Is there any place on the web that’s safe from data-sharing?! We’ve already seen companies as visible as Google and Facebook get caught in the selling private user data to third-parties, so why does anyone bother with the practice anymore?
Well, for starters, data is valuable. In fact, it can help marketers and advertisers pinpoint your habits to sell to you more effectively. That’s the crux of the matter that keeps the entire industry afloat. As for personal privacy — well, that’s not making anybody any money, right? (Don’t tell Facebook, though.)
As it turns out, however, one of the most popular web browsers on the internet was revealed to be sharing personal data with one of the biggest names in tech: Microsoft. Not only is this browser reporting your activity, but it’s also sharing unfiltered browsing history and attaching your username to it! If you’re using this browser right now, you might want to try an alternative.
Microsoft edges into data harvesting
On Windows 10 PCs, Microsoft Edge is automatically set as the operating system’s default browser. Edge was created to replace the infamously insecure Internet Explorer, and since then, it’s amassed a sizable user base.
This makes sense since it’s the first browser users are directed to when you boot up your PC for the first time. What many users might not know is that Microsoft has been keeping tabs on your private data — and even has your name attached!
In a report by the cybersecurity analysts at Bleeping Computer, Microsoft Edge was found to be sending the full URLs of websites you visit to a company database — along with your Microsoft Account username! In other words, Microsoft knows the places you’re visiting as well as the fact that you are the one who visited them.
This is concerning for a number of reasons, but the most notable is the fact that Microsoft can easily put a name to the data it’s harvested — much like how Facebook does.
Not to mention, Microsoft Accounts are created by the user during a PC’s initial setup, so there isn’t really a way around the company knowing who you are unless you were aware of the data-sharing before booting for the first time.
Why does Microsoft need to know any of this?
As it turns out, Microsoft’s intentions appear to be at least somewhat nobler than fellow harvesters like Facebook. The system that collects the URL and account data is part of Windows Defender — the anti-malware program that comes bundled with every PC.
The specific process, termed SmartScreen, sends URLs to Microsoft with the purpose of analyzing them and checking them against known spam and phishing sites.
If the service finds a match, it will identify it and let you know right from your desktop. In order to notify you specifically, however, it needs to match the event data to your computer. This is accomplished by — you guessed it — using the username data harvested by SmartScreen.
So, in a sense, the process is done to make Microsoft Edge safer to use. However, there’s still a number of flaws in how Microsoft encodes and stores the data it’s siphoning.
What’s the downside?
We’ve already seen how data collection can quickly spiral out of control, and regardless of intent, Microsoft’s process still takes private user data and stores it for its own needs.
Plus, if a hacker were able to intercept the transmission of data, they’d have easy access to some incredibly sensitive information. By using unencrypted URL data, it’s much easier to piece together private data about a user’s life than it would be if the URLs were obscured.
And obscuring URLs is exactly what competing anti-phishing services do in other browsers! Firefox and Chrome also collect URLs and compare with databases of known fraud websites, but the information it shares is encrypted for user protection. There are zero reasons for Microsoft to be sending this data in an inferior, and possibly dangerous, format.
If you’re currently using Microsoft Edge, we highly recommend switching to another browser until Microsoft makes the switch to encrypted data-sharing. The system they’ve designed isn’t a bad one, but the method they’re using carries far more risk than reward.
If you’re looking to switch browsers, Firefox is the best all-around browser for privacy and data protection. It even blocks third-party cookies by default!
Just because something is set to default doesn’t always make it the best option for you to use. Luckily, that’s why we’re here: to give you trusted advice on what works best for your security and privacy. Are you ready to make the switch?