First was Digg, with the message on 4 July, Much Ado About IE6, that,
Based on the amount of activity and the relative rate of its decline, we’re likely to stop supporting IE6 for logged in activity like digging, burying, and commenting. Users of IE6 would still be able to view pages — just not logged in. This won’t happen tomorrow, but we’re thinking about doing it soon.Today (Tuesday US time), YouTube sent a similar message, turning on a message advising IE6 users to upgrade, as first reported by TechCrunch in YouTube Will Be Next To Kiss IE6 Support Goodbye.
This builds on a European campaign, Stop Living in the Past, where websites have been progressively warning IE6 users to upgrade, or blocking them from accessing content, reportedly even supported by Microsoft CEO Steve Balmer.
In my view this is great to see happen. Many organisations are restricted to testing on the web browsers they allow internally, which tends to result in online services which work superbly in IE6, but fail to meet modern standards and present poorly in modern browsers less - effectively failing accessibility hurdles.
However it presents an interesting conundrum for organisations still relying on IE6. While the browser may still meet their internal security model, it may be no longer 'fit for purpose' due to declining support by websites.
Fortunately there are no software licensing charges for upgrading to a more modern web browser - which are more secure and robust as well as being more standards compliant - so the main costs are security testing, configuration and rollout.
Proactive security teams may have already done the work required - Internet Explorer 8 has been available for security testing since March 2008 and Firefox 3 has been around since May 2008 (with 3.5 released recently).