Microsoft Should Act Now to Protect Online Privacy
Microsoft, which is trying to position itself in a major advertising campaign as a privacy friendly Internet company, should take a simple step that shows it means what it says.
Online tracking is pervasive and invasive on the Internet. The most insidious is performed by companies that most consumers don’t even know exist, so-called 3rd parties on the websites you chose to visit. By putting little bits of computer code known as cookies on your browser, they are able to track your every move as you surf the web.
Most people don’t realize the extent to which this brazen online tracking is done, but when the practice is described, they want to be able to control it. Why should a company I know nothing about, have no say over and no relationship with be able to collect information about my online activity? On the other hand, though most consumers want some say over whether data is collected by sites they choose to visit, they are less concerned about such data collection by a site they have selected, a so-called first party.
Consider Amazon.com. If you buy a book from them, Amazon records what you’ve purchased and makes suggestions about other books you might like the next time you visit the site. Many people find that helpful and useful.
Understanding the distinction between tracking by sites you choose to visit (first parties) and sites with which you have no direct relationship (third parties), Apple’s Safari browser by default has for a decade honored the privacy friendly approach by blocking cookies from sites you haven’t visited. If you want to allow 3rd party cookies to be set, you can change Safari’s preferences.
Apple’s approach isn’t perfect. If your are committed, it is possible to fool the Safari browser. You’ll recall that Google was caught hacking around Safari’s privacy settings in violation of a consent agreement with the Federal Trade Commission and fined $22.5 million. Nonetheless, Safari’s approach has been the most privacy friendly.
Until recently the other three browsers — Mozilla’s Firefox, Google’s Chrome and Microsoft’s Internet Explorer — have allowed users to set their preferences to block third party cookies. But the feature was turned off by default and users had to figure out how to enable the function. Most did not.
This spring Mozilla announced that it, too, would begin to block cookies by default from sites a user hasn’t visited. The Firefox update is expected to be released this summer. The announcement caught the ad industry’s attention. One trade association executive, Mike Zaneis, called it a “nuclear first strike.”
It is nothing of the sort. Mozilla simply is honoring the consumer and privacy friendly principle that before a site can gather data about you, you should have visited the site. You need to know who they are and what their practices are. What sort of responsible and lasting business model can be built upon spying on Internet users?
So, if Microsoft means what it says about protecting users’ privacy, it should join Apple and Mozilla and start blocking cookies by default from sites not visited by the user.
There is some reason to believe Microsoft will do the right thing. You’ll recall that another approach to protecting online privacy is the Do Not Track mechanism. Under this method the browser sends a header expressing a user’s desire not to be tracked. The FTC advocated this approach in its Protecting Consumer Privacy in an Era of Rapid Change report a year ago. All four major browsers now offer the option to send the message.
The problem is that there is no requirement that sites honor the Do Not Track request. The World Wide Web Consortium, an Internet standards setting group, is trying to draw up compliance obligations, but those efforts have dragged on nearly two years without agreement. What’s expected to be a final meeting attempting to reach an accord is set for next week. Don’t bet that anything gets accomplished.
Meanwhile, Microsoft has decided to send the Do Not Track message by default. Right now it’s just a signal with virtually no listeners. Blocking cookies from sites a user never visited would provide meaningful protection right now. Microsoft must not hesitate to take that step in Internet Explorer, if it is actually the privacy protecting company it claims to be.
Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter