Microsoft: IE9's web privacy hole? A feature, not a bug A hole has been spotted in Internet Explorer 9's do-not-track technology, and Microsoft says it's a feature not a bug. In response to a US government call for greater protection of consumers' privacy online, Microsoft added a Tracking Protection Lists (TPLs) feature to IE9. Netizens can use one or more lists to prevent certain …
Yes, this is how blacklists should work, but not filesystems. I find this system incredibly annoying. The way it should work in NTFS is
-apply group settings (with the more restrictive setting applying in case of conflict)
-apply user settings (which should ALWAYS supersede group settings).
Otherwise safely allowing one user to access a particular directory, for example, is a pain in the ass.
Why should a user setting override a group setting?
If you think it should then your setting up your groups wrong.
If the user your talking about needs access why are you putting the user in a group that denies access?
This also raises the question why your adding specific user permissions to objects rather than groups (we all do it at times I know but it is not the way it should be done). Try thinking of a group as a user that can change ownership without having to change the permissions rather than thinking that it is a looser set of permissions.
>Why should a user setting override a group setting?
Because that's the sensible thing to do. Fine-grained control should have precedence over large-scale. Deny access to everyone but to the known authorized persons. That's just common sense.
>If the user your talking about needs access why are you putting the user in a group that denies access?
Because when you have hundreds of users, accessing tens of ressources, but with specific rights, you just can't create a group for every one of them. You create a few tens of groups, maybe, for the general population, but sometimes you need exceptions. What do you do, remove the "exceptional" users from all their groups and create a special group for each of them? And do the same thing, the opposite way, each time one of your "special" users lose or gain credentials?
>Try thinking of a group as a user that can change ownership without having to change the permissions
Well that's exactly what a NTFS group is, a rigid multifaced anonymous meta-user closed to finer-grain control, and that's why it sucks.
>rather than thinking that it is a looser set of permissions.
??? tightness has nothing to do with it. It's just plain clumsy.
>This also raises the question why your adding specific user permissions to objects rather than groups [...].
Maybe because when john-doe-067845 (previously in group "users") genuinely needs -temporary- access to /secret/ressource/files/john-doe-067845/, but nothing else, I'm not necessarily willing to open the directory to all and sundry?
If you're a member of group A that has full permission to a folder and group B that has just read permission to the same folder, you end up with full permission. 'Allows' are cumulative.
However, 'denies' are the trump card. If you're also a member of group C that 'denies' write permission to that folder, you've lost it yourself.
That said, these lists could be treated as cumulative denies. Otherwise, what's the point of adding multiple lists if they end up unblocking each other because they don't have the same sites? If the same sites need to be on all lists, surely all lists will need to have the exact same content? Or am I missing something?
Think about it, companies who even abuses flash cookies and web storage will really care about some header browser sends. The sites which we had to "act" like IE users for years to function.
As USA congress finally woke up thanks to real privacy watchdog organizations, advertisers had to come up with a scheme to prevent a serious law against the horrible amount of tracking they do. This is it.
P3P was there for years, first and only implemented by MS. As nobody else cared/coded, it diminished. That is the real solution , something "machine to machine", clear and direct. Not your browser sending "don't spy".
The general rule of thumb for whitelists and blacklists is everything on blacklists get blocked, but is pre-empted by whitelists to allow "acceptable content" through (think web filtering "net nanny" stuff). However, with tracking websites, the logic is somewhat reversed. You want to give priority to the blacklists over the whitelists. The logic should flow as "all sites are blocked, except the whitelisted sites. If a site is specifically mentioned in a blacklist, the site should be blocked, disregarding the whitelist." Granted, for someone who wants to remain on tracking-websites good side, they allow all sites to track. Then blacklists block sites, and whitelists override blacklists. However, tracking should be treated more like NTFS permissions. It doesn't matter how many "allowed" permissions you have, all it takes is one "deny" and you are denied. This is how whitelists and blacklists should be handled for privacy. It's just a logic fallacy for MS using the old-fashioned whitelist/blacklist mindset.
I wouldn't say the situation is as clear cut. As a developer who has been stung by different cookie behavior in IE, I simply added a P3P header that I cut and pasted from somewhere else, and bingo, my cookies started to work properly again. I didn't need to sign anything, or even make any kind of agreement in order to use this P3P header, and I deliberately chose not to investigate further.
I don't even really know what P3P means, and I'll wager that there's a lot more in my boat.
P3P's advantage is, it is machine readable XML, which is very direct. Not like some 6 page privacy policy written by some evil lawyer in law language exploiting laws.
So, if you run a popular site, make sure you really understand what do you claim with p3p policy and it is compatible with your site privacy policy.
Otherwise... Lawyers are real evil beings.
So the IE9 "do not trace" function has a hole that depends on TPL creators to not be abused.
Obviously, it's a "feature", because anything Microsoft does that the public does not like is never a bug and there's always important "public" (i.e. big-spending customer) support to justify it.
I'm sure that, if a general outcry against said "feature" is raised, Ballmer will certainly trot out the line that the "customers" wanted it. And he will be right, of course, albeit not mentioning that the "customers" he considers are not the teeming millions of anonymous users, but the select few business partners with deep pockets that made the requirement list (and screw the rest of us).
what Microsoft's objective with these lists was.
If their objective was to protect the IE9 users privacy the default would be:
"If its denied on any list then its denied"
If their objective was to minimise the impact on the advertisers then the default would be:
"If its allowed on any list then its allowed"
It looks the they opted for the 2nd one.
First of all, the TPLs work on a set of rules. The rules specify whether to allow content or not based on a segment of the URL being accessed. Some of the TPLs only bother with checking domains, but it is also possible to block based on other text in the URL.
The TPL lists define three categories of webpages. There are blacklisting rules, whitelisting rules and allowed pages. The TPLs specifically list the blacklisting and whitelisting rules, but anything that is not blacklisted ends up in the allowed pages set. The conflict occurs when one TPL puts an overly broad rule in its whitelist that conflicts with the blacklist of another TPL. However, this does not mean that it's useless to have more than one TPL installed. Obviously, using two sets of blacklists just increases the amount of stuff in the blacklist. Only two of the TPLs that MS offers use whitelisting in their rules at all.
For anyone interested in seeing what's in each list, you can open the "Tracking Protection..." dialog box and click the "More information" link for any of the installed TPLs to see the set of rules that each one uses. Lines that begin with a "-" are blacklisting rules and lines that begin with a "+" are whitelisting rules. TRUSTe and EasyPrivacy both use whitelists, with TRUSTe whitelisting more domains than it blocks. EasyPrivacy whitelists individual pages that look "mostly harmless". For those interested in blocking ads as well as tracking, Fanboy is already offering a set of TPLs that cover ads and tracking (http://www.fanboy.co.nz/adblock/ie.html). Also an unofficial set containing EasyList and EasyPrivacy is available at (http://tpl.funkydude.co.uk/)
Block list contains what you want to block. But you are saying in your block list "do not block" saying do not block in an allow list (where things are not blocked) seems strange.
But I tend to agree 1 list for block and allow would be better. But then that is 2 lists for people to maintain. Remember we nerds (sorry techs) that read this site don't worry about this kind of thing. Normal users would be put off maintaining 2 lists. They want to download some thing and be done.
Microsoft "BOLTS-ON" another ACL (Access Control List), after the fact, as their "solution" to inherently bad "security/privacy" design/approach-problems. And, once again, Microsoft's approach is full of "holes". And, Microsoft simply denies that a real problem even exists.
This type of DESTRUCTIVE REDUNDANCY is not "a feature".
Get a clue.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
