Online privacy, Tracking, and IE8’s InPrivate Filtering

Online privacy and tracking have been in several news articles and public hearings lately. The recent attention has been on how visiting one site shares information with many sites, and how those sites can then share the information and effectively ‘track’ your activity on the web. The articles certainly show the complexity of the topic. This blog post offers some context on online safety and privacy and specific information about InPrivate Filtering, a feature in IE8 designed to help protect users from some tracking scenarios, as well as several other features IE8 offers users to help protect their privacy online.

Part of what makes online privacy tricky is that browsing the web is fundamentally an information exchange. Your web browser offers information in order to get information. That information can identify you. Often, that information is sent automatically for your convenience (like the languages you prefer to read) to tailor the content for you.

Because some of the technologies that can be used for tracking are also essential today for basic functionality, there is no “Just give me perfect privacy” feature. The way different tracking and anti-tracking technologies interact can read like a Spy vs. Spy comic strip. Distinguishing between a tracking technology (a beacon) and a useful piece of web content (a stock chart used as a beacon) is not obvious. Some people are concerned about Adobe Flash’s “super cookies”; IE8’s InPrivate browsing clears these as well with newer versions of Flash.  As another example, InPrivate Browsing in IE8 “clears your tracks” and removes information from browser history when you close IE. During the actual browsing session, before you close it, IE still records history (so the back button continues to work) and cookies (so that logins and shopping carts continue to work). Ultimately, people want the web to work and privacy protection.

We designed InPrivate Filtering to help users control who can get information about their browsing. IE enables users to choose how privately they want to browse. Users are in control of several privacy protection features in IE, and how automatically they function. Specifically, users can keep browsing information from going to sites they don’t actually visit directly. IE determines the potential tracking sites on the list based on the sites you browse to directly and how those sites were written. Different sites on the web have articles about more advanced features, like always browsing with InPrivate Filtering on, and importing and exporting InPrivate Filtering lists.

People who are concerned with tracking may be interested in how to use InPrivate Filtering in IE. (People interested in how it works can read more here and here.)

1. From the Safety menu, choose “InPrivate Filtering.”

2. Choose “Block for me” to turn on automatic filtering.

Alternatively, you can choose “InPrivate Filtering Settings” from the Safety menu at any time to see a list of sites that are in position to track your browsing based on the sites you browse to in IE. You can find more detailed instructions in several places around the web with some basic web searches.

The sheer complexity of privacy and online safety spans many disciplines. We’ve posted here about different aspects of web browsing safety. Bad things can happen to good people on the web in many ways. Internet Explorer includes protections for many different kinds of threats people face on the web. People often focus on malicious sites that exploit unpatched security issues in different devices and software. (Microsoft regularly releases updates; please turn on automatic updating if you haven’t already.) Sites host seemingly good downloads (“Free Emoticons! Puppy screensaver!”) that are actually malicious, or attempt to lure people to visit them; users often download them and run them anyway. Otherwise “good” sites unintentionally host malicious content. Phishing sites pretend to be one site (perhaps your bank) but are actually malicious in their use of information. IE’s SmartScreen has protected users over a billion times by blocking these kinds of attacks. Protecting children online is another set of challenges entirely. Some kinds of trust violations that are lower in severity go unhindered. Browser add-ons can leak information across sites, even though add-on developers can prevent it. Protecting a user’s online privacy is just as important to Microsoft as protecting the user from malicious sites.

The web today has lots of great innovation. Unfortunately, threats to online safety and privacy also see rapid innovation. The communities working together to combat online safety issues span the technology industry, financial and commercial institutions, academia, government, and law enforcement agencies.

Dean Hachamovitch

List of articles referenced
Adobe Flash Now Supports InPrivate Browsing - IEBlog - Site Home - MSDN Blogs
Browser Information
Even without cookies, a browser leaves a trail of crumbs
Hearings - U.S. Senate Committee on Commerce, Science, & Transportation
How a browser extension leaks Google history to Amazon | CNET to the Rescue - CNET Blogs
How to Start Internet Explorer 8 in InPrivate Browsing Mode by Default - The Winhelponline Blog
HTTP/1.1: Header Field Definitions
IE June Security Update Now Available - IEBlog - Site Home - MSDN Blogs
IE8 and Privacy - IEBlog - Site Home - MSDN Blogs
IE8 and Trustworthy Browsing - IEBlog - Site Home - MSDN Blogs
IE8 Blocked over 1 Billion Malware Attacks | Windows 7 News
Protect Yourself from Malicious Advertisements with Internet Explorer 8
IE8 Security Part I: DEP/NX Memory Protection - IEBlog - Site Home - MSDN Blogs
IE8 Security Part II: ActiveX Improvements - IEBlog - Site Home - MSDN Blogs
IE8 Security Part III: SmartScreen® Filter - IEBlog - Site Home - MSDN Blogs
IE8 Security Part IV: The XSS Filter - IEBlog - Site Home - MSDN Blogs
IE8 Security Part V: Comprehensive Protection - IEBlog - Site Home - MSDN Blogs
IE8 Security Part VI: Beta 2 Update - IEBlog - Site Home - MSDN Blogs
IE8 Security Part VII: ClickJacking Defenses - IEBlog - Site Home - MSDN Blogs
IE8 Security Part VIII: SmartScreen Filter Release Candidate Update - IEBlog - Site Home - MSDN Blogs
IE8 Security Part IX - Anti-Malware protection with IE8’s SmartScreen Filter - IEBlog - Site Home - MSDN Blogs
IE8 SmartScreen in action - IEBlog - Site Home - MSDN Blogs
IE8: Ad blocking with the InPrivate Filter - SuperSite Blog
Internet Explorer 8 - InPrivate Filtering
Internet Explorer 8: Nine Things You Didn't Know You Could Do - IE8 Tips 5-9 |
Is Google Watching You? New Plugin Will Let You Know [APPS]
Linux infection proves Windows malware monopoly is over; Gentoo ships backdoor? [updated] | ZDNet
My Browser Info
Panopticlick (Electronic Frontier Foundation)
Privacy Beyond Blocking Cookies: Bringing Awareness to Third-Party Content - IEBlog - Site Home - MSDN Blogs
Privacy, Add-ons, and Cookie-less HTTP Requests - IEBlog - Site Home - MSDN Blogs
Rickrolling - Wikipedia, the free encyclopedia
Spy vs. Spy - Wikipedia, the free encyclopedia
What is Private Filtering on IE8 and How to Prevent Web Sites from Collecting Information About You?
Windows Live Family Safety
Your Privacy Online - What They Know -