Research Finds Microsoft Edge Has Privacy-Invading Telemetry

edge

While Microsoft Edge shares the same source code as the popular Chrome browser, it offers better privacy control for users. New research, though, indicates that it may have more privacy-invading telemetry than other browsers. According to Microsoft, telemetry refers to the system data that is uploaded by the Telemetry components or browser's built-in services. Telemetry features aren't new to Microsoft and the company has been using Telemetry data from Windows 10 to identify issues, analyze and fix problems.
Professor Douglas J Leith, Chair of Computer Systems at Trinity College in Ireland, tested six web browsers to determine what data they were sharing. In his research, he pitted Chromium-based Microsoft Edge, Google Chrome, Brave, Russia's Yandex, Firefox and Apple Safari. Unfortunately, Microsoft Edge didn't perform well in various privacy tests.

Too much telemetry in Microsoft Edge

When testing the Edge Browser, Leith saw that every URL that was typed into Edge would be sent back to Microsoft sites. For example, every URL typed into the address bar is shared with Bing and other Microsoft services such as SmartScreen. This was confirmed by BleepingComputer who used Fiddler to see the JSON data being sent to Microsoft.
Unhashed URL being sent to SmartScreenUnhashed URL being sent to SmartScreen
This could be fixed by using a technique similar to Google's Safe Browsing implementation that downloads a a list of known malicious sites and saves it locally. This list is the checked by the browser and if any data needs to be sent to Google's servers, will only send a hashed partial URL fingerprint that can be used to track browsing behavior.

The browser also sends unique hardware identifiers to Microsoft, which is a "strong and enduring identifier" that cannot be easily changed or deleted.

User tracking information being sentUser tracking information being sent
Russian web browser Yandex is also engaged in similar anti-privacy activities:
From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.

It's important to note that Microsoft Edge for Enterprise gives administrators a lot of control in deployments to disable all these trackers, but the trackers are enabled by default in all Edge installations.

While Microsoft Edge didn't fare well in the tests, the researcher has also questioned Chrome's and other browser's behaviour. Users have previously noticed that Chrome scans the entire computer and reports hashes of executable programs back to Google to build Chrome's Safe Browsing platform. Chrome, Firefox and Safari share details of every webpage you visit with their services. All these browsers use autocomplete feature to send web addresses to their services in realtime.
Firefox'stelemetry transmissions, which is silently enabled by default, can potentially be used to link these over time. In Firefox, there is also an open WebSocket for push notifications and it is linked to a unique identifier, which could be used for tracking, according to the researcher.

Related Articles:

Windows 10 Privacy Guide: Settings Everyone Should UseGoogle Stops Issuing Security Warnings About Microsoft EdgeHow to Use Google Chrome Extensions and Themes in Microsoft EdgeHow to Run Classic and Chromium Microsoft Edge Side-by-Side

Microsoft Edge Now Lets You Block Potentially Unwanted Programs

Similar Articles:

Microsoft: tell us if you want us to build an ad blocker into Edge

Microsoft: tell us if you want us to build an ad blocker into Edge

A new report shows the most popular web browsers in the world are sending companies your history or personal data. Here’s how each browser’s privacy stacks up.

A new report shows the most popular web browsers in the world are sending companies your history or personal data. Here’s how each browser’s privacy stacks up.

A look at Microsoft Edge's Tracking Prevention feature

A look at Microsoft Edge's Tracking Prevention feature

Microsoft Edge lets Facebook run Flash code behind users' backs

Microsoft Edge lets Facebook run Flash code behind users' backs