Expert questions randomness of browser ballot
But the bug isn't 'nefarious', just poor quality coding.
An expert has questioned just how random the Windows browser ballot really is.
Microsoft last week began issuing the browser ballot via Windows Update, giving those running Internet Explorer as their default browser the option of installing an alternative. The move is part of Microsoft's antitrust settlement with the EU.
The browser ballot screen offers the choice of the five leading web browsers, supposedly in random order, with a selection of lesser browser available if the user scrolls to the right.
Last week, bloggers began to notice that Internet Explorer was appearing more frequently in fifth position in the browser ballot than anywhere else, sparking conspiracy theories that Microsoft had rigged the ballot because it knew users were more likely to click on the browser that appeared on the right-hand side of the screen.
However, in a detailed blog post exploring the code used to generate the browser ballot, IBM's Rob Weir claims the issue is caused by a flawed method of randomising the selection.
Describing the problem as a "rookie mistake in the code", Weir claimed that poor use of the "Math.random()" JavaScript function is to blame for the uneven results.
"There are four well-known approaches [to creating a random shuffle]: two good solutions, one acceptable ("good enough") solution that is slower than necessary and one bad approach that doesn't really work," Weir writes. "Microsoft appears to have picked the bad approach."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"But I do not believe there is some nefarious intent to this bug," Weir adds. "It is more in the nature of a 'naive' algorithm, like the bubble sort, that inexperienced programmers inevitably will fall upon when solving a given problem. I bet if we gave this same problem to 100 freshmen computer science majors, at least one of them would make the same mistake."
Weir claimed that when accessed via Firefox, the browser ballot is more likely to put Internet Explorer in one of the first three positions and Safari in fifth.
Microsoft was unavailable for comment at the time of publication.
Barry Collins is an experienced IT journalist who specialises in Windows, Mac, broadband and more. He's a former editor of PC Pro magazine, and has contributed to many national newspapers, magazines and websites in a career that has spanned over 20 years. You may have seen Barry as a tech pundit on television and radio, including BBC Newsnight, the Chris Evans Show and ITN News at Ten.