Export (0) Print
Expand All
3 out of 4 rated this helpful - Rate this topic

Chapter 3 - Users' Privacy

Using the privacy features of Microsoft® Internet Explorer 6, you can create a secure environment that protects users' personal information on the Internet and your intranet. This chapter describes these features and explains how you can configure privacy settings.

Related Information in the Resource Kit

  • For more information about configuring security zones, see "Security Zones." 

  • For more information about using the Internet Explorer Customization Wizard to preconfigure security settings, see "Running the Microsoft Internet Explorer Customization Wizard." 

  • For more information about using the Internet Explorer Administration Kit (IEAK) Profile Manager to preconfigure security settings, see "Keeping Programs Updated." 

Ensuring Users' Privacy

When you communicate over the Web, you want to know that other people cannot intercept or decipher the information that you send and receive and cannot use your passwords and other private information. You want to ensure that Web sites do not share your personal information without your consent. You also want to ensure that no one can access information on your computer without your knowledge.

Internet Explorer protects your privacy in the following ways:

  • It supports a wide range of Internet security and privacy standards that provide secure information transfer and financial transactions over the Internet or your intranet. 

  • It provides encryption and identification capabilities to help users ensure the privacy of their information on the Web. 

Protecting Personal Information

Internet Explorer 6 supports the Platform for Privacy Preferences 1.0 (P3P1.0), which provides a way for users to control how their personal information is used by Web sites that they visit. P3P1.0 helps protect the privacy of users' personal information on the Internet by simplifying the process for deciding whether and under what circumstances personal information is disclosed to Web sites. At the time of this Resource Kit's publication, the P3P1.0 Specification, which was developed by the World Wide Web Consortium (W3C), is a candidate recommendation.

In Internet Explorer, users can define their privacy preferences for disclosing personal information. Then when they navigate to Web sites, Internet Explorer determines whether the sites provide P3P privacy information. For sites that provide this information, the browser compares the users' privacy preferences to the site's privacy policy information. Internet Explorer uses HTTP for this exchange of policy information.

A P3P-compliant Web site must provide a clear definition of its privacy policies. The sites must provide the following policy information:

  • The organization that is collecting information about users 

  • The type of information that is being collected 

  • What the information will be used for 

  • Whether the information will be shared with other organizations 

  • Whether users can access the information about them and change how the organization will use that information 

  • The method for resolving disputes between users and the organization 

  • How the organization will retain the collected information 

  • Where the organization publicly maintains detailed information about their privacy policies that users can read 

The policies must use the XML-encoded vocabulary defined by P3P and must be stored in a format that can be automatically retrieved and interpreted by browsers that support P3P. However, P3P does not ensure that a P3P-compliant Web site adheres to its privacy policies, nor does P3P define specific criteria for privacy.

The Web site uses policy reference files to identify how its privacy policies are applied throughout the site. A single set of privacy policies can be defined for the entire site, or multiple sets of policies can cover different portions of the site. The browser can easily detect and interpret these different sets of privacy policies. For example, the browser can interpret different sets of policies for a Web site's embedded content, such as frames or pictures.

For more information about setting your privacy preferences, see "Configuring Privacy Options" later in this chapter. For more information about P3P, see the W3C Web site at http://www.w3.org/.

Using Cookie Management Features

P3P supports the browser's cookie management features. A cookie is a small file that an individual Web site stores on your computer. Web sites can use cookies to maintain information and settings, such as your customization preferences.

Web sites might use persistent cookies or session cookies. Persistent cookies include an expiration date that identifies when the browser can delete them. Session cookies do not have an expiration date. When users close the browser, it deletes session cookies.

As part of its privacy policies, a P3P-compliant Web site can provide policy information for its cookies. Internet Explorer includes advanced cookie filtering capabilities that evaluate a Web site's privacy information and determine whether cookies can be stored on a user's computer based on that privacy information and the user's preferences.

When you configure your privacy preferences, you can configure Internet Explorer to handle cookies in the following ways:

  • Prevent all cookies from being stored on your computer. This setting might prevent you from viewing certain Web sites. 

  • Block or restrict first-party cookies (cookies that originate in the same domain as the Web site being visited). 

  • Block or restrict third-party cookies (cookies that do not originate in the same domain as the Web site being visited and, therefore, are not covered by that Web site's privacy policy). For example, many Web sites contain advertising from third-party sites that use cookies. 

  • Allow all cookies to be stored on your computer without notifying you. 

Using Profile Assistant

You can use Profile Assistant to securely maintain your computer's privacy and safety when sharing registration and demographic information with Web sites. You can maintain your personal information in a user profile on your computer. A Web site can request information from your profile, but the site cannot access profile information unless you specifically give your consent.

For information about how to write scripts to access Profile Assistant information, see the MSDN Library Web site at http://msdn.microsoft.com/library/.

When a Web site requests information from your user profile, the Profile Assistant dialog box opens. You can use the information in this dialog box to verify which Web site is making the request, choose which information (if any) to share, and understand how the Web site intends to use the information.

The following table describes the information displayed in the Profile Assistant dialog box.

Option

Description

'Requester name' has requested information from you

Displays the name of the requester, which can be an individual or an organization.

Site

Displays the URL of the site requesting information from the user .

Profile information requested

Displays the list of information items requested. Clear the check boxes for any items that you do not want to send to the requester.

Always allow this site to see checked items

Adds this site to a list of sites that you allow to access your user profile without notifying you.

Edit profile

Opens the My Profile dialog box so you can edit the profile information that will be sent to this Web site. For example, you might want to send a different fax number.

Privacy

Displays a message that explains whether the information you are sharing will be secure when it is sent over the Internet. It also displays a message describing how the requester intends to use the information.

Web sites can request up to 31 different items of information from your user profile. For more information, see "Configuring Privacy Options" later in this chapter.

Ensuring Secure Communications

Internet Explorer supports the latest Internet security standards for client and server authentication, including Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Internet Explorer uses these protocols to create a secure channel for information exchange over the Web. In addition, Internet Explorer supports Integrated Windows Authentication, which uses cryptographic exchanges between clients and servers to ensure the clients' authentication.

For more information about Internet Explorer support for SSL, TLS, and Integrated Windows Authentication, see "Digital Certificates" in this Resource Kit.

Using Zone-Based Password Security

Internet Explorer prompts you before transmitting your user name or password to sites that are designated as trusted in the security zones settings. You can, however, configure security zones to send information from trusted sites without prompting you. For more information about configuring security zones, see "Security Zones" in this Resource Kit.

Configuring Privacy Options

Dd361895.spacer(en-us,TechNet.10).gif Dd361895.spacer(en-us,TechNet.10).gif

You can configure Internet Explorer privacy options on the Privacy, Content, and Advanced tabs in the Internet Options dialog box. From this dialog box, you can do the following:

  • Configure privacy preferences. 

  • Configure Profile Assistant. 

  • Configure advanced security options for user privacy. 

Configuring Privacy Preferences

On the Privacy tab, you can perform the following tasks:

  • Set your privacy level for the Internet zone. By default, Internet Explorer sets your privacy level to Medium for the Internet zone. Internet Explorer automatically accepts all cookies from Web sites in both the Local intranet and Trusted sites zones, and automatically blocks all cookies from Web sites in the Restricted zone. A Privacy dialog box appears the first time the browser restricts a cookie at the selected privacy level. The Privacy dialog box explains the Privacy icon, which appears in the status bar each time the browser restricts a cookie based on your privacy settings. You can double-click the Privacy icon to see a privacy report. 

  • Import custom privacy settings. You can import a custom privacy preferences file. Any privacy settings that are not overridden by the custom privacy preferences file remain unchanged. For example, if your imported file does not define privacy settings for the Internet zone, Internet Explorer retains the existing privacy settings for this zone. If you import custom privacy settings and then you change the default privacy preferences for the Internet security zone, Internet Explorer disables the custom settings for that zone. Also, importing custom privacy settings may remove per-site privacy actions. For information about custom privacy preferences files, see the MSDN Web site at http://msdn.microsoft.com/

  • Customize your privacy settings for cookie handling. You can specify settings that override cookie handling for your selected privacy level. The Advanced Privacy Settings dialog box enables you to accept, block, or prompt for first-party and third-party cookies. Also, you can choose to always allow session cookies. Even if you choose in this dialog box to block cookies, the Web sites that created the existing cookies on your computer can still read them. 

  • Customize your privacy settings for individual Web sites. You can define cookie management options on a per-site basis. These options override your default privacy preferences for any sites that you add to the Per Site Privacy Actions dialog box (unless you choose as your privacy level Accept All Cookies or Block All Cookies, either of which causes the browser to ignore per-site privacy actions). 

To set your privacy level for the Internet zone

  1. On the Tools menu, click Internet Options, and then click the Privacy tab. 

    Dd361895.ierk301(en-us,TechNet.10).gif 

  2. Under Settings, move the slider to the privacy level you want:

    • Block All Cookies. Internet Explorer prevents all Web sites from storing cookies on your computer, and Web sites cannot read existing cookies on your computer. Per-site privacy actions do not override these settings. 

    • High. Internet Explorer prevents Web sites from storing cookies that do not have a compact privacy policy—a condensed computer-readable P3P privacy statement. The browser prevents Web sites from storing cookies that use personally identifiable information without your explicit consent. Per-site privacy actions override these settings. 

    • Medium High. Internet Explorer prevents Web sites from storing third-party cookies that do not have a compact privacy policy or that use personally identifiable information without your explicit consent. The browser prevents Web sites from storing first-party cookies that use personally identifiable information without your implicit consent. The browser also restricts access to first-party cookies that do not have a compact privacy policy so that they can only be read in the first-party context. Per-site privacy actions override these settings. 

    • Medium (default). Internet Explorer prevents Web sites from storing third-party cookies that do not have a compact privacy policy or that use personally identifiable information without your implicit consent. The browser allows first-party cookies that use personally identifiable information without your implicit consent but deletes these cookies from your computer when you close the browser. The browser also restricts access to first-party cookies that do not have a compact privacy policy so that they can only be read in the first-party context. Per-site privacy actions override these settings. 

    • Low. Internet Explorer allows Web sites to store cookies on your computer, including third-party cookies that do not have a compact privacy policy or that use personally identifiable information without your implicit consent. When you close the browser, though, it deletes these third-party cookies from your computer. The browser also restricts access to first-party cookies that do not have a compact privacy policy so that they can only be read in the first-party context. Per-site privacy actions override these settings. 

    • Accept All Cookies. Internet Explorer allows all Web sites to store cookies on your computer, and Web sites that create cookies on your computer can read them. Per-site privacy actions do not override these settings. 

Notes If you select a privacy level that does not allow cookies to be saved on your computer, you might not be able to view certain Web sites.

When you change your privacy level, it cannot affect the cookies that Web sites have already stored on your computer, unless you select Accept All Cookies or Block All Cookies. If you want to ensure that all cookies on your computer meet the selected privacy level, delete all of the existing cookies on your computer. For more information about deleting cookies, see Internet Explorer Help.

To import custom privacy settings

  1. On the Tools menu, click Internet Options, and then click the Privacy tab. 

  2. Click Import

  3. Locate the file that contains the custom privacy settings, and then click Open

    The file must be located on your computer. You can download files that contain custom privacy settings from privacy organizations and other Web sites on the Internet. 

To customize your privacy settings for cookie handling

  1. On the Tools menu, click Internet Options, and then click the Privacy tab. 

  2. Click Advanced

    Dd361895.ierk302(en-us,TechNet.10).gif 

  3. Click Override automatic cookie handling, and then for first-party and third-party cookies, click Accept, Block, or Prompt

To customize your privacy settings for individual Web sites

  1. On the Tools menu, click Internet Options, and then click the Privacy tab. 

  2. Click Edit

    Dd361895.ierk303(en-us,TechNet.10).gif 

  3. In the Address of Web site box, type the complete address of the Web site for which you want to specify custom privacy settings. 

  4. If you want Internet Explorer to always allow cookies from the specified Web site to be saved on your computer, click Allow

    -Or- 

    If you want Internet Explorer to never allow cookies from the specified Web site to be saved on your computer, click Block

    The Managed Web sites list shows all of the Web sites for which you have specified custom privacy settings. The settings that you choose for the Web sites on this list may override your selected privacy level. 

  5. If you want to delete custom privacy settings for a specific Web site, highlight the site on the Managed Web sites list, and then click Remove

    -Or- 

    If you want to delete custom privacy settings for all the Web sites on the Managed Web sites list, click Remove All

    When you remove a Web site from the Managed Web sites list, your privacy settings for all Web sites without custom privacy settings will apply to that site. 

Configuring Profile Assistant

You can use Profile Assistant to store or update your user profile, which contains the information you want to share with Web sites. Other Internet programs, including Microsoft® NetMeeting® and Microsoft® Outlook® Express, also use Profile Assistant.

To create or update a user profile

  1. On the Tools menu, click Internet Options, and then click the Content tab. 

  2. Click My Profile

  3. If you are creating a new user profile, in the Address Book - Choose Profile dialog box, click Create a new entry in the Address Book to represent your profile, and then click OK

  4. In the appropriate boxes on the Name, Home, Business, Personal, and Other tabs, type the personal information you want to share. 

    Dd361895.ierk304(en-us,TechNet.10).gif 

Configuring Advanced Security Options for Users' Privacy

You can configure a variety of security options for users' privacy in Internet Explorer.

To configure advanced security options for users' privacy

  1. On the Tools menu, click Internet Options, and then click the Advanced tab. 

  2. In the Security area, review the selected options. 

    Dd361895.ierk305(en-us,TechNet.10).gif 

  3. Depending on your needs, select or clear the Security check boxes. For example, if you want to enable Profile Assistant, select the Enable Profile Assistant check box. 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.