All Products  |  Support  |  Search  |  microsoft.com Home       
HomeMembershipFeaturesTips & TechniquesRegularsCompetitionsPromotionsAbout CMQ
     
 
     

Control your privacy with IE6

  1st of October, 2002
 
 
Ever wonder what happens to all the information Web sites ask you for? Internet Explorer 6 gives you the tools to take control of your data.

Privacy has long been a concern of Internet users. Every time you fill in a form to download shareware or get access to a Web site you probably ask yourself "What happens to my data? Have I just doomed myself to an eternity of junk-emails from pornographers, multi-level marketers and other scam spam?"

And what about cookies? How many of these things are truly needed to "personalise the online experience" and how many are from unscrupulous marketers trying to spy on you? Microsoft has helped to address these concerns with the Privacy Management features new to the latest release of Internet Explorer - IE6. These allow you to take control of your online privacy by determining which Web sites are allowed to use cookies on your browser.

What is it?
IE6 is the first web browser to implement the World Wide Web Consortium's Platform for Privacy Preferences (P3P) standard. Under this standard, Web sites that collect information on their users are required to have a privacy policy that describes what information is collected and what the Web site owner will do with that information. This policy is stored as an XML document that IE6 can read to automatically determine whether the site's intentions are consistent with the user's privacy preferences. If not, then the cookie is blocked.

How to use it
Previously, the only options available to IE users were to accept all cookies, reject all cookies or to be prompted every time a Web site attempted to set a cookie. This meant that users had to choose between allowing any Web site to track their movement with cookies, blocking all cookies (even those required for access to a Web site) or being constantly pestered by cookie alerts every time a site was visited.

IE6 allows a much finer level of control, with six cookie management settings and additional fine tuning settings. These can be configured from Tools > Internet Options on the IE6 menu bar or from the Windows Control Panel (Figure 1).

In most cases, no configuration is needed as the default "Medium" privacy setting provides a good balance of privacy and usability suitable for the majority of users. This will permit the session cookies that are needed to log in to some Web sites, but will block all "third party" cookies that do not have a privacy policy set. Third party cookies are those that come from a Web site other than the one that the user is currently browsing. Common examples are banner ads and "Web bugs" that are intended to track users across a range of Web sites in order to build marketing profiles.

However, it is common for web pages to include third party content through frames. If the third parties do not use cookies then they will not be affected by a user's privacy settings. If they do use cookies and do not have a compact privacy policy then the content may not display as intended.

One example of this is the IAG Web site (www.IAG.com.au) which allows shareholders to view and update their information by framing pages from the ASX Perpetual Registrars Web site. Because the Perpetual content is "third party", uses cookies for authentication and does not have a compact privacy policy, IE6 users with default privacy settings are unable to access their share information.

The best solution would be for sites in this situation to create P3P files - but for those that do not, IE6 gives you the flexibility to work around such issues without compromising your privacy by overriding cookie handling rules for specified destinations. For example, to solve the IAG problem:

  1. Figure 1
    click to enlarge

    Click "Edit..." at the bottom of the Privacy Options screen (Figure 1)
  2. Enter "aprl.com.au" and click the "Allow" button
More information on P3P can be found on the Microsoft Web site at www.microsoft.com/PressPass/press/2001/Mar01/PrivacyToolsIEfs.asp and msdn.microsoft.com/workshop/security/privacy/privacy_entry.asp or from the W3C Web site at www.w3.org/P3P.

David Peterson is a principal consultant at Peterson IT Consulting (www.PetersonITConsulting.com) - providing eBusiness and security consulting services. He can be contacted by email at david@PetersonITConsulting.com.

   
     
   
   
     
     
Search Hints and Tips

  View Latest Hints and Tips