Wireless broadband providers are charging by the gig and every little bit counts! I do not want ads wasting my bandwidth so why not provide this to customers.
Something tells me we're going to see a whole bunch of php required tags embedded in pages once this technology hits.() ()
Among the most significant new features in Internet Explorer 9 is a framework for giving users control over their online privacy. Microsoft announced Tracking Protection a few months ago and has shown a few demos since. Last week it gave the public its first crack at actually using the technology in the IE9 Release Candidate.
I’ve already explained how Tracking Protection works. (The short version: you can block third-party tracking cookies, web beacons, and even ads by importing a list into IE9 and enabling it.)
By design, Tracking Protection is disabled and no third-party lists are installed. If you want to block third-party scripts and cookies and ads, you have to choose to turn the feature on. Third parties can make it easy for you to do that. If you visit Abine.com using IE9, for example, you can get to this page that allows you to install a Tracking Protection List (TPL) automatically:
But how do you know whether this list is trustworthy? Is it based on solid research and up to date? How do you know the motivations of a list’s publisher? Microsoft is counting on a reputation system to emerge and for communities to make their recommendations about these lists. It doesn’t help that one of the five lists that Microsoft highlights for IE9 RC users just happens to give a handful of Microsoft-owned domains a free pass on privacy.
Part 1: IE9 and Tracking Protection: Microsoft disrupts the online ad business
Gallery: Using Tracking Protection Lists in IE9
In its initial announcement of Tracking Protection, back in December 2010, Microsoft acknowledged that this is just the first step in terms of developing a privacy protection platform that really works:
We designed this functionality as a good start to enable consumer choice and protection from potential tracking. We provide a tool in the browser, and consumers choose how to use it. As with everything on the web, we expect it to evolve over time especially as the broader privacy dialog continues. We’re communicating about it now as part of our transparency in the software development process.
So who can you trust? That question is especially important when you take into account the design of this feature in the IE9 RC. You can install multiple TPLs, and an Allow rule on any list trumps a Block rule on another list. So if you’re the owner of a big network of web properties, and you see a site visitor arrive using IE9, wouldn’t you want to helpfully offer that visitor the option to install a Tracking Protection List that whitelists all your domains? All in the interests of improved user experience, of course.
You can see an example of this potential conflict in the first batch of publicly available Tracking Protection Lists. I downloaded the current version of four lists from this Microsoft-hosted page (PrivacyChoice offers two versions of its lists, so I used the All Companies list). What I found after a close look inside these TPLs was surprising.
The data is in simple text files, with a fairly straightforward syntax. Here’s the beginning of Abine’s TPL:
Name: Abine Tracking Protection List
Address: http://www.abine.com/tpl/abineielist.txtFile:msFilterList-d statcounter.com counter.js-d addthis.com addthis_widget.js-d analytics.live.com masanalytics.js-d scorecardresearch.com beacon.js-d diig.com diggthis.js-d charbeat.com charbeat.js-d alexametrics.com atrk.js-d google-analytics.com siteopt.js
Each line after the msFilterList header is a rule. The –d means that the rule blocks traffic from the domain on that line that contains the substring shown after the domain. So in this snippet, the analytics scripts from Microsoft’s live.com and Google’s google-analytics.com are blocked. A +d means that requests to the domain on the same line are allowed. And when multiple lists target the same domain and substring, the Allow rule wins.
I imported the four raw TPLs into Microsoft Excel and cleaned them up for analysis. One revealing way to slice the data was to look at the number of Block and Allow rules defined in each list. See anything odd about this list?
| Publisher | Block | Allow |
| EasyList | 2,189 | 47 |
| PrivacyChoice | 463 | 1 |
| Abine | 94 | 0 |
| TRUSTe | 0 | 3,958 |
All data current as of February 12, 2011.
Hmmm. One of these lists is not like the other. In fact, you can make some guesses about the purpose and scope of each list just from those numbers, and I bet those guesses would be accurate. On the next page, I’ll share what I learned about each company and its list.
Page 2: Four Tracking Protection Lists under the microscope –>
