Note that this is about a year old. Since this was published, I haven't
heard much about how badly it's affecting the on-line
information-gathering and ad-serving world.

http://www.zdnet.com/blog/bott/ie9-a...-business/3004

============================

IE9 and Tracking Protection: Microsoft disrupts the online ad business

By Ed Bott | February 13, 2011, 3:25pm PST

Summary: Microsoft has just launched a remarkably effective tool to
protect your privacy on the web. Using the IE9 RC, it takes exactly two
clicks to begin blocking cookies, web beacons, and other third-party
tools that track your movements and activities on the web. Here’s how it
works.

The more closely I look at the new Tracking Protection feature in
Internet Explorer 9, the more astonished I am that it came from one of
the world’s largest corporations.

If Internet Explorer 9 becomes widely adopted and if Tracking Protection
is widely used—and those are two tricky assumptions—it has the potential
to seriously disrupt the online advertising business. Microsoft made
this feature widely available last week in the Release Candidate build
of IE9 (if you missed it, here’s my review of the IE9 RC). Using the RC,
it takes exactly two clicks to download a Tracking Protection List (TPL)
and begin blocking third-party cookies, tracking pixels, web beacons,
hit counters, analytics scripts, and other tools of the modern web
designed to assemble a profile of your movements and activities on the
web.

Oh, and it blocks ads, too.

In this post, the first in a series, I’ll show how Tracking Protection
works. I’ve also put together a screenshot gallery that shows the entire
sequence of actions and includes some tips on how to manage Tracking
Protection Lists.

Part 2: Privacy protection and IE9: who can you trust?

The underlying idea behind Tracking Protection isn’t new. Third-party
tools and extensions have been adding similar privacy-protecting
features to web browsers for a long time, usually in the form of a
browser extension, add-on, or plug-in. Adding this feature into the
browser itself, however, as Microsoft has done, is a first.

Here’s how Microsoft’s solution works:

1. Someone—anyone—creates a list of domains and substrings that they
want to block (or allow) as third-party content on a web page.

2. The author formats that list using Microsoft’s Tracking Protection
List specification and posts it on the web.

3. Someone—anyone—creates a link to the URI for that list, using a short
snippet of JavaScript. The link does not have to be on the same web
server where the TPL itself is hosted.

4. An IE9 user clicks that link, which brings up a dialog box like this
one:

5. The IE9 user clicks Add List, which copies the formatted file to a
system folder and configures IE to immediately begin using the rules
contained on that list.

From that point on, IE9 checks the TPL before sending an HTTP request to
a third-party site. Here’s a simplified example, with a page that
includes an advertisement and a tracking pixel from two third-party
sites.

Because xyz-ads.com is on the Block list, no request is sent to its
server and the space where the ad should go remains blank. But
abc-analytics is on an Allow list, so that request goes through. XYZ Ads
is out of luck. It didn’t get to serve an ad, and it didn’t gather any
information from the visitor. ABC Analytics, on the other hand, gets its
tracking database updated.

Here are a few other facts worth knowing about Tracking Protection:

* TPLs affect third-party content only and are ignored for direct
requests. If example.com is on a Block list, IE9 will reject any
third-party requests to that domain but will serve up the page normally
if you go to a page that is hosted directly on the example.com domain.

* You can install multiple Tracking Protection lists and enable or
disable any list at any time. You can also remove a list.

* From the Manage Add-ons dialog box in IE9, you can inspect the
contents of any Tracking Protection List and copy it to a text file.

* TPLs include an auto-update mechanism. The default update period is 7
days, but a list publisher can set this value to any interval between 1
and 30 days.

* If you have multiple lists, IE9 uses a hierarchy to resolve conflicts.
Allow rules trump Block rules. Thus, if the same domain or substring is
on one list with a Block entry and another with an Allow entry,
third-party content from that domain will be allowed.

* If you use a Personalized Filtering List in Manual mode, its settings
override any entry on a TPL.

Currently, five TPLs from four organizations are available for IE9 users
(I expect this number to rise as more groups discover its
possibilities). I’ve taken a close look at all five of these lists, For
the surprising details, see Part 2: Privacy protection and IE9: who can
you trust?.