×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IE6 to Implement W3C Privacy Standard

michael posted more than 12 years ago | from the chips-ahoy dept.

Privacy 198

Arthur Phillip Dent writes: "News.com is running a story about IE6 being the first browser to implement the Platform for Privacy Preferences (P3P) standard. Bad news for Doubleclick et. al., that is unless it's just /.ers using the features! This will get real interesting if lusers' using it with sites that do not post P3P policies (and thereby blocking sites from setting cookies, for example) creates any kind of unrest/discussion about the exchange of marketing data for content and functionality." One thing no one writing about IE6 seems to note: Microsoft has carefully arranged their MSN cookie setting technique to avoid being blocked by their own browser - they bounce people through msn.com to log in to any Microsoft property, so it's always a "first-party" cookie being sent/placed.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

198 comments

Web Bugs (1)

Anonymous Coward | more than 12 years ago | (#148050)

This is especially bad news for Slashdot, because

1) Slashdot uses web bugs to track your browsing habits
2) Most Slashdot users use Internet Explorer
3) Blocking Slashdot's web bugs will cause thier stock price to fall even farther.

lies, damn lies (1)

Anonymous Coward | more than 12 years ago | (#148051)

Microsoft has carefully arranged their MSN cookie setting technique to avoid being blocked by their own browser - they bounce people through msn.com to log in to any Microsoft property, so it's always a "first-party" cookie being sent/placed.

in other words, this is what EVERONE will do once IE6 is released, and the whole P3P standard will be worthless. it's just a gimmick to make paranoid Tech TV-watching lusers feel safe.

Re:First Party Cookies (1)

Anonymous Coward | more than 12 years ago | (#148052)

Uh... no. Because of the eloquence of that post, combined with it's total, utter wrongness... i'm led to believe that you work for microsoft.

Although there may not be technical reasons to provid multiple access points to the same login database, there are absolutely privacy reasons to maintain multiple login databases. Just because i access M$ knowledgebase information doesn't mean that i want "special offers" to subscribe to MSN internet access.

Conglomerate corperations with any respect for their customers privacy should NOT be sharing personal indentifying information between divisions. There is no basis to assume that the customer would want that, period. And microsoft isn't being honest about anything by doing automatic browse redirects through a centralied data mining server. That's crap.

Re:riiiight (1)

Anonymous Coward | more than 12 years ago | (#148053)

Asking someone who doesn't know how to code to change Mozilla's source is like asking someone who DOES know how to code to change Internet Explorer.

Re:Great... some real innovation! (2)

Anonymous Coward | more than 12 years ago | (#148055)

Point 7 on http://www.mozilla.org/wishlist-faq.html [mozilla.org]

Advertisement Blockers
There are various ways you can do this already, and it will probably possible to write a Mozilla plugin to do this. However, this proposal is very badly thought out as it will reduce the revenues that web sites get from advertising, which keep the majority of the web free of charge. Hence it is unlikely this will every appear in Mozilla or Communicator.
This may eventually appear indirectly however, since things such as preventing popup windows and having preferences differ on a site-by-site basis can achieve this (these are above).

Re:All I want ina browser... Most of it you CAN (2)

Anonymous Coward | more than 12 years ago | (#148056)

In Internet Explorer: 1-Tools/Internet Options/Security 2-Click the "Restricted sites" icon 3-Click the "custom level" button 4-Change your settings, disable javascript, cookies, ect, click OK 5-Use the "Sites..." button to add sites you want these settings to be applied to great for blocking cookies, geocities's annoying scripts, ect ect

Re:*sigh* (3)

Alan (347) | more than 12 years ago | (#148059)

Really? I see it every day, just the other way around:

Generally in the format of something like:

"Netscape 6/mozilla is not supported. Please go [here] to download the latest version of IE"

Or from shockwave [shockwave.com] (if you go to their site on a non-windows, non-ie browser... the only way to view anything on it is to fake the user agent string to a windows/ie code in konq).

"It appears that your operating system is not supported by shockwave.com. We support the following operating systems: Windows 95, Windows 98, Windows 2000, Windows NT 4.0 (or later), and Mac OS 8.1 (or later)."

I have to give kudoes to http://k10k.net/ [k10k.net] because they had a "we don't support netscape 6 DCOM just yet, sucks to be you" type message up a while back, but they have apparently re-designed their site.

Re:Netscape plugin (2)

Klaruz (734) | more than 12 years ago | (#148061)

For those browsers without the plugin, a simple checkbox in the "preferences" tab could be added to send back demographic info on the number of users interested in P3P support for their browser.

Why is it that a checkbox in the prefs, that sends back demographics about wanting privacy support, seem a bit odd to me?

All I want ina browser... (5)

singularity (2031) | more than 12 years ago | (#148064)

I want the ability to filter cookies based on the domain they came from. /. cookies - Yes. Doubleclick - No.

I want the ability to filter images based on the domain and/or size (no more 1x1 web bugs).

I want the ability to filter JavaScript based on the domain.

I want the ability to set up my browser so that sites cannot open new browser windows.

Most of all, I want these features built into the borwser. I should not have to download a third party application to control fundamental parts of my web browsing activities.

I normally use iCab on the Mac http://wwwicab.de/but for the past few weeks have had to use IE 5.0/Windows. iCab normally offers all of these filters (and more), and I find the features sorely lacking in IE.

Re:"bad news" for doubleclick? nope (1)

RelliK (4466) | more than 12 years ago | (#148066)

Any group of companies could just share apache logs and do some simple Perl analysis to correlate a huge number of visitors. Some factors like NAT and PPP reduce the effectiveness, but the majority of useful data can still be data-mined. Cookies are just the lazy way of doing the same thing, as well as providing stateful visits to the sites themselves.

These things don't "reduce effectiveness" as you say. They make sharing Apache logs absolutely useless. 99.9% of all residential internet connections have dynamic IP addresses. Some of these are semi-static and change once a month or so (like Cable and DSL via DHCP) some change once a day or so (DSL via PPPoE), but the vast majority change all the time (dialup PPP). Therefore, you cannot track someone by just correlating the IP addresses in different web server logs.
___

javascript filter (1)

arielb (5604) | more than 12 years ago | (#148067)

this is for the javascript filter wishlist bug in mozilla: http://bugzilla.mozilla.org/show_bug.cgi?id=75371

Slashdot moderators suck (2)

markb (6556) | more than 12 years ago | (#148077)

Please, this post is at most slightly funny. Certainly not funny enough for a score of 5!

Re:*sigh* (2)

FFFish (7567) | more than 12 years ago | (#148079)

Basic browser stuff that [Opera] [opera.com] does better. Opera also has better cookie management.

Microsoft is the first to implement *A* version of P3P. It is not implementing *THE* version of P3P. It's bastardizing it, because that's how Microsoft operates: embrace, extend, extinguish.

The best thing you can do for the web is to BLOCK MSIE v6 for the time being. Send a message to Microsoft that you want them to quit screwing with standards.

There've been net-wide rallies behind common causes before (blue ribbon campaign, f'rinstance). It's time for another one.

--

Some MSIE anagrams (3)

ch-chuck (9622) | more than 12 years ago | (#148081)

Been real boring day so I've come up with these ways to rearrange the letters in "Microsoft Internet Explorer" to spell:

it's for experimenter control
extort, enforce, imprint loser
extreme profits control rein
cern extortion reptile forms
export control terrifies men
cool printer, extreme font sir

Your welcome.

Re:Which Browser Performs Better At Standards Test (1)

Quikah (14419) | more than 12 years ago | (#148086)

On my system here (Win98 SE w/ IE 5.5sp1 and Mozilla 6/13-04 build) IE missizes most of the boxes on the first page. Mozilla renders everything exactly, except the radios are both ticked.

Don't even go to the second one with IE, completely broken. I would believe the Mac IE5 works since it is MUCH MORE standard complient than Windows IE. My Mozilla is perfect on the second.

Re:All I want ina browser... (2)

kinkie (15482) | more than 12 years ago | (#148087)

You would love some of the scriptlets mentioned in this article [roxen.com] over at Roxen Community.
They work fine at least with Netscape 4.X.

Re:All I want ina browser... (2)

ivan256 (17499) | more than 12 years ago | (#148088)

I want the ability to set up my browser so that sites cannot open new browser windows.

That's not good enough. It removes too much functionality. What you really need is something like sites can only open a new window in response to a click, and it can only be one new window. Also, the window.close() functionality should be disablable. I don't want anything to happen when I close the window except for the window to close. Nothing ever .

BTW, Konqueror does all the things you asked for except the image filtering by size. You don't seem to run a *nix variant though, so it won't help you for now. You should consider debian on your Mac.

Which way to the topic again?

Why do't you stop using cookies then? (3)

ivan256 (17499) | more than 12 years ago | (#148089)

we will still get blocked from our cookies, because the default setting doesn't allow 3rd party cookies

we don't do anything "bad" with the cookies we collect

Why don't you just stop using cookies then? Really, what nessicary functionality can't you implement on the server side for advertising that you need to use cookies for? You should be able to do all of the standard things. (Keep statistics, don't show people the same ad over and over. Track consumer preferences for targeted ads... The works.) Not only that, but when you store data in a cookie, your data is at the user's mercy. the cookie file can get cleared at any given time. If it's on your server, you have control over it.

If you're clever, you can even keep track of the data on the server when the user's dynamic IP address changes by keeping other information like the user agent string and what "block" of dynamic IPs the address is assigned from. If the user views more then one page from a particular site, you can seed the links with more information collected through javascript that will get sent to you when the user follows a link. Make a little (1x1) flash program that sends you some data. Really all of this cookie nonsense is just that. Nonsense. You can be so much more evil without cookies because the user can't tell you're doing it once they've left the page.

iCab (2)

Pope (17780) | more than 12 years ago | (#148090)

iCab is even better. It shows the cookie, and gives options to:
a) accept it, expire on quit
b) accept it, and any subsequents from the domain
c) accept it, but not allow it to be used
d) refuse it
e) refuse it, and refuse subsequent cookies from the same domain.

It also allows you to change your preferences to either "never ask again" or "always ask" with each alert box.
It doesn't take much surfing to block a LOT of domains this way. I love it, and wish more browsers would implement their cookie management in the same way. It's the best one I've used.

Re:All I want ina browser... (1)

Mario B (22319) | more than 12 years ago | (#148091)

www.safeweb.com can probably fulfill some of your needs and doesn't require you to install anything.

Mario.

Re:Which Browser Performs Better At Standards Test (3)

MindStalker (22827) | more than 12 years ago | (#148092)

Umm, viewed both in Netscape 6.1PR1 (same as mozilla 0.9.1, not the same as Netscape 6.01) both look perfect to me, execpt the radio buttons are checked, and according to the source, only the first button should be checked, while the reference rendering both are unchecked. But anyways, I'll have to put a bug report out :) thanks

Re:All I want ina browser... (1)

Stephen Williams (23750) | more than 12 years ago | (#148093)

p> I want the ability to filter cookies based on the domain they came from. /. cookies - Yes. Doubleclick - No.
I want the ability to filter JavaScript based on the domain.

The first browser I saw with those two features was IBrowse 2.x on the Amiga (which I'm using at this very moment, by the way).

(Score: -googolplex, Amiga Fan)

And regarding filtering popup windows: Galeon (and maybe Mozilla too) has a "disable popups" thingy that nixes popup ads in one easy move. To prevent other windows opening (like when you click on a normal HTML link), just drag the link into the same window, if you see what I mean. I'm pretty much in the habit of dragging links instead of clicking on them all the time now. (Lucky for me, that works on both IBrowse and Galeon, so I don't have to remember two different behaviours depending on which box I'm sitting in front of).

-Stephen

eh? (2)

sporty (27564) | more than 12 years ago | (#148096)

a security hole filled browser implementing privacy enhancements to protect user sercurity. Am i the only one seeing some irony in this? :)

---

First Party Cookies (5)

The Raven (30575) | more than 12 years ago | (#148099)

Anytime you have multiple websites owned by the same company, then you immediately have a condition where that information is assumed to be shared between sites. This is a backend issue unrelated to how browsers or privacy policies work.

I'm mildly amused that the poster seems to regard this as some kind of 'sneaky trick' by microsoft. As if it is 'wrong' to maintain a single login location, as if you 'should' create a separate login for every single website. I've been working on database driven websites for nearly 5 years now, and I can't recall a single technical reason why I'd want to make multiple points of entry to the same database. The only reasons that are valid are design issues... specifically, did we want to have the customer see that login page A is actually affiliated with website B. Microsoft, being such a public brand, has no need to hide the association.

The way I look at it, by having a single login location Microsoft is actually being open and honest. They COULD have multiple points of entry into the login database, one for each site, and thus hide the fact that they are pooling user information between domain names. With a single point of entry, they are revealing their practice of data sharing... something that would be obvious to anyone with technical understanding of database driven sites.

People get all up in arms about privacy with cookies, logins, and user information pages... completely forgetting that sites owned by the same company don't have to use ANY of that to create a profile of your activity on their multiple sites. People seem to have this idea that differing domain names create a magical 'wall' between sites, preventing anything from leaking from one domain to another. Anything they see as breaking that wall is somehow evil.

In all practicality, if Microsoft really wanted to, they could make all their sites as subdomains of microsoft.com... msn.microsoft.com, passport.microsoft.com, msnbc.microsoft.com, etc. Then, the actuality of data sharing would be more concrete for the less technically inclined.

Raven


And my soul from out that shadow that lies floating on the floor

Re:All I want ina browser... (2)

ajs (35943) | more than 12 years ago | (#148104)

Under Windows, you probably want Netscape 6.1 [netscape.com] (*not* 6.01, which is *way* too unstable).

You will find NS6.1 to be very privacy friendly (though two of your features are missing: JavaScript per domain and images by size).

It's based on the Mozilla 0.9.1 [mozilla.org] release which is very nice, and usable on it's own, but adds a number of plug-ins that are worth having.

--
Aaron Sherman (ajs@ajs.com)

Re:How Does Site Inform Browser of Compliance? (4)

csbruce (39509) | more than 12 years ago | (#148108)

The server must respond with:

Server: Microsoft-IIS

(or maybe that's IE6.1...)

OmniWeb rules! (2)

jcr (53032) | more than 12 years ago | (#148112)

In OmniWeb (Mac OS X only, sorry guys) you can:

1) give a list of regex's to filter. (Mine are .*banners*, .*\.doubleclick\.net, etc.)

2) set your cookie policy per site (I take slashdot's cookie. All others, I accept and discard when shutting down the browser.)

I haven't used iCab, but I'm told it gives you similar options.

-jcr

sorry charlie... (2)

joq (63625) | more than 12 years ago | (#148116)


I'd have to disagree with you. Whether or not I used IE I know enough about privacy, and there are many tools one can use such as JunkBuster to maintain an efficient level of privacy via way of cookies. Some things you should take into consideration are, aside from technology, marketing companies do psychological research on all types of people in order to perform target marketing of products. You see it on television when you watch commercials, e.g. ever see any commercials for black hair care products when Sally Jess Raphael is on? No you're going to see it on BET or when Oprah is on.

This is still a form of privacy violation in a way since someone seems to assume only a selective class of people would watch television. When you go the local stores in urban neighborhoods you can see it via ads as well in which you'd be surprised how many companies perform these tasks via polls, questionaires, etc.

When it comes to the Internet you have to keep in mind no one can see you, and you have every option to decline such things as cookies, or install programs which can act as a bodyguard to protect some site from gaining information on you.

Check out some of my privacy links [antioffline.com] should these things disturb you, but don't assume any technology can fully impose on someone without their consent whether they consent to it or not.

Re:All I want ina browser... (2)

mduell (72367) | more than 12 years ago | (#148120)

I know its kind of an odd thought, but you could buy the @Guard firewall, which does all of those.

Mark Duell

Re:Mozilla vs IE 5.x - a test (1)

spectro (80839) | more than 12 years ago | (#148121)

IE seems slightly more compatible with most sites

Actually, most sites seems slightly more compatible with IE

---

Re:How Does Site Inform Browser of Compliance? (2)

pnear (82936) | more than 12 years ago | (#148122)

From the brief reading I've done, they want to see a link in the HTTP header that refers to the location of the privacy policy on the server. This policy needs to be encoded in XML to match a set of tags specified by the W3C spec.

More technical information can be found here:
http://support.microsoft.com/support/kb/articles /q 283/1/85.asp
http://www.w3.org/TR/P3P/

Re:Microsoft Slashdot Site (1)

DebtAngel (83256) | more than 12 years ago | (#148123)

Oooh. Symantic attack. Cute. I really like the way you used the IP addy without the octets. Very clever.

Re:IE6 wishlist... (1)

avail (84055) | more than 12 years ago | (#148124)

"Quite frankly I'm amazed that these advertising companies haven't been able to buy that functionality out of the IE6."

I think that on this issue, MS would value the positive public perception of being pro privacy than the money doubleclick or others would pay. It's not like Doubleclick has a whole whack of cash to pay MS.

Re:All I want ina browser... (1)

Moonshadow (84117) | more than 12 years ago | (#148125)

I want the ability to filter images based on the domain and/or size (no more 1x1 web bugs).

Bad idea, here's why. A lot of webmasters use 1x1 transparents for good uses. Myself, I use them to create sites that render the same in IE and Netscape. Blank table cells aren't rendered in Netscape 4.x-, and if a non-breaking space is going to expand the cell to larger than what I want, it's a problem. So I drop a 1x1 in there. Similarly, I use them as absolute width holders. Browsers are really very good at ignoring table and cell widths - so you drop a 1x1 in there stretched to the padding size I need.

Also, if you do that, then the ad companies will come up with something else. Such as creating a layer 500x500 pixels, dropping their webbug in that, and setting the z-index to -1 so it doesn't show up or capture input.

Too easy to get around, too much functionality lost.

Now, disabling loading images <= a certain size across domains == good idea.

Just make sure you don't make it even harder for us to get a page to render correctly in multiple browsers.

"bad news" for doubleclick? nope (4)

Speare (84249) | more than 12 years ago | (#148126)

No, the bad news is for IE users who think this will block DoubleClick.

The article states DoubleClick expects to be compliant with P3P before IE6 is released, which means IE6's defaults will allow DoubleClick cookies. Doncha think DoubleClick and Microsoft are gonna be talking about such business-model show-stoppers and finding ways to make each other happy? Users will still have to take individual opt-out actions to stop being tracked.

Even so, cookies are not the only way that people can be tracked. Any group of companies could just share apache logs and do some simple Perl analysis to correlate a huge number of visitors. Some factors like NAT and PPP reduce the effectiveness, but the majority of useful data can still be data-mined. Cookies are just the lazy way of doing the same thing, as well as providing stateful visits to the sites themselves.

Re:*sigh* (1)

ChristTrekker (91442) | more than 12 years ago | (#148129)

Does it do anything with meta-info (other than TITLE tooltips on A) yet? I don't use IE unless I have to, so I don't know. I follow just a few things in Bugzilla involving HTML/CSS compliance, so I know there are lots of issues involved. I doubt MS has gotten it perfect.


I have zero tolerance for zero-tolerance policies.

My Fortune as seen on Slashdot today... (1)

BierGuzzl (92635) | more than 12 years ago | (#148130)

"What people have been reduced to are mere 3-D representations of their own data." -- Arthur Miller

Netscape plugin (2)

BierGuzzl (92635) | more than 12 years ago | (#148131)

It would be really trivial to implement this plugin for other browsers and web servers. I think that universal plugins is the wave of the fugure, if any company would ever pick it up and run with it. A taskbar icon with a flag indicating protected privacy would be handy even for non-internet users, when using word processors, databases and spreadsheets, to ensure that there are no keyloggers running, for instance. For those browsers without the plugin, a simple checkbox in the "preferences" tab could be added to send back demographic info on the number of users interested in P3P support for their browser.

Anything Mozilla doesn't support is planned (3)

BierGuzzl (92635) | more than 12 years ago | (#148133)

One day mozilla will even cook your breakfast for you.

Re:OmniWeb rules! (2)

mindriot (96208) | more than 12 years ago | (#148134)

> (I take slashdot's cookie. All others, I accept
> and discard when shutting down the browser.)

That's exactly what I want to see in a browser. Many shopping sites need cookies to keep track of the shopping cart, which is fine with me. And I don't want to keep turning cookies on and off or manually accepting/rejecting them just to be able to use a shopping cart. My current solution is starting netscape/mozilla via a script that deletes all stored cookies except the ones I want to keep (/. etc). That way, cookie-dependent web apps will work, but cookies will disappear the next browsing session.

*sigh* (5)

zpengo (99887) | more than 12 years ago | (#148136)

Now, if we could just convince them to implement the W3C HTML Standard or the W3C CSS Standard.

You know...basic browser stuff.

Which Browser Performs Better At Standards Tests ? (4)

Carnage4Life (106069) | more than 12 years ago | (#148142)

Now, if we could just convince them to implement the W3C HTML Standard or the W3C CSS Standard.

As far as I know, Internet Explorer performs better at Standards Conformance tests such as
  1. Todd Fahrner's Box Acid Test [rydia.net]

  2. Inoshiro's browser test [thock.com] with a screenshot from IE 5 on the Mac [mac.com] courtesy of The Answer is 42 [kuro5hin.org]
than most other browsers out there. Mozilla and Konquerer are up there as well but they aren't close especially with regards to the newer XML related standards.

--

Microsoft to implement Slashcode (4)

SpookComix (113948) | more than 12 years ago | (#148145)

Redmond, WA
In a startling press release from Redmond, Microsoft has announced that it's corporate web site will incorporate the use of Slashcode.

However, the popular "geek" web site "Slashdot.com" was less than impressed.

In an article authored by Slashdot editor "michael", he writes "Microsoft has no business running Slashcode. We, um, don't like Slashcode anymore." When questioned about this sudden change in position, "michael" responded "If those bastards run it, it must really suck." "michael" then forked the sign of the devil, and foamed at the mouth.

Slashdot editor "Hemos", when asked for further comment, replied "Yawn".

So, it seems that, although Microsoft may make grand steps toward securing their browser software and optimizing their web presence, Slashdot nerds will never, ever, be satisfied.

--SC

Actually, you're 100% wrong - here's the truth (4)

legLess (127550) | more than 12 years ago | (#148149)

Microsoft has an article, Privacy in Internet Explorer 6 [microsoft.com] that should answer your questions.

Namely, even on the "High" security setting, IE6 will accept 3rd-party cookies that have an "acceptable" P3P policy ("acceptable" is defined). If you'd read that document, it looks like they're implementing this rather well. They've made intelligent exceptions (e.g. "Special Provision for Legacy Opt-Out Cookies"), and they're very clear about IE6's behavior.

Now, I don't particularly like P3P, nor do I like feeling that M$ is shoving it down my throat. Is it the best possible solution? Perhaps not, but what else is there?

An earlier linked article [epic.org] at EPIC complains about how difficult most users find changing their cookie preferences and how confusing privacy is. Their solution? A "tools" page [epic.org] with 62 bloody links on it, to proxies, cookie managers, filters, PGP, SSH, anonymizers - most Windows users would have a heart attack just trying to understand the acronyms. That's supposed to be easier?? This is precisely the problem Microsoft is trying to address.

I hate to be an IE apologist, but IE6 kicks the shit out of Mozilla at cookie-handling. This is classic Microsoft strategy: move into a market space that has no standards and leverage their monopoly to say, "From now on, you're doing it our way." I don't like their monopoly powers, but no one else was even doing a half-assed job at this. What's the leading contender to P3P? There isn't one. You can install the something from EPIC's page (as far beyond the reach of most Windows users as recompiling a kernel), but I bet none of these have even 2% market penetration.

The only reason Microsoft could adopt P3P and take over this privacy space so easily is that the rest of the 'net has done such a piss-poor job of it for the last 10 years.

question: is control controlled by its need to control?
answer: yes

Before you go nuts... (2)

thesolo (131008) | more than 12 years ago | (#148150)

...on a Microsoft Monopoly Tangent, everyone needs to remember some things.
As soon as someone mentions Microsoft implementing a standard, everyone cries out "M$ has never implemented standards! Thats why I use Netscape!"
Yeah, well Netscape did the same thing to Mosaic. They made their own tags (BLINK!), and only their browser supported it. And yet somehow MS is the only bad guy here. MS is implementing a standard, and IE6 is getting a lot closer to the w3c's standards for HTML & CSS. Which is much more than can be said for Netscape, Mozilla, etc. (Hell, netscape doesn't support ANYTHING anymore!) You don't have to go apeshit on an anti-MS rant just because they are doing something right...

Doubleclick and P3P (4)

stox (131684) | more than 12 years ago | (#148151)

Don't think Doubleclick is going to have much trouble, they helped write the P3P standard.

Re:*sigh* (1)

batkiwi (137781) | more than 12 years ago | (#148154)

Exactly which parts of the current reccomended standard (xhtml1.1) does IE6 not properly comply to?

Or html 4.01 for that matter.

riiiight (1)

characterZer0 (138196) | more than 12 years ago | (#148155)

mozilla does a lot of things i don't want it to. it may know how joe user likes his eggs, but it doesn't know that i like mine steamed, over easy, with cinnimon. and won't let me tell it.

Re:riiiight (1)

characterZer0 (138196) | more than 12 years ago | (#148156)

It is a wonderful thing that good programmers that want to customize software can get the source and do it at will. Unfortunately, that leaves those of us without the time, motivation, or ability to learn that particular langauge without software we like. A majority of computer users are not programmers. You may call us 14m3; but I have no regrets that I've decided to study mechanical instead of software engineering. But due to the difference in the fields, you will be able to take your car to a custom shop and have them modify it to suit your wants. It is unlikely that I will be able to take some open source to a programmer and pay him or her to modify it to fit my wants. The beauty of UNIX is that I can put the tools together fairly easily to create a software environment to my liking. Endeavors like Mozilla, however noble they may be, do not allow this.

Re:"bad news" for doubleclick? nope (1)

dwm (151474) | more than 12 years ago | (#148159)

<ObGeekLOTRRef>
Any "privacy" standard that won't block Doubleclick belongs in the mathom-house.
</ObGeekLOTRRef>

Re:Atrocious (4)

Pinball Wizard (161942) | more than 12 years ago | (#148160)

so you're saying msn.com will do things that other web sites can't? That's silly.

All they are doing is passing people through msn.com first before sending them to any other MS web site. If I had a big organization with 20 different sites, I would do the same thing. It makes sense - you track total usage of your web properties in one place.

Besides, if you don't want cookies, just turn off cookies. If you want to be warned each and every time someone tries to set a cookie on your machine you can do that to and refuse each cookie individually.

This is not that big of a deal. I personally welcome the added security features.

Re:javascript filter (1)

SquadBoy (167263) | more than 12 years ago | (#148164)

I don't know why your post is at 0 but thanks very much. I'm going to repeat it here so more people will see it thanks.
this is for the javascript filter wishlist bug in mozilla: http://bugzilla.mozilla.org/show_bug.cgi?id=75371
posted by arielb

Re:All I want ina browser... (2)

SquadBoy (167263) | more than 12 years ago | (#148165)

"I want the ability to filter cookies based on the domain they came from. /. cookies - Yes. Doubleclick - No. "
Mozilla can do this
"I want the ability to filter images based on the domain and/or size (no more 1x1 web bugs)"
Mozilla can filter based on domain or site.
Mozilla makes it really easy to turn JavaScript off can not do it based on domain that would be a cool wishlist bug I think. And of course 90% of the time turning off Javascript will make popup adds etc go away. Mozilla on a Windows machine can give you much of what you want. In particular if you are like me and don't want the Javascript stuff on most of the time. With the -turbo switch it is every bit as fast as IE 5. Have fun.

You know why they call it P3P? (1)

The Gline (173269) | more than 12 years ago | (#148168)

Because PPP is a) already used and b) vaguely obscene-sounding.

(Oh, like P3P isn't also vaguely obscene-sounding?)

Re:Here we go again. (1)

danheskett (178529) | more than 12 years ago | (#148169)

You'd like it to be that simple, wouldn't you?

MS added IE to the Operating System. In Windows 2000 and especially Windows XP it is a very core part of the OS - it handles browsing, network traversal, directory client integration, etc etc.

The real question is:

Should MS be limited from adding functionality to their OS, which is or approaches a monopoly, even if it hurts their competitors?

My answer? Yes. Yours? I don't know, but to try to simplfy to the "MS kill Netscape. MS monopoly. IE bad." level is pretty silly.

My question to you, then, if you care to answer it is this:

MS realizes that the Web is the future of computing. Because of their success in Operating Systems should they be precluded from modifying/creating an OS that fills this demand - even at the expense of competitors who markets may or maynot be eliminated? Yes, or no. Not so simple, if you ask me.

Earlier Reports (3)

Alien54 (180860) | more than 12 years ago | (#148170)

This was Reported earleir (12 june 2001 on the Register here [theregister.co.uk] under the title "WinXP IE6 spells death for Doubleclick - and a boost for MSN?"

There was an interesting follow up the following day, see here [theregister.co.uk], under the Title "IE6 will not monster our cookies, says Doubleclick"

The gist of the second story:

Doubleclick cookies may be entirely blocked by the current beta versions of IE6, but DoubleClick insists that this won't be the case by the time the finished version of IE6 ships, this August. The company has a machine readable P3P policy in preparation, and this will allow Doubleclick cookies to be accepted by IE6 at the default privacy settings.
And there is this tidbit
That's just a snapshot of the way Redmond is currently embracing independent Internet standards. By keeping ahead of the curve, putting them in place first, Microsoft can call the shots as regards how they're put in place.
Lovely, simply lovely.

To get off on arguing about Double click misses the main point entirely. MS is there first with the most money in the next generation of privacy control, via IE6.

Time to play connect the dots.

Check out the Vinny the Vampire [eplugz.com] comic strip

Re:Reject this foreign technology! (1)

cOdEgUru (181536) | more than 12 years ago | (#148171)

Dude, The most invasion of privacy has happened in US. And you are worried about others ???

Mozilla vs IE 5.x - a test (2)

cbr372 (193706) | more than 12 years ago | (#148172)

Mozilla [mozilla.org] is currently the most standards-compliant browser. In its 0.9.1 reincarnation, I have found it to be fast, reliable and easy to use. I tried the GNU/Linux and Win32 versions.

My Win32 test included a end-to-end test against the hyped IE 5.X browsers.

The test was performed on a standard 700Mhz Duron with 128MB of RAM running Windows 98SE.

My conclusive results are as follows:

Loading

Mozilla 0.9.1 loaded 17% faster than IE 5.01 and 21% faster than IE 5.5 using the -turbo option (C:\mozilla\mozilla - turbo)

IE 5.01 and 5.5 loaded 31% faster than Mozilla 0.9.1 when Mozilla was loaded without the -turbo option. This is not a good measure of true performance though - IE loads itself into memory. A better test would be to use Mozilla -turbo vs IE (see above).

Sites

90% of sites viewed with Mozilla loaded 100% correctly the first time they were loaded. 5% of the sites test with Mozilla loaded 80% or better when loaded for the first time with Mozilla. 96.2% of sites loaded 100% correctly when refreshed multiple times under Mozilla.

96% of sites viewed with IE 5.5 loaded correctly the first time. 98% of the sites loaded correctly after multiple refreshes.

89% of sites viewed with IE 5.01 loaded correctly the first time. 7% of sites tested did not load properly due to a 128-bit encryption SSL bug in IE 5.01

Reliability

IE 5.01 crashed the system a total of 2 times. 50% of the time, IE 5.01 took down the system with it, claiming something to the effect of: "Illegal operation: Iexplore.exe", followed promptly by: "There was an internal error in Explorer.exe". The Task manager and Start Bar dissappeared and the system froze.

IE 5.5 crashed a total of 1 time, claiming: "Illegal operation: Iexplore.exe". The system stayed up and IE 5.5 was able to restart.

Mozilla did not crash during this test.

Conclusions

IE seems slightly more compatible with most sites, but Mozilla seems faster and more stable at most tasks. Undoubtedly future versions of IE and Mozilla will improve and re-testing will be neccessary.

Re:*sigh* (1)

ichimunki (194887) | more than 12 years ago | (#148173)

Hmmm. I've never thought to include a user agent check to tell a user they've gone to the dark side, and could they please see the light. Interesting idea.

As I read this article it sounded like a perfect opportunity for MS to screw small business and amateur web designers out of being able to reach customers or interact with them meaningfully. Of course, I was only half paying attention since most of the time I was thinking, "why bother? IE6 won't run on Linux and I wouldn't use it over Konqueror even if it did."

Re:3rd party ad serving and IE6 (2)

ichimunki (194887) | more than 12 years ago | (#148174)

I don't know who sold you the line that most people don't care about 3rd party cookies. Except maybe the same person who told you "what they don't know can't hurt them".

I, for one, consistently refuse third party cookies using either IE4.5 on Mac OS or Konqueror under Linux. But this is because I get a little message each time a cookie is sent and I have to choose. The public has only been web browsing seriously for about four years and is generally uneducated about the kinds of databases that are being built from the collected data. But as they become more aware, I think you'll find that no one will want to accept 3rd party cookies-- even those that pass whatever minimum standards MS implements here.

IE6 is less buggy than 5.x (1)

linzeal (197905) | more than 12 years ago | (#148176)

I use IE 6 on my computer at work and have noticed that it is far more stable than 5.x.

At home I use Konqureor and Mozilla one displays pages funny sometimes and the other is more prone to crashing.

I actually wish IE was avialable for linux it may be the only product I'd ever use of theirs cross platform besides unreal tournament ;)

IE 6.0's P3P implementation is unenforceable (3)

SuperBug (200913) | more than 12 years ago | (#148178)

The IE 6.0 implementation of P3P, as stated by Microsoft here [microsoft.com], is basically unenforceable and IE 6.0 relies on those who are implementing the P3P policies to be honest and forthcoming for what their real privacy policy is. Also, there are several ways around even needing to USE P3P.

The simplest is for someone like DoubleClick or AdForce, or Mediaplex (here on slashdot), to just redirect the cookie data being sent back to their servers, to their clients' sites and have the first party site re-set the cookie so now it is simply first party, but is still globally available.

Then by changing the code which performs cookie operations on the clients' sites, it will then be a first party cookie, and the first party will then generate the call for the banner ad, etc, but with data popluated by the first party instead of cookies set by the third party. Just a tip.
- SuberBug

okay, in all fairness... (1)

Sodakar (205398) | more than 12 years ago | (#148179)

Okay, so I joked around a bit in my other post, but... it would be nice to be able to surf the web and know that the stores and informational sites I am visiting all participate in an established privacy policy.

Right not, it seems like you're just walking on thin ice -- with the next questionable website ready to sell your information for cash. I can't say the FDAA is perfect, but I sure like the idea that I can buy vitamins without worrying about my identity being sold... so... in that sense, it's a (small) step in the right direction...

...and I suppose you could just argue that Microsoft's own sites are ... er.. "already compliant"... heh..

Re:Which Browser Performs Better At Standards Test (2)

Tyndareos (206375) | more than 12 years ago | (#148180)

Have you actually looked at your second link? It has mozilla showing the reference image of what it should look like and most of IE's renderings seem to have problems. The first link doesn't really show IE outperforming Mozilla either. I'm not saying it doesn't, but your links don't seem to support your statement in particular.

--
Matthijs

Re:Sucks to be you (1)

jjsjeff (210138) | more than 12 years ago | (#148181)

Since M$ deems OSS "a cancer" they won't make software for Linux.

Have fun sitting in your cubicle using your Vaporware (tm).

-Jeff

Re:Sucks to be you (1)

jjsjeff (210138) | more than 12 years ago | (#148182)

Ok I must pardon myself. I thought you were talking about using a l4m3 win98 machine earlier.

Can we kiss and make up now?

-Jeff

IE6 wishlist... (2)

sdo1 (213835) | more than 12 years ago | (#148184)

One feature I'd love to see on IE6 as far as privacy goes is the ability to easily import and export lists of sites from the "Restricted sites" list. I have all the usual suspects (doubleclick, avenuea, etc) at maximum restrictions meaning no cookies, no scripts, etc.

Quite frankly I'm amazed that these advertising companies haven't been able to buy that functionality out of the IE6.

-S

So why can't everybody do that? (1)

digitect (217483) | more than 12 years ago | (#148186)

...they bounce people through msn.com to log in to any Microsoft property, so it's always a "first-party" cookie being sent/placed.

I know next to nothing about this, but what's to stop somebody from using this same method to force you a cookie from evilwebmaster.com?

Re:Web Bugs (1)

michaelo (224201) | more than 12 years ago | (#148187)

2) Most Slashdot users use Internet Explorer
Do they? Really? I really didnt thought this.. do you have some statistics about this?
J.

Good, but people will still give up their privacy (1)

jdev (227251) | more than 12 years ago | (#148188)

This is definitely a step in the right direction, but we have a long way to go. Most people will likely ignore the privacy policies and accept them like we do shrinkwrap licenses.

Also, it's questionable whether companies must abide by their policies or change them as they please. Would this help an individual when a dot-com goes bankrupt, then changes their policy to sell their data?

Default will allow 3rd party cookies if... (1)

jdev (227251) | more than 12 years ago | (#148189)

Actually, the default setting will allow 3rd party cookies. Here's a quote from the CNET article:

However, "third-party" cookies--most often set by marketers or ad networks to track consumer response to promotions--will be allowed through IE 6 default settings only if the third party allows consumers to opt out of data-collection practices. If the company doesn't give consumers an option, the cookie will be blocked.

DoubleClick's Polonetsky noted the company does not collect personally identifiable information with its cookies and does offer consumers an opt out, so its cookies will be accepted under IE 6 default settings.

I am not exactly sure what allowing "consumers to opt out of data-collection practices" really means, but if DoubleClick can actually be allowed on the default, it could not be too restrictive :)

Re:Well, now, that's a first! (3)

hillct (230132) | more than 12 years ago | (#148190)

Microsoft is only ever going to implement standards which it thinks are in it's best interest. You can bet M$ bCentral.com (remember www.linkexchange.com?) will have their P3P policy in place in a hurry if it isn't alredy there...

To be honest though, the business advantage for Microsoft, of implementing this standard atthis point is still a bit sketchy in my mind...

What do they hope to gain? User trust? Most users blindly trust them anyway, and those who don't (ie: /.ers, etc.) are unlikely to start trusting in the almighty Bill because of this move. What's the angle here?

--CTH


---

Re:How Does Site Inform Browser of Compliance? (2)

room101 (236520) | more than 12 years ago | (#148194)

you see that flag because nobody has changed their site to support p3p yet.

On your site, you put headers like this:

P3P: {url to xml describing your p3p policy}, CP="xxx xxx xxx xxx xxx xxx"

The "CP" part is the compact version, but that is optional.

HTH

3rd party ad serving and IE6 (5)

room101 (236520) | more than 12 years ago | (#148195)

Yep, this really sucks for third party ad serving companies (like mine). The shitty thing is, it doesn't matter if we implement p3p on our systems or not, we will still get blocked from our cookies, because the default setting doesn't allow 3rd party cookies. (and who in the world is going to relax that?) We (as a industry segment, not just individual companies) have complained to MS about this and their response has been pretty lame. It is really easy for them to redirect their people to their website, but that isn't feasable to everyone else.

I know what some will say, that finially these advertisers are getting what they deserve, and I don't totally disagree, but keep in mind, that (I don't know about other comanines, well, yes I do, but that is totaly someone else) we don't do anything "bad" with the cookies we collect. We don't sell personally identifiable data, etc. We have one of (I don't know of a better one) the best privacy policies in the industry. If everyone just decided that they didn't want 3rd party cookies, that would be one thing, but they haven't, because most people don't mind, as it doesn't hurt anyone. We don't deserve for our business to get impacted this much because of some arbitrary decision made by those people.

Oh, well, enough of this ranting.

Re:Great... some real innovation! (3)

hammock (247755) | more than 12 years ago | (#148196)

There was some talk of this earlier in the Mozilla development. The founding father of Mozilla rejected it, since they steer development, and blocking ads is not in thier best interest.

The founding father in this case is,

Netscape Corporation

good idea (2)

kilgore_47 (262118) | more than 12 years ago | (#148204)

I'm all for more user-privacy, but I don't see M$'s motive for doing this. How can it benefit them?!

And, by a local cookie do they mean from the same domain as one up in the location bar? My website has several domains, and uses a cgi program that spits our a semi-random image and also sets a cookie. The cgi is always called from one of the domains, so if someone finds the site by typing in another of my domains and the cookie gets set, is that not a local cookie?

-

Worry about US corps, not foreigners (1)

Vainglorious Coward (267452) | more than 12 years ago | (#148206)

I fully support the idea of a Privacy Bill of Rights and would agree that P3P could be a distraction from the real issues, but your comment

"...the widespread adoption and implementation will make it impossible to constrain the access of foreign web sites to the personal information of U.S. citizens"

is way off the mark. Most other countries (and all "first world" ones), have much more effective controls in place over privacy than the US (which has almost none). When did you last see a US website privacy policy that covered all the OECD principles [oecd.org] (there are actually eight of them - have you ever seen a privacy policy address more than four?). Witness the (still ongoing) furore between the EU and the US over the safe harbour agreement. If there's an enemy here, it's not the foreigners but US corporations.

Bye (1)

Vainglorious Coward (267452) | more than 12 years ago | (#148207)

"most people don't mind, as it doesn't hurt anyone"

Utter nonsense. Most people don't know what's happening to their personal information. Lack of complaints indicates ignorance, not agreement.

And there's little point whining that your business is impacted by someone's "arbitrary decision". If an arbitray decision can put you out of business, then I would say that your business model wasn't very sound in the first place, was it?

Re:*sigh* (3)

Eryq (313869) | more than 12 years ago | (#148217)

It appears that your operating system is not supported by shockwave.com. We support the following operating systems: Windows 95, Windows 98, Windows 2000, Windows NT 4.0 (or later), and Mac OS 8.1 (or later)."

I just saw this, from Solaris (on which, BTW, I run Netscape 4 with a Shockwave plug-in that works just fine). My response: what kind of BS is this?

So now Shockwave.com doesn't like my fsck'ing operating system? WHY? Why should it care about my OS, if my browser is up to the task?

Next I suppose they'll shut me out for having a monitor that's too small, or one which doesn't display 16M colors, or that was manufactured by Sony.

Finally, I suppose, I'll see something like this:

Your IP address is on our list of Open Source Development sites. Shockwave does not display its content to individuals who support the FSF, the GPL, Linux, Global Warming Theory or Public Television. Go back to China, you un-American commie pinko freeloader.

Sheesh.

Reject this foreign technology! (1)

sllort (442574) | more than 12 years ago | (#148232)

From the p3p FAQ [w3.org]:

30. Is P3P an American technology?
While many of the member companies that worked on P3P are based in the U.S., the specification itself is meant to be international. The P3P vocabulary, for instance, was created with the input of many people both in and outside of the U.S. Nearly half of the members of the working group that worked on the vocabulary were invited experts and staff from international data commissioners' offices, many of which were from Europe. In addition, there has been considerable input from Japan.

Some privacy advocates have argued that P3P distracts from efforts to develop privacy legislation in the U.S.

This initiative is a stake in the heart of the initiative for a Privacy Bill of Rights in the United States. Despite the light coverage of this topic in the FAQ, the widespread adoption and implementation will make it impossible to constrain the access of foreign web sites to the personal information of U.S. citizens. The technological barrier to a citizen's privacy will be in place long before we succeed in guaraunteeing the privassy rights of all Americans.

Don't let Microsoft [intel.com] doom our future. Fight for privacy. Don't use IE6.

How Does Site Inform Browser of Compliance? (2)

idonotexist (450877) | more than 12 years ago | (#148235)

While testing IE6, I noticed a 'flag' on the status bar which indicates privacy compliance or privacy non-compliance. I found every site a visited displayed a red flag. How does a site indicate to IE6 browser that it does, indeed, have a privacy policy? For instance, is a certain name required in home directory (like a site icon)?

Following standards?! (1)

jeffy124 (453342) | more than 12 years ago | (#148236)

What's this!? M$ decides to follow a standard set by w3c!

I wonder if when Netscape implements P3P, MS strays away from the standard, websites adjust their policies because IE is used most, Netscape now imcompatible with the websites.

Additional story at ZDNet [zdnet.com]

Re:All I want ina browser... (2)

jeffy124 (453342) | more than 12 years ago | (#148237)

If you have a Mac OS X, there's a browser known as OmniWeb [omnigroup.com] that can satisfy you. It can site-by-site cookies, blocking of ads, blocking of new windows being spawned unless it's from a link, and other cool stuff.

Beleive it or not, IE 5 beta for OS X can also handle some cookie filtering on a site-by-site basis.

Well, now, that's a first! (1)

Anomolous Cow Herd (457746) | more than 12 years ago | (#148240)

IE6 being the first browser to implement the Platform for Privacy Preferences (P3P) standard.

Well, there's a change. For once, M$ is implementing an industry standard in their browser. Too bad their support of W3C standards are sketchy at best. Oh well, I guess when you own the market, you can just make up your own standards as you go along...

-turbo eats 15MB of ram (1)

Boba001 (458898) | more than 12 years ago | (#148242)

I'd hope Mozilla loads faster since it's eating an extra 15MB of ram without a browser window even open. It jumps up to around 23MB with just one window open...

Re:Atrocious (1)

Anomynous Cowand (459781) | more than 12 years ago | (#148246)

His point was that other sites "aren't today" but Microsoft has positioned MSN to "not lose" by default. And MSN CAN do something that other sites CAN'T.

Look at it step by step:

First, let's start with some working assumptions. Assume that cookies "benefit" advertisers in some financial way. Another assumption is that consumers will not change default settings. As I've said before, 50% of users require help desk assistance to change their screen savers. Just because you're smart enough to use a computer does not mean you can apply that intelligence or experience to Joe6Pack@AOL.COM.

Next, look at how cookies work: they are served up when images on a web page are delivered. This happens one of two ways: either the server delivering the page delivers the images, or someother server does.

The model by which most web advertisers work is: they host the images (exchanging cookies and thus deriving benefit) for other servers. The somewhat unique model by which MSN works is: they both host the pages AND the advertising.

IE 6 will now block "third party" cookies by default. Advertisers operating under the first model are "third parties". This will deprive these advertisers of the "benefits" derived from distributing cookies. MSN operates under the second model, and will not lose the benefit.

Finally, the 'M' in MSN stands for Microsoft -- the same company distributing the browser that will no longer provide benefits to those other advertisers. It's the point of the whole article: Microsoft is leveraging advantage unfairly.

It's not silly. It's real money and they are real businesses that will make less money, putting real people out of real jobs. Whether or not you like them, whether or not you think all advertisers should go out of business and straight to hell, this will harm many of them. It will also harm the independent web site operators whose pages are currently paid for by third party advertisers. It will not harm Microsoft in the least, because they ensured they would not be affected.

SMoke and Mirrors (3)

mathieukhor (460475) | more than 12 years ago | (#148247)

That's good, but I wanted to point out that P3P, like almost everything coming out of the privacy space is just smoke and mirrors.

P3P will allow a company to *describe* it's privacy policies versus every element/form/ or page on their site. It's a start, and will be the glue to enable a privacy "UI"'s. What it won't do is provide any means of enforcement. That is, just becasue site "x" says we don't divulge your purchase habits doesn't mean you can trust them.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...