HTML5 Privacy: Transparency in a Complex On-Line World
Today the University of California Berkeley Center for Law & Technology held a Browser Privacy Mechanisms Roundtable with participants from government, including Commissioner Julie Brill and Chief Technologist Ed Felten from the US Federal Trade Commission, academia, and industry, including Microsoft. Privacy spans technology and policy, and conversations that reflect these different points of view are important to have publicly.
During the sessions, Microsoft announced that it is bringing our HTML5 Privacy design to the W3C for standardization. We’ve done this as a result of conversations on this topic with the W3C. As HTML5 enables innovation, we want to make sure it respects consumer privacy as well. Bringing Tracking Protection and related technology – like a persistent user setting about tracking preferences – to the W3C is important for a consistent and interoperable approach to privacy for developers and consumers alike. Standardizing how consumers signal their desire to not be tracked is important in the long term, especially when combined with clearer industry definitions of tracking and new laws and regulations that could help law enforcement protect consumers in some scenarios.
Building on our previous posts on this topic, below is an overview of some of the other conversations from the conference.
Starting with Consumers
A good place to start is with consumers on the Web. Consumers are increasingly wary, often out of necessity. In addition to rich Web content and Web applications, they face security risks like malicious sites and phishing scams. Even on sites consumers know and trust, bad things often happen. It’s easy to almost follow a bad link from a friend on Facebook, or become a victim of malvertising when a malicious advertisement appears on an otherwise trustworthy site. These patterns of justified consumer skepticism started long ago, when some sites started popping up windows that users did not want. Consumer empowerment started with pop-up blockers and moved on to many other forms of protection, from malware and phishing to XSS and clickjacking and many others. In light of all these issues, it’s understandable that consumers hesitate before trusting anyone on the Web.
Consumers have become increasingly concerned about privacy. This diagram of the technology landscape shows how incredibly complex the privacy conversation is today. To be absolutely clear: advertising is perfectly legitimate Web content. Many consumers appreciate it for many different reasons, from underwriting the cost of the content they read to making them more aware of relevant products and services. The consumer concern involves the transparency and control around the information collected and used.
Our Approach
Our approach to privacy in IE9 reflects this consumer context and our experience over the years on other trust issues like security and reliability.
IE9 enables consumers to express their preference for privacy and gives consumers a mechanism to enforce specific aspects of that preference. Consumers can do this by choosing Tracking Protection Lists from organizations they trust. These lists can block and allow third-party content in order to control what information consumers share with sites as they browse the Web. By controlling the flow of information to sites, these Tracking Protection Lists help users protect their privacy. Unlike other solutions, IE9’s benefits users even if Web sites do not respect the user’s preference to not be tracked. The ability for a site to determine that the user has expressed a desire to not be tracked (by turning the feature on) is inherent in the design of Tracking Protection.
We’re working closely with many organizations to make sure that Tracking Protection Lists are available for consumers from organizations that they can trust. Much as consumers choose where they get their news or their product review information, consumers now have a choice around what third-party sites get their information as they browse the Web. As the tracking discussion continues, these lists will evolve as well.
Improving privacy online is an ongoing conversation with many parties. We will continue to listen and participate.
—Dean Hachamovitch, Corporate Vice President, Internet Explorer
Comments
Anonymous
February 09, 2011
So, isn't a Do Not Track header kinda like a French “Do Not Invade Me” beacon?Anonymous
February 09, 2011
No it will work. I've been sending the dont-track-me, dont-phish-me, dont-give-me-popups, dont-send-me-malware headers for a while now -- so far so good!Anonymous
February 09, 2011
Wow a lot of blog posts in one day, does this mean that IE9 RC is comming out soon.Anonymous
February 09, 2011
The comment has been removedAnonymous
February 09, 2011
The comment has been removedAnonymous
February 09, 2011
I appreciate advertising. I appreciate the fact that advertisements pay for most of the content I consume online. Beyond my browser's built-in popup blocker I've never done anything to block advertisements. I'd much rather not view ads, but they're pretty harmless.Anonymous
February 09, 2011
"it will not be HTML5 compliant" If you knew anything about webstandards, you'd understand what in incredibly stupid thing you just said.Anonymous
February 09, 2011
Hello, i know this isn't post related and all but... I heard Windows 7 service pack 1 is coming out soon. Will the size of it be over 1GB or below? AND When I Install sp1 how much free space will i have.. i have 107GB free of 136GB will it go down to 99GB or 106GB? i am worried Please tell meAnonymous
February 09, 2011
The comment has been removedAnonymous
February 09, 2011
At some point I was really hoping IE9 will be included in Win7sp1. Why didn't you include (or did you?!) IE9 in Win7sp1? This would have meant almost EVERY Win7 machine would run IE9 by default.Anonymous
February 09, 2011
The comment has been removedAnonymous
February 09, 2011
@Julian: HTML5 is still far from complete, in fact it is used as a buzzword for a ton of technologies not even related to HTML5. According to the w3c test sheets, IE9 is the most compatible at the moment. However HTML5 itself is still work in progress, so it's entirely possible that half a year from now, every current browser will have a broken implementation, if they change so many things in that time. So it's utterly futile to claim that your browser supports a standard when that standard is is a work-in-progress to begin with. The same goes for any other browser claiming HTML5 compliance too. You can't be HTML5 compliant right now. At best you can have a good implementation of the current state of the HTML5 standard. It is entirely possible that IE9 may have the best or most complete HTML5 support at time of release. The problem is just that it will get outclassed fast because other browsers are updated much more often, and have a much more effective self-update system to keep things up-to-date.Anonymous
February 09, 2011
@ Arieta, I totally agree with you.Anonymous
February 09, 2011
o Arieta, a shqiptare te koke a ;) shkrum ne email ok? djetashop@hotmail.comAnonymous
February 10, 2011
Can you make the icons for the IE Blog's "home', "email", and RSS feeds smaller? 9px x 9px isn't small enough [/sarcasm]Anonymous
February 10, 2011
Hurray www.beautyoftheweb.comAnonymous
February 10, 2011
:D IE9 RC is online. You can now set te tabs on a diferent row, and there's CSS3 2D transforms hurray :DAnonymous
February 11, 2011
Did you guys actually tested it on wordpress.com writing blogs? Most of the times it doesn't work on Wordpress sitesAnonymous
February 14, 2011
http://www.partinchina.com http://www.hqew.net