Microsoft Submits Tracking Protection Proposal to W3C

ID THREATPOST:828471E05035E11C0ED67C67E1EA8F0D
Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:35:07


Microsoft W3CMicrosoft has submitted its proposal for web tracking protection to the W3C for consideration as a standard, hoping to get the organization’s stamp of approval for its browser privacy technology. The proposal is in the earliest stages of the process and has not been approved, a process that can take years in some cases.

Microsoft’s proposal for Web Tracking Protection is one of a number of similar ideas and methods that are floating around right now among technology companies, regulators and law makers. Mozilla has developed its own technology and Google also is working on a permanent opt-out mechanism for enabling users to prevent sites from tracking their movements with cookies. Much of the activity in this arena has popped up in the months since federal law makers began discussing the idea of a Do Not Track system for Internet users last year.

Microsoft has implemented a version of its Web Tracking Protection mechanism in the release candidate for Internet Explorer 9, which the company released earlier this month. The company’s proposal relies on the concept of filter lists, which Web site owners can publish and IE9, and presumably other browsers, can consume and parse. The lists comprise “parts of third-party URIs
that a browser may access automatically when referenced within a web page a user deliberately visits.
Rules in a filter list may change the way the user agent handles
third-party content.
By limiting the calls to these websites and blocking resources from other web pages, the filter list
limits the information other sites can collect about a user,” Microsoft said in its proposal to the W3C.

In most cases, technologies such as Tracking Protection are being discussed and thought of in the context of blocking cookies and other methods that sites use to see what other sites their visitors have been to or where they came from. But these methods also can be used for blocking other kinds of downloadable content.

In Microsoft’s proposal, the Tracking Protection system also implements a method for respecting the Do Not Track HTTP header.

“By having both a header and a DOM property, websites can easily detect the user preference from both client and server code.
When the Do Not Track user preference is set,
the user-agent must apply the HTTP header to all HTTP requests,
and the DOM property must be applied to all documents.
The user agent is responsible for determining the user experience by which
the Do Not Track user preference is enabled,” the proposal says.

Microsoft submitted its proposal to the W3C, an independent standards body, on Thursday. The group published the proposal, but that does not mean that it’s been accepted as a standard or is anywhere close to acceptance. It’s simply the first step in the process.