Microsoft Ad Says IE Is Privacy Leader: What's The Real Story?

On Monday, Microsoft premiered a television ad that portrays its Internet Explorer as the defender of user privacy among modern browsers.

The ad highlights IE's use of Do Not Track and its Tracking Protection Lists as effective tools in preserving online privacy, implying that Google's Chrome, Mozilla's Firefox, Apple's Safari and Opera fail to keep up with Microsoft's principled stand on privacy.

Six months ago, Microsoft might have had a point. Now, however, many privacy advocates say that IE is the browser now falling behind in the privacy wars - because it doesn't block third-party tracking cookies by default.

(Many websites store a small snippet of code called a cookie on your hard drive when you visit the site. Typically, these cookies contain login information or other preferences. Since many websites serve up content or ads from third-parties, those third-party sources may also place tracking cookies in your browser - even though you never visited their site.)

Microsoft does allow users to manually exclude third-party cookies, as does Chrome. But Safari and soon Firefox will do this by default, stealing the wind from Microsoft's sails. 

And given Microsoft's history in terms of privacy and competition, it's easy to see the new ad - and Microsoft's whole privacy strategy - as a cynical ploy to acquire new IE users while denigrating its competitors. Even if that's true, privacy advocates said, Microsoft is at least doing something to address privacy issues. 

IE Trumpets Do Not Track, Tracking Protection

As a piece of advertising, Microsoft's spot does a fine job highlighting what users don't mind sharing, and what users would rather keep private. Microsoft focuses on two features in the 30-second ad: Do Not Track, which is turned on by default; and its Tracking Protection Lists. "Your privacy is our priority," is the tag line.

Do Not Track (DNT) merely asks a site not to track the user visiting it. At this point, Do Not Track is completely voluntary, and privacy advocates note that the vast majority of online advertising agencies decline to honor it. Microsoft's implementation of Do Not Track is little more than a symbolic gesture unless and until the online ad agencies agree to play ball. 

"Microsoft's DNT setting is fine, although it will likely be ignored until the W3C finishes the DNT standard, if ever," said David Jacobs, the Consumer Protection Counsel for the Electronic Privacy Information Center (EPIC), in an email.

Consumer watchdogs can still rattle their sabers, as Federal Trade Commission chairwoman Edith Ramirez did last week (PDF) in a speech to the American Advertising Federation. Ramirez warned that now was the time for industry stakeholders to nail down a Do Not Track agreement once and for all:

One can forgive stakeholders for thinking that it will always be so – for believing that 'not all the water in the rough rude sea can wash' the shine off this cyber-economy. But an online advertising system that breeds consumer discomfort is not a foundation for sustained growth. More likely, it is an invitation to Congress and other policymakers in the U.S. and abroad to intervene with legislation or regulation and for technical measures by browsers or others to limit tracking.

Tracking Protection lists are far more effective - they prevent websites from capturing information that the user doesn't wish to be shared. Right now, they're probably the most effective weapon that Microsoft has in protecting user privacy - but they rarely get used, according to Dan Auerbauch, a staff technologist with Electronic Frontier Foundation (EFF).

Which Browser Leads In Privacy Protection?

"Firefox and Safari I would say are in first place right now in terms of protecting user privacy," because of third-party cookie blocking by default, Auerbach said.

Safari blocks third-party cookies by default; Mozilla has begun blocking third-party cookies by default in its alpha or Aurora build, with the expectation that the standard build will block them by summer. Chrome users must turn on the feature themselves by following a few simple instructions. Microsoft IE users can do this as well - but again, not by default.

"I would hope that Microsoft would follow soon, and I think that they're well-positioned to be the leader [in privacy]," Auerbach added. "We're encouraged by this campaign from Microsoft, and we think that they have the ability to do really good things here."

What's Microsoft Really Up To Here?

Is Microsoft genuinely interested in user privacy, or is it simply raising the specter of intrusive advertising to win new converts to IE? If Microsoft hadn't run its Scroogled campaign, which has highlighted all the ways that Google allegedly misuses user data to its own commercial ends, the answer might be yes. As it is, it's difficult to see Microsoft's efforts as truly altruistic, given its past history.

"Ultimately, I'm not sure how successful the campaign will be, but I think it's generally good when companies compete on privacy," said EPIC's Jacobs. "I don't know what Microsoft's underlying motivation is, but regardless of whether it's altruistic concern for user privacy or self-interested profit maximization, consumers can still benefit."

Unfortunately, Microsoft hasn't said when or whether it will block third-party cookies by default, and company representatives weren't able to comment. Microsoft does seem to be making strides in protecting user privacy, but its competitors are poised to pass it by, if they haven't already.

Image: Flickr/Scubadive67