Microsoft IE10 Privacy Settings Draw Advertiser Fire

Privacy advocates laud Microsoft's decision to turn on "Do Not Track" by default in Internet Explorer 10.

Mathew J. Schwartz, Contributor

June 4, 2012

5 Min Read

Windows 8 Preview: Key Features

Windows 8 Preview: Key Features

Windows 8 Preview: Key Features (click image for slideshow) />

Privacy fans: Microsoft would like Internet Explorer to be your browser of choice.

Last week, Microsoft announced that its forthcoming Internet Explorer 10 would be the first browser to implement the evolving Do Not Track standard with a default setting of "on."

"In Windows 8, IE10 sends a 'Do Not Track' signal to websites by default. Consumers can change this default setting if they choose. This decision reflects our commitment to providing Windows customers an experience that is 'private by default' in an era when so much user data is collected online," said Dean Hachamovitch, Microsoft's corporate VP for Internet Explorer, in a blog post.

[ For $99, Microsoft will eliminate the junk manufacturers add to Windows 7 PCs. See Microsoft Bloatware Cleaning Offer Treats You Like Dirt. ]

"IE10 is the first browser to send a 'Do Not Track' (DNT) signal by default," he said. "While some people will say that this change is too much and others that it is not enough, we think it is progress and that consumers will favor products designed with their privacy in mind over products that are designed primarily to gather their data," he said.

The Do Not Track initiative--backed by the likes of Google, Microsoft, Twitter, and Yahoo, as well as the Digital Advertising Alliance (DAA)--is a self-regulatory framework hammered out by technology businesses, privacy and civil rights groups, and advertisers. DNT is designed to give consumers a browser button that they can click to signal to advertisers that they don't want their personal information to be tracked. While the initiative isn't--at least so far--backed by law, the White House made it a cornerstone of the Consumer Privacy Bill of Rights that it announced earlier this year.

But the Association of National Advertisers (ANA), a media and marketing trade association, quickly condemned Microsoft's enabling of DNT by default, saying it would "harm marketers' effectiveness and productivity," increase marketing costs, and lead to an increase in "untargeted, irrelevant online advertising."

"Microsoft's decision, made without industry discussion or consensus, undercuts years of tireless, collaborative efforts across the business community--efforts that were recently heralded by the White House and Federal Trade Commission as an effective way to educate consumers and address their concerns regarding data collection, targeted advertising, and privacy," said Bob Liodice, ANA president and CEO, in a statement. "We reject efforts by any provider or other group to unilaterally impose choices on the consumer in this critical area of the economy."

"On behalf of the ANA's more than 450 members and in conjunction with our sister associations that founded the DAA, we request that Microsoft reconfigure IE 10, which is now in preview mode, to contain a default 'off' browser setting for its 'Do Not Track' function in accordance with the DAA's Self-Regulatory Program," Liodice said.

Likewise, Randall Rothenberg, president and CEO of the Interactive Advertising Bureau (IAB), said in a statement that enabling Do Not Track by default "represents a step backwards in consumer choice, and we fear it will harm many of the businesses, particularly publishers, that fuel so much of the rich content on the Internet."

"We do not believe that default settings that automatically make choices for consumers increase transparency or consumer choice, nor do they factor in the need for digital businesses to innovate and thrive economically," he said. "Actions such as these will undermine the success of our industry's self-regulatory program."

The advertising industry's stated bid to empower users drew a fast response from privacy experts. "After years of tracking users without their knowledge or consent, ad industry suddenly favors a [user's] 'right to choose,'" tweeted security and privacy researcher Christopher Soghoian, further saying that "the 'right to choose' that the ad industry favors is the right to enable Do Not Track (as they want it off by default)."

Advertisers had long advocated that the industry should be allowed to self-regulate. But in late 2010, the Federal Trade Commission released a report warning that "more advanced technologies were enabling 'rapid data collection and sharing that is often invisible to consumers,'" while online privacy policies made it unclear how consumers could protect themselves. In short, the FTC declared that the self-regulatory approach to online consumer privacy had failed.

The FTC's related call for a new, consumed-focused online privacy framework was followed by revelations over supercookies used by some advertisers, which people couldn't detect or block from their browsers, and which enabled persistent tracking across websites. That led to calls by Congress for the FTC to take a closer look at the practices of online advertisers. Before long, such organizations came to the table with browser makers, as well as privacy and consumer rights groups, to begin hammering out the Do Not Track initiative.

Microsoft's move to make Do Not Track enabled by default will now also put Mozilla and Google's approach to DNT in the spotlight. "Mozilla continues to argue Do Not Track choice should be made by users. Microsoft has put them in a very tight spot," tweeted Soghoian.

More than 900 IT and security professionals responded to InformationWeek's 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights