All posts tagged ‘IE’

File Under: Browsers

Microsoft: ‘Do Not Track’ Is Good for Users, On by Default in IE 10

Microsoft is doubling down on its support for the Do Not Track (DNT) tools in its coming Internet Explorer 10. Despite some criticism the company plans to go ahead with its decision to turn on the DNT setting by default, though Microsoft says there will be an option to disable it during the initial IE setup process.

While Firefox, Safari and Opera also support the Do Not Track header, which tells websites and their advertising partners not to track your movements around the web, IE 10 will be the first to enable it by default.

Brendon Lynch, Microsoft’s Chief Privacy Officer, says that “DNT will be enabled in the ‘Express Settings’ portion of the Windows 8 set-up experience…. There, customers will also be given a ‘Customize’ option, allowing them to easily switch DNT off if they’d like.”

Turning DNT on by default in Internet Explorer 10 means that for the first time a significant number of users will be opting out of ad tracking.

Behavioral tracking, as such practices are often called, is common on the web. Advertisers use cookies to track your clicks, watching which sites you visit, what you buy and even, in the case of mobile browsers, where you go. Often the sites tracking you are not just the sites you’ve actually visited, but third-party sites running ads on those pages.

Privacy advocates at Mozilla created DNT as a way for users to tell advertisers to stop the tracking. The W3C is in the process of turning DNT into a web standard.

Of course for DNT to work it requires advertisers to respect it. Despite the fact that DNT is counter to their interests, several of the major ad groups on the web have pledged to respect it. But thus far, because DNT is off by default in all the web browsers that support it, use is not widespread. Advertisers know that very few users change the default settings, so most people are unlikely to ever enable DNT, making support a less threatening proposition for advertisers.

IE 10 will be the first real test of whether or not ad groups will continue to support DNT. Microsoft took quite a bit of heat from ad groups back when it first announced that DNT would be on by default. Microsoft has defended its choice, arguing that DNT is good for users. As Lynch writes, “our approach to DNT in IE10 is part of our commitment to privacy by design and putting people first. We believe consumers should have more control over how data about their online behavior is tracked, shared, and used.”

If you’d like to do more than rely on the good faith of advertisers to respect your privacy, see our earlier article, Secure Your Browser: Add-Ons to Stop Web Tracking.

File Under: Browsers

Retailer ‘Taxes’ Customers Still Using Internet Explorer 7

Kogan, an Australian online electronics dealer, has started imposing a “tax” on customers visiting its site using Internet Explorer 7 (and presumably below, though the announcement doesn’t mention IE6). Yes, that’s right, IE7 users visiting Kogan will pay more than those using a modern web browser. Or, more likely, they’ll just shop elsewhere.

Here’s how the tax will work according the Kogan’s blog: “From today, anyone buying from the site who uses IE7 will be lumped with a 6.8% surcharge — that’s 0.1% for each month IE7 has been on the market.” The post goes on to claim that the move will help Kogan “keep prices for all smart shoppers down.” Sure it’s a cheap, attention-getting gimmick, but who hasn’t wanted to ban IE?

Even Microsoft is frustrated with older versions of Internet Explorer that still hang around. The company already has a site dedicated to tracking the demise of IE6, and it’s not a stretch to imagine that it will soon be extending that death wish to IE7.

That said, browsing through Kogan’s site it’s hard to see what about it is causing IE7 headaches for Kogan. We’re no fans of IE 7, but building websites following best practices like progressive enhancement means your site will work even in older browsers. It may not always look exactly the same as more capable browsers, but it will at least function. In my brief testing it appears that Kogan’s site does indeed work in IE7, though the company might need a few lines of IE7-only CSS to clean things up.

Contrary to what Kogan says, starting with the foundations layering on extras as you go means supporting IE7 isn’t a cost of doing business, it’s just a nice by-product of the process of building successful websites — like supporting older mobile browsers, feature phones, televisions, gaming consoles and dozens of other web-connected devices that aren’t always going to function as well as a desktop browser.

File Under: Browsers, privacy

Google Tricks Internet Explorer into Accepting Tracking Cookies, Microsoft Claims

Google was caught last week bypassing default privacy settings in the Safari browser in order to serve up tracking cookies. The company claimed the situation was an accident and limited only to the Safari web browser, but today Microsoft claimed Google is doing much the same thing with Internet Explorer.

In a blog post titled “Google bypassing user privacy settings” Microsoft’s IE Corporate Vice President Dean Hachamovitch states that “When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”

Hachamovitch explains that IE’s default configuration blocks third-party cookies unless presented with a “P3P (Platform for Privacy Preferences Project) Compact Policy Statement” indicating that the site will not use the cookie to track the user. Microsoft accuses Google of sending a string of text that tricks the browser into thinking the cookie won’t be used for tracking. “By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked,” Microsoft said.

The text allegedly sent by Google actually reads “This is not a P3P policy” and includes a link to a Google page which says cookies used to secure and authenticate Google users are needed to store user preferences, and that the P3P protocol “was not designed with situations like these in mind.”

Microsoft said it has contacted Google to ask the company to “commit to honoring P3P privacy settings for users of all browsers.” Microsoft also updated the Tracking Protection Lists in IE9 to prevent the tracking described by Hachamovitch in the blog post. Ars has contacted Google to see if the company has any response to the Microsoft allegations, and we’ll update this post if we hear back.

UPDATE: It turns out Facebook and many other sites are using an almost identical scheme to override Internet Explorer’s privacy setting, according to privacy researcher Lorrie Faith Cranor at Carnegie Mellon University. “Companies have discovered that they can lie in their [P3P policies] and nobody bothers to do anything about it,” Cranor wrote in a recent blog post.

UPDATE 2: Google has gotten back to us with a lengthy reply, arguing that Microsoft’s reliance on P3P forces outdated practices onto modern websites, and points to a study conducted in 2010 (the Carnegie Mellon research from Cranor and her colleagues) that studied 33,000 sites and found about a third of them were circumventing P3P in Internet Explorer.

“Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” Google Senior VP of Communications and Policy Rachel Whetstone says in a statement e-mailed to Ars. “It is well known—including by Microsoft—that it is impractical to comply with Microsoft’s request while providing modern web functionality.”

Facebook’s “Like” button, the ability to sign into websites using your Google account “and hundreds more modern web services” would be broken by Microsoft’s P3P policy, Google says. “It is well known that it is impractical to comply with Microsoft’s request while providing this web functionality,” Whetstone said. “Today the Microsoft policy is widely non-operational.”

That 2010 research even calls out Microsoft’s own msn.com and live.com for providing invalid P3P policy statements. The research paper further states that “Microsoft’s support website recommends the use of invalid CPs as a work-around for a problem in IE.”

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

File Under: Browsers

Microsoft Touts Plugin-Free Web, Offers Desktop Fallback for Flash

Microsoft’s new version of Internet Explorer has barred browser plugins in the Metro environment. But Microsoft has revealed a method that plugin-dependent websites can use to leap over Metro’s walls and reach the green fields of the conventional Windows desktop, where Flash is still allowed to roam free.

The relevance of proprietary browser plugins is declining as standards-based web technologies mature. Native web technologies don’t yet supply complete functional equivalence with the capabilities of plugins, but the open web has the advantage of greater ubiquity.

The ubiquity of native web standards over proprietary plugins is set to get a major boost from Microsoft with the launch of Windows 8 and Internet Explorer 10. As we have previously reported, the next major version of Microsoft’s web browser will not display plugins in the Metro environment, which will be the default shell in Windows 8.

Microsoft has published a series of posts in its official IE development blog that discuss the implications of this change and what it means for users and web developers. In a new post published this week, IE program manager lead John Hrvatin highlighted the advantages of plugin-free browsing and emphasized the need for web developers to start supporting users who browse in environments that don’t have plugins enabled.

“The transition to a plug-in free web is happening today. Any site that uses plugins needs to understand what their customers experience when browsing plugin free. Lots of web browsing today happens on devices that simply don’t support plugins,” he wrote. “Metro style IE runs plug-in free to improve battery life as well as security, reliability, and privacy for consumers.”

A growing number of websites that rely on browser plugins already offer a standards-based fallback for users who are browsing on popular plugin-free devices such as as the iPhone or iPad. Microsoft has previously discussed some of the steps it is taking to ensure that those websites serve their plugin-free content to Metro users.

There will still likely be many Flash-heavy websites, however, that can’t accommodate users who are browsing without plugins. In the blog post, Hrvatin explained that such websites can ask the user for permission to jump to the conventional Windows desktop and launch the windowed version of Internet Explorer, which will have full support for plugins.

Web developers can get the browser to display the prompt by including the special requiresActiveX=true property in an X-UA-Compatible meta tag or HTTP header. Hrvatin cautions that this feature is included for transitional purposes and is intended to serve as a last resort. The preferred behavior is still for web developers to display a plugin-free version of their site to users who are browsing in the Metro environment.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

File Under: Browsers

The Curious Case of Web Browser Names

Chances are your web browser is open all day, every day. Whether it’s Internet Explorer, Firefox, Opera, Chrome or Safari, the browser is the single most important piece of software most of us use. Given its central place in our lives, some history seems in order. If you’ve ever stopped browsing long enough to wonder why Safari is named Safari or where in the world the word “Mozilla” comes from, we have some answers for you.

Martin Beeby, a developer evangelist at Microsoft, has put together a nice little history of web browser names. Some are obvious — Internet Explorer came about because it was “a name that gave people a clear idea of what the product did” — some are less so, like Opera, which was apparently chosen because, among other things, “the Opera is fun.”

With the exception of Opera and IE, none of Beeby’s name origin stories come directly from the companies behind the browsers, so take all of these with a grain of salt. For instance, no one seems to know the exact origins of “Safari”, though the Beach Boys’ album seems like a reasonable guess — surfing the web, Surfin’ Safari… get it? The WebKit blog is named Surfin’ Safari, which might lend some credence to that story, but the name also nicely ties in with the notion of exploring the wild and connotes some of the same images as “explorer” and “navigator”.

Perhaps the least obvious name in the bunch is Firefox’s parent company Mozilla. Beeby cites a well-known story that the name that was derived by combining the words that were its original goal — “Mosaic Killer.” Webmonkey has heard another version of that story that claims the word “Godzilla” was the inspiration for “Mozilla,” a Godzilla-like force that would destroy Mosaic.

Beeby doesn’t offer any stories for less well-known browsers, like Konqueror, which, as the story goes, was going to “conquer” what IE and Netscape had “explored” and “navigated” respectively. The allusion didn’t really pan out, but, when Apple came along and ported KHTML to form WebKit, the developers did name their early efforts after a famous conqueror — Alexander.

For more details, and to learn where the names Firefox and Chrome come from, be sure to read through Beeby’s post.