Windows 8 setup shows 'Do Not Track' options
- 17 August, 2012 18:24
With Windows 8 RTM, Microsoft has revealed how it will notify users of the "Do Not Track" privacy setting for Internet Explorer 10 (IE10).
Last week, Microsoft's chief privacy officer repeated the company's position on Do Not Track (DNT), saying that the signal would be automatically turned on if users relied on the default settings listed during the operating system's setup.
But as a sop to critics of IE10's on-by-default DNT setting, users would be able to switch it off during the setup process, said Brendon Lynch, Microsoft' top privacy executive.
The DNT notification appears during the setup stages of Windows 8 RTM (release to manufacturing), the final code Microsoft issued to developers, IT professionals and enterprises that license the OS in volume.
When Windows 8 setup pauses to collect user settings, it lists DNT as the third item out of seven total.
"Turn on Do Not Track in Internet Explorer," the notice reads.
By clicking the "Use express settings" button to continue, the user accepts Microsoft's defaults, including DNT as switched on.
Users can, as Lynch promised, turn off DNT by choosing the Customize option. There, DNT is listed on the second of two screens, and can be switched off by toggling "Send a Do Not Track request to websites you visit with Internet Explorer."
Windows 8 users can change their minds at any time on DNT, and alter the setting through IE10's Internet Options dialog box. The DNT option is listed as "Always send Do Not Track header" under the Advanced tab of that dialog.
DNT signals whether a user wants online advertisers and websites to track his or her movements. All five major browsers -- Chrome, Firefox, IE, Opera and Safari -- can send a DNT signal, but only IE10 has it on by default.
(Apple's Safari switches DNT on when users surf the Web in private browsing mode.)
In May, Microsoft announced that DNT would be on in IE10, a position that has raised hackles among online advertisers, who have balked at browsers that turn on DNT by default.
Windows 8 tells users that Do Not Track is turned on when they choose the "Express settings" option.
Advertisers, browser makers, privacy advocates and others -- working in a Worldwide Web Consortium (W3C) standards-setting group -- have struggled to agree on DNT's implementation. Some parties, including Mozilla, the creator of Firefox, have argued that users must explicitly tell a browser to engage DNT for the signal to count, and thus reject Microsoft's by-default approach.
If users choose "Customize," they can toggle off Do Not Track during Windows 8's setup process.
European Union privacy officials sided with Microsoft in the on-by-default controversy when in June they urged the W3C to let Microsoft set DNT as on in IE10. The EU suggested the standards group accept a "first-run" option, meaning the setting would be acknowledged when a browser or OS was launched for the first time.
"Microsoft's actions don't deprive anyone of a choice, so they can't be criticised at that level," said Ryan Heath, a spokesman for the European Commission, in a recent email commenting on the dustup over IE10.
IE10 will also ship for Windows 7, but DNT will be handled differently for that edition, Lynch said last week. "Windows 7 customers using IE10 will receive prominent notice that DNT is turned on in their new browser, together with a link providing more information about the setting," he said.
Microsoft has declined to disclose its release plans for IE10 on Windows 7, and also declined to describe in more detail what Windows 7 users will face regarding the privacy feature when they first run the new browser.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is email@example.com.
Read more about privacy in Computerworld's Privacy Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Integrated Computing Platforms: Infrastructure Builds for Tomorrow’s Data Centre
Integrated Computing Platforms, such as EMC VSPEX RAs, provide a solution by eliminating the time (and cost) of designing, testing, and engineering integrated environments with components built independently of one another. These validated architectures are ready for production environments upon delivery, and offer a single point of support should IT require it. Learn more on how a leading IT vendor has aligned product innovation with an IT market need to improve efficiency, performance, and value for SMBs.
Implementing A Security Analytics Architecture
According to the 2012 Verizon Data Breach Investigations report, 99% of breaches led to data compromise within “days” or less, whereas 85% of breaches took “weeks” or more to discover. This presents a significant challenge to security teams as it grants attackers extended periods of time within a victim’s environment. More “free time” leads to more stolen data and more digital damage. Principally, this is because today’s security measures aren’t designed to counter today’s more advanced threats. Read on.
Spear-Phishing Email: Most Favored APT Attack Bait
This research paper presents findings on APT-related spear phishing from February to September 2012. We analysed APT-related spear-phishing emails collected throughout this period to understand and mitigate attacks. The information we gathered not only allowed us to obtain specific details on spear phishing but also on targeted attacks. We found, for instance, that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks.