Researcher Matt Weeks has shown how the original, non-chromium version of Microsoft’s Edge browser is sending the full URL of websites you visit to Microsoft.
“Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID),” said Weeks.
Microsoft explains how SID’s are used in its official documentation:
“A security identifier (SID) is used to uniquely identify a security principal or security group. Security principals can represent any entity that can be authenticated by the operating system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account.”
Microsoft admits in its privacy statement that some of this information is submitted to Microsoft to power SmartScreen – which it claims is necessary to run this security feature.
However, Weeks highlighted that other browsers do not require your browsing history to be sent to their cloud to implement their equivalent features.
“Firefox, Chrome, and Safari do not send your browsing history to their cloud overlords like Edge does. They compare 4-byte URL hash prefixes with downloaded bad hash lists,” he said.