http://www.wired.com/news/print_version/technology/story/19160.html?wnpg=all

Another Privacy Hole in IE 5.0?
by Chris Oakes 

3:00 a.m.  16.Apr.99.PDT
An obscure feature in Microsoft's Internet Explorer 5.0 Web browser informs Web sites when users bookmark their pages. 

The feature was discovered during an audit of Wired Digital server logs by software development manager Kevin Cooke and confirmed Thursday by Wired News. 

Microsoft called the privacy implications "unfortunate" and said it is evaluting changes to future releases of the browser to address the issue. 

"This is one of those things where we did not see the privacy issue when we were creating the feature," said Microsoft product manager Mike Nichols. "The feature doesn't pose a super-huge
risk. But Microsoft is looking at ways of modifying this feature in future releases." 


                                                  See also: Take My Email, but Not My Data 


Critics say the company should consider such issues more carefully before software is released. 

"It's a reflection of privacy-invasive architecture being designed into the browser," said Joel Reidenberg, a law professor at Fordham University. "We should be thinking more of
privacy-protection architecture versus privacy-invasive architecture." 

"I'm not comfortable saying this is a privacy meltdown," said Paul Schwartz, a law professor at Brooklyn Law School. But Schwartz said privacy invasion on the Web is being defined in
increments. 

The feature was introduced to let Web sites "brand" a user's bookmarks -- called Favorites in Internet Explorer terminology -- by allowing sites to insert a logo next to the bookmarked
page in the browser's Favorites menu. 

The company describes the feature on a page for Web site developers. But most users are not aware of what's going on behind the scenes. 

"Just add a file called 'favicon.ico' in the root of your domain," reads Microsoft's explanation. "Internet Explorer will automatically look for this file and will put your icon next to all
Favorites and quick links that come from your site." 

A Web site's request for the favicon.ico file shows when a particular page is being bookmarked and by whom. The request is sent by default -- IE looks for the file when any Web page is
bookmarked. Users are unaware of the request and can't turn it off. 

A site could hypothetically use the feature to build a log of a user's bookmarked pages. Visitors could be tracked anonymously, by a cookie, or by name, if they registered at the site. It
would allow sites to build expanding profiles of users and their personal interests. 

There is a fine line between acceptable and unacceptable use of the information and its collection, privacy advocates say. 

Reidenberg said that with any software action compromising user data, the question comes down to user awareness. 

"Is the user aware, and do they have ability to stop it? If the answer is yes, then that reflects that [a feature] could be privacy-protective. But it seems that Microsoft uses the default to
transmit my bookmarking to the site that I'm visiting." 

"The browser's privacy implications are becoming so complicated that you almost need a separate privacy manual when you log on," said Schwartz. 

That's in stark contrast to the real world, Schwartz said, where people have an innate sense of the privacy of a particular environment. "When you walk down the street, you have a sense of
whether somebody can see you or whether you might run into somebody." 

Similar lines need to be drawn that make it clear to Web users whether they're in a private place. "Cyberspace needs to have areas zoned as places [that are] public, quasi-public, and private.
[Instead] it's being zoned through technology -- by people adding bells and whistles." 

Nichols said a company can't be aware of all such issues ahead of time. 

"Everybody should realize this is an ongoing kind of battle. It's the same thing that companies have to battle when you talk about security issues. Are we going to catch every kind of bug
before it goes out?" 

Nichols also pointed out that no personal information is passed to that site that hasn't already been provided in the past. 

"Sites today can see your IP address and associate it with a page that you hit. Is there a really critical privacy issue there? I don't think it's something to be concerned about. But it's
something users might want to be aware of." 

Wired News did not find similar behavior in the Netscape Navigator browser, and the company said unique requests are not transmitted to sites when bookmarking a Web page.