Windows 8 setup shows 'Do Not Track' options

As promised by Microsoft's top privacy exec, Windows 8 tells users that the new privacy feature will be turned on

With Windows 8 RTM, Microsoft has revealed how it will notify users of the "Do Not Track" privacy setting for Internet Explorer 10 (IE10).

Last week, Microsoft's chief privacy officer repeated the company's position on Do Not Track (DNT), saying that the signal would be automatically turned on if users relied on the default settings listed during the operating system's setup.

But as a sop to critics of IE10's on-by-default DNT setting, users would be able to switch it off during the setup process, said Brendon Lynch, Microsoft' top privacy executive.

The DNT notification appears during the setup stages of Windows 8 RTM (release to manufacturing), the final code Microsoft issued to developers, IT professionals and enterprises that license the OS in volume.

When Windows 8 setup pauses to collect user settings, it lists DNT as the third item out of seven total.

"Turn on Do Not Track in Internet Explorer," the notice reads.

By clicking the "Use express settings" button to continue, the user accepts Microsoft's defaults, including DNT as switched on.

Users can, as Lynch promised, turn off DNT by choosing the Customize option. There, DNT is listed on the second of two screens, and can be switched off by toggling "Send a Do Not Track request to websites you visit with Internet Explorer."

Windows 8 users can change their minds at any time on DNT, and alter the setting through IE10's Internet Options dialog box. The DNT option is listed as "Always send Do Not Track header" under the Advanced tab of that dialog.

DNT signals whether a user wants online advertisers and websites to track his or her movements. All five major browsers -- Chrome, Firefox, IE, Opera and Safari -- can send a DNT signal, but only IE10 has it on by default.

(Apple's Safari switches DNT on when users surf the Web in private browsing mode.)

In May, Microsoft announced that DNT would be on in IE10, a position that has raised hackles among online advertisers, who have balked at browsers that turn on DNT by default.

Windows 8 tells users that Do Not Track is turned on when they choose the "Express settings" option.

Advertisers, browser makers, privacy advocates and others -- working in a Worldwide Web Consortium (W3C) standards-setting group -- have struggled to agree on DNT's implementation. Some parties, including Mozilla, the creator of Firefox, have argued that users must explicitly tell a browser to engage DNT for the signal to count, and thus reject Microsoft's by-default approach.

If users choose "Customize," they can toggle off Do Not Track during Windows 8's setup process.

European Union privacy officials sided with Microsoft in the on-by-default controversy when in June they urged the W3C to let Microsoft set DNT as on in IE10. The EU suggested the standards group accept a "first-run" option, meaning the setting would be acknowledged when a browser or OS was launched for the first time.

"Microsoft's actions don't deprive anyone of a choice, so they can't be criticised at that level," said Ryan Heath, a spokesman for the European Commission, in a recent email commenting on the dustup over IE10.

IE10 will also ship for Windows 7, but DNT will be handled differently for that edition, Lynch said last week. "Windows 7 customers using IE10 will receive prominent notice that DNT is turned on in their new browser, together with a link providing more information about the setting," he said.

Microsoft has declined to disclose its release plans for IE10 on Windows 7, and also declined to describe in more detail what Windows 7 users will face regarding the privacy feature when they first run the new browser.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

See more by Gregg Keizer on

Read more about privacy in Computerworld's Privacy Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts