News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Chredge snoops your other browser data

    Home Forums Code Red – Security/Privacy advisories Chredge snoops your other browser data

    Viewing 5 reply threads
    • Author
      Posts
      • #2275168 Reply
        doriel
        AskWoody Lounger

        Hello,
        Beware of this behavior of MSFT Edge. It is reported, that after opening Edge, users see their bookmarks imported withour their permission.

        After that, during Edge configuration, if user selects that Edge wont be default browser and does not want to import data from others, bookmarks dissapear.

        Source:

        Microsoft’s New Chromium-Based Edge Browser Is Reportedly Stealing Data from Firefox Without Permission

        I saw in the past, that Edge without my permission snooped my user data (username and domain – it can be found in Help->About dialog), but I was not able to reproduce this issue at this moment.

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        1 user thanked author for this post.
      • #2275259 Reply
        Elly
        AskWoody MVP

        I decided to experiment with the chromium based Edge… and downloaded it separately from Windows Update. It respected that it wasn’t set as the default browser, and did not import any book marks.

        But… the incidents referred to in the article seem to be associated with people who received Chredge automatically, through Windows Update…

        It reminds me that just because there are choices offered, it doesn’t mean that Microsoft has to honor those choices… and Microsoft has shown blatant lack of respect for end users.

        I have experimented with chromium Edge because of the promise that it may allow finer control of privacy than Google… it doesn’t bode well if it transfer bookmarks while designating itself default. Again… I did not find this when I installed it separately from Windows Update.

        Non-techy Win 10 Pro and Linux Mint experimenter

        2 users thanked author for this post.
        • #2275263 Reply
          CADesertRat
          AskWoody Plus

          Same here Elly, I just downloaded it the other day and it seemed to respect my wishes even though it is not my default browser. I haven’t messed with it very much yet though so I can’t give it much of a review. I think that downloading it instead of getting it through WU may be a good point, as you brought up.

          Don't take yourself so seriously, no one else does 🙂
          4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

          1 user thanked author for this post.
      • #2275271 Reply
        Rick Corbett
        AskWoody_MVP

        I’ve just configured a laptop running Windows 10. Due to various concerns of its eventual owner I’ve disabled legacy Edge and also prevented automatic installation of Chredge using a REG file. Instead I’ve installed Brave as the default browser (with Firefox as the backup).

        I think I’ll keep an eye on reports re: Chredge for a while before allowing it anywhere near. 🙂

      • #2275278 Reply
        satrow
        AskWoody MVP

        Seems like this might just be highlighting the behavioral differences between Windows/MS Updates and the standard (stub/.msi?) installers, nothing to do with ChrEdge, just different wrapper designs.

        Windows/MS Updates being designed to be mainly background/unattended/batch, whereas elective installer downloads are very much hands-on/step-by-step.

        1 user thanked author for this post.
      • #2275310 Reply
        Elly
        AskWoody MVP

        So the problem that @Doriel provided a link to, in original post, is specific to chromium Edge being received through Windows Update.

        The concerns voiced in that article is that they did not want chromium Edge:
        – Rebooting the computer resulted in a forced tour of a browser that the person did not want or intend to use.
        – Edge copied Firefox bookmarks to Edge favorites without any authorization or approval required by user… the concern being unauthorized access to data.

        Before I chose yes or no my bookmarks from Chrome were already on the opened Edge browser’s bookmarks bar. When I clicked no they disappeared.

        It is unclear if this is just an oversight from Microsoft’s part, bad code, bad launch, or yet another example of the company tricking more users to its new products.

        How can I be sure Edge didn’t save any information? I find it strange that it pulled information from my chrome browser without my permission.

        The article also expresses concern that older relatives might be inadvertently forced into using chromium Edge because of the way it presents itself, instead of the browser with which their tech helper has set them up with (with ad-blocker and anti-tracking).

        I’ve tried to not ‘trigger’ my own negativity around Microsoft’s overbearing control of my hardware… which is why I did a manual install and did a test run. Unfortunately, I’m not techy enough to test whether Edge becomes another vector for unwanted data vaccumming. Edge worked, as far as browsing goes. It does have the ‘bug’ regarding videos on YouTube and other sites, in that you have to turn off UBlock (the only extension I tested it with) to work with them. But on 1909 Pro, with Update Settings following PKCano’s recommendations, it hadn’t appeared for download, let alone download or set up without permission. So, following those recommendations, and Woody’s DEFCON system, it appears that the problems found in this article just don’t happen (yet?).

        I’m a satisfied user of Pale Moon… I know it doesn’t have a large user base, but it does do what I want it to do, has the extensions I need and use, and isn’t being developed to suck data from me. The people quoted in this article clearly don’t trust Microsoft or Edge. I’m glad there are alternatives that I can trust.

        Non-techy Win 10 Pro and Linux Mint experimenter

        2 users thanked author for this post.
        • #2275319 Reply
          b
          AskWoody Plus

          It does have the ‘bug’ regarding videos on YouTube and other sites, in that you have to turn off UBlock (the only extension I tested it with) to work with them.

          It doesn’t for me.

          • #2275341 Reply
            Elly
            AskWoody MVP

            @b- Which ad-blocker(s) did you test it with?

            And did you install chromium Edge yourself, or are you using the version that comes through Windows Update?

            Do you use it while signed into a Microsoft or local account?

            I think all of those might be pertinent variables.

            Were you already using the legacy Edge, so it just assumed your settings, as expected behavior? If so, you didn’t actually test whether it co-opted settings/data from separate browsers… but did you notice anything else that might pertain regarding data snooping, or how it can be controlled by end users? You’re usually up on all the latest… 🙂

            Non-techy Win 10 Pro and Linux Mint experimenter

      • #2276738 Reply
        samak
        AskWoody Plus

        reviewgeek.com has an article entitled “Microsoft Edge Doesn’t Wait for Permission to Import Your Data” which seems to have a slightly different angle on this issue.
        https://www.reviewgeek.com/46340/microsoft-edge-doesnt-wait-for-permission-to-import-your-data/

        W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

        • #2276958 Reply
          Elly
          AskWoody MVP

          According to Windows Central a Microsoft spokesperson sent them the following statement:

          We believe browser data belongs to the customer and they have the right to decide what they should do with it. Like other browsers, Microsoft Edge offers people the opportunity to import data during setup.

          According to reviewgeek, they also said:

          During the first run experience, the customer is presented the opportunity to keep or discard the imported data. This data is discarded if they choose not to proceed with the import. If a customer terminates the new Microsoft Edge browser prematurely during the first run experience (e.g. using Task Manager), residual data may not be fully deleted. We recommend customers not shut down the setup process prematurely to ensure an expected result.

          The issue for Microsoft is that people are not completing the ‘First Run Experience’ and that therefore, customers expecting not to have their data imported will find that it has been.

          This is strikingly different from the issue for end users that have posted, whether on Reddit, or other forums… and that is, end users expect Microsoft not to access their browser data on other browsers without permission. That Microsoft magnanimously decided that the browser data ‘belongs to the customer’ and that we should ‘decide what happens to it’, doesn’t mean that it doesn’t access and use the data (remember Microsoft’s all encompassing EULA?) according to their purposes.

          Using W10 means you have given Microsoft access to the data from anything you choose to do with it, and clearly, although you may have chosen to block all Microsoft apps, they can collect and use the data from any other browsers you are using…

          Why is that important? See EFF Why Metadata Matters for the best explanation.

          Microsoft wants our trust… just check out how they emphasize privacy and respect in presenting chromium Edge in the first run experience. But… their EULA and privacy statement negate both trust, and indicate, profound disrespect for personal boundaries of their customers… and the behavior, that we can see, is that they access our data at will.

          The issue isn’t that they misuse that data. Peeping Toms don’t cause direct violation of a person, like rape does… but society has long recognized that peeping, even when the ability to do so exists, is morally objectionable… and that people have a right to expect privacy within their own homes. Microsoft is peeping into our lives… they’ve entitled themselves to access our data… and it is wrong. I would expect an OS to provide actual privacy for end users, even from its developer… not steal it to develop AI, or even to use it to make my user experience better.

          Most people accept the privacy curtains that Microsoft has placed for them… most of the time they cannot ‘see’ how invasive and thorough Microsoft’s telemetry is, so they are fine with it. Most will take Microsoft’s reassurance of their ‘rights’ to decide what to do with their browser data as evidence that Microsoft is providing privacy and end user choice. It isn’t. It actually demonstrates how little folks know about the data that Microsoft collects, and in how few places they actually get some choice, and no actual, privacy concerning it. And, no, we shouldn’t just get used to it… or find it acceptable.

          Non-techy Win 10 Pro and Linux Mint experimenter

          3 users thanked author for this post.
          • #2277006 Reply
            anonymous
            Guest

            The issue isn’t that they misuse that data. Peeping Toms don’t cause direct violation of a person, like rape does… but society has long recognized that peeping, even when the ability to do so exists, is morally objectionable… and that people have a right to expect privacy within their own homes. Microsoft is peeping into our lives… they’ve entitled themselves to access our data… and it is wrong. I would expect an OS to provide actual privacy for end users, even from its developer… not steal it to develop AI, or even to use it to make my user experience better.

            Any evidence that Microsoft does anything with Chrome or Firefox bookmarks other than import them to Edge and then offer to discard them?

            • #2277068 Reply
              Elly
              AskWoody MVP

              As I point out, the issue isn’t use, but access. Microsoft’s response is proof that they are accessing data from apps that are not theirs, and not part of W10, intentionally, and without end user permission beyond their over-reaching EULA and (lack of) privacy statement.

              Any evidence that Microsoft does anything with Chrome or Firefox bookmarks other than import them to Edge and then offer to discard them?

              Part of the problem with telemetry is that end users cannot see what Microsoft is accessing, although it is clear from the Edge implementation that data that on other browsers is accessed, and moved to their browser, before the end user consents.

              Since they refuse to provide a telemetry off option, or a way for end users to review and delete telemetry before it is encrypted, there is a chronic power imbalance between Microsoft and their end users. A balance of power, with respect for boundaries, is essential for healthy relationships, whether interpersonal or commercial. Asking for consent, after the fact, is a violation of boundaries.

              Non-techy Win 10 Pro and Linux Mint experimenter

              2 users thanked author for this post.
        • #2277071 Reply
          wavy
          AskWoody Plus

          the question remains ; how to delete a bulk amount of bookmarks in edge, w/o a real manager gui it seems to be a one at a time operation. 🙁

          🍻

          Just because you don't know where you are going doesn't mean any road will get you there.
          • #2277082 Reply
            anonymous
            Guest

            Favorites, Manage favorites, Favorites Bar, Ctr-A, Delete, Other Favorites, Ctrl-A, Delete.

    Viewing 5 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Chredge snoops your other browser data

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.