Privacy concerns raised that SmartScreen in Edge shares browsing history with Microsoft

Big Microsoft Edge logo

A security researcher has revealed that the SmartScreen feature of Microsoft Edge is sharing full URLs of pages visited with the Windows-maker. Also shared are users' account IDs, raising concerns about privacy-invading tracking of browsing history.

SmartScreen is a security feature that Microsoft uses to identify phishing and malware websites, but the lack of obfuscation or anonymization of URLs shared with the company opens ups the potential for invasions of privacy and the revealing of sensitive information.

See also:

The revelation comes courtesy of security researcher Matt Weeks who shared his findings on Twitter. Checks and tests carried out by Bleeping Computer confirmed his report that unmasked URLs were being shared with Microsoft, as well as the fact that "Windows 10 also transmits a great deal of potentially sensitive information about your applications to SmartScreen when you attempt to run them".

Weeks posted on Twitter:

Twitter users responded expressing surprise and concern that details of sites visited were being shared with Microsoft in an unhashed form, and even greater concern that this data could easily be linked to individuals as SIDs (Security Identifiers) were also being shared.

While the report may be disturbing, Microsoft is actually fairly honest about what is happening: the company reveals that URLs are shared in documentation.

In the Chromium-based version of Edge, Microsoft has opted to continue to share unhashed URLs, but it no longer shares SIDs. Nonetheless, Weeks' revelations will come as surprising news to users of the regular version of Edge who likely had no idea that their browsing habits were being shared with Microsoft.

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.