Deletedmessiah

Level 22
Verified
Content Creator
The original version of Microsoft Edge currently coming pre-installed on Windows 10 is sending the full URL of the sites you visit to Microsoft, according to a security researcher.
The data includes not only page information, but also the SID, which stands for security identifier, researcher Matt Weeks says on Twitter.
“Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID),” he posted.
Microsoft uses a feature called SmartScreen to protect users against potentially dangerous websites whenever they are loaded in the browser. SmartScreen works by analyzing the URL against a list of reported links maintained by Microsoft, so the page you visit is submitted to a Microsoft server to determine whether the site should be allowed or not.
“When checking a file, data about that file is sent to Microsoft, including the file name, a hash of the file's contents, the download location, and the file's digital certificates,” Microsoft says.
The researcher, however, suggests that this system could be improved using an approach similar to the one used by other browsers.
“Firefox, Chrome, and Safari do not send your browsing history to their cloud overlords like Edge does. They compare 4-byte URL hash prefixes with downloaded bad hash lists,” he says.
Microsoft is yet to respond to these concerns with an official statement, but we’ve reached out to the company and will update the article if an answer is offered.
Read full article in the source link.
 

oldschool

Level 32
Verified
Yep, that is how SmartScreen currently works.
But isn't the issue in question how they send the URL? :emoji_thinking:

Re: Edge Chromium - "It does, though, continue to send an unhashed URL. That practice will only end if and when Microsoft decides to start hashing the URLs, which probably would require significant code changes across many of their products."
 

F 4 E

Level 1
Just disable Smart Screen, and let your AV protect you. I run F Secure and have had no issues in browsing with F Secure quickly blocking malicious sites.
 
  • Like
Reactions: rockstarrocks

Gandalf_The_Grey

Level 20
Verified
But isn't the issue in question how they send the URL? :emoji_thinking:

Re: Edge Chromium - "It does, though, continue to send an unhashed URL. That practice will only end if and when Microsoft decides to start hashing the URLs, which probably would require significant code changes across many of their products."
What would be the difference between sending an unhashed URL or a hashed URL?
Both ways are sending the URL to check it's reputation with SmartScreen.

Just disable Smart Screen, and let your AV protect you. I run F Secure and have had no issues in browsing with F Secure quickly blocking malicious sites.
In my limited testing SmartScreen compliments F-Secure very nice.
When testing the links from @Evjl's Rain not all were blocked by F-Secure.
So I wouldn't disable the built-in protection.