Internet Explorer 9 Tracking Protection & privacy control

We downloaded and installed Microsoft Internet Explorer 9 (IE9) on one of our Windows 7 Professional machines yesterday. At first glance it appears very quick to use with more compliance support for HTML5, which avoids the need for proprietary plugins and APIs. As for the improved browser technology, this probably has something to do with the improved JavaScript engine and hardware acceleration Redmond has focussed on.

I really enjoyed the clarity of the graphics and video on the web pages I visited (not every website supports IE9 right now, but in time most if not all will). One particular lovely feature is the ability to pin tabs to your Taskbar (the site uses the website ‘favicon’ as the icon), so now every app appears as a Web app. Very cool. 🙂

Now lets take a look at my subject area – the security and privacy of IE9. The download manager now scans each download file for malware (using SmartScreen), with IE SmartScreen having been updated to block malicious files even on trusted webpages which deliver third-party ads for example. Nothing new here, but still a very useful layer of protection. Now, what about ActiveX and sandboxing? The browser does indeed run sandbox plugins and uses ActiveX filtering (which isn’t a default setting) for added security as well as the useful InPrivate mode which by default hides a websites activities from third-party websites.

Worth pointing out, that IE9 is the only browser by default that stops third-party site tracking. IE9 goes one step further with InPrivate mode – it is called Tracking Protection, which provides users with the ability to control and block tracking websites from following your web activity. There are two Tracking Protection options – the first assumes you know the websites you want to block – I’d suggest using the automatic option (or downloading the Tracking Protection List or TPLs) which creates a list of third-party sites that phone home from the websites you visit. There are currently five TPL lists available: one each from Abine, EasyList and TRUSTe, and two from PrivacyChoice. The list clearly defines whether or not to block information sent to specific third-party sites.

Update 21/03/11: Which? Computing in the UK has found a flaw in the TPL rules. If there are copies of the same rule with both “allow” and “block”,”allow” has a higher priority than “block”. If a user has blocked a content provider then this means tracking information will be sent. Is it a bug? I’m  not so sure. Users are now aware that they need to check their TPL rules before being certain they don’t have duplicate “allow” and “block” entries for the same content provider. Microsoft may issue a patch for this in time.

To find out how to use the IE9 privacy and security settings:

  • Click the ‘Tools’ sprocket symbol (Alt+X) on the top right of the browser
  • Highlight ‘Safety’ and the following 8 options will be presented:

Deleting browsing history; InPrivate Browsing; Tracking Protection; ActiveX Filtering; Webpage privacy policy (allows you to accept or block page cookies); Check this website (uses SmartScreen dastabase to check for malicious websites); Turn off SmartScreen Filter; and Report unsafe website (opens a new browser window and takes you to where you can report malicious website activity).

Lastly and importantly the downside of IE9: I couldn’t find one right now. That said it’s worth noting that it only works with Windows 7 and Vista. So if you still use Windows XP, you will be unable to benefit from the improved browser and privacy experience.

IE9 security: It has been reported in the press (from the CanSecWest Pwn2Own challenge) that an ethical hacker found a remote code execution security flaw in IE9. Microsoft have confirmed that there is no remote code execution flaw with IE9. This flaw does affect previous IE versions which Microsoft says it will be patching in due course.

Safe surfing folks!

This entry was posted in browser, windows and tagged . Bookmark the permalink.

4 Responses to Internet Explorer 9 Tracking Protection & privacy control

  1. Stueeey says:

    Although I really like this feature, the part I don’t like is the fact it blocks the ads themselves. We have to realise that ads annoying at times pay the bills and if they are blocked then we will soon so a lot of subscription based content.

    I do think that it is a good move by Microsoft but I think it should block the cookie rather then the ad because it still gives the content producer the chance to make a buck!

  2. Julian says:

    #Stueeey# – you make an interesting and valid point. For me, it’s not so much about the privacy or commercial implications, but more about providing users with a choice as to whether they wish to see ads and/or allow websites and ad providers the ability to track their Internet behaviour.

  3. Ken K says:

    Stueeey, I couldn’t disagree more. Ads have gotten way out of hand. Developers make useful information intentionally difficult to access so we users have to click on more links, see more ads and line some jokers pocket who we would prefer went out of business. I will search for what I want to see/buy and ads simply drive me away to another site. With SimpleAdBlock pages load faster and I get what I’m after more safely.

  4. Jason B says:

    Ken K – If ads are that much of an issue for you then stop searching for the best price on the item you want to buy and go to the the big name website that offers the product you are looking to buy. The large retail companies don’t have ads on their site because they make plenty of money from the products that they sell. It is the smaller web companies that offer the product at a good price that have the ads, this is because they need to compensate for their low profit margin.

Leave a Reply

Your email address will not be published. Required fields are marked *