HTML5 Privacy: Transparency in a Complex On-Line World

February 10th, 2011

Today the University of California Berkeley Center for Law & Technology held a Browser Privacy Mechanisms Roundtable with participants from government, including Commissioner Julie Brill and Chief Technologist Ed Felten from the US Federal Trade Commission, academia, and industry, including Microsoft. Privacy spans technology and policy, and conversations that reflect these different points of view are important to have publicly.

During the sessions, Microsoft announced that it is bringing our HTML5 Privacy design to the W3C for standardization. We’ve done this as a result of conversations on this topic with the W3C. As HTML5 enables innovation, we want to make sure it respects consumer privacy as well. Bringing Tracking Protection and related technology – like a persistent user setting about tracking preferences – to the W3C is important for a consistent and interoperable approach to privacy for developers and consumers alike. Standardizing how consumers signal their desire to not be tracked is important in the long term, especially when combined with clearer industry definitions of tracking and new laws and regulations that could help law enforcement protect consumers in some scenarios.

Building on our previous posts on this topic, below is an overview of some of the other conversations from the conference.

Starting with Consumers

A good place to start is with consumers on the Web. Consumers are increasingly wary, often out of necessity. In addition to rich Web content and Web applications, they face security risks like malicious sites and phishing scams. Even on sites, consumers know and trust, bad things often happen. It’s easy to almost follow a bad link from a friend on Facebook, or become a victim of malvertising when a malicious advertisement appears on an otherwise trustworthy site. These patterns of justified consumer skepticism started long ago when some sites started popping up windows that users did not want. Consumer empowerment started with pop-up blockers and moved on to many other forms of protection, from malware and phishing to XSS and clickjacking and many others. In light of all these issues, it’s understandable that consumers hesitate before trusting anyone on the Web.

Consumers have become increasingly concerned about privacy. This diagram of the technology landscape shows how incredibly complex the privacy conversation is today. To be absolutely clear: advertising is perfectly legitimate Web content. Many consumers appreciate it for many different reasons, from underwriting the cost of the content they read to make them more aware of relevant products and services. The consumer concern involves the transparency and control around the information collected and used.

Our Approach

Our approach to privacy in IE9 reflects this consumer context and our experience over the years on other trust issues like security and reliability.

IE9 enables consumers to express their preference for privacy and gives consumers a mechanism to enforce specific aspects of that preference. Consumers can do this by choosing Tracking Protection Lists from organizations they trust. These lists can block and allow third-party content in order to control what information consumers share with sites as they browse the Web. By controlling the flow of information to sites, these Tracking Protection Lists help users protect their privacy. Unlike other solutions, IE9’s benefits users even if Web sites do not respect the user’s preference to not be tracked. The ability for a site to determine that the user has expressed a desire to not be tracked (by turning the feature on) is inherent in the design of Tracking Protection.

We’re working closely with many organizations to make sure that Tracking Protection Lists are available for consumers from organizations that they can trust. Much as consumers choose where they get their news or their product review information, consumers now have a choice around what third-party sites get their information as they browse the Web. As the tracking discussion continues, these lists will evolve as well.

Improving privacy online is an ongoing conversation with many parties. We will continue to listen and participate.

—Dean Hachamovitch, Corporate Vice President, Internet Explorer