Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE6 to Implement W3C Privacy Standard

Posted by michael on from the chips-ahoy dept.

Arthur Phillip Dent writes: "News.com is running a story about IE6 being the first browser to implement the Platform for Privacy Preferences (P3P) standard. Bad news for Doubleclick et. al., that is unless it's just /.ers using the features! This will get real interesting if lusers' using it with sites that do not post P3P policies (and thereby blocking sites from setting cookies, for example) creates any kind of unrest/discussion about the exchange of marketing data for content and functionality." One thing no one writing about IE6 seems to note: Microsoft has carefully arranged their MSN cookie setting technique to avoid being blocked by their own browser - they bounce people through msn.com to log in to any Microsoft property, so it's always a "first-party" cookie being sent/placed.

12 of 198 comments (clear)

  1. All I want ina browser... by singularity · · Score: 5

    I want the ability to filter cookies based on the domain they came from. /. cookies - Yes. Doubleclick - No.

    I want the ability to filter images based on the domain and/or size (no more 1x1 web bugs).

    I want the ability to filter JavaScript based on the domain.

    I want the ability to set up my browser so that sites cannot open new browser windows.

    Most of all, I want these features built into the borwser. I should not have to download a third party application to control fundamental parts of my web browsing activities.

    I normally use iCab on the Mac http://wwwicab.de/but for the past few weeks have had to use IE 5.0/Windows. iCab normally offers all of these filters (and more), and I find the features sorely lacking in IE.

    --
    - (c) 2018 Hank Zimmerman
  2. First Party Cookies by The+Raven · · Score: 5

    Anytime you have multiple websites owned by the same company, then you immediately have a condition where that information is assumed to be shared between sites. This is a backend issue unrelated to how browsers or privacy policies work.

    I'm mildly amused that the poster seems to regard this as some kind of 'sneaky trick' by microsoft. As if it is 'wrong' to maintain a single login location, as if you 'should' create a separate login for every single website. I've been working on database driven websites for nearly 5 years now, and I can't recall a single technical reason why I'd want to make multiple points of entry to the same database. The only reasons that are valid are design issues... specifically, did we want to have the customer see that login page A is actually affiliated with website B. Microsoft, being such a public brand, has no need to hide the association.

    The way I look at it, by having a single login location Microsoft is actually being open and honest. They COULD have multiple points of entry into the login database, one for each site, and thus hide the fact that they are pooling user information between domain names. With a single point of entry, they are revealing their practice of data sharing... something that would be obvious to anyone with technical understanding of database driven sites.

    People get all up in arms about privacy with cookies, logins, and user information pages... completely forgetting that sites owned by the same company don't have to use ANY of that to create a profile of your activity on their multiple sites. People seem to have this idea that differing domain names create a magical 'wall' between sites, preventing anything from leaking from one domain to another. Anything they see as breaking that wall is somehow evil.

    In all practicality, if Microsoft really wanted to, they could make all their sites as subdomains of microsoft.com... msn.microsoft.com, passport.microsoft.com, msnbc.microsoft.com, etc. Then, the actuality of data sharing would be more concrete for the less technically inclined.

    Raven


    And my soul from out that shadow that lies floating on the floor

    --
    "I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
  3. Re:How Does Site Inform Browser of Compliance? by csbruce · · Score: 4

    The server must respond with:

    Server: Microsoft-IIS

    (or maybe that's IE6.1...)

  4. Slashdot didn't like P3P the first time around by Hard_Code · · Score: 5

    Slashdot didn't give P3P such a warm reception the first time around.

    --

    It's 10 PM. Do you know if you're un-American?
  5. "bad news" for doubleclick? nope by Speare · · Score: 4

    No, the bad news is for IE users who think this will block DoubleClick.

    The article states DoubleClick expects to be compliant with P3P before IE6 is released, which means IE6's defaults will allow DoubleClick cookies. Doncha think DoubleClick and Microsoft are gonna be talking about such business-model show-stoppers and finding ways to make each other happy? Users will still have to take individual opt-out actions to stop being tracked.

    Even so, cookies are not the only way that people can be tracked. Any group of companies could just share apache logs and do some simple Perl analysis to correlate a huge number of visitors. Some factors like NAT and PPP reduce the effectiveness, but the majority of useful data can still be data-mined. Cookies are just the lazy way of doing the same thing, as well as providing stateful visits to the sites themselves.

    --
    [ .sig file not found ]
  6. *sigh* by zpengo · · Score: 5
    Now, if we could just convince them to implement the W3C HTML Standard or the W3C CSS Standard.

    You know...basic browser stuff.

    --


    Got Rhinos?
  7. Which Browser Performs Better At Standards Tests ? by Carnage4Life · · Score: 4
    Now, if we could just convince them to implement the W3C HTML Standard or the W3C CSS Standard.

    As far as I know, Internet Explorer performs better at Standards Conformance tests such as
    1. Todd Fahrner's Box Acid Test

    2. Inoshiro's browser test with a screenshot from IE 5 on the Mac courtesy of The Answer is 42
    than most other browsers out there. Mozilla and Konquerer are up there as well but they aren't close especially with regards to the newer XML related standards.

    --
  8. Microsoft to implement Slashcode by SpookComix · · Score: 4
    Redmond, WA
    In a startling press release from Redmond, Microsoft has announced that it's corporate web site will incorporate the use of Slashcode.

    However, the popular "geek" web site "Slashdot.com" was less than impressed.

    In an article authored by Slashdot editor "michael", he writes "Microsoft has no business running Slashcode. We, um, don't like Slashcode anymore." When questioned about this sudden change in position, "michael" responded "If those bastards run it, it must really suck." "michael" then forked the sign of the devil, and foamed at the mouth.

    Slashdot editor "Hemos", when asked for further comment, replied "Yawn".

    So, it seems that, although Microsoft may make grand steps toward securing their browser software and optimizing their web presence, Slashdot nerds will never, ever, be satisfied.

    --SC

    --
    You read fiction? I write it! Lemme know what you th
  9. Actually, you're 100% wrong - here's the truth by legLess · · Score: 4

    Microsoft has an article, Privacy in Internet Explorer 6 that should answer your questions.

    Namely, even on the "High" security setting, IE6 will accept 3rd-party cookies that have an "acceptable" P3P policy ("acceptable" is defined). If you'd read that document, it looks like they're implementing this rather well. They've made intelligent exceptions (e.g. "Special Provision for Legacy Opt-Out Cookies"), and they're very clear about IE6's behavior.

    Now, I don't particularly like P3P, nor do I like feeling that M$ is shoving it down my throat. Is it the best possible solution? Perhaps not, but what else is there?

    An earlier linked article at EPIC complains about how difficult most users find changing their cookie preferences and how confusing privacy is. Their solution? A "tools" page with 62 bloody links on it, to proxies, cookie managers, filters, PGP, SSH, anonymizers - most Windows users would have a heart attack just trying to understand the acronyms. That's supposed to be easier?? This is precisely the problem Microsoft is trying to address.

    I hate to be an IE apologist, but IE6 kicks the shit out of Mozilla at cookie-handling. This is classic Microsoft strategy: move into a market space that has no standards and leverage their monopoly to say, "From now on, you're doing it our way." I don't like their monopoly powers, but no one else was even doing a half-assed job at this. What's the leading contender to P3P? There isn't one. You can install the something from EPIC's page (as far beyond the reach of most Windows users as recompiling a kernel), but I bet none of these have even 2% market penetration.

    The only reason Microsoft could adopt P3P and take over this privacy space so easily is that the rest of the 'net has done such a piss-poor job of it for the last 10 years.

    question: is control controlled by its need to control?
    answer: yes

    --
    This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
  10. Doubleclick and P3P by stox · · Score: 4

    Don't think Doubleclick is going to have much trouble, they helped write the P3P standard.

    --
    "To those who are overly cautious, everything is impossible. "
  11. Re:Atrocious by Pinball+Wizard · · Score: 4
    so you're saying msn.com will do things that other web sites can't? That's silly.

    All they are doing is passing people through msn.com first before sending them to any other MS web site. If I had a big organization with 20 different sites, I would do the same thing. It makes sense - you track total usage of your web properties in one place.

    Besides, if you don't want cookies, just turn off cookies. If you want to be warned each and every time someone tries to set a cookie on your machine you can do that to and refuse each cookie individually.

    This is not that big of a deal. I personally welcome the added security features.

    --

    No, Thursday's out. How about never - is never good for you?

  12. 3rd party ad serving and IE6 by room101 · · Score: 5

    Yep, this really sucks for third party ad serving companies (like mine). The shitty thing is, it doesn't matter if we implement p3p on our systems or not, we will still get blocked from our cookies, because the default setting doesn't allow 3rd party cookies. (and who in the world is going to relax that?) We (as a industry segment, not just individual companies) have complained to MS about this and their response has been pretty lame. It is really easy for them to redirect their people to their website, but that isn't feasable to everyone else.

    I know what some will say, that finially these advertisers are getting what they deserve, and I don't totally disagree, but keep in mind, that (I don't know about other comanines, well, yes I do, but that is totaly someone else) we don't do anything "bad" with the cookies we collect. We don't sell personally identifiable data, etc. We have one of (I don't know of a better one) the best privacy policies in the industry. If everyone just decided that they didn't want 3rd party cookies, that would be one thing, but they haven't, because most people don't mind, as it doesn't hurt anyone. We don't deserve for our business to get impacted this much because of some arbitrary decision made by those people.

    Oh, well, enough of this ranting.

    --
    room101 -- how much can you stand before they break you?
    (they always break you eventually)