Last week, I wrote about Web bugs, those nasty little 1-pixel images that track and profile your Internet usage habits. Cookies aren't much different than Web bugs, except that they adhere to a particular cookie specification, which makes it easier for a Web browser to identify them. In a nutshell, both can profile your Internet channel usage.
This week, the news is slightly better: Microsoft is testing an update for Internet Explorer (IE) 5.5 that introduces better cookie management. Because Outlook relies heavily on IE for its HTML-rendering capabilities, the update should also serve that product and any others that rely on underlying IE technology.
As you'll learn when you read the associated news story in the SECURITY ROUNDUP section (below), Microsoft's new cookie management update adds three welcome elements to the IE browser platform. Each element helps to better inform users about the data their system receives during Internet sessions. For example, IE currently doesn't inform the user when a cookie originates from a site other than the site in the browser window, but the update does inform the user of such cookies. Be sure to read the news story to learn all of the update's capabilities.
Microsoft's effort to better inform the user and deliver more control over cookies is admirable, but long overdue. We should have been allowed total Web data knowledge and ultimate control over that data from day one, not years after the fact. And although IE has configurable parameters that let users control cookie receipt, Microsoft overzealously provided IE and Outlook distribution software that was preconfigured with most features turned on regardless of the associated privacy or security risks.
Do you think Microsoft truly failed to realize that countless users weren't educated enough to understand the ramifications of these software features? I doubt it; 5 years ago most Windows users were just beginning to learn about the Internet, and Microsoft certainly knew that. I won't speculate about the company's motives for overpowering the software, but I think it's a ridiculous practice that costs global businesses millions, if not billions of dollars in excessive administrative and educational efforts.
So if the cookie management update is akin to a step back to where IE should have been years ago, what else is missing from IE today that we'll be requesting a remedy for later?
What about site filtering and easier access to security zones? Why can't I right-click a Web page and add the page or entire site to my Trusted Sites, Restricted Sites, or other security zone? Why can't I temporarily add a site or URL to a given zone for a specific time period and have IE automatically remove the site from that zone when the time period expires?
Furthermore, if I can place a site in a given security zone (although it takes too many clicks to accomplish), why can't I block access to sites or URLs by placing them in a Blocked Sites zone? Where's the Blocked Sites zone? If I had a Blocked Sites zone in my browser, I could stop those wiretapping Web bugs dead in their tracks without the need for expensive or resource-intensive firewalls or standalone content filters.
I'm sure many are anxious to see Microsoft's cookie management update. Many of you probably have ideas about how to improve the security and usability of IE. If so, send your ideas to Microsoft, but don't hold your breath expecting them to materialize in a product anytime soon. I sent my IE security enhancement ideas to Microsoft's Security and IE development teams back when IE 3.x was nearing the end of its life span, and they haven't made it into the product to date. I wonder who drives creative control at Microsoft, if not the customers? Until next time, have a great week.