing one using Direct3D. A hardware-accelerated browser on Win7 will do much, much better than a "hardware-accelerated" one on WinXP.

  4. joshuatee says:

    ahahahaha…., jab:

    "REALLY? I click twice (start->program) in XP, how many times do you have to click in your start menu for notepad in example?"

    uhhhh, twice? ….actually…. really… :D

  5. RogetRabbit says:

    It's not a standard yet – the work in W3C will ensure that it gets there. But this is a great step forward in improving Internet privacy. I hope that Chrome stops dragging their feet even though it could hurt their ad tracking business. Getting all browser to support this will be important.

  6. thenonhacker says:

    Matthew: Where the hell was Firefox or other browsers mentioned in this article? Too defensive. Like it kills you to see IE catching up to Firefox.

    - I'm A Firefox User, yet I can say that.

  7. S says:

    I have a couple on-topic questions.

    Why is it that Allowed sites always override Blocked sites?  This means that the more TPL I accept, the less tracking protection I am likely to have since each list could sneak in a few whitelisted sites.  In my opinion, only my Personalized List should have priority and anything I explicitly block or allow in that list should be obeyed.  Next, it would be nice if I could accept only the blocked sites from a TPL.  There should be a setting where the entire list gets downloaded, but IE9 ignores the allowed sites.

    Also, in IE9's implementation, there does not seem to be a way to see a list of content that was blocked by TPL.  I just see an indicator that "some content is filtered on this site" (which could be ActiveX or Tracking Protection).  Ideally I should see a list of blocked content with the option to individually allow items by adding them to my Personalized List as allowed.  Otherwise I have to turn off all tracking protection for the page just to allow one exception.

  8. johnshort62@hotmail.com says:

    enjoyed reading

  9. dlh2009 says:

    @JAB Creations:

    I have customers who I have upgraded to Windows 7 and say that it is much easier to use than Windows XP and they tell me that they enjoy the new UI unlike Windows XP. I also have had more customers complain about Firefox, Google Chrome, and Safari. I have never had a complaint about IE8.

    Most of my customers range in ages 30-65+ and these are the people that I expect to have issues with upgrades and new software. I also work in the educational sector for my local high school and I have never heard any of the teachers complain once about IE8. In fact, they enjoyed the speed and stability increase that IE8 offered over IE6 and 7.

    You also have to remember that the economy has been horrible these past few years and people/business are not spending money on upgrades for new software. It isn't because they don't like the Windows 7 GUI, it's because the technology departments don't have the funds to upgrade. That is going to keep the marketshares for Windows XP up.

    Also, if you are encouraging your customers to stay with Windows XP, then you are not very bright because a lot of software is making the shift towards the new features that Windows Vista and 7 have to offer. Not only that but new operating systems offer a much better layer of security than your older versions. I have yet to have any major malware issues with computers running Windows Vista or 7. Windows XP does not offer the security features that Windows Vista and 7 offer to protect against the ever growing and changing malware market.

    For your notepad example, I only click once. I click Start and then type in Notepad and press enter. It's that easy. To get to my Programs menu, I click Start and then All Programs. Two clicks, the same as you.

    Have a good day!

  10. laughing out loud says:

    I love the PR sludge you're trying to spread suggesting that **Anyone** wants advertising of **Any** kind (personalized or otherwise)

    We **tolerate** advertising because we want content.  For the millions that have discovered adblock and similar **our** Internet experience is 1,000 times better.  Since no decent equivalent exists for IE – Intelligent surfers simply don't use IE.

    More importantly any company with a business model that depends on advertising for its commercially viable success is extremely fragile and not one I would invest a dime in.

  11. Mark says:

    @laughing out loud

    I wouldn't invest in google if I were you then, since virtually all of their revenue comes from ads.

  12. laughing out loud says:

    @Mark – incorrect.  Google makes virtually all of their revenue off advertisers wanting to place ads… and that plan works because Google provides the best results possible.  Not to mention a plethora of other amazing services that tie into it.

  13. thenonhacker says:

    I would love a Tracking Protection List dedicated to creepy Google.

  14. Rouget says:

    @thenonhacker – so would I. I am not a hacker either, otherwise I would do it now. who can build it first.

  15. Samuel says:

    @laughing out loud – sorry, but there is a problem with your logic. If everyone installed mechanisms to block ads, then the willingness to pay for Internet advertising would go down (since no-one would see them). That is a huge problem for Google.

  16. c69 says:

    The only way to protect a user from tracking – is forced cleaning of caches / cookies and stuff, and limiting system data exposure.

    Yes, big US based companies will obey federal law, but what would prevent them from outsourcing tracking services to offshore subsidiaries ? – The answer in NOTHING.

    As for 3rd world, you can be sure that companies will happily ignore / circumvent so called "tracking protection" that will appear in IE9, FF4 and Chr.

    Yes, lists are good, and 3rd party domain blocking is good, too.

    But what will advertisers do ? they will just ask website owners to install a 'proxy' page, say 'bad-ad.php', which will be making third party data as first party, and thus – avoiding filters, that will be widespread by the end of 2011.

    And, well, some browsers might incorporate tracking on a system level ;) And write about it in EULA, so you either agree and install "cool browser", or stay with your "old and boring" one.

    But, nevertheless, its a good step in right direction. Thanx, IE team!

  17. Harry Richter says:

    @  c69

    To your last point: we already have that "cool browser"! It is called Chrome!

    Harry

  18. Nick says:

    The Google ads are fine, they are not invasive in-your-face ads trying to sell you pills to fix your weight or sex life, invest in schemes to export money out of Africa, install texas holdem poker/casino games etc.

    Its the 100% Flash based ads, popunders and other garbage that is the issue.

    Well almost.  There are some cases where sites have used Google ads not realizing they've accidentally broken their site.  Take this site for example:

    devguru.com/…/10770.asp

    The page is just a page describing the JavaScript "watch" method **Cough** Too bad IE doesn't support this **Cough**.

    Anyway, try using the menu on the page (Quick Refs, Features, Site) and notice that the menu drops below the ad.. try moving the mouse to the lower menu items… poof! menu gone!

    I appreciate Microsoft's contribution here but the suggestion that users want to block the tracking and keep all the ads is quite funny.

  19. 6205 says:

    Tracking protection should be enabled by default. This is a MUST!  Users are first, not companies spying on us! If you mean it seriously, it will be enabled by default.

  20. hAl says:

    Looking at the pichtire in the article.

    How does IE9 handle the situation that the tracking server and the ad server are the same server.

  21. czechyourself says:

    @Harry Richter – Is it correct that Chrome has built in user tracking? I did not know that.

    @c69 – Why can't someone like adblock build a tracking list that also blocks ads? Wouldn't it just be about blocking some domains?

  22. thenonhacker says:

    @IE9: Please expand Tracking Protection to Flash-based Super Cookies!

  23. Ryan Sharp says:

    Jab Creations, you really need to go back to school pal. Quit talking about your clients and go study how to form a coherent sentence. You seem to be under some delusion that you appear smart and that your opinions are of some value to others. Inferiority complex personified….

  24. S says:

    @ c69

    Regarding your prediction of proxy pages, I think something like that could be used to help get around the filters (especially filters geared to block ads).  However, that proxy technique would make tracking much more difficult because any cookies created by one site's proxy would not be available to another site's proxy.  It's true that a centralized system could still try to perform tracking based on things like IP addresses, but that gets harder.  (For example, consumer IP addresses are typically dynamic and may change from time to time.)

  25. gawicks says:

    @ Mike Dimmick

    Perhaps I did not make myself clear .I was referring to the 'Save Webpage' dialog that appears AFTER the Save button has been pressed. May be the ieteam ought to move 'Save Webpage' into the download manager like in Firefox.

  26. AntiLuddite says:

    Lollllllll @JabCreations. You really are a clueless Luddite who knows NOTHING about computers. XP is a fugly, ancient, insecure, unproductive, pathetic and completely unusable OS. On the other hand Windows 7 is the most beautiful, productive, secure and greatest OS of ALL TIME. Windows 7/Vista has great Start Menu search feature which makes finding ANYTHING on the computer so much easier unlike the pathetic XP.

    Windows 7 is the fastest selling OS in history — more than 300 million copies sold within just 15 months. Windows 7 and Vista combined now has 45% market share while the pathetic XP only has 38%. XP is now dead as a dodo. NO ONE uses XP nowadays except Luddites like you and pirated Chinese users. People are abandoning XP like rats desert a sinking ship. Within the last year I have replace ALL the XP systems I manage with Windows 7 and the customers LOVE it.

    IE9 has the most beautiful and productive GUI of ALL browsers. I simply LOVE this browser. Keep up the good work Microsoft. Thank you so much for abandoning the pathetic XP support with this great browser.

  27. About_MSDN_IE_Blog says:

    Is it me or everyone else can observe that Ctrl+Z is behaving weirdly in this comment box (textarea) in IE9-RC? I tried to undo some text and I got it all shambled. As compared to Beta, the IE blog listing page with "full post view" is loading perfectly fine like a charm (without getting halt/stuck for some time; improved performance indeed). :) Good work, keep it coming IE team and please look into the aforementioned issue!

  28. DanglingPointer says:

    I recently discovered the great `quick tabs` feature. Imo, it should be enabled by default, means it shouldn't be confined to the power user. Moreover, there should be some more information bind to the tabs' preview, may be some attributes of task management like how much resources, in terms of memory and CPU cycles, the tabs is consuming OR there should be some static task manager for all the open tabs group by their window (since quick tabs show the tabs contained by the current window only which does make sense).  I really want to see IE progressing in advanced tabs management and grouping.

    Question: If we club together multiple tabs in a pinned site to form a group (lets say an email group: consisting of hotmail, gmail & ymail), is it possible to assign a custom icon rather than the favicon of the first tab in that group? Please provide some customization at the group level.

  29. Jose says:

    @About_MSDN_IE_Blog – it may behave weird but then again this entire blog software is the pits and constantly having issues.  Without a doubt the IE blog has the worst most disfunctional behavior of any blogging software I have ever used hands down.

    I'm sure we could get enough donations from readers of this blog to buy MSFT a copy of whatever blogging software they want to use and we could get rid of this Community UnServer-able software once and for all.

    Posting now… and preying that it actually works today…

  30. quickly release says:

    i want to use ie9 right now

  31. LoLtRoLl says:

    @laughing out loud said: "For the millions that have discovered adblock and similar **our** Internet experience is 1,000 times better.  Since no decent equivalent exists for IE – Intelligent surfers simply don't use IE."

    Y'know, this blog post is describing a feature than can do exactly what AdBlock Plus does.  Just use the EasyList tracking protection list which uses the same filters as AdBlock Plus and you're there.

  32. Peter says:

    @LoLtRoLl – correct this feature *could* almost work the same as AdBlock with just a few differences. 1.) AdBlock is easy to use. 2.) AdBlock was designed for the task. 3.) AdBlock has been around for years – the IE tool hasn't gone RTM yet.

    Speaking of Adware for a moment… IE itself is actually one of the biggest offenders in the adware space due to a very bad design of IE's Adware Toolbars.

    You all know the story… you install the "super duper" lyrics-fetcher app so you can get lyrics to your favorite songs and as part of the install it sneaks in the installation of an IE Toolbar.

    ********

    Note #1: IE needs protection that immediately pops up a blocking window stating that: "Super Duper Lyrics is trying to install a Toolbar in your Internet Explorer Browser. [Allow] [Deny] (where Deny is the default)

    ********

    However as a user you got suckered in and now its installed.

    Ok so next time you are in your browser about to go into your online banking you now see the "Mega Awesome" toolbar that got installed and of course you want to get rid of it.  So you go to Tools > Manage Addons and spot the offending toolbar, highlight it… but THERE IS NO UNINSTALL!?!?!?!

    ********

    Note #2: IE needs an uninstall button for EVERY addon in the manage addons window WITHOUT EXCEPTION! – notice how every other browser doesn't suffer from this usability and design flaw

    ********

    I can't count how many times I've seen other user's computers with 3 or more additional toolbars in their IE browser.  Not only does it look bad, not only are they sharing all kinds of personal information and surfing habits with advertisers and scammers across the globe, but they lose precious window real estate for toolbars they don't even use nor can they get rid of (see Note#2)

    If Microsoft wants us to believe that they really take personal security seriously – then the above 2 notes will be addressed with fixes before IE9 goes out the door.  Otherwise this is just a bunch of smoke and mirrors… oh hey, look we can now block trackers… (Psssst! hey all you shady vendors, keep on installing your crapware in our browser! we'll make it easy for you to sneak in and steal all the information you want!)

  33. hAl says:

    @Peter

    Simple adblock for IE is an add-on that is even simpler to use than Adblock plus and it uses the same easylist filter that Adblock plus uses.

    http://www.simple-adblock.com

  34. Viktor Krammer [Quero] says:

    Tracking Protection is really a nice feature, but it has a serious limitation, which can render it useless in the future.

    Tracking Protection lacks the ability to filter 1st-party content coming from the Main Site Server.

    The main site server can also integrate tracking pixel images or other unwanted content, that the user would like to filter. Additionally, because of this limitation, I anticipate that many sites will circumvent IE9 Tracking Protection by exploitng this limitation and route all tracking pixels, ads etc through the main site server, which is undesireable and could harm the Web more than it helps. Please let the user decide what they want to filter or not.

  35. jader3rd says:

    I've recently been having fun with the Windows Firewall blocking ad servers. The one problem I get into is when the same server is used to serve up display ads and ads which appear before viewing a video. Since the Firewall takes a while to flush its log to disk, and modifying the firewall requires admin perms, turning off the blocking to view one video is a bit of a pain. I hope this will be easier, with a way to go to the tracking protection and tell it to unblock, for a single website, once.

  36. tommy nguyen says:

    protection

  37. SnarkMaiden says:

    @DanglingPointer – I miss the Quick Tab button from IE 9 that let me click rather than using a keyboard shortcut ;-) If you use pinned sites it's a little easier to see which IE instance is using more resources in task manager, but it could aways be easier…

  38. DanglingPointer says:

    @SnarkMaiden, I really like to see IE team utilizing the vacant space at top left corner or 70% from the left side in the top row to deploy the quick-tab and other tab-management button (such as; task-manager for open tabs!) Having said that, the zoom button can be moved from status bar to the said location and then they can certainly drop status bar with zero-items in it.

  39. Smith says:

    IE is still very slow.

    What the engineers of IE will do about it?

    http://www.freeimagehosting.net/…/2c4456215d.png