Microsoft cracks personalisation without prying A Microsoft research trio has developed an algorithm capable of eliminating user tracking in web search without the overheads of existing technology. The idea, to be presented next month and titled Bloom Cookies: Web Search Personalisation without User Tracking, uses a new type of flowery cookies that can tightly-encode user …
...remember they were one of the biggest supporters of Do Not Track header and the first to add it as a default setting in the web browser, so the bit about Bing is a little muted.
A certain other search engine provider and web maker was the biggest opponent and the last one to ad it to their browser, so we can guess who will be the last to implement anything like this.
Now of course this sort of thing could be designed to the competition, but in the whole it's good.
it's a business-model difference. MS sell software and Azure services. Google sell you.
Therefore, MS have no downside in strongly supporting end-user privacy features while of course, Google would hurt their own profits by doing so. So, in order to differentiate themselves from Google, MS push user privacy and are prepared to spend money doing so.
I expect David Cameron to make MS illegal over the next week or so.
@dogget - it's a business-model difference. MS sell software and Azure services. Google sell you.
You're probably not aware of this, but Microsoft also have an advertising based search, free email, and web properties. They also have a phone OS. All of these businesses revolve around tracking people.
I know, I know, their efforts in this area are obscure and struggling to compete, so I suppose you can be forgiven for not having heard of them. However, they do exist, and they are based on exactly the same business model as Google. If Google sells you, then so does Microsoft. And Google does sell you. They're a bloody advertising company for God's sake!
But the Microsoft divisions which copy Google are expected to pay their own way, and so they do the same things that Google does. It's inherent in a business model which depends on advertising.
When you install Windows 8, the "don't track" is off by default - but on the next page there are about 5 options related to calling home to Microsoft, all on by default...
So while they might be against tracking you when you're on-line, they have no issues with you being tracked when you're using your own computer.
The "Do Not Track header" was never anything other than a PR campaign, as the actual advertisers said they were still going to collect the data anyway.
As for "privacy" notice that this isn't the same thing as "anonymity". To the industry, "privacy" is all about the "platform" owners (Microsoft, Apple, Google, Facebook, etc.) becoming the "identity" holders, so they have the exclusive ability to sell your information to the advertisers. Facebook is doing this right now. Windows 10 has the personal data collection knobs turned up to "max" (look in the details of installation procedure for the betas). Phone OS (Apple, Google) vendors know everything about you. By the way, try getting a free e-mail account these days from any of the major providers without giving them your phone number (which tells them exactly who you are). It's impossible without going to a lesser known provider.
The platform providers have defined "privacy" to mean that "we know exactly who you are and what you're doing, and we'll track your every move, but we will own that data". What people really want is "anonymity", where it's nobody else's business what you get up to.
Who has an interest in tracking you? Anybody who owns a mobile phone OS. Anybody who operates a major public web site. Anybody who operates a free email provider. Anybody to operates a web search operation.
Why do you think that El Reg goes through the headache of operating forums? It's to get you to log in so they can track your visits so they can sell information about what you read to their advertisers. Oh, you commented on an article about Microsoft? We'll charge Microsoft 'x' pence to show ads to you the next time you log in.
All of these incorporate advertising directly or indirectly (via developer relationships). The entire technology of advertising revolves around tracking. If your product does enable tracking, it doesn't work with the modern advertising system. Companies buying advertising pay for ads based on what tracking information there is available about a user. The more information there is about a user, the more valuable the ad. That's not just "valuable" in some fuzzy sense. That's "valuable" in terms of how much money was charged.
So let's go back to the points raised a few paragraphs above as to who wants to track you - phone OS, major public web site, free email, web search. Microsoft ticks all the boxes, as does Google. Apple and Facebook tick some, but the ones they tick tend to be the most intrusive,
DNT was a misguided idea to begin with, and then the major vendors hijacked it as a tool for excluding third party advertising tracking vendors from the industry so that the "platform owners" would have exclusive rights to sell what they know about you.
Somehow the Internet has come to revolve around the advertising industry. There's only one way to have "anonymity", and that's to not tell these people in the first place. The only real solutions will be technological including baking as much anonymity as possible into the fundamental design of web protocols and conventions.
While you're at it you may as well take on the finance sector and advocate the adoption of a proper micro-payment scheme that allows content providers to self fund without selling their/your soul to the corpratz advertising Capos or their bottom lines to the Banksters.
> Why are you people so keen to defend a certain company, that you jump in to do it before anyone even says anything?
Boredom. Boredom with the usual OS-jihadis.
Try an experiment. Do a google site specific search on theregister.co.uk for the search term "Microsoft" and then read the comments.
Or you could save time on the specific searches and google "Bob Vistakin".
But you already knew that, right Bob?
" Before the usual MS bashing....
...remember they were one of the biggest supporters of Do Not Track header and the first to add it as a default setting in the web browser, so the bit about Bing is a little muted.
A certain other search engine..."
Who cares, mate? They're both American. No business with an American legal attack surface - let alone one headquartered there! - is to be trusted. Ever. Everything else is a moot point.
If they're still able to personalise search results, then they are obviously keeping some info on me and what I do, somewhere, otherwise how can they know what I (even an anonymized, unknown "I") wants?
Secondly, one of the reasons I turn off tracking is because I don't want personalised search results. I want my computer or search engine to do what I tell it to, not what it thinks I might want.
Far from being "personalisation without prying" it sounds more like "spying without an off switch". "We're from BigCorp, we're here to help you". Yeah, right.
If they're still able to personalise search results, then they are obviously keeping some info on me and what I do, somewhere, otherwise how can they know what I (even an anonymized, unknown "I") wants?
The paper hasn't been published yet, so speculating is a little foolish, but we're all fools friends here, eh?
The point of a Bloom filter is to create a heuristic for set membership that has perfect recall but only probable precision - that is, it may give a false positive ("X is in the set") but not a false negative ("X is not in the set").
From the abstract, which is little enough to go on, they might be creating a Bloom filter from profile features. So they have a m-bit vector, and k hash functions that return values in [0,m-1], and they hash your name with each function; then for each function they set the bit corresponding to the output. Then they could do the same with other data in the profile.1 The final bit vector becomes the cookie.
The Bloom process overdefines the bit values (that's what gives it probabilistic precision) - it's a lossy compression algorithm - so by discarding information it makes it impossible to reconstruct the input with complete precision. Tune parameters for the degree of ambiguity you want.
I have no idea if that's what they're doing, though. I can imagine one or two other applications of Bloom's structure in this context.
1If m is not sufficiently larger than k such that they end up with, on average, many more than half the bits in the vector set, they can always rebalance by XORing rather than simply setting bits. That wouldn't work for a normal Bloom filter - it could reduce the recall rate - but it would for this application.
If (say) Google weren't teacking you and generally invading your privacy in the first place then there's no problem with the exiting mechanisms. If they ARE though, (and assuming this idea needs server support) why would they want to implement a mechanism that stops it?
I set Firefox to accept all cookies - no questions asked - and then to discard them all automatically at the end of the session regardless of their expiration instructions. Voila, no tracking, except for sites which I am comfortable adding to my whitelist (such as theregister.co.uk, of course).
IE's cookie handling is intrusive and complex; if I reject cookies for a site, it may not work during the session, and if I accept cookies then they are retained unless I hunt them down manually afterwards. Bloom cookies seem designed to reduce the impact of this poor UI design; not a good approach for the user, although it may suit MS's commercial interests.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
