Academic Study About Browsers is Wrong About Microsoft Edge

Posted on March 31, 2020 by Paul Thurrott in Mozilla Firefox, Microsoft Edge, Google Chrome, Apple Safari, Web browsers with 15 Comments

An academic study about the privacy implications of various web browsers has incorrectly cited problems with the new Edge.

The study, which is immediately suspect because it found Chrome to be as protective of a user’s privacy as Firefox and Safari, can be found here. It has gained a bit of media attention, and it popped up in our forums about a month ago. But we didn’t write about it formally here at first because it’s so clearly wrong about Edge. But I finally asked Microsoft to respond to the issues raised by the paper.

“From a privacy perspective [sic] Microsoft Edge and Yandex are much more worrisome than the other browsers studied,” the paper notes. “Both send identifiers that are linked to the device hardware and so persist across fresh browser installs and can also be used to link different apps running on the same device. Edge sends the hardware UUID of the device to Microsoft, a strong and enduring identifier than cannot be easily changed or deleted.”

That’s not true.

“Microsoft Edge asks for permission to collect diagnostic data for product improvement purposes and provides the capability to turn it off at any later point,” a Microsoft representative told me. “This diagnostic data may contain information about websites you visit; however, it is not used to track your browsing history or URLs specifically tied to you.”

The study also claims that the new Edge sends “25 requests” to for every letter that the user types into the address bar while performing a search. Edge “transmits web page information to servers that appear unrelated to search autocomplete,” the paper notes.

“This is not accurate,” the Microsoft representative said.

“Microsoft Edge’s address bar provides an autosuggest feature where characters typed into the address bar are sent to your default search engine to provide autosuggestions,” they added. “This feature is on by default in most browsers as expected by customers. People can turn off Search Suggestions in Microsoft Edge Privacy and Services settings, just like other browsers. [And] users can disable sending browsing data to Microsoft.”

Microsoft provided a few other data points about the privacy and security features in the new Edge:

  • Microsoft is committed to privacy.
  • If you’re signed into Microsoft Edge, you have the option to sync your browser history so that it’s available on multiple devices. You can easily view and delete this on the privacy dashboard.
  • Microsoft Defender SmartScreen is enabled by default to help prevent customers from unknowingly visiting malicious websites … While this functionality is turned on by default, customers can disable it at any time from Microsoft Edge’s Privacy and Services settings.
  • Microsoft Edge includes default tracking prevention to help customers protect their online privacy by blocking third-party tracking across sites in both Windows and macOS. The study did not take measures such as these into account.
  • Microsoft adheres to GDPR requirements and Microsoft Privacy policies, which provide user privacy and keep our products secure and up to date for the best possible customer experience.

Here are a few more resources:

Microsoft Privacy Statement

Microsoft Edge Browsing Data and Privacy

Microsoft Edge Privacy Whitepaper

And my conclusion:

While I agree with the academic paper that Brave is most likely the most private and secure mainstream browser “out of the box,” I feel that the new Edge, Mozilla Firefox, and Apple Safari are all in roughly the same place from the same perspective (and that perhaps Apple’s recent moves have reshuffled things enough that it is in sole possession of second place for now).

Disagree all you want. But Microsoft is not malicious, and Edge was designed specifically to protect your privacy, not invade it. But the same cannot be said for Google Chrome. Chrome is very clearly the least private mainstream browser, since the product exists almost solely to track its users across the Internet and provide that infrastructure and the data it yields to advertisers, its primary source of income.

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (15)

15 responses to “Academic Study About Browsers is Wrong About Microsoft Edge”

  1. Stooks

    In reply to BoItmanLives:

    Until you have proof, because since 2015 you and others have been clamming things like ...

    "The fact is there's too much money in data collection for MS *not* to be doing it."

    but have NEVER EVER given proof. Microsoft actually has products and services that make billions upon billions in revenue.

    Google on the other hand is an AD company with free apps designed from the ground up to gather data. Without your data they would suffer because the non AD related products that they sell and actually get revenue from would not keep the lights on for a week.

  2. awright18

    I like this article, standing up for Microsoft. I love the obvious responses too. I think telemetry data is perfectly fine to send to the developers that need it to improve the service most of it is likely anonymized by default, even if all the hardware information is sent as well that should be useful in helping them improve their service to customers.

  3. richardbottiglieri

    Agree 100%, Paul. The idea that Chrome is somehow as privacy focused as Firefox or Safari is laughable. I wonder if the referenced study was commissioned by Google. ;-)

    Along those lines, I've been flipping back and forth between Firefox and the new Edge (mostly the DEV channel) on my Windows 10 and macOS machines. The new Edge has real promise, but with the missing features (history and open tab sync), I find myself increasingly using Firefox on all platforms. I still find Firefox's text rendering superior to Chromium browsers, and their privacy stance is laudable. Add-ons such as the Facebook Container and Multi-Account Container (both developed by Mozilla) are really slick, privacy focused add-ons. I'd encourage everyone to check this out if they get a chance.

    • wright_is

      In reply to richardbottiglieri:

      I use Firefox as my default browser on all platforms, including Android. I like that I can use the same add-ons on mobile as on the desktop (E.g. NoScript). Edge is my second browser on the desktop and I use it at work for things like Office 365 administration.

  4. mattbg

    It's things like this that make me worry about the quality of academic papers on topics that I don't understand as well as I do this issue.

  5. remc86007

    I don't know what people are thinking who still believe Microsoft is a malicious company. The incentive is just not there for them to be malicious. They are the most valuable company in the world because of their incredible profit margins that derive from services that are purchased largely because of people's trust. Why would Microsoft risk their position of trust to gain a little extra user data, especially with Edge when the whole strategy for the product is to have a more trustworthy version of Chrome?

  6. darkgrayknight

    In reply to proesterchen:

    The incentive for gathering diagnostic data is to build a better product.

  7. drprw

    From what I can tell, this is a white paper, not an academic paper. The author is, indeed, an academic but I only see it listed on his faculty site as a "tech report." This seems to not have been peer-reviewed and, although it looks like an actual academic article, I don't see the name of any academic journal on the paper itself. In other words, it seems self-published with no peer review. Of course, I could be wrong (but I doubt it given the way he cited it on his faculty webpage).

  8. sharpsone

    Lets just think for a second about the word trust. We all want it, need it when it comes to technology and our privacy online. Should we trust a company that builds great technology with privacy in mind or a company that's profits come from ad revenue? Advertising industry thrives on data collection to target ads and increase sales. Google is in technology to grow ad revenue, its what they were founded on.

  9. bobd

    I like the new Edge. In older browsers (including the original Edge) I had to run an extension to get control of privacy and the extension was not greatly private was often advertising itself. With the new version of Edge, that is all built in. No need for extensions as the privacy settings handle it all. If the privacy settings get in the way of the experience on a particular site then you can set exceptions for that site.

    Then there is the ability for setting Experimental settings (search for how) such as Secure DNS Lookup and others. I love the Smooth Scroll setting. Microsoft could be criticised for many things in the past but they are now building a very good browser experience. One tip, the spellchecker in Edge is lousy but an Experimental setting allows using the Win 10 checker. Much better.

  10. reefer

    Good job Paul. I think we were quite a lot of people that raised our eyebrowns when that paper was released because it was so obviously BS.

  11. justme

    The idea that Chrome is as private as Firefox or Safari is positively giggle-inducing. But while I do not believe Microsoft to be malicious, neither do I believe in the omniscient benevolence of Microsoft. I think the notion that Edge was designed specifically to protect your privacy is a stretch. I think its more appropriate to say it was designed to be lawyeristically compliant with privacy law - namely GDPR. The consequence of that is that Edge is more respectful of your privacy than Chrome.

  12. netwrkr

    I agree with your comment that Brave is the most private. Shame that it still has some quirks when filling web forms and displaying certain images.