Microsoft Edge that comes preinstalled on Windows 10 sends the full URLs of the websites you visit to Microsoft, according to a security researcher.
The data sent by browser include not only the information on each page you visit, but also the SID, which means security ID, according to a Publication by researcher Matt Weeks on Twitter.
Edge obviously sends the full URL of the pages you visit (except for some popular sites) to Microsoft. And, unlike the documentation, it includes your non-anonymous account ID (SID).
Microsoft is known to use a mode called SmartScreen to protect users from potentially dangerous websites every time they are loaded in the browser.
SmartScreen works by comparing the URL to a list of links that Microsoft has, so the page you visit is submitted to a Microsoft server to determine whether or not you are allowed to access the site.
However, Weeks found that information sent without being encrypted also included the SID.
But Microsoft mentions the following about the SID in the official documentation of the operation:
The security identifier (SID) is used to uniquely identify a security authority or security group. Security authorities can represent any person who may exist in an operating system, such as a user account, a computer account, or a link or process running within the security of a user account or computer.
Theoretically, by including the SID in the report, Microsoft can tell exactly who is visiting a website when SmartScreen is enabled in Windows 10, of course.
By default, SmartScreen for Microsoft Edge uses the "Warn" setting on Windows 10 devices.
However, Microsoft states:
When checking out a file, data about that file is sent to Microsoft. Data includes file name, hash of file contents, location λήψηand of the file's digital certificates.
The researcher says that this system could be improved using an approach similar to that used by other browsers.
Firefox, Chrome, and Safari do not send your browsing history to the company, as Edge does. Compare hash prefixes of 4-byte URLs with built-in malicious mailing lists.
Microsoft has not yet made an official statement.
___________________
- Privacy the history of a lost affair
- FaceApp when the idiot looked at the finger
- Windows 10 1809 cumulative update KB4505658