News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Microsoft Edge Privacy Whitepaper

    Posted on April 19th, 2020 at 09:23 joep517 Comment on the AskWoody Lounge

    Microsoft has published a very detailed whitepaper on Microsoft Edge data collection. It is very long and detailed. It explains what data is collected, why it is collected, and how to turn off the collection. No doubt this is a response to the article that surfaced a couple of weeks ago concerning tracking in browsers. You may read the article at Microsoft Edge Privacy Whitepaper.

  • Privacy update: Brave is the most private browser, Edge blabs like crazy

    Posted on March 2nd, 2020 at 15:12 woody Comment on the AskWoody Lounge

    An interesting white paper from Prof Leith, Trinity College, Dublin (PDF):

    We measure the connections to backend servers made by six browsers: Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser, during normal web browsing. Our aim is to assess the privacy risks associated with this back-end data exchange. We find that the browsers split into three distinct groups from this privacy perspective. In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari and in the third (least private) group lie Edge and Yandex…

    [When typing the text leith.ie/nothingtosee.html,] Edge sends text to www.bing.com as it is typed. A request is sent for almost every letter typed, resulting in a total of 25 requests. Each request contains contains a cvid value that is persistent across requests although it changes across browser restarts. Once the typed URL has been navigated to Edge then makes two additional requests: one to web.vortex.data. microsoft.com and one to nav.smartscreen.microsoft.com. The request to nav.smartscreen.microsoft.com includes the URL entered while the request to web.vortex.data.microsoft.com transmits two cookies…

    For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed…

    From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft [emphasis added] and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.

    So it looks like the new Edge (Leith says the tested version is 80.0.361.48, which is definitely Chredge) not only tracks what you’re doing, it flags all of your actions with a hardware-unique identifier.

    Somebody tell me again how Microsoft values your privacy?

    Thx Catalin Cimpanu.

  • Say hello to the latest and greatest Microsoft Edge

    Posted on January 20th, 2020 at 01:00 Tracey Capen Comment on the AskWoody Lounge

    WOODY’S WINDOWS WATCH

    By Woody Leonhard

    Will Microsoft’s last-ditch effort to reinstate its Internet-browser hegemony succeed?

    There’s plenty to like about the new Chromium-based Edge — but plenty of shortcomings, too.

    Almost as soon as Microsoft won the Internet-browser race in the 2000s, its hold on that hard-fought market began to erode. By May 2007, Firefox was running on roughly a quarter of all Windows PCs. In 2009, Google’s Chrome burst onto the scene in a big way — and for Microsoft, it’s been all downhill ever since.

    Read the full story in AskWoody Plus Newsletter 17.3.0 (2020-01-20).

  • New Chredge logo

    Posted on November 3rd, 2019 at 06:50 woody Comment on the AskWoody Lounge

    When Microsoft finally releases the new Chromium-based version of Edge, this will likely be the logo.

    Sonic the Chredge Hog?

    Thx Paul Thurrott.

  • Win7 share declining slowly, Edge still in the doldrums

    Posted on November 1st, 2019 at 07:00 woody Comment on the AskWoody Lounge

    According to NetMarketShare, Win10 share usage is up from 52% in September to 54% in October. Win7 share went from 29% to 27%.

    Statcounter says that Chrome went from 62 to almost 63% usage share, while Edge went from 3.1 to 3.0%.

    All numbers subject to the usual disclaimers – based on flawed sampling, it ain’t gospel, more like reading tea leaves, and all that really matters is long-term trends.

  • Why does nobody use Edge?

    Posted on August 12th, 2019 at 09:43 woody Comment on the AskWoody Lounge

    Excellent rant/position piece on Quora from Jin Kim, who’s a Product Manager at Microsoft:

    Microsoft has had a history of trying to compete with other successful products and services and losing focus on making the core fundamentals of that product better, but instead, adding some “value-add” feature to out-spec our competitors. But seriously, we forget that we are not very good at addressing the core fact that we need to focus on the fundamentals.

    Oh yeah and look, we threw in the towel and now about to release the new EDGE built on CHROMIUM!!! Wow, whodathunkit!

    Give this guy a standing ovation. And a raise.

    Thx @rpodric.

  • That Internet Explorer XXE zero day poking through to Edge

    Posted on April 18th, 2019 at 07:51 woody Comment on the AskWoody Lounge

    I’ve been slammed for the past few days, and haven’t kept you folks apprised of the latest Internet Explorer 0day.

    It depends on you opening an infect MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

    It’s a doozy of security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

    When you download files from the internet, they’re marked — the “Mark-Of-The-Web” — to tell programs that special care is required when opening the files. Thus, if you download an infected MHT file, IE will know that it needs to open the MHT file with caution (at “low integrity,” in a sandbox). That severely limits this exploit’s reach.

    There’s a lot of controversy about how bad this XXE hole really is. There have been lots of XXE holes discovered in the past. They’re used to pull files off your machine and send them to the bad guys. Microsoft figured this one isn’t all that bad, in part because of the MOTW mechanism. The folks who discovered this particular hole aren’t so sanguine. They responded to Microsoft’s snub last week by releasing details, proof of concept code, and even a video.

    Yesterday, Mitja Kolsek at 0patch revealed something disconcerting. If you use Edge to download an infected MHT file, Internet Explorer will open it like any other file. Says Kolsek:

    Does Edge not put the mark-of-the-web on downloaded files, or does it do it differently and somehow confuses Internet Explorer? That would be a serious flaw.

    He goes on to explain how Edge changes the permissions on downloaded files and, thus, why IE will open the infected MHT file as if it had no Mark-Of-The-Web.

    All fascinating stuff if you’re into this kind of thing. Ionut Ilascu has a synopsis on BleepingComputer.

    The 0patch company has a quick patch that you can apply, free, if you’re concerned about getting burned. I’m not going to link to it — I don’t want to take responsibility for 3rd-party patches to Windows — but you can find it quite easily if you’re really interested. That said, 0patch is highly regarded, and has made many useful hotfixes for Windows.

    What to do? That’s easy. Don’t open MHT files. And don’t use IE.

    Thx to @Alex5723 and others who have been posting about this problem while I’m off doing other things…..

    Let’s see if I get a definitive answer from this:

    UPDATE: @mkolsek, who published the report yesterday, confirms that reassigning the default handler for MHT files breaks the attack. He tested it. I’ll write this up.

  • A beta version of the new Chromium-based Edge is available for testers

    Posted on April 8th, 2019 at 11:05 woody Comment on the AskWoody Lounge

    But only for testers.

    Mehedi Hassan has a good overview on Thurrott.com.

    I think it’s great that the world’s moving to a “standard” browser rendering engine. But it’s hard to imagine this move will make much of a dent in Edge’s adoption rate.