Protecting Consumers’ Privacy Online


This morning in the United States, the White House announced a new “Consumer Privacy Bill of Rights” as part of the effort to improve consumers’ online privacy. As I’ve mentioned before, Microsoft is actively participating in the industry initiative for Tracking Protection at the W3C to produce Web standards for online privacy.

The Tracking Protection Working Group is chartered to work on two complementary initiatives: Tracking Preference Expression (Do Not Track) and Tracking Selection Lists (TSL). The TSL editor’s draft defines a format for interchangeable lists for blocking or allowing tracking elements from Web pages. Last month, at the W3C face-to-face meeting, the working group decided that a sub-group (or “task force”) of those interested in TSLs should work on the specification together.

Work on Do Not Track (DNT) is continuing and the W3C expects this to become a standard sometime in 2012. In the meantime, IE’s Tracking Protection feature is available to IE9 and IE10 users today. This is the only technology that can filter out unwanted cookies, beacons, and other tracking devices without requiring Web sites, advertisers, and publishers to change.

At the CPDP 2012 conference in Brussels, Simon Davies and Alexander Hanff of Privacy International launched two new tracking protection lists designed to protect consumers from Web Analytics and Behavioural Tracking. These lists are available from http://www.privacyonline.org.uk/. Check out the complete set of Tracking Protection Lists available from the IE Gallery (including the popular EasyPrivacy and Fanboy lists).

–Adrian Bateman, Program Manager, Internet Explorer

 

Note: Correction in last paragraph

Comments (23)

  1. Arieta says:

    When will we get support for user editable TPL lists in IE?

  2. @ sweataria says:

    Do it today! It's not hard. Anyone can edit a list

  3. Viktor Krammer [Quero] says:

    I have used TPLs to compile this ad blocking TPL for IE9/IE10 users:

    http://www.quero.at/adblock_ie_tpl.php

    One serious limitation though, is that Tracking Protection Lists do not filter first-party content. So, let's say if you block example.com/tracking.js, the JavaScript file is not blocked if you are browsing on example.com. It is only blocked if you are browsing a different domain that references the tracking.js file, but not if you are directly on example.com. It would be cool if this limitation is dropped in future versions or in the upcoming standard to enable more flexible and powerful content filtering lists.

  4. @ Diktor says:

    Maybe because it's a TRACKING protection list not an AD BLOCKING list. Bozo.

  5. vica says:

    "American consumers can't wait any longer for clear rules of the road that ensure their personal information is safe online,"

    news4geeks.net/…/white-house-pushes-for-new-privacy-codes-of-conduct

    will gov hire hackers to prove that data is keep is safe 🙂 ?

  6. Mike Vincint says:

    how about adblocker? Will you guys provide inbuilt adblocker feature as a part of Internet Explorer 10? or you pass the suggestion in order to promote that irritating ad of yours on Hotmail page!!

  7. Feature Request says:

    Hello.

    There is one feature that is present in all major browsers, except IE: Caret Remembrance.

    Here is the problem described: http://www.tinymce.com/…/bugtracker_view.php

    I wonder whether this one is fixed in IE10?

  8. Using Internet Explorer 8 says:

    Like a boss

  9. Mush Man says:

    Arieta,

    You can make changes to an installed Tracking Protection List by going to:

    %LocalAppData%MicrosoftInternet ExplorerTracking Protection

    …and opening them with a standard text editor.

    Adding your own rules is simple enough. You can follow the syntax at:

    http://www.w3.org/…/web-tracking-protection

    If you're interested in adding your own Tracking Protection List, you'll need to host the .TPL file somewhere on the web you can access directly (Dropbox might work) and then create a web page (you can create the page locally) with a link to (using the anchor tag):

    javascript:window.external.msAddTrackingProtectionList('<Tracking Protection List URL>', '<Name of List>')

    Hosting it locally doesn't seem to work, unfortunately.

    If you want, you can use my personal Tracking Protection List as a starting point. Note that you'll have to re-host it to prevent your updates being reverted since the standard doesn't allow me to disable auto-updating. You'll also have to update the online copy whenever you make changes because the auto-update feature will revert them as well otherwise. My list is available at:

    http://ninstar.co.cc/rules.tpl

    Following the link on its own will let you see the contents of the list before installing it.

    Hope this helps you out. 🙂

  10. Fanboy says:

    MushMan your "list" is just Easy privacy re-packaged.

  11. Mush Man says:

    Fanboy,

    If you scroll down, you'll find more lists I threw in. Yes, it does include Easy Privacy's list. It also includes more general rules from an old list I used in IE8 but had to convert so it would work in IE9.

    Sorry for the confusion. 🙂

  12. Fanboy says:

    Is there something in the spec preventing us blocking 1st Party items?

  13. Arieta says:

    Mushman: The necessary online hosting and cumbersome manual editing is the exact reason why I say that they are not use editable.

  14. Viktor Krammer [Quero] says:

    @Fanboy

    >Is there something in the spec preventing us blocking 1st Party items?

    http://www.w3.org/…/SUBM-web-tracking-protection-20110224

    It seems the spec only targets third-party content, but does NOT block first-party tracking scripts and tracking images (web bugs). This is a serious limitation in my opinion, that should be dropped. The IE team should make first-party content also blockable.

  15. @Victor

    "The IE team should make first-party content also blockable."

    How would you distinguish tracking content from he normal website content.

  16. Viktor Krammer [Quero] says:

    @A_Zune

    >How would you distinguish tracking content from he normal website content.

    Many websites use web bugs (1×1 pixel images such as example.com/track.gif?id=x&page=y&session=z…) to track the user behavior. By adding a URL-based rule (such as -d example.com/track.gif) it would be possible to specifically block that image or a tracking JavaScript. But TPL currently does NOT allow to block first-party content.

  17. Adrian Bateman [MSFT] says:

    @Viktor/A_Zune: there is lots of discussion about the definitions and responsibilities of first and third parties in the Tracking Protection working group (for example, look at the issues list: http://www.w3.org/…/issues). Most people are most concerned about the tracking that occurs across different sites that is enabled by third party content. This is the "hidden" tracking that average consumers have a hard time understanding. You can see more on the Tracking Protection Test Drive: ie.microsoft.com/…/TrackingProtection

  18. Uhm Kettle says:

    So why should we as users and developers trust Microsoft to implement this (or any security/privacy/anti-adware) policy?

    None of us have forgotten that it was Microsoft that first introduced the .popup() method as a proprietary IE only method to create chrome-less advertizing popup windows that could take over the entire screen and even cover the underlying windows chrome and controls.

    Internet Explorer pioneered the abilities for all shady advertisers to push garbage on unsuspecting users – so why is Microsoft trying to convince us that they are not a wolf in sheep's clothing?!

    I think an apology for past practices would go a long way to convincing users that Microsoft's intentions are pure this time around.

  19. nike tn says:

    At the CPDP 2012 conference in Brussels, Simon Davies and Alexander Hanff of Privacy International launched two new tracking protection lists designed to protect consumers from Web Analytics and Behavioural Tracking. These lists are available from http://www.privacyonline.org.uk. Check out the complete set of Tracking Protection Lists available from the IE Gallery (including the popular EasyPrivacy and Fanboy lists).

    –Adrian Bateman, Program Manager, Internet Explorer

  20. hAl says:

    Blocking 1st party content based on exact urls would be inefficient.

    It is much to easy to obfuscate and/or mix the tracking scripts/content with the normal content/script.

    I would however want an efficient way for consumers to block website plugins from facebook, twitter, google+ and other social media on all pages trough my browser.

    Pages load significantly slower these days because they are filled with "like" buttons and ather crap I do not want from a whole group of social media providers.

    Please give me a social media blocker page that allows me to block all unwanted social media plugins on websites preferbly with selectable opt-in for the social media that I choose to connect myself.

  21. Harry says:

    @hAl

    Just add the line

    127.0.0.1  www.facebook.com

    to your HOSTS file an you're done!

    Harry

  22. very nice idea and me who help me with some idea for a forum to implement  http://www.hobby-zoo.ro  and I thank

  23. Steve O'R says:

    TPLs ng in W8.CP

Skip to main content