IE8 records 'pretty innocuous' information, gets user permission, argues manager
Computerworld - Microsoft Corp. today defended the Internet Explorer 8 (IE8) tool that suggests sites based on the URLs typed into its address bar, saying that the browser "phones home" only a limited amount of information to Microsoft and that the company discards all user IP addresses almost immediately.
Company managers also contrasted IE8 Beta 2's "Suggested Sites" feature with the "Suggest" feature used by rival Google Inc. in its Chrome browser, saying that Microsoft's browser requires the user's explicit permission before it's used. They did, however, acknowledge a bug that prevents the request from reappearing when users reinstalled the browser.
"We capture as little uniquely identifiable information as possible," said Cyra Richardson, a Microsoft principal program manager on the IE team. "We capture the URL that the user is visiting, the version of the browser and general locale information."
To determine the latter, and to know where to send the suggested site results, Microsoft also captures the IP address of the user, said Richardson. But unlike Google, Microsoft tosses the IP address as soon as it delivers the recommendations. "We take the IP address, get all the information that we need from it and then throw out the address," said Andy Zeigler, a program manager with the IE group. Richardson confirmed that the Suggested Sites database contained no user IP addresses.
That's in contrast to Google, which keeps the data associated with about 2% of the entries in Chrome's OmniBox, a combination address and search box that logs all keystrokes and sends them to Google so that the search company can return a list of related search queries and Web sites.
Earlier this week, Google announced it would "anonymize" all information, including the IP addresses, of the 2% of the Suggest requests that originate in Chrome and other software. Google made the change in response to criticism from consumers, European Union officials and others who were concerned over the possible privacy implications of Google recording each keystroke entered into the browser.
Richardson also said that Microsoft's Suggested Sites should not be equated with its rival's Suggest feature, because IE8 doesn't record every keystroke. Rather than transmit each character as it's typed, including partial URLs that are abandoned by the user, Suggested Sites logs and transmits only the final URL.
She used that to argue there was a difference between what Microsoft and Google logged in their browsers. "Suggested Sites is connected to the browser's history, and it's not looking at each of the keystrokes," she said. "IE only captures the URL as it is navigated [to], when that URL goes into your history." Nor does Suggested Sites log and transmit cookies to Microsoft's servers, as does Google Suggest. "The data we log is actually pretty innocuous," Richardson said.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!