IE11 Preloading-feature sends browsing history to Microsoft

What does Microsoft want with their users’ complete browsing history? Users unknowingly helping to crowd-source better search for Microsoft by using feature intended to speed up browsing.

What is flip-ahead browsing and prerendering?

Given good network conditions, Internet Explorer will look for the next page the user is likely to visit. The page deemed to be the next relevant page will be automatically downloaded in the background. The user can then click-through to it using normal links, the Back and Forward buttons, or with a three-finger swiping touch-gesture to navigate to it without having to wait for loading.

The next and previous pages are determined by browser history (the previously visited page) with some additional hints provided by the page. Browsers looks for <link rel="next" href="this-comes-next.html"> and <link rel="prerender" href="this-comes-next.html"> to determine what to preload.[2] [3] Note the use of the non-standard “prerender” relation instead of the standardized “prefetch” which has a slightly different meaning.

Unique to Internet Explorer, patterns for what the next page is likely to be can also be found through hints in the Compatibility View Lists that are periodically downloaded. Other browsers only rely on the information from the websites themselves.

Flip-ahead is enabled by default with “Express Setup” (default) or pre-checked with “Custom Setup”. In other words, it’s enabled for almost all of Internet Explorer’s users.

Users of the Opera browser based on the Presto engine may recognize how Flip-ahead browsing works from Opera’s now discontinued Fast-Forward and Rewind features.

The hidden cost of the feature

There most frequently criticized part of preloading is the potentially wasted bandwidth and resources on both the client and server-side. Users may not always want to see the next page. Putting that aside, there’s another cost of preloading in Internet Explorer that users of other browsers don’t have to pay.

Your entire browsing history will periodically be sent to Microsoft. The data sent includes all addresses you visit and when you visited them (derived from that’s also how long you spent on each page), and the address of the page that referred you to each page. Each address is filtered to remove query parameters, which is to say anything after a question mark in the address. However, this measurement has little effect in terms of privacy. Microsoft can still see that the user spent 20 minutes reading the Wikipedia article on genital herpes after spending hours the previous day on a promiscuous dating site. This metadata tells the entire story even without the query parameters.

The Internet Explorer privacy policy clearly states that the Compatibility Lists and Compatibility View contains data information used for Flip-ahead browsing.[4] Presumably, the collected data is used in aggregate to find navigational patterns between pages on popular sites. These patterns are then distributed as part of the normal Compatibility View Lists to make sure flip-ahead and preloading work on as many sites as possible.

The periodic datadump to Microsoft is accompanied by a unique identifier for the browser instance. The collected data isn’t used to identify users or to target advertisements, claims Microsoft in its privacy policy. However, each of the features — and especially when seen as a whole — could definitely be used to identify individuals. So, you’ve got to trust Microsoft on this one.

Building a better search engine not a better browser

The flip-ahead feature doesn’t exist on Internet Explorer Mobile (part of Windows Phone.) Instead, there’s an unambiguous option to submit all browsing history to Microsoft. Internet Explorer Mobile 10 stated explicitly that as part of this data, it would collect the full browsing history and use it to improve the Bing service.[5] For Internet Explorer Mobile 11, this language has been changed to say the collected data will be used to improve Microsoft products and services without mentioning Bing specifically.[6] Regardless of the generalized lingo, it’s pretty clear which Microsoft service will benefit the most from data about what pages its users spend the most time on and find the most popular.

I don’t mind the approach Microsoft has taken for Internet Explorer Mobile. It is clear what the option does and it isn’t tied in with another desirable feature. I am a bit less happy about how they’ve done it by trying to hide it behind an innocent-looking option in the desktop version.

I mostly take issue with Microsoft’s decision to turn these privacy-invading options on by default on both platforms. It is nothing less than consumers should expect these days with everyone’s rush to get into “big-data” and justification from the tyranny of the default. I understand that Microsoft needs the data to expand and catch up to its competitors’ enormous head-start in the search business. However, I still believe these should be opt-in rather than opt-out.