In an effort to address concerns about online privacy, Microsoft Corp. is beta-testing new “privacy-enhancing” features for its latest web browser, Internet Explorer 5.5, which will be available to the schools and others by the end of the summer.

Although the two leading web browsers used by schools, Internet Explorer and Netscape, already include customizable features that notify users about incoming cookies, Microsoft’s new features promise to give users a better understanding of different types of cookies and where they come from.

Cookies, or tiny files placed on a computer’s hard drive, help web sites identify returning visitors. Many web sites use cookies to profile web surfers’ online behavior by noting their every mouse click, recording such information as eMail addresses, clothing sizes, and zip codes.

This function is helpful when you’ve established a relationship with a web site and you want to go back and have special, personalized services delivered to your browser, such as an automatic login or your local weather forecast.

But it’s not just the web site you’re browsing that might be feeding you cookies. Behind the scenes, third-party market research firms and advertising networks, such as DoubleClick and Engage, also plant cookies on your computer. These third-party cookies often are used to measure web usage and create targeted advertising.

Imagine being followed every time you go shopping and having someone record everything you look at. That’s what third-party cookies do on the web. And that’s what worries online privacy advocates.

“The biggest concern about cookies has always been third-party cookies,” said Ari Schwartz, privacy policy analyst at the Center for Democracy and Technology. “There are third parties spying on you—people you don’t have a relationship with.”

In a sense, third-party cookies take unauthorized information from people.

“When that same information is stored by a third party, you don’t have to be notified,” Schwartz said. The government could seize that information from the company holding it or the company could sell it, he warns.

Although he hasn’t seen Microsoft’s online privacy-enhancing features, Schwartz said he is certainly encouraged by the idea.

IE’s new security features

When a cookie is being served or read on the hard drive, Internet Explorer 5.5 will alert the user with a pop-up message that will tell if the cookie is from a first or third party and give the option to accept or refuse the cookie.

IE also will give the user the choice to get more information about cookies from the help menu; Microsoft plans to add new help topics that address cookies and cookie management. Microsoft said users will get “balanced descriptions” of cookies and their uses, clearly differentiating between first- and third-party cookies.

In addition, Microsoft has added a “delete all cookies” button to its customizable controls, located under the Preferences menu, where users can adjust how the browser handles cookies.

“Microsoft is not opposed to the use of third-party persistent cookies. In fact, this is a primary business model of the web, used by small, medium, and large web sites, including ours,” Richard Purcell, Microsoft’s director of corporate privacy, said in a press release.

“We all want to educate, not alarm, consumers about cookies,” Purcell said. “With these new features, consumers will have a much better understanding of how cookies are used by sites that are collecting information and tailoring pages to fit the consumer’s preferences.”

But some observers say more needs to be done.

“Third-party cookies should just be stopped,” said Jason Catlett, president of Junkbusters Corp., a privacy advocacy group. “It’s not fair to place a tracking device that the user isn’t even aware of.”

He suggests that schools install ad-blocking software such as Guidescope and set their browsers to block cookies.

“Parents shouldn’t have to worry that their children are being continually tracked on the web,” Catlett said. “It’s fairly easy for school administrators to put a stop to web tracking with all of the filters available.”

Microsoft’s latest privacy technology comes at a time when the issue of protecting students’ privacy online is being examined by Congress.

United States Rep. George Miller, D-Calif., is spearheading an effort to require schools to get parents’ consent before they accept free computer equipment and internet services from companies. In exchange for such gifts, he argues, schools let companies gather valuable marketing information from students.

“If parents do not want their children to be objects of market research firms while in school, they should have the right to say ‘no,'” Miller said in April, when the House education committee added a parental consent provision to a larger education policy bill.

The legislation would require schools to get parental permission before a company can collect personal information from students and use it for commercial purposes. Schools that didn’t comply could lose their eligibility for federal funding.

Stephanie Ash, director of technology services at Dothan City Schools in Alabama, said she is not worried about online privacy or web tracking at school because of the logistics of internet use in classrooms and computer labs, although she doesn’t like features that let things happen behind the scenes.

“You have eight individuals who are using a machine each day, not including the students who do after-school assignments,” Ash said. “At home, I want to know when those cookies are coming about, but in a classroom situation with so many users, it wouldn’t be accurate data.”

Douglas Smith, technology coordinator at Indiana’s Beech Grove High School, said Microsoft’s informative notification might make students ask more questions—but, ultimately, it won’t make a difference.

“This whole generation of kids is pretty ignorant about the information they give over out over the web. I don’t think this generation of kids will give a hoot,” Smith said. “They really don’t understand about privacy and its ramifications.”

Platform for Privacy Preferences

This update for IE is Microsoft’s first step toward establishing a privacy solution based on the Platform for Privacy Preferences Program (P3P), which is a privacy technology being developed by the World Wide Web Consortium.

The group is developing standards that will provide an automated way for web surfers to find out how the sites they visit handle their personal information. P3P-compliant web sites make their privacy policies readable by P3P-enabled browsers, so the browser can compare the site’s policy to the user’s own set of privacy preferences.

“Cookie management alone is not the answer to consumer privacy,” Microsoft’s Purcell said. That’s why Microsoft is working with other industry participants to promote the adoption of the P3P specification, which helps users decide if the web sites they visit meet their privacy preferences.

In June, Junkbusters and the Electronic Privacy Information Center released a report, called “Pretty Poor Privacy,” that says the P3P specification is inadequate at maintaining privacy.

“We’ve been critical of P3P as a technology that’s not going to do much about online privacy,” said Junkbusters’ Catlett.

The report describes P3P as “a complex and confusing protocol that will make it more difficult for internet users to protect their privacy” and “likely to undermine public confidence in internet privacy.”

According to the New York Times, the Federal Trade Commission soon might endorse a privacy agreement, negotiated with the advertising industry, that sets rules about “profiling” to protect web surfers. The agreement states that companies would be allowed to self-regulate their practices, but advertisers would have to tell web surfers if they are profiling and give them the choice not to participate.


Microsoft Corp.

Center for Democracy and Technology


Platform for Privacy Preferences Program