Will the new privacy measures in IE8 spell the end for third party cookies and how can companies get around these issues?
A couple of days ago, Microsoft announced the IE8 privacy measures. For those that haven’t heard, it lets users switch into a privacy mode, where cookies and browsing history won’t be saved, the cache will be wiped at the end of the session, and certain third-party content will be blocked.
Although similar features have been available in Firefox and Safari for some time, IE’s market share, combined with the extent of these measures, means that this announcement clearly has implications for the online ad industry.
The first problem will be the non-persistence of cookies. The deletion or blocking of cookies has always been an issue, but widespread adoption of the new privacy mode would make it a lot worse.
The second problem will be the arbitrary limit of 10 sites using third-party content. When browing in non-privacy mode, IE will keep track of how many sites your content appears on, and if it appears on more than 10 sites, it will block your site during all ‘InPrivate’ browsing sessions.
While users will be able to set your site (or behavioural targeting network!) as an exception, the only way to get around this altogether would be to serve all of your content as a first party, by asking publishers to implement tricks such as domain aliases or reverse proxies.
But for ad serving that would be impractical at best, and would render much of the reporting useless.
At first glance, it looks like this will be a show-stopper for all third-party content ad services, but in practice it might not be as bad as it seems; simply because it will actually be worse than it looks.
It looks like exceptions can be added manually or automatically by subscribing to feeds, but the whitelists will have to be very good, otherwise users will either not be able to use the site, or they’ll be assaulted with hundreds of prompts and warnings.
If this is the case, many users will lose faith in the privacy mode, and turn it off. What’s the use in privacy if you can’t see the content you’re after?
Add to that the loss of popular features like cross-session site logins and browser history, it seems likely that users in privacy mode will be the exception rather than the rule.
It is also worth considering that what affects us will affect Microsoft too, and it’s likely that their advertising arm would be very unhappy if steps taken by the browser team cut off potential revenue.
It’s possible that Microsoft could use a default subscription feed to allow their tracking and ad-serving products through while blocking all competitors but given their history with anti-trust cases it seems unlikely.
This alone means that it’s very unlikely that IE will ever ship with anything like this on by default. So although the effects may be noticed, hopefully they won’t be too disruptive.
Now the new IE 8 beta has come out we can see exactly how these features have been implemented, and start to estimate how popular they will be.
One thing that does seem to be the case is that Flash Shared Objects (AKA flash cookies) are not blocked in InPrivate mode so their may now be a mad dash to implement technology that uses them.
Personally I’m not panicking just yet. The in private mode is for when people want a “private moment” and nobody should be collecting data then anyway.
Consumers need to be given greater control over their online data, even if it is anonymous and IE8 sounds like a smart way to do just that.
Paul Cook is the CEO of