Photographs courtesy of Toby Watt - lawyer, friend and photographer extraordinaire...
One of the new IE8 features that is garnering a
lot of interest is InPrivate. Even before IE8 Beta 2 was released to the public,
there was much speculation about the possibility of a new "porn mode" making its
debut (thanks, in some part, to some sharp eyed people spotting that Microsoft
had lodged a couple of new patents).
An InPrivate browsing session is started via the Safety Button
, or by using the keystroke combination
of Ctrl/Shift/P.
Ctrl/Shift/P is the default keystroke
combination used by the popular SnagIt program to trigger captures. If SnagIt is
running, and you are using the default key combination to trigger a capture,
then you will only be able to start an InPrivate IE setting using the Safety
button.
You can create a program shortcut that
will open Internet Explorer in InPrivate mode by adding "-private" to the
program's target path, eg on an x64 Vista system the path would be:
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -private
Controlling InPrivate via Group Policy:
Run gpedit.msc.
Computer Configuration --> Administrative Templates --> Windows Components -->
Internet Explorer --> "Turn off InPrivate"
User Configuration --> Administrative Templates --> Windows Components -->
Internet Explorer --> "Turn off InPrivate"
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy]
--> "EnableInPrivateBrowsing" --> DWORD = 1 or 0
IMPORTANT NOTE:
InPrivate browsing is disabled on systems where Windows OneCare / Windows
OneCare Family Safety has been installed. You can try disabling any Activity
Tracking that is part of those products, but for some the only fix has been to
uninstall the OneCare software.
When you surf using InPrivate mode, any cookies are automatically set as
"session cookies" (and deleted when the InPrivate window is closed). No History
is saved, and any temporary internet files are also deleted when you close the
browser window. Autocomplete data such as form data and passwords are not saved,
nor are typed addresses or search terms.
If you open the History Pane when surfing using InPrivate mode, and select the
setting "View By Order Visited Today", you will see that no entries are being
added to your History as you go from page to page. Any pages that you have
already visited during a "normal" browsing mode can still be seen in the History
pane.
It is important to note that the InPrivate session can read *existing* cookies,
and that those existing cookies are not deleted once you close the InPrivate
session. You can also access pre-existing history when using InPrivate mode - it
is new data that is created during an InPrivate session that is protected by
InPrivate Browsing.
It should also be noted that InPrivate is meant
to protect the user from a *casual* sticky-beaking. As has been noted in
the popular press, InPrivate is no protection from a professional, forensic,
examination of a computer's hard drive.
InPrivate browsing includes two features in addition to the automatic deletion
of local data - InPrivate Blocking, and InPrivate Subscriptions.
InPrivate Blocking stops web sites from potentially gathering data about
your web movements via javascript, tracking gifs and whatnot. The
IE team blog uses the example of a tracking javascript to explain how
InPrivate Blocking works. Blocking is not triggered until a particular
javascript, tracking gif or whatnot is detected on at least 10 web sites.
InPrivate Subscriptions are XML (commonly known as RSS) feeds that
contain a list of sites to block and allow. It allows you to use "Manually
block" without having to make a site by site decision about what status to
assign each site.
InPrivate's impact on advertising
Some people have expressed concerns that InPrivate might block advertising -
concerns that are proving to be justified. The first domains to be blocked on my
primary work machine were Google AdSense and Google Analytics. Quantserv.com was
the third site to be blocked. The fourth site was 2mdn.net (owned by Doubleclick).
Let's take a closer look at the way that InPrivate works. We have three choices
- Automatic, Manual and Off.
Automatically block
InPrivate will automatically block a data sharing URL once it has been detected
on 10 or more sites.
Manually block
You choose which URLs are allowed to share data, and which are not - a
data-sharing URL will not appear in the list until it has been detected on 10 or
more sites.
If you use the "Automatically block"
option, all sites that you see listed in the "Manually block" list will be
blocked from sharing details even if you have set the website as "allowed"
via the "Manually block" option. For example, see the screenshot below -
you can see that I have set two sites as Allow in the Manually block list, but
these sites will still be blocked when I use the "Automatically block" setting.
Setting a site to "Allow" via "Manually block" will not over-ride blocking when
using the "Automatically block" setting.
I admit that it worries me that advertising is being impacted by InPrivate
Blocking. I have always said that every (wo)man deserves their wage, and it
worries me that web sites risk losing what may be, for them, an important income
stream. I also worry that web sites may stop using popular services like Google
AdSense text adverts and move to a more risky advertising model. For example, I
chose the Google text ads and Microsoft Affiliates advertising campaigns because
I know that visitors to my web sites will not have their web browsers hijacked
by a malvertizement and dumped at a fraudware site. I could not be sure that
visitors to my sites would always be safe from such activity if I used dynamic
advertising such as banner advertisements or pop-ups. BTW, even Google's
infrastructure has been used to display malvertizements, which is just one more
reason to stick to text advertisements (here is the
original report, and the
follow-up report).
The big players in the online advertising world will not be very happy if
InPrivate Blocking begins to have a noticeable effect on their businesses,
especially if other advertising services are not being impacted as quickly. For
example, InPrivate Blocking is blocking the Google advertisements on my web
site, but it is not blocking the Microsoft advertisements:
A special note for the conspiracy theorists
amongst us
I must stress here that there is nothing nefarious in the fact that Google was
being impacted upon by InPrivate Blocking while the Microsoft advertisement was
not at the time the screenshot was taken - I have no reason to believe, or
suspect, that there is a secret plot to give Microsoft advertising preferential
treatment, or to exclude Microsoft domains from InPrivate Blocking. The reality
is that Microsoft advertising campaigns like the ones on my sites are simply not
as widespread as Google advertising, so you can put your tinfoil hats away now.