In the run up to the release of the second beta of Internet Explorer 8, Microsoft has described a couple of new privacy features that will be in its new browser. Under the new InPrivate branding, IE8 will include a privacy mode to allow browsing without leaving a trace ("InPrivate Browsing"), along with a feature to block the various mechanisms used to track users across websites ("InPrivate Blocking"). These new features are part of Microsoft's continuing Trustworthy Computing initiative to ensure that software and websites respect the user's privacy.
InPrivate Browsing creates a browsing session that is completely destroyed when the window is closed. In particular, it leaves no entries in the browser history, no cookies, and no cached files, nor is any autocomplete or other form information stored. A variety of implausible usage scenarios are described by Microsoft: looking at banking websites on shared computers or doing Internet shopping to buy gifts without the recipient finding out. The most likely situation, however, is the obvious one. Nudge nudge, wink wink, say no more. Safari already includes its own Private Browsing, and Firefox has plugins to achieve the same. Whether users are paranoid or perverted, this will certainly be a valuable feature.
The second InPrivate feature, InPrivate Blocking, is more unusual. The Internet is essentially an anonymous place. Whenever you visit a website, that site will usually record your IP address, but unless the site's owner is willing to take legal action against your ISP, they can't put a name to the address. This is inconvenient for a lot of applications, so one of the earliest web developments was the cookie. A cookie is a small, semi-persistent piece of data that is stored by your web browser and can be retrieved by the website that created the cookie in the first place.
By storing a unique identifier in the cookie, a website can tell that you're revisiting the site even if your IP address changes between visits—the unique identifier stays the same even when your address changes, allowing some degree of tracking. This doesn't disclose any personal details (it won't let the site know your name or address or social security number), but it does allow the site's operators to learn more about their users so that they can, for example, make better suggestions to would-be shoppers.
Cookies are quite restricted. In particular, only the domain that created a cookie can read it. This means that if I browse amazon.com for DVDs and then visit amazon.co.uk, amazon.co.uk can't tell that I've previously visited amazon.com, so it can't suggest good prices for the DVDs I was looking at on the US site. For companies wanting to track users across multiple sites, this is a problem; using plain cookies, it's impossible to join up the visits made to different domains.
To counter this domain-based restriction, websites embed objects from a single domain. An example of this is Google Analytics, a referral and advertising tracking system from Google used by many high-profile websites. Any web page using Google Analytics needs to load javascript from the domain "google-analytics.com." Because all sites using Google Analytics use the same source domain for the script, Google can track a user across any Analytics-using site. This allows Google to get a better idea of what a particular user's interests are—which sites they visit, how regularly they visit them, what products they buy, and so on—and hence tailor adverts to those users.
It is this form of tracking that InPrivate Blocking is targeting. If IE8 detects that the same off-site resource has been used by more than ten sites (so, ten different sites each using a javascript from google-analytics.com, for instance) then the script is treated as a tracking device, and future attempts to access the resource are blocked. Although this will not completely block information disclosure—the tracking site will be able to monitor your behavior until the block is triggered—it will prevent the monitoring of users across dozens or even hundreds of disparate sites.
The privacy benefits of preventing this tracking are clear; privacy complaints are increasingly concerning regulators and consumers alike, and this block will go some way to curtailing the power of large Internet companies to monitor how people are using the web.
The new feature won't be welcomed by all, however. The tracking information is not collected for nothing, after all; it is used to improve ad targeting and thus encourage web users to part with more of their hard-earned. By stripping advertisers of their ability to tune their adverts to users, advert specificity and click-throughs are likely to drop—at least until some circumvention mechanism is discovered. In the meantime, though, advertisers' loss will be privacy advocates' gain.
You must login or create an account to comment.