Microsoft's Role in the Erosion of Online Privacy

IE8 privacyThe Wall Street Journal makes no bones about the matter: Its report, based on discussions with industry insiders, is headlined "Microsoft Quashed Effort to Boost Online Privacy." The core argument centers around the new version of MS's "industry leading" browser that hit PCs in 2008: Internet Explorer 8.0. According to several sources close to MS's management and coders, there was a huge move to differentiate IE8 from the other, increasingly competitive, browsers on the market by making it a champion of user privacy protection. The decision was vetoed, then gutted, by higher level management.

What went on inside MS sounds like a pitched battle between the IE engineering team and MS's executives. The project team created clever code that would automatically protect user ID from websites, intercepting cookies and blocking in-page code running from third-party websites—which may be maliciously (or at least, in contravention of user's desires) tracking their ID or activity on sites. It was "industry-leading" stuff, and placed user protection right at the core of the browser design.

But MS management, faced with the need to satisfy advertisers (whose in-page adverts operate very much by knowing who you are—in direct competition with IE8's privacy protection) watered down the user privacy aspects of IE8, and ensured it was turned off by default. It even requires direct consumer efforts to turn it on, and every time you boot up IE you have to ensure the privacy code that made it through MS's exec team's approval is turned on.

MS's general counsel Brad Smith is quoted as saying the internal debate was "healthy," with "well-informed views by people who are passionate." Which we can read as coded references to a firestorm of dissent, contravening points of views, and a management team who (at the time, at least) were happy to take monopolistic anti-consumer stances left, right and center in defense of Microsoft's bottom line. MS had also spent $6 billion on a Web-ads business, and presumably the execs in charge of this didn't suddenly want to look stupid, with their chief Net product undercutting the company's own Web-ads effort.

Smith also notes that the resulting "synthesis" of privacy needs and permission for certain Web tracking resulted in a browser that "advanced both the privacy interests of consumers and the critical role advertising plays in content." This too is code, or at least a half-truth.

Because imagine what would've happened had IE8's planning team got its way, and privacy was core to MS's Internet experience from a consumer point of view. We can't help but wonder if would've been fewer media storms about loopholes and Web-based exploits in IE over the last couple of years, and fewer members of the public may have fallen victim of viruses or Net-based scams for a start. Privacy as a whole may also have taken a higher priority in the minds of everyone coding for the Net (remembering that at the time IE was the way about 80% of netizens accessed the Intertubes), and the upshot would've been a more user-centric thinking about protecting the user. Who knows—maybe even the storm of controversy surrounding Facebook's cavalier moves to delete its client's privacy rights.

But would a more protected IE8 have allowed the explosion of Net-based ad systems, and the redefinition of what it means to publish in an online world? Because with fewer ads, the blogging revolution may have proceeded very differently for the last couple of years, and more paywalls may have popped up. The newspaper industry may have been delighted by this, but only with the benefit of hindsight.

Who can you blame for the mess-up, if you're a PC owner concerned about the erosion of digital privacy? The buck stops at Steve Ballmer, of course.

To keep up with this news, follow me, Kit Eaton, on Twitter.

Add New Comment


  • Matt Schafer

    It appears that the USA Today may have been correct in their 15 year-old estimation that the Internet, as far as privacy is concerned, is an “Electronic Pandora’s Box.” It’s unclear whether Congress will move on privacy legislation and while the Federal Trade Commission is expected to release a report in support of a Do-Not-Track list, for now it appears that the user is on his own. The best solution to confronting privacy online may be taking it into your own hands.

  • scott griffis

    The young generation sees no need to privacy after years of posting their every activity on facebook and twitter. We are seeing a change in priorities and expectations.

    Which companies treat their employees best?

  • d_atl

    It sounds like Microsoft IE division has a conflict of interest with it's new ad division and has thus again proved that it will compromise it's principals (and public security) in pursuit of the all mighty dollar.

  • Shadi Safadi

    Kit Eaton and the Editors of FastCompany,
    When it comes to covering IT, your articles are beginning to sound much like the rants of the sheep from George Orwell's 1984 "2 legs bad, 4 legs good".
    I'm subscribed to your emails and get your daily news, and in general the articles are insightful. However, when it comes to covering IT companies, the tone is monotinous "Apple good, MS bad".
    I would hope that you're getting some financial compensation for your one-sided journalism, that I can understand, because honestly, I now regard articles such as this one as mere babble. If you don't think you're smarter than this Ket Eaton, please spare us, and respect that there might be readers out there that ARE smarter than this one-track stories.