The Register® — Biting the hand that feeds IT

Fresh privacy fears over IE 8 Suggested Sites

Anonymous Coward

first to say 

Posted Monday 2nd February 2009 14:42 GMT

ITS OPTIONAL- people need to not bitch, same kinda thing as with tv shows, don't like it , change the channel!

TeeCee

Makes perfect sense to me. 

Posted Monday 2nd February 2009 14:42 GMT

If you go to a URL that has a login and you fill this in and bang on the button then, if the site concerned then passes you to say: blah.blah.com/insideinfo&userid=jbloggs, then MS get the whole thing including the "jbloggs" bit you filled in on page one.

What's not to understand? The key bit here is "information associated with the web address" and the fact that they then go on to state that they don't take anything from the rendered page doesn't conflict with this at all.

e.g. For a real world example, typing a load of cobblers into Google produces a URL of: http://www.google.co.uk/search?hl=en&q=a+load+of+cobblers&meta=

Ponder Stebbins

Peer Guardian 

Posted Monday 2nd February 2009 14:42 GMT

Gates Horns

Peer Guardian and block all MicroCrap sites

Carl

Better pron... 

Posted Monday 2nd February 2009 14:42 GMT

Alert

Why is this possible useful, surely it sets alarm bells ringing in everyone's head the moment that they see this new 'feature'??

Personally, the only thing that I can see that this would be even slightly useful for is finding out if there is anything in the known universe that is better than thehun for late night shuffling material...

Stu

2nd Rate University 

Posted Monday 2nd February 2009 14:42 GMT

Flame

Drivel from a 2nd Rate University researcher......

Nobody should rely solely on "security by obscurity" or any information submitted as part of a URL (including session id values) as a means of securing any kind of non-public data.

Don't go mouthing off about Microsoft being the problem when the people that cause the real problems are the morons who design inherently insecure websites that any kid with half a brain could hack.

Anonymous Coward

Switching on suggested sites 

Posted Monday 2nd February 2009 15:09 GMT

Boffin

is a prat fall .

If you don't want to gift Microsoft a complete list of everything you have browsed, simply leave it off. Or upgrade to a proper web browser instead.

If you change your mind about suggested sites, well thats hard luck... Microsoft will still retain data (according to the IE8 privacy policy) and there's nothing you will ever be able to do about it.

frymaster

@Ponder Stebbins 

Posted Monday 2nd February 2009 15:31 GMT

"Peer Guardian and block all MicroCrap sites"

Yes, because hacks based on blocking implementation details are so much better than just TURNING THE DAMN THING OFF. If you're a big company, than you mandate that by group policy. Sorted.

Anonymous Coward

"still waiting for a clarification" 

Posted Monday 2nd February 2009 16:22 GMT

Dead Vulture

Well, while you're doing that, you could always refresh your memory of the explanations that we all gave you in the comments last time. Now put down the whip, and step away from the horse, it's not like the poor thing even knows you're there.

Lewis Mettler

first force the purchase of IE 

Posted Monday 2nd February 2009 16:22 GMT

Stop

And then this?

95% of consumers do not know they have been ****** with IE. They think it is free even when they paid cash money when they got it.

And, yes, some even claim IE is free (so shut up and use it).

Anonymous Coward

easy fix 

Posted Monday 2nd February 2009 19:03 GMT

Paris Hilton

Just don't send any URLs produced from a <form> element.

Paul

Richard raises a good point 

Posted Monday 2nd February 2009 19:03 GMT

If people want to let MS know where they surf that's their business, but MS is going to have to be very careful how they share those URLs with the public (which is, after all the point of the feature). The safest thing would be to share only the domain name, but as Richard points out that might not be enough if the site is something like Blogger that include a million different sub-sites. But sharing the whole URL would risk giving away user IDs or even (on an exceptionally poorly made site) passwords. But it seems to me theres a middle ground.

And come to think of it, it has alot to do with "search terms or data you entered in forms", AKA query strings. Basically URLs have three levels of detail. "example.com", "example.com/example.php" and "example.com/example.php?foo=example&bar=sample". The middle one should almost always be safe to share, and still provide enough detail to work with most sites. But the last one could definitely be a privacy risk. Ideally IE8 wouldn't even send that part back to MS, only the part to the left of the "?".

Wila

black hats will love it 

Posted Tuesday 3rd February 2009 05:56 GMT

Black Helicopters

Just another way that they can use to game the MIcrosoft universe.

Sure MS will check all those submitted sites you just "visited" for loading your system with malware? We know how good the automated systems from Microsoft are on checking for malware. Call me cynical, but here we have another GREAT new feature that will help PCs getting infected...

Anonymous Coward

@first to say 

Posted Tuesday 3rd February 2009 09:52 GMT

As long as its not turned on by default when IE is installed.

Nameless Faceless Computer User

Yet another feature I don't need or want 

Posted Tuesday 3rd February 2009 11:58 GMT

Thumb Down

This is another solution for advertisers to drum up traffic and a solution for Microsoft to charge for the service. I don't need any "suggestions" for where to surf. I've been doing it quite nicely on my own without any help.

Jodo Kast

Trust Microsoft at your own peril 

Posted Tuesday 3rd February 2009 17:02 GMT

Alert

This company is downright against your personal needs vs. the needs of their shareholders.

It's quite comical!