September 03, 2008

Privacy Concerns in Microsoft's New IE8 Web Browser

Greetings. Yesterday I posted some thoughts on the privacy policy associated with Google's new Chrome Web browser, and gave the open-source product -- which has a great deal of potential -- an overall thumbs-up based on current information.

I'm afraid that I'm much more concerned about the privacy policy for Microsoft's new Internet Explorer 8 browser (which of course is not open source). While overall functionality and touted privacy improvements appear to be similar in many ways to Chrome, some of the specific privacy-related decisions in IE8 are very different from Chrome -- and not necessarily in a good way. One in particular is significantly alarming.

Some aspects of these issues related to IE8 are not entirely clear only from a reading of the policy -- for example, it appears that IE8's anti-phishing mechanism sends complete URLs, not hashes, to MS and can leak personal URL data, but I'd like to verify this fully -- so I will withhold detailed comment on several concerns for now until I can obtain more information from Microsoft.

But I do want to draw your attention to IE8's "Suggested Sites" feature. While the IE privacy policy suggests that this feature is turned off by default (unlike Chrome's "Google Suggest" feature which is on by default), Suggested Sites appears to carry much higher abuse potential. While Google Suggest only operates on URLs entered manually at the URL location bar, MS' Suggested Sites reportedly transmits your entire Web browsing history to Microsoft, including in some cases search terms and potentially personal information included in URLs!

The IE8 privacy policy notes:

When Suggested Sites is turned on, the addresses of websites you visit are sent to Microsoft, together with some standard information from your computer such as IP address, browser type, regional and language settings. To help protect your privacy, the information is encrypted when sent to Microsoft. Information associated with the web address, such as search terms or data you entered in forms might be included. For example, if you visited the search website at and entered "Seattle" as the search term, the full address will be sent. Address strings might unintentionally contain personal information, but this information is not used to identify, contact or target advertising to you.

Note that the mention of encryption only appears to apply to the actual transit of the data -- Microsoft will apparently end up with a complete copy of your browsing history and associated URL data fields from throughout the Internet, creating a significant potential privacy risk of abuse by outside parties demanding access to this information from Microsoft.

There are certainly other tools that also can be configured to send users' Web browsing history on an ongoing basis to their developers (either as part of basic or extended functionalities), including from Google. However, it is notable that in the design decisions associated with a fundamental "must have" tool like a Web browser, the privacy abuse potential associated with IE8 appears to be much higher than that for Chrome -- simply because the Suggestion feature in IE8 appears to transmit the entire Web browsing history and associated full URL data including any personal information, vs. Chrome's transmission only of directly entered URLs (which by the way are unlikely to contain personal data fields).

While it's true that Chrome's suggestion feature is on by default and IE8's reportedly is off by default, on balance the potential for privacy abuse in the IE8 implementation is of vastly greater concern. At a minimum, I would urge users of IE8 to keep Suggested Sites turned off at all times.

I'll have more to say about IE8 and Chrome as information and my experiences with the products expand.


Posted by Lauren at September 3, 2008 08:34 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein