Privacy concerns raised that SmartScreen in Edge shares browsing history with Microsoft
A security researcher has revealed that the SmartScreen feature of Microsoft Edge is sharing full URLs of pages visited with the Windows-maker. Also shared are users' account IDs, raising concerns about privacy-invading tracking of browsing history.
SmartScreen is a security feature that Microsoft uses to identify phishing and malware websites, but the lack of obfuscation or anonymization of URLs shared with the company opens ups the potential for invasions of privacy and the revealing of sensitive information.
- Microsoft to pay $26 million to settle claims of violating the Foreign Corrupt Practices Act
- Microsoft plows $1 billion into OpenAI partnership
- Microsoft warns thousands that they are victims of state-sponsored hacking
The revelation comes courtesy of security researcher Matt Weeks who shared his findings on Twitter. Checks and tests carried out by Bleeping Computer confirmed his report that unmasked URLs were being shared with Microsoft, as well as the fact that "Windows 10 also transmits a great deal of potentially sensitive information about your applications to SmartScreen when you attempt to run them".
Weeks posted on Twitter:
? Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID). pic.twitter.com/zHMLUGwo9w
— scriptjunkie (@scriptjunkie1) July 19, 2019
Twitter users responded expressing surprise and concern that details of sites visited were being shared with Microsoft in an unhashed form, and even greater concern that this data could easily be linked to individuals as SIDs (Security Identifiers) were also being shared.
While the report may be disturbing, Microsoft is actually fairly honest about what is happening: the company reveals that URLs are shared in documentation.
In the Chromium-based version of Edge, Microsoft has opted to continue to share unhashed URLs, but it no longer shares SIDs. Nonetheless, Weeks' revelations will come as surprising news to users of the regular version of Edge who likely had no idea that their browsing habits were being shared with Microsoft.