Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Microsoft denies privacy risk in Internet Explorer

Information disclosure leak claims are exaggerated, Redmond says

Article comments

Microsoft refuted claims on Thursday that an information disclosure leak in its Internet Explorer browser poses a privacy risk, arguing that the company publicising the issue is seeking to put its competitors in an unfavourable light.

Spider.io, a UK-based company in the advertising analytics field, alleged that two unnamed companies are improperly using a flaw that allows them to track whether display advertisements, sometimes buried far down in web pages, are actually viewed by users.

The information disclosure leak in IE versions 6 through 10 is said to allow a display advertisement rigged with JavaScript to find out the position of a mouse cursor, which combined with other data can reveal whether a display advertisement is within the "viewport," or the window of the browser in which a person sees content.

Spider.io charged in a video that using such a flaw is improper, and that it uses a different method to collect the same data on display ad visibility.

Microsoft disagrees with Spider.io. "The underlying issue has more to do with competition between analytics companies than consumer safety or privacy," wrote Dean Hachamovitch, corporate vice president for Internet Explorer.

Spider.io's CEO, Douglas de Jager, said via email that it is a notable data leak and that Microsoft's accusation is an attack on his company. He said in an interview that at least one other ad analytics company was aware of the flaw but deliberately decided not to use it to gather display ad statistics.

Spider.io also alleged the issue could be used by an attacker to figure out what keys a person is clicking on a virtual keyboard, which is sometimes displayed in software products to avoid using the physical keyboard, which could be monitored with malicious software. Microsoft rejected the allegation, saying there's no way for an attacker to know what kind of content is below a cursor.

It's not uncommon for the security community to be somewhat in flux about whether to call a problematic issue in software a security vulnerability or not, and debate often ensues on how to classify an issue.

Still, Microsoft said it is contacting companies that are using the information leak as part of their ad-tracking metrics. It appears Microsoft does regard it as a minor issue that could be remedied in some way.

"We are actively working to adjust this behaviour in IE and will provide more information when it is available," Hachamovitch said in an email.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *