Microsoft defends IE8 'phone home' feature, clarifies privacy policy

Computerworld - Microsoft Corp. today defended the Internet Explorer 8 (IE8) tool that suggests sites based on the URLs typed into its address bar, saying that the browser "phones home" only a limited amount of information to Microsoft and that the company discards all user IP addresses almost immediately.

Company managers also contrasted IE8 Beta 2's "Suggested Sites" feature with the "Suggest" feature used by rival Google Inc. in its Chrome browser, saying that Microsoft's browser requires the user's explicit permission before it's used. They did, however, acknowledge a bug that prevents the request from reappearing when users reinstalled the browser.

"We capture as little uniquely identifiable information as possible," said Cyra Richardson, a Microsoft principal program manager on the IE team. "We capture the URL that the user is visiting, the version of the browser and general locale information."

To determine the latter, and to know where to send the suggested site results, Microsoft also captures the IP address of the user, said Richardson. But unlike Google, Microsoft tosses the IP address as soon as it delivers the recommendations. "We take the IP address, get all the information that we need from it and then throw out the address," said Andy Zeigler, a program manager with the IE group. Richardson confirmed that the Suggested Sites database contained no user IP addresses.

That's in contrast to Google, which keeps the data associated with about 2% of the entries in Chrome's OmniBox, a combination address and search box that logs all keystrokes and sends them to Google so that the search company can return a list of related search queries and Web sites.

Earlier this week, Google announced it would "anonymize" all information, including the IP addresses, of the 2% of the Suggest requests that originate in Chrome and other software. Google made the change in response to criticism from consumers, European Union officials and others who were concerned over the possible privacy implications of Google recording each keystroke entered into the browser.

Richardson also said that Microsoft's Suggested Sites should not be equated with its rival's Suggest feature, because IE8 doesn't record every keystroke. Rather than transmit each character as it's typed, including partial URLs that are abandoned by the user, Suggested Sites logs and transmits only the final URL.

She used that to argue there was a difference between what Microsoft and Google logged in their browsers. "Suggested Sites is connected to the browser's history, and it's not looking at each of the keystrokes," she said. "IE only captures the URL as it is navigated [to], when that URL goes into your history." Nor does Suggested Sites log and transmit cookies to Microsoft's servers, as does Google Suggest. "The data we log is actually pretty innocuous," Richardson said.