Internet Explorer 8 comes to the table with a feature designed to analyze user navigation behavior and preferences and to suggest alternative Internet destinations based on patterns of surfing the web and personal interests. However, despite the fact that IE8 Suggested Sites keeps track of all the websites visited, Microsoft indicated that it does not raise any privacy concerns by putting sensitive information collected from end users at risk.

“The IE8 feature Suggested Sites helps you discover related sites that can be helpful to get more information about your interests. Under the hood, Suggested Sites is a system that provides suggestions by using a collection of users’ visited sites. Respecting user privacy and giving the user control over the data provided has been part of the design philosophy of Suggested Sites since the beginning,” revealed Jane Kim, IE program manager.

Fact is that in Internet Explorer 8, Suggested Sites is disabled by default and users have to opt-in in order to turn on the feature. When IE8 launches following installation, the first-run settings wizard presents end users with the possibility of having the browser help them discover additional websites based on their preferences and the content they are surfing. No data transfers will occur via Suggested Sited except with the explicit permission of end users.

In addition, the feature is “disabled during InPrivate: Suggested Sites does not record or send any browsing activity during InPrivate browsing sessions. Respects history settings: Suggested Sites gathers the user’s visited sites and periodically sends it to the service. If the user deletes the history, these deleted entries are not uploaded to the server. Also, suggestions are not displayed for these deleted entries. Supports only public internet sites: Suggested Sites supports and discards the following URLs: HTTP scheme (but not HTTPS scheme); Internet zone (but not Intranet and local zone); DNS and IDN host (but not IP address),” Kim added.

Microsoft did reveal that a unique pattern ID is generated in order to associate sessions, but emphasized the fact that the identifier is random and is associated to group usage patterns on the server. The Redmond company emphasized the fact that the ID does not identify the end users.

IE8 Suggested Sites also “uses HTTPS protocol - all data sent over the wire is encrypted over an SSL connection. This helps protect cases of a man-in-the-middle attack. [And] removes IP and cookie information: The server strips the data of any user identification, such as the client IP address and cookies so that it is not possible to personally identify the user. The pattern ID is available for grouping of previous session to provide relevant results, but not used to identify the user,” Kim explained.

Internet Explorer 8 (IE8) Release Candidate 1 (RC1) is available for download here.