This blog post frames our approach in IE8 for delivering trustworthy browsing. The topic is complicated enough that some context and even history (before we go into any particular feature) is important, and so some readers may find this post a bit basic as it’s written for a wide audience. In previous posts here, we’ve written about IE8 for developers: the work in standards support, developer tools, script performance, and more. In future posts, we’ll write about IE8 for end-users (beyond the benefits of improved performance, activities, and Web Slices). This post starts a series about trustworthy browsing, a topic important for developers and end-users and everyone on the web. By setting the context and motivation with this post, the next posts that dive into the details of IE8 will build on this foundation.
Trustworthy refers to one of our overall goals: provide the most secure and most reliable browser that respects user choice and keeps users in control of their machine and their information. For reference, Microsoft’s framework for Trustworthy Computing in general spans four areas: security, privacy, reliability, and business practices.
Security is often where the trust discussion begins. Narrowly, security in this context means “as the user browses the web, the only code that runs on the user’s machine is code that the user allows to run". For example, when the user visits “www.somebadsite.com” the site should not be able to just run “virus.exe” and infect the user’s machine with malware. IE7 made a lot of progress on security, starting with Protected Mode and developing IE to be “secure by design, secure by default” as part of the following SDL requirements. IE7 was the first browser to support Extended Validation certificates to help protect users from deceptive websites, as well as delivering anti-phishing protection, International Domain Name support with protection from deceptive websites, a richer SSL experience and support for stronger SSL cipher algorithms, ActiveX opt-in, and great integration with Parental Controls in Windows Vista. We have done even more security work in IE8 to address the evolving threat environment.
Privacy is a complex topic that more often than not puts one party in conflict with another. If security boils down to “the user is in control of what code runs on the machine,” then privacy boils down to “the user is in control of what information the browser makes available to websites". Many people immediately think of “cookies” at this point because so much discussion and early work around privacy focused on the specific implementation of cookies. Cookies and cookie protection are definitely one aspect of the online privacy discussion. IE6 included innovative work implementing the P3P web standard (from the W3C), and both IE6 and IE7 use it to block cookies from websites that don’t have a privacy policy that complies with the user’s settings. It’s a great example of a privacy protection in use today on the web. In IE7, deleting cookies as well as other information that shows where the user has been on the web is much easier. That said, there’s more to online privacy than cookies, as cookies are only one implementation of content that can disclose information to websites. In some discussions, people have also described IE7’s Phishing Filter as a privacy feature because it helps protect users from sharing information. The larger challenge here is notifying users clearly about what sites they’re disclosing information to and enabling them to control that disclosure if they choose. As we talk more about privacy, we will broaden the discussion to include additional protections from sharing information that the browser can offer users.
Reliability is relatively simple: the browser should always start, find the Internet, and show web sites without crashing. We define reliability to mean “as the user browses the web, the browser performs well and does not terminate unexpectedly". End-users really don’t care about the cause of instability in the system – malformed web pages (see the old Slashdot article that this post refers to, for example) or third-party extensions (like toolbars; see this post about IE7’s “No Add-ons” functionality) – they just want the browser to work. In addition, when something does go wrong, an important part of reliability is how gracefully the browser recovers from the unexpected. Another aspect of reliability is that sites continue to render correctly. We’ll post more here about the work we’ve done to make IE8 more robust, as well as more interoperable and compatible at the same time.
Business practices guide decisions we make in designing and distributing our products. The key principle here is respecting user choice. For example, when a user installs a new version of IE, IE respects the user’s choice of default search engine. In IE, the user can add or remove different search providers using OpenSearch, a public and open standard that some other browsers have chosen to support as well. IE respects the user’s choice of system defaults (Windows Vista’s “Default Programs” functionality, as well as Windows XP’s Set Program Access Defaults). Explicitly asking the user before installing a new version of IE is key to respecting the user’s browser choice.
Ultimately, trustworthy browsing is about enabling users to be in control and respecting the choices users make. Specifically, it’s about enabling users to be in control of their machine, of their browser, of their settings, of their experience, of what data they share with whom when. Each part of trustworthy browsing involves an industry-wide challenge. For example, security is an industry challenge; every browser on the web faces attacks.
While all these statements may sound inherently obvious to some readers, these topics are so important that we thought it would be good to talk in general about how we think about them overall. Over the coming weeks this blog series will talk about how we’re making progress against these challenges, to set the stage for the release of IE8 Beta 2 in August.
Thanks,
Dean Hachamovitch General Manager Internet Explorer
Edit: removed hyperlink
The General Manager of Internet Explorer doesn't know that you check an URL before posting it, or you use the canonical "example.com"?
"Edit: removed hyperlink"
Oh come on, Dean. Where's the humor? :P
One thing I would very much like is for instnaces of IE to be more separated in memory. That way if one tab or window crashed it wouldn't bring down the others. Good crash recovery is also a must for IE8.
Finally, though, I think the problem of toolbars etc should be dealt with once and for all. When an add-on is identified as the cause of a browser crash, that add-on should be disabled and the user notified. Maybe that would encourage the developers of buggy code (looking at Apple here and their ghastly Quicktime...) to make their add-ons run properly.
long's actions are outright ridiculous. sure, ms is gonna drive traffic to him, let him make adsense-money at their expense. just for the fun of it. sure.
Re: "people have also described IE7's Phishing Filter as a privacy feature because it helps protect users from sharing information"
Yet they are happy to send every single URL they browse to Microsoft or one of their agents.
How about another requirement for a 'trustworthy' IE.
Comply with standards - Complying with standards is very important for a globally accessible world wide web. We at Microsoft are committed to following standards and working with the W3C to develop standards BEFORE implementing them in our browser. We refuse to go back to the old days of trying to create a proprietary web. We understand that this makes web developers trust us, because we are all about helping developers, developers, developers.
@Ozzie,
I find this hilarious, but somebadsite.com seems to consistently crash my version of Firefox 3.0. That really is a bad site!
Restricting cookies is useless for protecting privacy. You should speak to your colleagues in MSN AdCenter and ask how it is possible to track individual users without cookies enabled. It is even possible to track different users of one PC by their behaviour and different PCs in one house by their UA strings.
To give proper privacy you would have to redirect all browsing sessions to the Tor network and randomise their user agent string.
Blocking tracking domains in the local hosts file is a better way to control privacy, once you make the request it does not matter if you are sending cookies or not.
Asking users what information to send is useless because they don't know. It will be like UAC where it is either turned off or becomes such an annoyance that they switch to another browser. P3P was not successful and only made more work for us developers. P3P on steroids will be more of the same.
Trustworthy: "provide the most secure and most reliable browser that respects user choice and keeps users in control of their machine and their information".
"most secure and most reliable"? - woops! I think this is a line describing a better more robust open source browser that runs on multiple OS's and in 30 odd languages... made by the Mozilla organization.
I think its called Firefox.
I think the quote for IE should be:
"Trustworthy refers to one of our overall goals: provide the most secure and most reliable browser ***THAT WE CAN*** that respects user choice and keeps users in control of their machine and their information."
To suggest that IE "is" the most (secure|reliable) browser shows utter naivety or blatant self-propaganda.
The "most secure|reliable browser" is also something, something..stupid. Every browser has it flaws, maybe IE some more than others, but hey. They are at least trying to make it better then before.
Some competitions among browsers can't hurt the end user, right?
uh, guys, read the start of the sentence. it's their goal. not all obvious how to even judge what the most secure reliable browser is...
Hello Mr Hachamovitch,
I agree and support "billibob"'s post
{
"Complying with standards is very important for a globally accessible world wide web. We at Microsoft are committed to following standards and working with the W3C to develop standards BEFORE implementing them in our browser. We refuse to go back to the old days of trying to create a proprietary web. We understand that this makes web developers trust us, because we are all about helping developers, developers, developers."
}
on compliance with W3C web standards. That too should be a very "loud and clear", visible, resounding and echoing commitment regarding IE 8 (and future releases of IE) trustworthy browsing.
In the past (say, from late 2001 to 2004 inclusively), Microsoft's commitments toward implementing W3C web standards (HTML 4, CSS 1, CSS 2.x, DOM 1, DOM 2, ATAG 1, UAAG 1, etc) have been weak, unreliable, not trustworthy. I don't want to pounce furthermore on this issue because I can see, verify and measure results, improvements, better compliance, particularly in the CSS 2.1 spec in IE 8.
IE 8 and UAAG guidelines/recommendations. I'd like to see Microsoft commit to this formally.
Font-size control by the user (Jakob Nielsen)
www.useit.com/alertbox/20020819.html
A lot of ageing baby-boomers are now more and more fighting/struggling with webpages using 9px, 10px, 11px, 12px font-size.
This was mentioned before by me at
channel9.msdn.com/Wiki/InternetExplorerFeatureRequests
and also in IE blog by 2 posters (Jordan Biserkov March 27th and Cecil Ward April 4th) regarding
"Internet Explorer 8 and Adaptive Zoom" IE blog post on March 25th 2008 from Saloni Mira Rai.
"For this year's list of worst design mistakes, (...) I asked readers of my newsletter to nominate the usability problems they found the most irritating. (...) Bad fonts won the vote by a landslide, getting almost twice as many votes as the #2 mistake. About two-thirds of the voters complained about small font sizes or frozen font sizes;"
Top Ten Web Design Mistakes of 2005: 1. Legibility Problems
"
www.useit.com/alertbox/designmistakes.html
Educate web designers on best coding (web standards compliant, interoperable and accessible) practices (at MSDN2 and elsewhere) and then practice what you preach. I often stumble on non-text-size-resizable webpages at Microsoft.
Regards,
Gérard
I have been running ie7 for a long time and in the last few days it has been crashing frequently. I reloaded it from scratch with all of the updates and that did not fix the problem. My PC is current on all MS updates. I have been reporting this to MS ever since it started. Is this a known problem?
@Bob: This is almost always caused by a buggy addon. Please see http://www.enhanceie.com/ie/troubleshoot.asp for information on how to verify.
I think people take their hatred for MS too far and then impose that on IE. I read an article that said that MFF hasn't updated their security index in over 2 years. Now, they've released MFF 3.0, so maybe that has changed, but MSIE is always updated. Also, I find that MSIE renders things must cleaner then MFF. MFF seems to try to render things so crisp and sharp that they hurt my eyes to look at. Also, MFF pisses me off when I try to use floats and absolut positioning through CSS. Lastly, MSIE loads on almost all of my computers 2-3x faster than MFF.
I say MSIE is doing fine and I look foward to what they have coming. People who die-hard love MFF and resent MSIE usually just have previous anti-MS feelings. I use IE all the time and almost never have problems. In fact, the MS sanctioned Web Developer toolkit may not be as advanced as MFF's (which I love) but it's getting there.