As others have written here before, users should be in control of their information. That’s at the core of privacy. Privacy has two aspects: disclosure and choice. Disclosure means informing users in plain language about the data collected about them and how it’s used. Choice means putting users in control of their data and giving them tools to protect it.
Have you ever wanted to take your web browsing “off the record”? Perhaps you’re using someone else’s computer and you don’t want them to know which sites you visited. Maybe you need to buy a gift for a loved one without ruining the surprise. Maybe you’re at an Internet kiosk and don’t want the next person using it to know at which website you bank.
What if you want to delete your browsing history after the fact, but you don’t want to lose your preferences at websites that you use frequently?
When we began planning IE8, we took a hard look at our customers’ concerns about privacy on the web. As evidenced by some of the comments on this blog during the IE7 days, many users are concerned about so-called “over-the-shoulder privacy”, or the ability to control what their spouses, friends, kids, and co-workers might see.
What about your privacy as you browse the web? As Dean outlined is his post earlier today, there is so-called “3rd-party” content on websites, some of which can gather data about how you browse the web. How do you know what that is, or how to control it?
With respect to privacy, IE8 gives users more choice about controlling what information they keep and exchange. In the first part of this post I’ll describe two Internet Explorer 8 features that help you control your history, cookies, and other information that Internet Explorer stores on your behalf. In the latter part, I’ll describe two more features that can help you control how your browsing history is shared by websites. By default, IE8 browses the web the same way IE7 does.
If you are using a shared PC, a borrowed laptop from a friend, or a public PC, sometimes you don’t want other people to know where you’ve been on the web. Internet Explorer 8’s InPrivate Browsing makes that “over the shoulder” privacy easy by not storing history, cookies, temporary Internet files, or other data.
Using InPrivate Browsing is as easy as launching a new InPrivate Browsing window. When you’re done, just close the window and IE will take care of the rest.
While InPrivate Browsing is active, the following takes place:
In Internet Explorer 7, we added a feature called Delete Browsing History that lets you delete in one click all of the information that IE saves. This is a necessary tool that is a standard feature in all modern web browsers. If there are things in your web browsing past that you want to erase, you can do that easily.
The problem is that usually you don’t want to delete everything! Cookies, in particular, are really useful for storing preferences on websites that you use frequently. Many sites have a “remember me” option, which stores a cookie on your PC and identifies your user account. Other sites, particularly financial websites, will store a cookie on each computer that you use to eliminate extra challenge questions (i.e. “What was your high school mascot?”).
IE8 solves this problem by adding an option that lets you keep cookies and temporary Internet files from websites saved in your Favorites list:
To avoid having your favorite sites “forget you”, simply add them to your Favorites, and make sure the “Preserve Favorites website data” checkbox is selected. IE will preserve any cookies or cache files that were created by websites in your favorites.
Oh – and by the way – we heard your feedback about checkboxes! Now Delete Browsing History will remember your preferences. We also added a “Delete Browsing History on Exit” feature if you really want to keep your history squeaky-clean! To do so, click Tools->Internet Options:
In his post earlier today, Dean outlined some of the privacy issues surrounding third-party content, which powers some of the rich experiences you get on the web today, such as interactive maps and social networking shortcuts (“add to Digg”).
Some third-party content is shared by multiple websites. If you happen to browse to sites that refer to the same third-party resource, i.e. a script, image, stylesheet, information is sent to that third-party. Over time, the third-party can create a profile of which websites you go to, what links you click on, etc. It’s hard to know exactly how your data will be used and with whom it will be shared without reading and understanding the privacy policy of each third-party site providing content to the website you visit,.
Consider this hypothetical example. You walk into a shopping mall. In the middle of the shopping mall, there is someone in front of a kiosk who asks you if he can record what stores you visit while you’re there as part of a survey. In order to do so, he writes down a description of what you look like – not your name – but what you’re wearing, your height, etc. In several of the stores throughout the mall, there are people who identify you based on this data, and record whether or not you visit a particular store. When the mall closes, the surveyors in the store report their tallies back to the kiosk. What the surveyor ends up with is a list of some of the stores you visit while you’re at the mall.
This is analogous to how some third-party content works on the web today. Again, without reading specific privacy policies, it’s hard to say in general what third-parties do with the data (or whether or not they record it at all).
The first difference between this mall example and the real world is that the mall survey is hypothetical. Again, different third-party sites do different things with the data they can collect, and the best way to understand what they actually do is reading their privacy policy. The other major difference between this example and the web is how explicitly users are presented with a choice about sharing their information. Clearly there are benefits to sharing your information, starting with richer experiences. Many web sites rely on third-parties to provide content and services like interactive maps and financial data, or analytics and advertising in order to operate effectively. These third-party services often collect information in order to do their jobs. There are also potential drawbacks, such as privacy risks (who has what information?) and increased exposure to malicious content. Put simply, the web relies on a trade, or value exchange, between users and sites. Information goes back and forth: in exchange for “free” services and content, users “pay” with information, not money. There is nothing wrong with such a trade, as long as users are informed and are in control of the choice.
InPrivate Blocking is a feature designed to help give you information about third-party content that has a line of sight into your web browsing, and gives you a choice about what information you share with these sites. As Dean mentioned in his post, it’s possible for sites to track users without cookies. The only way to ensure that your data is not disclosed is to block content and prevent communication to sites.
While you browse the web, your IE keeps a local record of which third-party items your browser accesses, and where they were accessed from. For example, if you visit http://www.contoso.com/index.html, which contains the following snippet:
<html> <head> <title> Contoso.com Homepage </head> … <script src=http://www.woodgrove-int.com/tracking.js> … </html>
and then visit http://www.wingtiptoys.com/, which contains the same snippet:
<html> <head> <title> Great deals at Wingtiptoys.com </head> … <script src=http://www.woodgrove-int.com/tracking.js> … </html>
Woodgrove-int.com is now in a position to know that you’ve been to both contoso.com and wingtiptoys.com.
InPrivate Blocking keeps a record of third-party items like the one above as you browse. When you choose to browse with InPrivate, IE automatically blocks sites that have “seen” you across more than ten sites.
You can also manually choose items to block or allow, or obtain information about the third-party content directly from the site by clicking the “More information from this website” link. Note that Internet Explorer will only record data for InPrivate Blocking when you are in “regular” browsing mode, as no browsing history is retained while browsing InPrivate. An easy way to think of it is that your normal browsing determines which items to block when you browse InPrivate.
Users can augment the capability of InPrivate Blocking with InPrivate Subscriptions. Some users want to protect their privacy, but don’t want to make granular decisions about content to block or allow. Users can delegate these decisions to publishers of InPrivate Subscriptions. Users can subscribe to a list the same way they add an Accelerator, Web Slice, or search provider to IE: by clicking a link on a web page and confirming that they want this functionality:
Under the covers, InPrivate Subscriptions are simply RSS feeds of Regular Expressions that specify sub-downloads to block or allow. Anyone can publish an InPrivate Subscription on their website, just as they can offer an Accelerator or Web Slice on their website. We’ll post details about the file format as part of the updated IE8 Developer’s Guide with Beta 2.
IE8 helps put you in control of your data, both on your PC and on the Web. IE8 Beta 2 is coming soon, and I encourage you to download it and give us feedback.
Andy Zeigler Program Manager
P.S. Check out Dean and Andy talking about IE8 and Privacy on Channel 9.
Edit: Added a P.S.
PingBack from http://hubsfunnywallpaper.cn/?p=2221
This looks like a good set of features. But, I think the question that practically everyone who reads this blog wants to know is - "When will Beta 2 be available?"
This looks cool. Is this also configurable with group policies.
@Will Peavy:
As I mentioned a while back,(http://blogs.msdn.com/ie/archive/2008/06/03/ie8-beta-2-coming-in-august.aspx) we're planning on releasing beta 2 in August. There are still a few days left...
@ajo
Yes, like most IE features, IT Admins can configure and control these features via Group Policy.
@Will Peavy: Roumors say it's August 28th. And since the team still says it's August, this must be it. I doubt a release will happen on Friday.
Am I the only one who thinks that this is perhaps a huge waste of time doomed to substandard success and spectacular failure as people realize it only "sort of works" thanks to endless ways to work around it that will inevitably be found over time?
Dropping the referal URL in requests to third party sites would be more effective and less work intensive (and also doomed to failure sooner or later).
I think this is time that could be better spent on standards adherance instead. Browser privacy is an illusion, why give people a false sense of security when the inevitable PR backlash is just going to bite you in the ass? Foolish, I think.
@Xepol
I thought the same thing. I saw that there were 2 new posts and thought awesome since their last post about CSS maybe they have some updates.
Was I completely wrong? I am deeply sadden, I hope that only 1 person on the IE team worked on this otherwise, it was a complete time waster on their part.
What is it with saving screenshots as jpeg and then converting them to png?
my concern is that one is not able to determine at a glance what mode one is fully using. my suggestion:
- let the address bar say INPRIVATE when browsing inprivate and not using blocking
- let the address bar say INPRIVATE BLOCKING when browsing inprivate and using blocking
- let the address bar say BLOCKING when browsing normally (not inprivate) and using blocking
- let the address bar say nothing when browsing normally (not inprivate) and not using blocking.
I have not seen the beta; if this has already been done, bravo!!!
Now, it would be nice if "inprivate blocking" was just called "blocking", to avoid confusion with simply "inprivate".
If you are concerned that "idiots" might think their browsing is somehow blocked when they see "BLOCKING" then call it "INPRIVATE PLUS".
I don't think a big blue button announcing to everyone that you're using enhanced privacy settings is very private. I believe Mozilla Firefox 3.1 will include a similar, but less conspicuous feature and will be released around the same time at the end of this year.
Please help me to understand this clearer,
"InPrivate browsing" is not "Anonymous browsing" , and "inPrivate blocking browsing" is just "partial anonymos browsing? since if the users dont have any history then they can not browse the web anonymously?
So there is no way to browse the web anonymously? and this new "inPrivate" feature is only good when using strange computers?
Thanks
"Have you ever wanted to take your web browsing “off the record”? Perhaps you’re using someone else’s computer and you don’t want them to know which sites you visited. Maybe you need to buy a gift for a loved one without ruining the surprise. Maybe you’re at an Internet kiosk and don’t want the next person using it to know at which website you bank."
You know as well as I do this feature is built for porn :)
So web site developers will not be able to rely on commonly used Javascript files (like Google Analytics) any more? One would have to proxy it through your own site to avoid the 10-site filter. Ugh.
Congratulations on the new privacy feature. The new in-private and blocking modes are certainly a first step in the right direction and will help raise broader awareness about privacy issues on today's Web.
Please also provide new APIs for add-on developers such as notifying add-ons about when inprivate mode is on or off, and allow them to enalbe or disable it programmatically.