Expert questions randomness of browser ballot

But the bug isn't 'nefarious', just poor quality coding.

browser ballot

An expert has questioned just how random the Windows browser ballot really is.

Microsoft last week began issuing the browser ballot via Windows Update, giving those running Internet Explorer as their default browser the option of installing an alternative. The move is part of Microsoft's antitrust settlement with the EU.

The browser ballot screen offers the choice of the five leading web browsers, supposedly in random order, with a selection of lesser browser available if the user scrolls to the right.

Last week, bloggers began to notice that Internet Explorer was appearing more frequently in fifth position in the browser ballot than anywhere else, sparking conspiracy theories that Microsoft had rigged the ballot because it knew users were more likely to click on the browser that appeared on the right-hand side of the screen.

However, in a detailed blog post exploring the code used to generate the browser ballot, IBM's Rob Weir claims the issue is caused by a flawed method of randomising the selection.

Describing the problem as a "rookie mistake in the code", Weir claimed that poor use of the "Math.random()" JavaScript function is to blame for the uneven results.

"There are four well-known approaches [to creating a random shuffle]: two good solutions, one acceptable ("good enough") solution that is slower than necessary and one bad approach that doesn't really work," Weir writes. "Microsoft appears to have picked the bad approach."

"But I do not believe there is some nefarious intent to this bug," Weir adds. "It is more in the nature of a 'naive' algorithm, like the bubble sort, that inexperienced programmers inevitably will fall upon when solving a given problem. I bet if we gave this same problem to 100 freshmen computer science majors, at least one of them would make the same mistake."

Weir claimed that when accessed via Firefox, the browser ballot is more likely to put Internet Explorer in one of the first three positions and Safari in fifth.

Microsoft was unavailable for comment at the time of publication.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021