Current Issue
This Month's Issue

Follow Fast Company

We’ll come to you.

3 minute read

Microsoft's Role in the Erosion of Online Privacy

IE8 privacyThe Wall Street Journal makes no bones about the matter: Its report, based on discussions with industry insiders, is headlined "Microsoft Quashed Effort to Boost Online Privacy." The core argument centers around the new version of MS's "industry leading" browser that hit PCs in 2008: Internet Explorer 8.0. According to several sources close to MS's management and coders, there was a huge move to differentiate IE8 from the other, increasingly competitive, browsers on the market by making it a champion of user privacy protection. The decision was vetoed, then gutted, by higher level management.

What went on inside MS sounds like a pitched battle between the IE engineering team and MS's executives. The project team created clever code that would automatically protect user ID from websites, intercepting cookies and blocking in-page code running from third-party websites—which may be maliciously (or at least, in contravention of user's desires) tracking their ID or activity on sites. It was "industry-leading" stuff, and placed user protection right at the core of the browser design.

But MS management, faced with the need to satisfy advertisers (whose in-page adverts operate very much by knowing who you are—in direct competition with IE8's privacy protection) watered down the user privacy aspects of IE8, and ensured it was turned off by default. It even requires direct consumer efforts to turn it on, and every time you boot up IE you have to ensure the privacy code that made it through MS's exec team's approval is turned on.

MS's general counsel Brad Smith is quoted as saying the internal debate was "healthy," with "well-informed views by people who are passionate." Which we can read as coded references to a firestorm of dissent, contravening points of views, and a management team who (at the time, at least) were happy to take monopolistic anti-consumer stances left, right and center in defense of Microsoft's bottom line. MS had also spent $6 billion on a Web-ads business, and presumably the execs in charge of this didn't suddenly want to look stupid, with their chief Net product undercutting the company's own Web-ads effort.

Smith also notes that the resulting "synthesis" of privacy needs and permission for certain Web tracking resulted in a browser that "advanced both the privacy interests of consumers and the critical role advertising plays in content." This too is code, or at least a half-truth.

Because imagine what would've happened had IE8's planning team got its way, and privacy was core to MS's Internet experience from a consumer point of view. We can't help but wonder if would've been fewer media storms about loopholes and Web-based exploits in IE over the last couple of years, and fewer members of the public may have fallen victim of viruses or Net-based scams for a start. Privacy as a whole may also have taken a higher priority in the minds of everyone coding for the Net (remembering that at the time IE was the way about 80% of netizens accessed the Intertubes), and the upshot would've been a more user-centric thinking about protecting the user. Who knows—maybe even the storm of controversy surrounding Facebook's cavalier moves to delete its client's privacy rights.

But would a more protected IE8 have allowed the explosion of Net-based ad systems, and the redefinition of what it means to publish in an online world? Because with fewer ads, the blogging revolution may have proceeded very differently for the last couple of years, and more paywalls may have popped up. The newspaper industry may have been delighted by this, but only with the benefit of hindsight.

Who can you blame for the mess-up, if you're a PC owner concerned about the erosion of digital privacy? The buck stops at Steve Ballmer, of course.

To keep up with this news, follow me, Kit Eaton, on Twitter.