Recently, I heard a fairly well known tech personality talk about Internet Explorer 7 and its anti-phishing feature. Microsoft has built in to its new browser an option where every website a user tried to access was sent back to MS’s server and matched against a list of known phishing sites. If it matched, the user would not be allowed to visit the site.

The person I was listening to was emphatic about what a great idea this is, and entirely dismissive of any concerns over privacy. He explained that Microsoft would have to double its staff in order to track everyone’s surfing and why would they want to anyway?

I think that answer misses the point of the concerns over this type of service. Do I think some Microsoft employee wants to monitor every site I visit? No. Do I think Microsoft wants to track my surfing patterns in order to sell me stuff or sell that information to others who want to sell me stuff? Absolutely. Do I think that Microsoft might be able to write some kind of computer program to do this tracking? Um… yeah. Does this bother me? You bet. Do I expect everyone to care? Of course not.

If users don’t care about how a corporate entity may be gathering information about their surfing patterns, that’s fine. But many people are careful about the amount and type of information companies collect, and introducing a “feature” which could act much like spyware into a major piece of software is a big deal.

The good news about IE 7 is that according to a sources, users can choose whether or not to use the anti-phishing tool. Of course, if it’s set to on by default, how many people would even know they can turn it off?