Share via


Making Tracking Protection Lists Available From Your Web Site

Any site can offer Tracking Protection Lists (TPLs) to help consumers protect their privacy. This post shows you how to make a TPL available from your site. For example, clicking here in IE9 will add the list from the EasyPrivacy.

A word about Tracking Protection Lists

Tracking Protection Lists are similar in concept to the lists behind the AdBlockPlus add-in for Firefox. The main differences are that TPLs are built in to IE, the W3C is working through the standardization process of their format, and adding a TPL in IE sends the DNT header (link).

Technically, TPLs are just text files that can be hosted on any Web server and linked to from any Web page, like an RSS feed for a blog. You can find TPLs at several different sites, like the IE gallery site (linked to from the Manage Add-ons dialog within IE), the EasyList Web site, or on other sites like this one.

Let’s use the EasyPrivacy TPL as our example. The TPL is located on the EasyList webserver at https://easylist-msie.adblockplus.org/easyprivacy.tpl. Following that link in any browser will show the contents of that list… useful for privacy enthusiasts, but not as much for consumers who want to add the list.

Internet Explorer 9 includes a JavaScript API, msAddTrackingProtectionList (link), to do this:

<a href="javascript:window.external.msAddTrackingProtectionList('https://easylist-msie.adblockplus.org/easyprivacy.tpl', 'EasyList Privacy')">EasyPrivacy TPL</a>

Clicking on this link results in a user confirmation prompt:

Dialog confirming the addition of a Tracking Protection List

This makes sure that the consumer really wanted the list, and that the site isn’t installing it without user consent. This is like a pop-up blocker against unwanted TPLs.

For security reasons, msAddTrackingProtectionList can only be called from places in your page that are associated with a user interaction – buttons, links, forms, etc. are all fine. It can’t be called on page load automatically. Another benefit of using a JavaScript API is that you can easily deploy a TPL from your Web site without having to change your server configuration; for example, no custom MIME types are required.

If you’re passionate about privacy, consider adding a link to your favorite TPL on your own Web site.

—Andy Zeigler, Program Manager, Internet Explorer

Comments

  • Anonymous
    June 07, 2011
    What if I want to use tracking protection lists, but I don't want to send the DNT header?  I feel that the DNT header actually makes me easier to track since so few users have enabled it.  On the other hand, tracking protection lists don't have the same downside because tracking entities should never know that I have a TPL active.  So, is there a way to override the DNT header behavior while keeping TPLs active?

  • Anonymous
    June 07, 2011
    The comment has been removed

  • Anonymous
    June 07, 2011
    Powerful feature you are asking.. but I doubt more than 1 in 1000 IE users will care to use it or even know how to use it fully. So I have my doubts about Microsoft actually implementing it. Will be cool if they do it though.

  • Anonymous
    June 07, 2011
    The comment has been removed

  • Anonymous
    June 07, 2011
    @Roland: my thoughts exactly. I guess the IE team made their own TaskDialog (NIH syndrome?). Now that they don't have to support XP, is there any reason to avoid using that API?

  • Anonymous
    June 08, 2011
    The comment has been removed

  • Anonymous
    June 09, 2011
    JSNES is a port of vNES to JavaScript, inspired by Matt Wescott’s JSSpeccy JavaScript emulator for SNES: benfirshman.com/.../jsnes

  • Anonymous
    June 09, 2011
    I have compiled an ad blocking TPL based on EasyList. You can download it here: www.quero.at/adblock_ie_tpl.php

  • Anonymous
    June 10, 2011
    anyone else have trouble getting to the drivers section of HP's website?  I have it with multiple machines, multiple locations and multiple versions of OS and IE.  every other browser works except IE.

  • Anonymous
    June 14, 2011
    Although I see this concept of "voluntary" privacy settings as utterly futile (many sites can't figure out how to avoid SQL Injection - how on earth are you expecting them to voluntarily exclude tracking any user info).. however I see a much bigger issue at hand. Once again MSFT has tried to push something as a standard that is IE-only. If MSFT wants anyone to take them seriously, they will take the ".msTrackingProtectionEnabled();" off of the IE-only "window.external" object and put it in a common place like Firefox did. //correct namespace! navigator.doNotTrack Likewise, rename the feature to "doNotTrack" as the "ms" prefix indicates you have no intention of making this a shared browser concept. The biggest part of Web Standards that Microsoft REFUSES to understand is that consistency is the biggest issue for Web Developers.  No serious Web Developer EVER wants to go into window.external because this is a backdoor out of the browser sandbox into things that 99.9% of the time have NOTHING to do with JavaScript / The Standard Web. Every time I come in to fix up a web app and I see "window.external" I shudder knowing that there is much work to do to get the app back into Web Standards.  Its almost as bad as seeing "On Error Resume Next" - a tell tale sign of poor quality code.

  • Anonymous
    June 15, 2011
    não  consigo  entrar  nomeu orkut  tentei  fazer   outro ,é inútil senha  crreta  e  edereço  também,oque  está  acontecendo o  refinamento  de  senha  não funciona,  oque  está errado

  • Anonymous
    June 16, 2011
    W3C encourages browsers to use vendor prefixes to web standards under development. It's presumptuous for a browser NOT to. Maybe a better question is why Moz's page doesn't do the href thing right? http://dnt.mozilla.org/