The original version of Microsoft Edge currently coming pre-installed on Windows 10 is sending the full URL of the sites you visit to Microsoft, according to a security researcher.
The data includes not only page information, but also the SID, which stands for security identifier, researcher Matt Weeks says on Twitter.
“Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID),” he posted.
Microsoft uses a feature called SmartScreen to protect users against potentially dangerous websites whenever they are loaded in the browser. SmartScreen works by analyzing the URL against a list of reported links maintained by Microsoft, so the page you visit is submitted to a Microsoft server to determine whether the site should be allowed or not.
Read full article in the source link.“When checking a file, data about that file is sent to Microsoft, including the file name, a hash of the file's contents, the download location, and the file's digital certificates,” Microsoft says.
The researcher, however, suggests that this system could be improved using an approach similar to the one used by other browsers.
“Firefox, Chrome, and Safari do not send your browsing history to their cloud overlords like Edge does. They compare 4-byte URL hash prefixes with downloaded bad hash lists,” he says.
Microsoft is yet to respond to these concerns with an official statement, but we’ve reached out to the company and will update the article if an answer is offered.