IE8 records 'pretty innocuous' information, gets user permission, argues manager
Computerworld - Microsoft Corp. today defended the Internet Explorer 8 (IE8) tool that suggests sites based on the URLs typed into its address bar, saying that the browser "phones home" only a limited amount of information to Microsoft and that the company discards all user IP addresses almost immediately.
Company managers also contrasted IE8 Beta 2's "Suggested Sites" feature with the "Suggest" feature used by rival Google Inc. in its Chrome browser, saying that Microsoft's browser requires the user's explicit permission before it's used. They did, however, acknowledge a bug that prevents the request from reappearing when users reinstalled the browser.
"We capture as little uniquely identifiable information as possible," said Cyra Richardson, a Microsoft principal program manager on the IE team. "We capture the URL that the user is visiting, the version of the browser and general locale information."
To determine the latter, and to know where to send the suggested site results, Microsoft also captures the IP address of the user, said Richardson. But unlike Google, Microsoft tosses the IP address as soon as it delivers the recommendations. "We take the IP address, get all the information that we need from it and then throw out the address," said Andy Zeigler, a program manager with the IE group. Richardson confirmed that the Suggested Sites database contained no user IP addresses.
That's in contrast to Google, which keeps the data associated with about 2% of the entries in Chrome's OmniBox, a combination address and search box that logs all keystrokes and sends them to Google so that the search company can return a list of related search queries and Web sites.
Earlier this week, Google announced it would "anonymize" all information, including the IP addresses, of the 2% of the Suggest requests that originate in Chrome and other software. Google made the change in response to criticism from consumers, European Union officials and others who were concerned over the possible privacy implications of Google recording each keystroke entered into the browser.
Richardson also said that Microsoft's Suggested Sites should not be equated with its rival's Suggest feature, because IE8 doesn't record every keystroke. Rather than transmit each character as it's typed, including partial URLs that are abandoned by the user, Suggested Sites logs and transmits only the final URL.
She used that to argue there was a difference between what Microsoft and Google logged in their browsers. "Suggested Sites is connected to the browser's history, and it's not looking at each of the keystrokes," she said. "IE only captures the URL as it is navigated [to], when that URL goes into your history." Nor does Suggested Sites log and transmit cookies to Microsoft's servers, as does Google Suggest. "The data we log is actually pretty innocuous," Richardson said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts