|
There are isolated problems with current patches, but they are well-known and documented on this site. |
An interesting white paper from Prof Leith, Trinity College, Dublin (PDF): We measure the connections to backend servers made by six browsers: Google
[See the full post at: Privacy update: Brave is the most private browser, Edge blabs like crazy]
lmacri, 
Steve, 
SueW, 
abbodi86, 
plodr, 
lurks about, 
Norio, 
pabby, 
GreatAndPowerfulTech, 
Tom-R, 
MikeFromMarkham, 
Carl, 
wdburt1, 
David F, 
Elly Somebody tell me again how Microsoft values your privacy?
At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. We are doing this by building an intelligent cloud, reinventing productivity and business processes and making computing more personal. In all of this, we will maintain the timeless value of privacy and preserve the ability for you to control your data.
This starts with making sure you get meaningful choices about how and why data is collected and used, and ensuring that you have the information you need to make the choices that are right for you across our products and services.
We are working to earn your trust every day by focusing on six key privacy principles:
Control: We will put you in control of your privacy with easy-to-use tools and clear choices.
Transparency: We will be transparent about data collection and use so you can make informed decisions.
Security: We will protect the data you entrust to us through strong security and encryption.
Strong legal protections: We will respect your local privacy laws and fight for legal protection of your privacy as a fundamental human right.
No content-based targeting: We will not use your email, chat, files or other personal content to target ads to you.
Benefits to you: When we do collect data, we will use it to benefit you and to make your experiences better.Privacy at Microsoft
Your data, powering your experiences, controlled by you.
Satya Nadella
CEO
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
Correct me if I’m wrong, but isn’t this the same company that inflicted the whole GWX fiasco on unsuspecting users… Downloading gigabytes of data without notice or approval, installing Windows 10 in the background without notice or approval, and ignoring their own rules to make clicking a red X the equivalent of “Yes, please install Windows 10” instead of “take no action and close this dialogue box as you have every time before”? Sorry, but I see no reason to trust anything they’ve said since, including the marketing hype you:be quoted above.
Okay, I’ll bite.
If Microsoft wants to protect my privacy, why are they collecting “persistent identifiers” with everything I type into the Chredge bar?
Microsoft needs to add and implement a commitment to avoid using dark tactics to obscure what they are doing… and then, walk their talk.
Control: We will put you in control of your privacy with easy-to-use tools and clear choices.
There is still no off switch for telemetry or way to opt out, and there is not an opt in, other than when initially installing their OS. There is no way to block the permanent hardware ID. There is no way to be anonymous and control your privacy. Not signing into a Microsoft account allows tracking through the hardware ID. To access their lack of ‘privacy dashboard’, one must sign in and by then the data has already been collected and dispersed for Microsoft’s use. You want to bet that they aren’t tracking what kind of user data people are deleting?
Transparency: We will be transparent about data collection and use so you can make informed decisions.
Their EULA is comprehensive and all encompassing, to ensure their right to continue harvesting data. They are going to collect as much data, all the time, any way they can. Very clear.
Security: We will protect the data you entrust to us through strong security and encryption.
We, Microsoft, make sure that you, the person using the operating system, cannot see or understand what data is being harvested… but admits in their own whitepaper that even Enterprise level recommended settings leak personal information.
Strong legal protections: We will respect your local privacy laws and fight for legal protection of your privacy as a fundamental human right.
And will use the money and might of our corporation to make sure local privacy laws do not interfere with our data harvesting, reinforce our right to do so, and will freely and readily obscure, confuse, and otherwise ensure our use of other peoples data for training or implementing our AI.
No content-based targeting: We will not use your email, chat, files or other personal content to target ads to you.
Content-based targeting has been way too obvious and objectionable to end users, so we are backing away from that. We will continue to collect data from your e-mail, chat, files, and other personal content, however. It is useful in training our AI, developing our services, and may be commercially exploitable in the future.
Benefits to you: When we do collect data, we will use it to benefit you and to make your experiences better.
We really hope that by stressing how this is for your own good, that you will believe us, continue to use our products, and stop asking for a way to turn off the data collection. We need to know who you are, where you are, what devices you use, who you communicate with, what your religious and political beliefs are, what your education is, what your finances are, what your health is like, what you search for, etc. In human history, and currently across the globe, this kind of information has been used to the detriment of millions of people… but we, a corporation consisting heavily of males, wealthy and entitled, who have consistently used dark patterns to establish W10, are definitely who you should trust. We definitely know better than you do, and you shouldn’t be trusted to make decisions about hardware that you’ve bought, and otherwise own.
@b- your technical expertise regarding Windows is superb, and you consistently share insights and details that others have missed… I can’t tell you how many times you have helped me understand my computer, and offered great references for your information. But- Microsoft was wrong in how they implemented W10, is wrong to insist on data collection no matter what, and they need to put control in our, the end user’s hands. Violating privacy and telling you and everyone else that is okay, or even desirable, is a tactic used by criminals, sex offenders and other abusers, and leaders of oppressive countries. Violating personal boundaries is far too common, but it isn’t the standard to aspire too.
Cheers to Woody, and everyone else, that continue to push Microsoft to innovate without violating personal privacy and choice, just because they can get away with it!
Now, as regard to browsers- thank goodness there are researchers looking at what information is being sent. At this point, the amount of data and frequency of collection allows me to make more informed choices about what browsers to use. It doesn’t do any good to secure one’s OS privacy, and then use a tattletale browser.
Non-techy Win 10 Pro and Linux Mint experimenter
RamRod, 
Mr. Austin, Steve, SueW, 
LH, lurks about, 
Purg2, Norio, 
Lars220, 
jhvance, 
AlexEiffel, David F, 
lanceboil, 
doriel, 
woody, 
Bengalensis, 
Geoff King, GreatAndPowerfulTech, Tom-R, 
samak 
But but but… they want you to “achieve more.” And they “will use it to benefit you and to make your experiences better.” Honestly. Just trust them. They know best. 😛
To be expected from the new (post Win 7, Balmer) Microsoft I suppose. I had a small glimmer of hope for Edge – what was I thinking? At least uBlock Origin works as of now.
The report validates findings I had made regarding Firefox. Mozilla has been reasonably straight forward in their documentation of connections. I do allow “safe browsing” connects to protect me from my own stupidity although I sometimes have to disable it so I can download tools from reputable sources.
I do not allow any telemetry service connections though. The telemetry engine and components (e.g. ping services) can be disabled in about:config. I also disable experiments, pocket, sync and the usual other suspects.
I’m fairly comfortable using Firefox with the appropriate extensions. I wish I could say the same for Edge.
Originally posted Feb. 26th, in Browsers:
Web Browser Privacy – Academic Paper
Originally posted on Feb. 25th in Internet Explorer and Edge
Microsoft Edge the worse private browser : https://www.askwoody.com/forums/topic/microsoft-edge-the-worse-private-browser/
🙂
Thank you for your article. At least now I know I am not paranoid that much 🙂 Have you ever noticed how slow Edge and IExplore are? Cant this be thew clue that they send lot of data in the background? To be honest, how many of you noticed, how slowly these two browsers start loading page.
Also: I wonder what tools testers used to see the background traffic. I tried in the past tools like nMap to see whats going on in the background, but I couldnt get any relevat data. Thanks goodness there are highly competent people that do this for us!
BTW someone mentioned in the past that ID sent to microsoft has something to do with SmartScreen – it tells Microsoft, that you are logged in via MS account. Do they really STORE these data to your account, or is it sent “just once and then forgotten”?
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
BTW someone mentioned in the past that ID sent to microsoft has something to do with SmartScreen – it tells Microsoft, that you are logged in via MS account. Do they really STORE these data to your account, or is it sent “just once and then forgotten”?
The white paper indicates that data is sent to smartscreen-prod.microsoft.com and nav.smartscreen-prod.microsoft.com. They are also sending the UUID of your system to their servers (specifically self.events.data.microsoft.com), and this data is persistent and not easily removed (unless the URL is put in the HOSTS files?). So I would say, yes, they are STORING this data.
With all this stuff going on with Chrome, Chredge and Edge it seemed to me they are all merging in some form or will perform very similar. I decided last week that I’m back on the Firefox bandwagon and making that my primary browser going forward. The last time I used Firefox is when they began the “quick release” program of pushing new releases more frequently. A lot has changed since then and I already like Firefox much better.
We have been pushing Chrome as the default browser for our organization. We use the admx template in AD to manage the browser settings. After checking and finding that Firefox also has an admx template for AD I have begun the push to make an effort to change our default browser to Firefox within the company.
I have a feeling all this browser activity going on with Windows and Chrome will wind up benefiting the Firefox community. I foresee a large migration to Firefox over time.
Red Ruffnsore
I have been using Firefox in our organization since the early beginnings and never looked back. Apart from being a great browser, it has served us so well without any major issue and I find that we do our share of contributing to a cleaner Internet by using a web browser that values privacy. I think that if ones value privacy, they should express it by using a browser that steers the ship in this direction so that others understand that it is not ok not to do it.
I am also very concerned by the fact that Chredge could bring us back to an era of “this site is only supported by <IE> compatible browsers” (replace <IE> by chromium). I already see that when interacting with other organizations. This is not good for anyone. I never really tried Edge, Chredge or Chrome. I am not interested in what those products offer, regardless of how good they can be in other ways. Firefox is good enough and it doesn’t have the same privacy issues.
Other browsers need market share to protect our privacy and maintain diversity. If you care about privacy, I invite you to do your contribution and spread the word to non power users you support. Use a browser that respects your privacy.
In addition to the excessive “phoning home” activity, Chredge is also prone to crashing on my 32Gb eMMC Toshiba Win10 Home tablet — strikes me as behavior which is potentially correlated as the combined memory load (static + dynamic) from the frequent back-and-forth on top of its base memory demand simply overloads the machine’s capability. OTOH, the limitations of this near-to-EOL tablet (still on 1809 because of insufficient space for either 1903 or 1909 upgrades to succeed) could provide other failure vectors that negatively impact the capability for Chredge to function properly.
Use a browser that respects your privacy.
Microfix sponsored a weekend hunt for a privacy / security type of web browser over here at this AskWoody topic:
https://www.askwoody.com/forums/topic/weekend-hunt-for-a-browser/
and remarked:
…I think my search is over I’ve been testing this updated browser for a few weeks now and I REALLY like it!
Microfix has a nice tutorial about additional adjustments recommended:
For those who wish to take this browser for a spin, I’ve noted a few things that I’ve classed as need done for the privacy/security conscious folk out there.
Thank you Microfix, nice find.
So, I garner from the white paper that Edge is sending data, at various times in the session, to the following URLs:
arc.msn.com
assets.msn.com
config.edge.skype.com
cs22.wpc.v0cdn.net
edge.microsoft.com
edge.skype.com
edgewelcomecdn.microsoft.com
go.microsoft.com
microsoftedgewelcome.microsoft.com
nav.smartscreen.microsoft.com
otf.msn.com
ris.api.iris.microsoft.com
sb.scorecardresearch.com
self.events.data.microsoft.com
smartscreen-prod.microsoft.com
uhf.microsoft.com
vortex.data.microsoft.com
[www.]bing.com
[www.]microsoft.com
Even if you don’t use Edge, it seems like it would be the careful thing to do to include these in the local HOSTS file and block them (with “0.0.0.0” entries). The last two are problematic since you may actually want to link to them at some point, but the fact that every one of my keystrokes in Edge is being sent to bing.com makes me want to stop using Bing and to also include it in HOSTS.
I wonder how Chromium, Opera, and Vivaldi would fair. My default browser is Brave.
As far as Chredge, it is not totally surprising it is worse than Chrome as W10 telemetry saga will know.
I discovered that Chromium Edge on Windows 7 is far more compliant when clearing out the history. I have the same settings on a W7 and W10 machine. W7 Edge actually clears the entire history, on my workbench PC. W10 leaves over 35 items in place. That is not respecting our privacy in any way. Or, maybe users of Windows 10 can never expect Microsoft to respect their privacy.
GreatAndPowerfulTech
I do not want either Google’s or MS’s take on chrome and not properly deleting the browser history completely so I’m on Firefox mostly and will stay that way on my 7, Linux, and 10 based laptops as well.
I’m still have Edge the non-CrEdge variant on my 10 based laptop and what’s with that inability to get the menu bar enabled on Chrome and CrEdge as well. I’m fine with a more classic browser UI if possible and really I’m not liking what I have seen of Google’s Chrome or MS’s Edge/Chromium spin as well that’s been installed on other machines(retail demo models) that I looked at that had Chrome/Google and Chromium/Edge installed. And before I’ll even attempt to install that on my laptops I’ll try it out that way first at a retailer where most machines are running Google’s Chrome and MS’s Edge/Chromium variant.
Firefox still retains a UI option that I’m comfortable using and really that Chrome/Edge minimalist browser UI stuff needs to be optional and not forced.
Since I couldn’t edit my comment from four days ago that Chromium Edge on Windows 7 actually cleaned the history fully, an update to Edge changed that. Now, it’s just as bad as ChrEdge is on Windows 10. Thanks Microsoft for reminding me that you really don’t care about our concerns about privacy in any way, shape, or form, other than to be untruthful to us about it. I’m switching to Brave now. Thanks for the memories.
GreatAndPowerfulTech
To what extent would a VPN in place while using EDGE make the harvested “information” useless?
It wouldn’t because the data identifies your computer, not your route to the internet.
cheers, Paul
Im just curious, but how you do people rate Apple privacy? There is consensus, that Apple is safer than the others. But I think its the opposite way – they collect maybe more data, than MS does (maybe not while browsing, but you get my point). And if nearly all your data are synchronised to cloud, how safe is that?
Even if they say, that its cyphered and even Apple employees cant see your data, isnt it just naive to think, that your data are safe?
Just asking, Id like to know your opinion.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
Apple definitely thinks about privacy when it designs products. It is far from perfect, but they are getting better at it. I will talk more about IOS here.
If you read about how TouchId works, you can see how they locally store the encrypted information in the chip without access by apps, privacy was really not an afterthought in the design.
There is end to end encryption with private keys stored on devices for iMessage and Apple notoriously refused to give access to the government, using the way they designed iMessage as a justification (we just don’t have access).
In the settings for IOS, there are a lot of places you can turn off to have better privacy. You can also avoid storing things in the Cloud. I configure my IOS devices for a cloud free experience and I am happy with that. There are trade offs with some privacy features because for example, if you don’t allow Siri to use your contacts, it will be difficult to tell her to call them, or she won’t be able to give you directions to your home if you didn’t share where is your home.
Apple keep adding settings to give you more privacy. Not so long ago, they added a setting to allow GPS access to apps only when they are active instead of only “all the time” or “not at all”. You can choose which apps can run in the background constantly to spy on you or not.
They also added a setting to to prevent apps snooping your location using a bluetooth trick.
Since they started talking more about privacy and realized this is something that could help them distinguish themselves from Android and maybe now Microsoft, their actions show that they really are doing some improvements there. However, I was never offended by what they were doing like I have been with Microsoft, because they provided a way to turn everything off. The thing I disliked about them before was when they sometimes introduced privacy sensitive features not in an opt-in manner. This is bad and I would tend to think they now know better.
Also, don’t forget that IOS is a platform where apps are much more insulated from one another and you have more control over the sharing of data between apps, which makes the platform as a whole better for privacy if you understand how it works and are adjusting settings to minimize any exposure. Apps have to ask permissions to access a lot of things.
Apple also don’t flip privacy settings back when they update IOS.
I hope these few bits of information re helpful to you.
Yes, Apple does seem to incorporate more features for controlling privacy in their OS design.
However, keep in mind that some would say Apple has a less-than-stellar history of protecting your data from 3rd-party access:
Apple’s Empty Grandstanding About Privacy, The Atlantic, Ian Bogost, Jan 31, 2019;
Apple promises privacy, but iPhone apps share your data with trackers, ad companies and research firms, The Washington Post, Geoffrey A. Fowler, May 28, 2019
Interesting read, but I disagree with a lot of the ideas expressed, especially in the article from The Atlantic. It doesn’t seem realistic to hold Apple responsible for letting you use Google as a Search Engine (and blaming them for setting it as default when it is clearly the preferred search engine in the world by far) or for not preventing the Facebook app from running because it is not private enough, or to imply they should ban all apps that rely on Google Map API like Uber or Lyft. IOS is a platform, but if you install and use Facebook on it, well maybe you should not complain about privacy since you trust that guy that is responsible for Beacon and other obvious privacy violations. At least, maybe you should not complain that Apple lets you use that obvious privacy invading app. Maybe every web site that uses trackers should be blocked? I don’t know why you would use a smartphone then. There would not be many buyers.
Yes, the App store contains a bunch of privacy violating apps, and it is worse if you leave many of the Iphone default settings enabled. In that sense, there is still a big problem, just like installing a software that slurps your data on Windows is. Maybe Apple need a bridge solution, like having a “privacy friendly” badge some Apps could earn if they respect some principles, making the store model more useful than only for security. Then, one could in all transparency choose to only install apps that have been certified.
Things need to be improved everywhere else. IOS is a gateway to this jungle, but at least they are making an effort so that their part is cleaner and they sometimes help lower the ability of apps and web site to violate your privacy.
I would not say that Apple are hypocrites with their privacy stance because they don’t prevent everything that is not perfect from running. However, saying that what happens on your Iphone stays on your Iphone might not be true when we talk about third party apps and web sites. I agree there is a lot more that could be done, but it’s not like it is easily doable and they are hypocrites for not doing it.
Forgive me if I’m wrong, Brave just smells like a Chrome impersonation. Like Chrome went & made a shiny “privacy respecting” version for us all to fawn over.
Even though Firefox seems to have a desire to be more like Chrome-like, it is still independent enough for my sensibilities. Notice the tab says Chrome. It also says right under the warning “Interested in cool new Chrome features? Try our beta channel.”
Probably done with this Chromium comparison test drive. On to Cliqz.
Win 8.1 (home & pro) Group B, Linux Dabbler
@b:
“Microsoft Edge asks for permission to collect diagnostic data for product improvement purposes and provides the capability to turn it off at any later point.”
That’s a total lie for users on Windows 10 Home or Pro (I can’t speak to the other versions.) There is no asking for permission, merely for the amount of data (Basic/Required, Full/Optional, or whatever they’re calling it this week) that you’re willing to surrender. And while you can delete data Microsoft has collected, you cannot turn it off at any later point, merely delete what they’ve collected again between erasures.
Correct. I should have specified that condition on my post. Thanks for the reminder.
NOTE: I am running Insider preview build 19587 so my experience may be different than those running a prior release (Insider or field release).
When I go to Settings | Privacy | Diagnostics and Feeback the Delete section says nothing about requiring a Microsoft account to delete data only that there may be more to delete on the privacy dashboard. It says the delete process will be started to remove data from the Microsoft systems.
--Joe
Here’s an article from Paul Thurrott commenting about the paper. It presents a more nuanced view. See Academic Study About Browsers is Wrong About Microsoft Edge.
--Joe
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
