Privacy Uncertain With New IE8 Feature

Redmond continued to rebuff assertions that a "suggested sites" feature in Internet Explorer 8, currently at Beta 2 release, invades user privacy.

Redmond on Monday continued to rebuff assertions that a "suggested sites" feature in Internet Explorer 8, currently at Beta 2 release, invades user privacy.

IE8 Beta 2's suggested sites feature sends user information to Microsoft based on the URLs typed into the browser's address bar. It allows the software giant to capture an individual's browsing history only if the Web site loads. The program is not based on keystrokes as many early critics had thought. The URL capture process has come to be known as "phoning home," or encapsulating the user's search and surf patterns.

Cyra Richardson, Microsoft's program manager for the IE team, maintained that the popular browser "phones home only a limited amount of information to Microsoft and that the company discards all user IP addresses almost immediately," Richardson wrote in an e-mail.

Additionally, user permission is required before the feature can be initiated.

Richardson added that if "a user opts in to Suggested Sites, Microsoft collects Web page addresses for sites a user visits (after a URL has been logged to Internet Explorer History), information on user location (down to zip code), and the browser version."

The suggested sites feature sends the user's IP address, but Microsoft does not retain it or associate it with the other data collected. Furthermore, according to Redmond, the information is disassociated from the user if the browser history is cleared or the feature is turned off.

"Additionally, when browsing in an InPrivate session, Suggested Sites no longer aggregates suggestions," Richardson said.

However, Microsoft did contend that as of Monday, there remains a glitch in the IE8 Beta 2 version. In the event that the browser needs to be reinstalled, this glitch will keep the user permission request from reinitiating.

User behavior is already tracked to some degree by the use of cookies, which are text files exchanged between a Web server and a user's browser. Cookies, if enabled by the user, provide a personalized experience on some sites. However, they may also help identify a person when used with other information.

"The real point to argue [with Microsoft] is if the user can decide and is the vendor entirely up front and honest about what information is used and stored," said Andrew Storms, director of security at San Francisco-based nCircle.

Storms saw some reasons for optimism about browser security.

"The good news about these discussions about the phone home features in browsers is that we are having them," he said. "The more we talk about them, the more people become aware of what's going on and the more we can expect vendors to be compliant with the desires of the users."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Secured-Core PCs Promise To Stop Malware at the Firmware Level

    Microsoft and its hardware partners recently described new "Secured-core" PCs, which add protections against firmware-based attacks.

  • How To Ransomware-Proof Your Backups: 4 Key Best Practices

    Backups are the only guaranteed way to save your data after a ransomware attack. Here's how to make sure your backup strategy has ransomware mitigation built right in.

  • Microsoft Buys Mover To Aid Microsoft 365 Shifts

    Microsoft announced on Monday that it bought Mover to help organizations migrate data and shift to using Microsoft 365 services.

  • Microsoft Explains Windows 7 Extended Security Updates Setup Process

    Microsoft this week described installation instructions for volume licensing users of Windows 7 Service Pack 1 to get Extended Security Updates (ESU) activated on PCs.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.