The public face of Microsoft privacy
Published: 08 Jul 2005 16:40 BST
What new solutions and methods do you have in the pipeline for protecting privacy?
In the next version of Internet Explorer there will be more advanced ways in which users are warned when something looks like a suspicious site.
Our philosophy around both security and privacy is to put users in control of their information. We find ways to educate users, to warn users. We put them in control by making very definite choices around things. At the end of the day, the user still retains control.
A common way in which spyware is put onto people's PCs is through something called drive-by downloads. It comes bundled with something that the user may have decided to download. What the download blocker [in XP Service Pack 2] does, is alert the user that there is something that someone is attempting to download, gives them very clear information about who it is that is attempting to do this and allows the user to make the choice. That is the way we will approach phishing as well.
There is a possible inconsistency here; if we accept that it is a bad thing to allow people to access their system routinely why does Microsoft software do this all the time?
You can argue that today, with the need to have secure computers, the need to provide patches and the need to provide updates means that any system in today’s ecosystem should be patched automatically.
The other argument is that users should always retain control over what is coming onto their PC. The way we dealt with that is with automatic updates which became a much easier feature in Service Pack 2. The user, right at the time of installation, is asked to make choices, such as do they want automatic updates turned on, do they want it automatically installed, do they want to be informed. They were informed and the result of that is that close to 98 per cent of them chose to turn automatic updates on.
But isn't it the case that you are asking people to make informed choices when they don't necessarily understand what the choices are?
We approach this in a number of ways. What has happened is the desire to provide clear, all encompassing information. Privacy notices are becoming too long. A year ago we launched an initiative to make then much more readable and appealing to customers. The result was a short, or layered, privacy notice that means all the key information is on one page.
That is one approach, the other one is something we call "just in time". If we look at Windows error reporting today, and the multitude of different applications that people run on their PCs, there are conflicts. It is really important that we have that information so that we can work with the other providers to solve those compatibility problems, but we are also very sensitive that users don’t always want someone automatically sending information back to their PCs, so Windows Error Reporting asks for permission to send information back to Microsoft. I call that 'just-in-time consent'. We provide users with information and control.
Previous
Did you find this article useful?
173 out of 310 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
