The beta for Microsoft’s new Internet Explorer 7 includes an anti-phishing feature which will automatically check every website you visit against a list of known phishing sites. It’s not on by default, but users are given the option of activating it the first time they click on a link. A useful feature, no? I can see a lot of people using this. But look what they’ll be giving up – from the IE 7 privacy statement:
When you use Phishing Filter to check Web sites automatically or manually, the address of the Web site you are visiting will be sent to Microsoft, together with some standard information from your computer such as IP address, browser type, and Phishing Filter version number. Other information sent includes the total number of Web sites you have browsed since the last time an address was sent by Phishing Filter, the total number of Web sites matched against the legitimate list since the last time an address was sent, the time since the last submission to Microsoft and the total number of times Phishing Filter has sent addresses to Microsoft.
That’s one heck of a lot of data. How are they going to use it, I wonder? Microsoft again:
The information listed above is used for statistical analysis and to improve the performance of the Phishing Filter service.
Come on, guys, ‘statistical analysis’ doesn’t tell me what you’re doing with my data. Statistical analysis for what? Could be for good, could be for evil, but I’ve got no way of knowing. It’s genius, really. There’s so much you can learn from that much information, and fear of identity theft is a great way to ensure widespread adoption… when this gets formally released, Microsoft can power its data mining by attempting to scare the bejeezus out of everyone.
