Microsoft Should Act Now To Protect Online Privacy

Published on

Microsoft, which is trying to position itself in a major advertising campaign as a privacy friendly Internet company, should take a simple step that shows it means what it says.

Online tracking is pervasive and invasive on the Internet.  The most insidious is performed by companies that most consumers don't even know exist, so-called 3rd parties on the websites you chose to visit.  By putting little bits of computer code known as cookies on your browser, they are able to track your every move as you surf the web.

Most people don't realize the extent to which this brazen online tracking is done, but when the practice is described, they want to be able to control it.  Why should a company I know nothing about, have no say over and no relationship with be able to collect information about my online activity?  On the other hand, though most consumers want some say over whether data is collected by sites they choose to visit, they are less concerned about  such data collection by a site they have selected, a so-called first party.

Consider  If you buy a book from them, Amazon records what you've purchased and makes suggestions about other books you might like the next time you visit the site.  Many people find that helpful  and useful.

Understanding the distinction between tracking by sites you choose to visit (first parties) and sites with which you have no direct relationship (third parties), Apple's Safari browser by default has for a decade honored the privacy friendly approach by blocking cookies from sites you haven't visited.  If you want to allow 3rd party cookies to be set, you can change Safari's  preferences.  

Apple's approach isn't perfect. If your are committed, it is possible to fool the Safari browser. You'll recall that Google was caught hacking around Safari's privacy settings in violation of a consent agreement with the Federal Trade Commission and fined $22.5 million.  Nonetheless, Safari's approach has been the most privacy friendly.

Until recently the other three browsers — Mozilla's Firefox, Google's Chrome and Microsoft's Internet Explorer — have allowed users to set their preferences to block third party cookies.  But the feature was turned off by default and users had to figure out how to enable the function.  Most did not.

This spring Mozilla announced that it, too, would begin to block cookies by default from sites a user hasn't visited. The Firefox update is expected to be released this summer.  The announcement caught the ad industry's attention. One trade association executive, Mike Zaneis, called it a "nuclear first strike."

It is nothing of the sort.  Mozilla simply is honoring the consumer and privacy friendly principle that before a site can gather data about you, you should have visited the site.  You need to know who they are and what their practices are. What sort of responsible and lasting business model can be built upon spying on Internet users?

So, if Microsoft means what it says about protecting users' privacy, it should join Apple and Mozilla and start blocking cookies by default from sites not visited by the user.

There is some reason to believe Microsoft will do the right thing. You'll recall that another approach to protecting online privacy is the Do Not Track mechanism.  Under this method the browser sends a header expressing a user's desire not to be tracked.  The FTC advocated this approach in its Protecting Consumer Privacy in an Era of Rapid Change report a year ago.  All four major browsers now offer the option to send the message.

The problem is that there is no requirement that sites honor the Do Not Track request.  The World Wide Web Consortium, an Internet standards setting group, is trying to draw up compliance obligations, but those efforts have dragged on nearly two years without agreement.  What's expected to be a final meeting attempting to reach an accord is set for next week. Don't bet that anything gets accomplished.

Meanwhile, Microsoft has decided to send the Do Not Track message by default. Right now it's just a signal with virtually no listeners.  Blocking cookies from sites a user never visited would provide meaningful protection right now.  Microsoft must not hesitate to take that step in Internet Explorer, if it is actually the privacy protecting company it claims to be.

John M. Simpson
John M. Simpson
John M. Simpson is an American consumer rights advocate and former journalist. Since 2005, he has worked for Consumer Watchdog, a nonpartisan nonprofit public interest group, as the lead researcher on Inside Google, the group's effort to educate the public about Google's dominance over the internet and the need for greater online privacy.

Latest Videos

Latest Releases

In The News

Latest Report

Support Consumer Watchdog

Subscribe to our newsletter

To be updated with all the latest news, press releases and special reports.

More Releases