Microsoft Edge sends URLs and SIDs to Microsoft

Microsoft Edge that comes preinstalled on Windows 10 sends the full URLs of the websites you visit to Microsoft, according to a security researcher.

The data sent by include not only the information on each page you visit, but also the SID, which means security ID, according to a Publication by researcher Matt Weeks on Twitter.

Microsoft Edge

Edge obviously sends the full URL of the pages you visit (except for some popular sites) to Microsoft. And, unlike the documentation, it includes your non-anonymous account ID (SID).

Microsoft is known to use a called to protect users from potentially dangerous websites every time they are loaded in the browser.

SmartScreen works by comparing the URL to a list of links that Microsoft has, so the page you visit is submitted to a Microsoft server to determine whether or not you are allowed to access the site.

However, Weeks found that information sent without being encrypted also included the SID.

But Microsoft mentions the following about the SID in the official documentation of the operation:

The security identifier (SID) is used to uniquely identify a security authority or security group. Security authorities can represent any person who may exist in an operating system, such as a user account, a computer account, or a link or process running within the security of a user account or computer.

Theoretically, by including the SID in the report, Microsoft can tell exactly who is visiting a website when SmartScreen is enabled in Windows 10, of course.

By default, SmartScreen for Microsoft Edge uses the "Warn" setting on Windows 10 devices.

However, Microsoft states:

When checking out a file, data about that file is sent to Microsoft. Data includes file name, hash of file contents, location and of the file's digital certificates.

The researcher says that this system could be improved using an approach similar to that used by other browsers.

Firefox, Chrome, and Safari do not send your browsing history to the company, as Edge does. Compare hash prefixes of 4-byte URLs with built-in malicious mailing lists.

Microsoft has not yet made an official statement.

___________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

browserbytechromeEdgeURL

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).