Internet Explorer 9 Privacy Feature Limits Tracking

Microsoft has announced that the latest version of Internet Explorer will offer users a new anti-tracking privacy feature. This will help prevent marketing and advertising companies from watching where you surf and what you do online without your consent. Users will be able to set their preferences to prohibit companies from obtaining sensitive tracking information. This is a first step in the right direction – browsers should step up as the first line of defense against unwanted information collection.

This comes at a time where advertisers want to reintroduce the use of deep packet inspection in order to more closely watch and market to consumers online.  This method reads and analyzes raw packets of your personal data as they travel across the Internet – for obvious reasons deep packet inspection has been the subject of much controversy. Internet users are becoming more aware that what they do online is not private and are beginning to ask for tools to protect their browsers from spying.

Internet Explorer already offers InPrivate Filtering, a feature that works on blocking third-party scripting and tracking devices. This is only a temporary solution that is not very reliable because it often fails to block many tracking devices.

The new changes are no surprise, due to increased concerns on browser tracking. Both consumers and the government have been working to allow a more “opt-in and opt-out”  friendly version of internet browsing.  The FTC called for  a “do not track” button on browsers in order to block any kind of third-party usage tracking.

Tracking Protection Lists would potentially be a finer-grained equivalent, allowing users to opt out of some or all tracking systems depending on their preferences. Tracking Protection Lists will be an opt-in-feature and Internet Explorer 9 will not provide any lists themselves.  The lists will update weekly and most likely come from third parties and privacy advocacy groups.The lists will be useful to prevent the kind of spying that is getting many companies into trouble.

Support for Tracking Protection Lists will first arrive in a release candidate of Internet Explorer 9. Redmond did not give a date for this, but it is likely to be early next year.

Get Ready to Expose Yourself: Deep Packet Inspection is Back

According to the Wall Street Journal, profiling methods for Internet users are coming back and are more intrusive than ever. Advertisers may begin to use a technology known as “deep packet inspection,” which reads and analyzes the raw packets of your personal data that travel across the internet.

These packets contain all of your online activity – not just your web browsing – and therefore can be more dangerous than “cookies”.  With the information they gather online, advertisers target ads directly to you based on your online history. Have you ever felt like all the advertisements on sites were for services you have used or would use? Well they often are, and with deep packet inspection, they will be even more specific! The use of this technology gives advertisers the ability to show you ads based on extremely detailed information. It is so specific that they could theoretically tell if you are online for work or for fun, though they don’t necessarily distinguish on this trait when serving up ads. They can also tell the difference between your usage style and that of your spouse or kids. Thanks to the WSJ for this simple graphic of how deep packet inspection can work:

Currently two U.S. companies, Kindsight Inc. and Phorm Inc. are looking to pitch deep packet inspection to Internet Service Providers (ISPs – the corporations that control your internet access) as a way to let them profit from the online ad market. These companies are currently defending the privacy and security of this process by stating that the ISPs don’t share any identity information, read email or collect information from sensitive sites. And yet, they are inspecting your data at the most basic level and selling your preferences to advertisers.

This method has been tried before in both England and the U.S., but it didn’t last long because of a huge privacy backlash. The companies in question did not tell internet users they were using this technology and this led to class-action lawsuits . The re-vamped way of using deep packet inspection will ensure that users opt-in knowingly (bravo – this is a step in the right direction), and they will offer an attractive incentive to do so. Kindsight will offer those opting in a free security service that includes a certain amount of Identity Theft Protection. It’s a bit ironic that they will be offering a service that helps you protect your identity in one way and is busy aggregating your identity in another. Whether you consider this to be exploitation (indirectly, they are selling your identity and preferences to advertisers) or good business (they give you a chance to pay for the service and not share this private information) is up to you. It reminds me a bit of Sherlock Holmes strategy of hiding valuables in plain sight. Either way, the average consumer will choose the free software over paying for the service, because we are all addicted to free Internet payola and the convenience of the scalable type of security they are offering..

Protected or not, the technology is out there that gives companies the ability to watch your every move online. And pretty soon, you can expect data aggregators like Kindsight and Phorm to successfully bribe you into sharing all of your surfing habits.

John Sileo speaks around the world on identity theft, privacy, social networking exposure, cyber crime, social engineering and other forms of information theft. His clients include the Department of Defense, Blue Cross, FDIC, Pfizer and hundreds of organizations of all sizes. Contact him directly on 800.258.8076.