Privacy is the new security

: @orinthomas

Internet Explorer, through tracking protection lists, can protect you from websites that have a fairly wanton approach to your personal information. However, tracking protection lists aren't enabled by default and require a bit of technical know-how to configure. They certainly aren't something that your average web surfer knows anything about. That's something that flummoxes me -- especially given the recent argy-bargy about Google's treatment of P3P on IE. Why is this privacy feature of IE so hidden -- especially because privacy is so important.

IE's always notifying me about stuff like unsafe sites and whether I want to disable add-ons. Why doesn't it notify me by default when a site like Facebook or Google wants to use cookies across multiple websites? "By default" is important here -- because if the behavior isn't by default, only knowledgeable nerds are going to be able to find and enable it. Protection or privacy isn't something that should depend on technical knowledge -- like protection of viruses, it's something that should happen automatically. Something that you can choose to override if you want to expose your secrets, not having your activity tracked by a third party, be they Facebook or Google, so that they can show you more relevant advertisements.

It's pretty clear that voluntary standards aren't going to cut it when it comes to privacy on the Internet. Enforcing rigorous privacy standards goes up against some lucrative business models. Switching IE 10 or 11 so that they are "privacy first" browsers would provide users with protection in the same way that IE 7, 8 and 9 increased protection against malware. Explain to your "friend" that your social networking site can (and does) track you to all those sites with free videos of naked couples' calisthenics, and their response is unlikely to be "well I'm okay with that."

Actual people consider privacy a part of their security. The people who argue otherwise generally belong to organizations that make a lot of money out of tracking people across the internet. Don't look at the man behind the curtain! The major alternative browsers to IE (FF and Chrome) are both funded primarily by Google (Chrome directly, and more than 90% of FF's funds come from Google). There is no incentive for either browser to be the first mover when it comes to making the protection of a web surfer's privacy a default core trait of their browser. If Facebook funded a browser, do you think it would make privacy a priority? FF and Chrome offer privacy as an add-on -- but they won't run as "protecting you from being tracked across multiple sites by default" because doing so is killing the goose that lays the golden eggs.

As to whether or not users want this functionality: What do you think the result would be if a dialog box popped up asking users if they wanted to allow Facebook or Google to be able to track their activity across multiple websites?

I'm guessing that users would click the "Are you kidding?" button if it was available.