Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

A Quick Look at IE 9 Tracking Protection

Posted by William Diaz on February 9, 2012

While visiting my blog the other day, I noticed one of my widgets wasn’t displaying on the sidebar. Instead, it was occupied by a blue “banned” logo image where the Revolver Map should have been:
I also noticed the same thing in the address bar. Hovering over the icon tells me Some content is filtered on this site:
I recall installing a couple Tracking Protection Lists for IE 9 a few days prior. Here’s a quick non-technical breakdown of IE’s TPL feature:

Tracking Protection helps you stay in control of your privacy as you browse the web.

Some of the content, images, ads, and analytics that you see on the websites you visit are provided by outside or third-party websites. While this content can provide value to both you and your favorite websites, these third-party websites have the ability to potentially track your behavior across multiple sites. Tracking Protection provides you an added level of control and choice about the information that third-party websites can potentially use to track your browsing activity.

With Tracking Protection Lists, you can choose which third-party sites can receive your information and track you online. By adding a list, you can block content from websites that might have an impact on your privacy. When you add a Tracking Protection List, Internet Explorer will prevent your information from being sent by limiting data requests to websites in the list. For each list that you add, the setting applies across all pages and websites you visit, not just the pages you get the lists from. And each time you begin a new browsing session, the blocking stays on until you decide to turn it off.

To verify that the Revolver Map was being blocked on my site via a TPL, I examined the lists by going to the Internet Options sprocket > Safety > Tracking Protection > Selecting the Behavioural Tracking TPL > More information (this can also be done from Internet Options > Program > Manage Add-ons). I could, in fact, see that was on the list:
To remove a TPL filter for any site, simply click the image in the address bar and select Turn off Tracking Protection.

This stirred my curiosity a bit and I was decided to see how the internals of this feature work. The actual downloaded TPL lists are text files written to C:\Users\username\AppData\Local\Microsoft\Internet Explorer\Tracking Protection\{SomeGUID}. Each time you start Internet Explorer, the TPL lists are read from this location and this is how IE decides which domains to filter content. You can see this with Process Monitor:
However, when you decide to unblock a site from a TPL, the change is not made to this list. To see how the exception is handled, I performed the action to Turn off Tracking Protection, filtered the trace for RegCreateKey and RegSetValue and saw that the process starts by creating a key named Tracking Protection Exceptions (if it does not already exist) and then setting a value type of DWORD equal to the site that one creates the exception for in HKCU\Software\Microsoft\Internet Explorer\Safety:
IE will query this key each time you visit a website. If it finds the domain it in the list, content that is normally filtered from sites contained in the TPL is allowed; otherwise, if it doesn’t find it, it’s blocked.

On the flipside, you can turn tracking protection back on for any site in the TPL list by clicking the gray “banned” icon in the address bar and choosing Turn on Tracking Protection:
This has the effect of removing the DWORD value created earlier, e.g., from the Tracking Protection Exceptions registry key. Alternatively, you can remove all exceptions at once  by going to the Internet Options,  selecting Delete under Browsing History and checking the option for ActiveX Filtering and Tracking Protection Data, which actually deletes the registry key altogether, not just the individual DWORD exceptions:
Alternatively, one could modify the TPL list directly to allow or block sites. For example, allowing a domain is a simple matter of changing –d (domain block) to +d (domain allow) or just deleting it. But this wouldn’t make sense if the TPL automatically updates itself, so you’re probably better off creating exceptions in IE as outlined above. For more TPL internals, see this MSDN Article:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: