Microsoft IE9 Adding Do Not Track Feature for Privacy

Microsoft is building a Tracking Protection List feature into Internet Explorer 9. Here's how it works.

Microsoft announced plans today to add new protection to block tracking in the upcoming version of Internet Explorer.

In IE9, Microsoft plans to implement a TPL (Tracking Protection List), following up on a "Do Not Track" proposal being pushed by the Federal Trade Commission. Last week, the commission released a report backing the creation of a Do Not Track mechanism to limit the ability of advertisers to collect information about the online activity of consumers.

In a question and answer on the issue, Microsoft Chief Privacy Strategist Peter Cullen said while many consumers have privacy concerns, some sharing is good, requiring that privacy involves a trade-off.

"Consumers understand that they have a relationship with the site they visit directly, whose address is clearly visible to them," he said. "The modern Web, though, means that Websites include content from many other sites as well. These 'third-party' sites are in position to potentially track consumers, via cookies and other technology mechanisms. This creates a potential trade-off for those consumers with privacy concerns."

The TPL will contain Web addresses that the browser will visit only if the consumer visits them directly by clicking on a link or typing in the address. By limiting the calls to these Websites and resources from other Web pages, the TPL limits the information these other sites can collect, Microsoft explained.

"Tracking Protection in IE9 puts people in control of what data is being shared as they move around the Web," said Dean Hachamovitch, corporate vice president and head of IE development. "It does this by enabling consumers to indicate what Websites they'd prefer to not exchange information with. Consumers do this by adding Tracking Protection Lists to Internet Explorer. Anyone, and any organization, on the Web can author and publish Tracking Protection Lists. Consumers can install more than one."

"These lists include Web addresses for IE to treat as 'Do Not Call' unless the consumer visits the address directly," he continued. "The lists also include 'OK to Call' addresses to make sure that the user can get to these addresses even if one of their lists has it as 'Do Not Call.' Once the consumer has turned on Tracking Protection, it remains on until the person turns it off."

The Tracking Protection Lists will be empty by default in order to leave control of the list up to the user and because restricting content from external sites can make some functionality in sites stop working with cookies, Web beacons and other mechanisms that are essential to how some sites operate.

The proposal in the FTC report involved providing a setting similar to a persistent cookie on a consumer's browser and conveying that setting to sites that the browser visits. This was far from the first time the idea of a Do Not Track feature came up. In 2007, privacy groups petitioned the FTC to implement it.

Meanwhile, a recent report highlighted the extent to which some popular sites, such as YouPorn, sniff browser histories and track user activity.

Microsoft said it plans to work with the online advertising community and privacy advocates.

"With all of the discussion both coming out of the FTC and elsewhere in the world about the role of browsers in the privacy space, we wanted to share our approach to protecting people from online tracking now so that the various stakeholders could provide feedback and could begin building lists before the feature ships in the release candidate of Internet Explorer 9," Hachamovitch said.