back to article Fresh privacy fears over IE 8 Suggested Sites

A top security researcher has called for Microsoft to rethink aspects of its Suggested Sites feature in IE8. The optional feature in the next version of Microsoft's browser allows users to "discover websites you might like based on sites you've visited", as Microsoft explains it. When the feature is activated, the addresses of …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    first to say

    ITS OPTIONAL- people need to not bitch, same kinda thing as with tv shows, don't like it , change the channel!

  2. TeeCee Gold badge

    Makes perfect sense to me.

    If you go to a URL that has a login and you fill this in and bang on the button then, if the site concerned then passes you to say: blah.blah.com/insideinfo&userid=jbloggs, then MS get the whole thing including the "jbloggs" bit you filled in on page one.

    What's not to understand? The key bit here is "information associated with the web address" and the fact that they then go on to state that they don't take anything from the rendered page doesn't conflict with this at all.

    e.g. For a real world example, typing a load of cobblers into Google produces a URL of: http://www.google.co.uk/search?hl=en&q=a+load+of+cobblers&meta=

  3. Anonymous Coward
    Gates Horns

    Peer Guardian

    Peer Guardian and block all MicroCrap sites

  4. Carl
    Alert

    Better pron...

    Why is this possible useful, surely it sets alarm bells ringing in everyone's head the moment that they see this new 'feature'??

    Personally, the only thing that I can see that this would be even slightly useful for is finding out if there is anything in the known universe that is better than thehun for late night shuffling material...

  5. Stu
    Flame

    2nd Rate University

    Drivel from a 2nd Rate University researcher......

    Nobody should rely solely on "security by obscurity" or any information submitted as part of a URL (including session id values) as a means of securing any kind of non-public data.

    Don't go mouthing off about Microsoft being the problem when the people that cause the real problems are the morons who design inherently insecure websites that any kid with half a brain could hack.

  6. Anonymous Coward
    Boffin

    Switching on suggested sites

    is a prat fall .

    If you don't want to gift Microsoft a complete list of everything you have browsed, simply leave it off. Or upgrade to a proper web browser instead.

    If you change your mind about suggested sites, well thats hard luck... Microsoft will still retain data (according to the IE8 privacy policy) and there's nothing you will ever be able to do about it.

  7. frymaster

    @Ponder Stebbins

    "Peer Guardian and block all MicroCrap sites"

    Yes, because hacks based on blocking implementation details are so much better than just TURNING THE DAMN THING OFF. If you're a big company, than you mandate that by group policy. Sorted.

  8. Anonymous Coward
    Dead Vulture

    "still waiting for a clarification"

    Well, while you're doing that, you could always refresh your memory of the explanations that we all gave you in the comments last time. Now put down the whip, and step away from the horse, it's not like the poor thing even knows you're there.

  9. Lewis Mettler
    Stop

    first force the purchase of IE

    And then this?

    95% of consumers do not know they have been ****** with IE. They think it is free even when they paid cash money when they got it.

    And, yes, some even claim IE is free (so shut up and use it).

  10. Anonymous Coward
    Paris Hilton

    easy fix

    Just don't send any URLs produced from a <form> element.

  11. Paul

    Richard raises a good point

    If people want to let MS know where they surf that's their business, but MS is going to have to be very careful how they share those URLs with the public (which is, after all the point of the feature). The safest thing would be to share only the domain name, but as Richard points out that might not be enough if the site is something like Blogger that include a million different sub-sites. But sharing the whole URL would risk giving away user IDs or even (on an exceptionally poorly made site) passwords. But it seems to me theres a middle ground.

    And come to think of it, it has alot to do with "search terms or data you entered in forms", AKA query strings. Basically URLs have three levels of detail. "example.com", "example.com/example.php" and "example.com/example.php?foo=example&bar=sample". The middle one should almost always be safe to share, and still provide enough detail to work with most sites. But the last one could definitely be a privacy risk. Ideally IE8 wouldn't even send that part back to MS, only the part to the left of the "?".

  12. Wila
    Black Helicopters

    black hats will love it

    Just another way that they can use to game the MIcrosoft universe.

    Sure MS will check all those submitted sites you just "visited" for loading your system with malware? We know how good the automated systems from Microsoft are on checking for malware. Call me cynical, but here we have another GREAT new feature that will help PCs getting infected...

  13. Anonymous Coward
    Anonymous Coward

    @first to say

    As long as its not turned on by default when IE is installed.

  14. Nameless Faceless Computer User
    Thumb Down

    Yet another feature I don't need or want

    This is another solution for advertisers to drum up traffic and a solution for Microsoft to charge for the service. I don't need any "suggestions" for where to surf. I've been doing it quite nicely on my own without any help.

  15. Jodo Kast
    Alert

    Trust Microsoft at your own peril

    This company is downright against your personal needs vs. the needs of their shareholders.

    It's quite comical!

This topic is closed for new posts.

Other stories you might like