Microsoft Edge Said to be sending Full URLs of the sites you visit to Microsoft

Deletedmessiah

Level 25
Thread author
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
The original version of Microsoft Edge currently coming pre-installed on Windows 10 is sending the full URL of the sites you visit to Microsoft, according to a security researcher.
The data includes not only page information, but also the SID, which stands for security identifier, researcher Matt Weeks says on Twitter.
“Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID),” he posted.
Microsoft uses a feature called SmartScreen to protect users against potentially dangerous websites whenever they are loaded in the browser. SmartScreen works by analyzing the URL against a list of reported links maintained by Microsoft, so the page you visit is submitted to a Microsoft server to determine whether the site should be allowed or not.

“When checking a file, data about that file is sent to Microsoft, including the file name, a hash of the file's contents, the download location, and the file's digital certificates,” Microsoft says.
The researcher, however, suggests that this system could be improved using an approach similar to the one used by other browsers.
“Firefox, Chrome, and Safari do not send your browsing history to their cloud overlords like Edge does. They compare 4-byte URL hash prefixes with downloaded bad hash lists,” he says.
Microsoft is yet to respond to these concerns with an official statement, but we’ve reached out to the company and will update the article if an answer is offered.

Read full article in the source link.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Yep, that is how SmartScreen currently works.

But isn't the issue in question how they send the URL? :unsure:

Re: Edge Chromium - "It does, though, continue to send an unhashed URL. That practice will only end if and when Microsoft decides to start hashing the URLs, which probably would require significant code changes across many of their products."
 

F 4 E

Level 3
Verified
Jan 27, 2019
103
Just disable Smart Screen, and let your AV protect you. I run F Secure and have had no issues in browsing with F Secure quickly blocking malicious sites.
 
  • Like
Reactions: brambedkar59

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
But isn't the issue in question how they send the URL? :unsure:

Re: Edge Chromium - "It does, though, continue to send an unhashed URL. That practice will only end if and when Microsoft decides to start hashing the URLs, which probably would require significant code changes across many of their products."
What would be the difference between sending an unhashed URL or a hashed URL?
Both ways are sending the URL to check it's reputation with SmartScreen.

Just disable Smart Screen, and let your AV protect you. I run F Secure and have had no issues in browsing with F Secure quickly blocking malicious sites.
In my limited testing SmartScreen compliments F-Secure very nice.
When testing the links from @Evjl's Rain not all were blocked by F-Secure.
So I wouldn't disable the built-in protection.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top