IE9's tracking protection flawed, says Which? Computing

Users' privacy could be at risk with Microsoft's brand new IE9 browser

Days after Microsoft's Internet Explorer 9 (IE9) was released, a new security feature embedded into the browser called tracking protection has been found to be flawed by Which? Computing.

Tracking protection is supposed to secure users' privacy by enabling them to block their web browsing movements from being tracked when they are online.

To set this up, users have to either define a personal tracking protection list (TPL) or download them from Microsoft.

There are currently five available: one each from Abine, EasyList and TRUSTe, and two from PrivacyChoice.

The list defines whether or not to block information sent to specific third-party sites.

However, research by Which? Computing has found that the rules of what to block and what to allow in different TPLs are melded together to form a single entity. If there are copies of the same rule with both "allow"' and "block", "allow" has a higher priority than "block".

This means users who thought certain content providers were being blocked from getting information about their web browsing habits will not have that information blocked and tracking information will be relayed.

Senior Which? policy adviser Dr Rob Reid said: "We are disappointed with the way these lists work, and feel consumers who install multiple lists could be left with a false sense of security."

"We would like Microsoft to re-evaluate its ‘allow' and ‘block' system since we find this all a bit confusing and are worried that consumers will too. Requiring users to understand and apply a block-and-allow rule across multiple TPLs seems an overly complicated way of opting out of being tracked," added Reid.