Partager via

Protecting Consumers’ Privacy Online

  • Article

This morning in the United States, the White House announced a new “Consumer Privacy Bill of Rights” as part of the effort to improve consumers’ online privacy. As I’ve mentioned before, Microsoft is actively participating in the industry initiative for Tracking Protection at the W3C to produce Web standards for online privacy.

The Tracking Protection Working Group is chartered to work on two complementary initiatives: Tracking Preference Expression (Do Not Track) and Tracking Selection Lists (TSL). The TSL editor’s draft defines a format for interchangeable lists for blocking or allowing tracking elements from Web pages. Last month, at the W3C face-to-face meeting, the working group decided that a sub-group (or “task force”) of those interested in TSLs should work on the specification together.

Work on Do Not Track (DNT) is continuing and the W3C expects this to become a standard sometime in 2012. In the meantime, IE’s Tracking Protection feature is available to IE9 and IE10 users today. This is the only technology that can filter out unwanted cookies, beacons, and other tracking devices without requiring Web sites, advertisers, and publishers to change.

At the CPDP 2012 conference in Brussels, Simon Davies and Alexander Hanff of Privacy International launched two new tracking protection lists designed to protect consumers from Web Analytics and Behavioural Tracking. These lists are available from https://www.privacyonline.org.uk/. Check out the complete set of Tracking Protection Lists available from the IE Gallery (including the popular EasyPrivacy and Fanboy lists).

--Adrian Bateman, Program Manager, Internet Explorer

 

Note: Correction in last paragraph

Comments

  • Anonymous
    February 23, 2012
    When will we get support for user editable TPL lists in IE?

  • Anonymous
    February 23, 2012
    Do it today! It's not hard. Anyone can edit a list

  • Anonymous
    February 23, 2012
    I have used TPLs to compile this ad blocking TPL for IE9/IE10 users: www.quero.at/adblock_ie_tpl.php One serious limitation though, is that Tracking Protection Lists do not filter first-party content. So, let's say if you block example.com/tracking.js, the JavaScript file is not blocked if you are browsing on example.com. It is only blocked if you are browsing a different domain that references the tracking.js file, but not if you are directly on example.com. It would be cool if this limitation is dropped in future versions or in the upcoming standard to enable more flexible and powerful content filtering lists.

  • Anonymous
    February 23, 2012
    The comment has been removed

  • Anonymous
    February 23, 2012
    "American consumers can't wait any longer for clear rules of the road that ensure their personal information is safe online," news4geeks.net/.../white-house-pushes-for-new-privacy-codes-of-conduct

will gov hire hackers to prove that data is keep is safe :) ?

  • Anonymous
    February 23, 2012
    how about adblocker? Will you guys provide inbuilt adblocker feature as a part of Internet Explorer 10? or you pass the suggestion in order to promote that irritating ad of yours on Hotmail page!!

  • Anonymous
    February 23, 2012
    Hello. There is one feature that is present in all major browsers, except IE: Caret Remembrance. Here is the problem described: www.tinymce.com/.../bugtracker_view.php I wonder whether this one is fixed in IE10?

  • Anonymous
    February 24, 2012
    Like a boss

  • Anonymous
    February 24, 2012
    Arieta, You can make changes to an installed Tracking Protection List by going to: %LocalAppData%MicrosoftInternet ExplorerTracking Protection ...and opening them with a standard text editor. Adding your own rules is simple enough. You can follow the syntax at: www.w3.org/.../web-tracking-protection If you're interested in adding your own Tracking Protection List, you'll need to host the .TPL file somewhere on the web you can access directly (Dropbox might work) and then create a web page (you can create the page locally) with a link to (using the anchor tag): javascript:window.external.msAddTrackingProtectionList('<Tracking Protection List URL>', '<Name of List>') Hosting it locally doesn't seem to work, unfortunately. If you want, you can use my personal Tracking Protection List as a starting point. Note that you'll have to re-host it to prevent your updates being reverted since the standard doesn't allow me to disable auto-updating. You'll also have to update the online copy whenever you make changes because the auto-update feature will revert them as well otherwise. My list is available at: http://ninstar.co.cc/rules.tpl Following the link on its own will let you see the contents of the list before installing it. Hope this helps you out. :)

  • Anonymous
    February 24, 2012
    MushMan your "list" is just Easy privacy re-packaged.

  • Anonymous
    February 25, 2012
    Fanboy, If you scroll down, you'll find more lists I threw in. Yes, it does include Easy Privacy's list. It also includes more general rules from an old list I used in IE8 but had to convert so it would work in IE9. Sorry for the confusion. :)

  • Anonymous
    February 26, 2012
    Is there something in the spec preventing us blocking 1st Party items?

  • Anonymous
    February 26, 2012
    Mushman: The necessary online hosting and cumbersome manual editing is the exact reason why I say that they are not use editable.

  • Anonymous
    February 27, 2012
    @Fanboy >Is there something in the spec preventing us blocking 1st Party items? www.w3.org/.../SUBM-web-tracking-protection-20110224 It seems the spec only targets third-party content, but does NOT block first-party tracking scripts and tracking images (web bugs). This is a serious limitation in my opinion, that should be dropped. The IE team should make first-party content also blockable.

  • Anonymous
    February 27, 2012
    @Victor "The IE team should make first-party content also blockable." How would you distinguish tracking content from he normal website content.

  • Anonymous
    February 27, 2012
    @A_Zune >How would you distinguish tracking content from he normal website content. Many websites use web bugs (1x1 pixel images such as example.com/track.gif?id=x&page=y&session=z...) to track the user behavior. By adding a URL-based rule (such as -d example.com/track.gif) it would be possible to specifically block that image or a tracking JavaScript. But TPL currently does NOT allow to block first-party content.

  • Anonymous
    February 27, 2012
    The comment has been removed

  • Anonymous
    February 27, 2012
    So why should we as users and developers trust Microsoft to implement this (or any security/privacy/anti-adware) policy? None of us have forgotten that it was Microsoft that first introduced the .popup() method as a proprietary IE only method to create chrome-less advertizing popup windows that could take over the entire screen and even cover the underlying windows chrome and controls. Internet Explorer pioneered the abilities for all shady advertisers to push garbage on unsuspecting users - so why is Microsoft trying to convince us that they are not a wolf in sheep's clothing?! I think an apology for past practices would go a long way to convincing users that Microsoft's intentions are pure this time around.

  • Anonymous
    February 27, 2012
    The comment has been removed

  • Anonymous
    February 27, 2012
    The comment has been removed

  • Anonymous
    February 27, 2012
    The comment has been removed

  • Anonymous
    February 29, 2012
    very nice idea and me who help me with some idea for a forum to implement  http://www.hobby-zoo.ro  and I thank

  • Anonymous
    March 07, 2012
    The comment has been removed