Microsoft Edge branded as ‘worrisome’ for user privacy

Research claims the web browser sends telemetry data and URLs to back-end servers

Microsoft Edge is one of the least private web browsers, as it sends back device identifiers and web browsing telemetry to back-end servers, according to new research. 

An analysis of the browser, which comes bundled in Windows 10 by default, conducted by  Trinity College Dublin found that Edge sends “persistent identifiers” to back-end services, as well as the URLs typed into the browser’s pages. 

Related Resource

Don’t just collect data, innovate with it.

Removing the barriers to the experience economy

Download now

Professor Douglas Leith from the university’s School of Computer Science and Statistics looked at the behaviour of other browsers as well and concluded that Edge and fellow browser Yandex were lacking in privacy protections. 

Advertisement - Article continues below

“From a privacy perspective Microsoft Edge and Yandex are much more worrisome than the other browsers studied,” Leith explained. “Both send identifiers that are linked to the device hardware and so persist across fresh browser installs and can also be used to link different apps running on the same device. 

“Edge sends the hardware UUID of the device to Microsoft, a strong and enduring identifier than cannot be easily changed or deleted. Similarly, Yandex transmits a hash of the hardware serial number and MAC address to back end servers. 

“As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality (which can be disabled by users) that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.” 

It's worth noting that the collection of user data and browser telemetry isn’t a privacy issue in itself, as such data can facilitate smooth upgrades and feedback when testing new features. But Leith noted that it becomes a problem when such data can be tied to a specific user. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

“When the same identifier is used across multiple transmissions it allows these transmissions to be tied together across time,” Leith said. “While linking data to a browser instance does not explicitly reveal the user’s real-world identity, many studies have shown that location data linked over time can be used to de-anonymize.”

“A second way that issues can arise is when user browsing history is shared with backend servers. Previous studies have shown that it is relatively easy to de-anonymize browsing history, especially when combined with other data,” Leith added. 

Not having the ability to opt-out of such privacy-sapping measures flies in the face of other efforts Microsoft has made in recent times to make its data collection and privacy option in Windows 10 and other services more transparent. 

Conversely, Leith found that the Brave Browser was the most secure, followed by Google’s Chrome browser, Mozilla Firefox, and Apple’s Safari. 

While Microsoft has put in plenty of work to make Edge into an appealing browser, it appears to have more work to do if it wishes to compete with rivals on privacy.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/operating-systems/28288/how-to-factory-reset-windows-10
operating systems

How to factory reset Windows 10

4 Mar 2020
Visit/technology/artificial-intelligence-ai/355796/can-microsofts-new-approach-to-ai-erase-the-memory-of
artificial intelligence (AI)

Can Microsoft's new approach to AI erase the memory of Tay?

30 May 2020
Visit/software/linux/355769/linux-gui-apps-coming-to-windows-10
Linux

Linux GUI apps coming to Windows 10

22 May 2020
Visit/software/development/355748/the-it-pro-podcast-microsoft-build-goes-virtual
Development

The IT Pro Podcast: Microsoft Build goes virtual

22 May 2020

Most Popular

Visit/security/ransomware/355891/nasa-it-contractor-ransomware-hack
ransomware

Ransomware collective claims to have hacked NASA IT contractor

3 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/data-insights/data-science/355678/how-data-science-is-transforming-business
Sponsored

How data science is transforming business

29 May 2020