08:54 AM

Microsoft IE10 Privacy Settings Draw Advertiser Fire

Privacy advocates laud Microsoft's decision to turn on "Do Not Track" by default in Internet Explorer 10.

Windows 8 Preview: Key Features
Windows 8 Preview: Key Features
(click image for slideshow) />
Privacy fans: Microsoft would like Internet Explorer to be your browser of choice.

Last week, Microsoft announced that its forthcoming Internet Explorer 10 would be the first browser to implement the evolving Do Not Track standard with a default setting of "on."

"In Windows 8, IE10 sends a 'Do Not Track' signal to websites by default. Consumers can change this default setting if they choose. This decision reflects our commitment to providing Windows customers an experience that is 'private by default' in an era when so much user data is collected online," said Dean Hachamovitch, Microsoft's corporate VP for Internet Explorer, in a blog post.

[ For $99, Microsoft will eliminate the junk manufacturers add to Windows 7 PCs. See Microsoft Bloatware Cleaning Offer Treats You Like Dirt. ]

"IE10 is the first browser to send a 'Do Not Track' (DNT) signal by default," he said. "While some people will say that this change is too much and others that it is not enough, we think it is progress and that consumers will favor products designed with their privacy in mind over products that are designed primarily to gather their data," he said.

The Do Not Track initiative--backed by the likes of Google, Microsoft, Twitter, and Yahoo, as well as the Digital Advertising Alliance (DAA)--is a self-regulatory framework hammered out by technology businesses, privacy and civil rights groups, and advertisers. DNT is designed to give consumers a browser button that they can click to signal to advertisers that they don't want their personal information to be tracked. While the initiative isn't--at least so far--backed by law, the White House made it a cornerstone of the Consumer Privacy Bill of Rights that it announced earlier this year.

But the Association of National Advertisers (ANA), a media and marketing trade association, quickly condemned Microsoft's enabling of DNT by default, saying it would "harm marketers' effectiveness and productivity," increase marketing costs, and lead to an increase in "untargeted, irrelevant online advertising."

"Microsoft's decision, made without industry discussion or consensus, undercuts years of tireless, collaborative efforts across the business community--efforts that were recently heralded by the White House and Federal Trade Commission as an effective way to educate consumers and address their concerns regarding data collection, targeted advertising, and privacy," said Bob Liodice, ANA president and CEO, in a statement. "We reject efforts by any provider or other group to unilaterally impose choices on the consumer in this critical area of the economy."

"On behalf of the ANA's more than 450 members and in conjunction with our sister associations that founded the DAA, we request that Microsoft reconfigure IE 10, which is now in preview mode, to contain a default 'off' browser setting for its 'Do Not Track' function in accordance with the DAA's Self-Regulatory Program," Liodice said.

Likewise, Randall Rothenberg, president and CEO of the Interactive Advertising Bureau (IAB), said in a statement that enabling Do Not Track by default "represents a step backwards in consumer choice, and we fear it will harm many of the businesses, particularly publishers, that fuel so much of the rich content on the Internet."

"We do not believe that default settings that automatically make choices for consumers increase transparency or consumer choice, nor do they factor in the need for digital businesses to innovate and thrive economically," he said. "Actions such as these will undermine the success of our industry's self-regulatory program."

The advertising industry's stated bid to empower users drew a fast response from privacy experts. "After years of tracking users without their knowledge or consent, ad industry suddenly favors a [user's] 'right to choose,'" tweeted security and privacy researcher Christopher Soghoian, further saying that "the 'right to choose' that the ad industry favors is the right to enable Do Not Track (as they want it off by default)."

Advertisers had long advocated that the industry should be allowed to self-regulate. But in late 2010, the Federal Trade Commission released a report warning that "more advanced technologies were enabling 'rapid data collection and sharing that is often invisible to consumers,'" while online privacy policies made it unclear how consumers could protect themselves. In short, the FTC declared that the self-regulatory approach to online consumer privacy had failed.

The FTC's related call for a new, consumed-focused online privacy framework was followed by revelations over supercookies used by some advertisers, which people couldn't detect or block from their browsers, and which enabled persistent tracking across websites. That led to calls by Congress for the FTC to take a closer look at the practices of online advertisers. Before long, such organizations came to the table with browser makers, as well as privacy and consumer rights groups, to begin hammering out the Do Not Track initiative.

Microsoft's move to make Do Not Track enabled by default will now also put Mozilla and Google's approach to DNT in the spotlight. "Mozilla continues to argue Do Not Track choice should be made by users. Microsoft has put them in a very tight spot," tweeted Soghoian.

More than 900 IT and security professionals responded to InformationWeek's 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
6/4/2012 | 2:20:01 PM
re: Microsoft IE10 Privacy Settings Draw Advertiser Fire
My response to the advertisers: vai a farti fottere. My Italian pisani will understand and no doubt agree.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.