An academic study about the privacy implications of various web browsers has incorrectly cited problems with the new Edge.
The study, which is immediately suspect because it found Chrome to be as protective of a user’s privacy as Firefox and Safari, can be found here. It has gained a bit of media attention, and it popped up in our forums about a month ago. But we didn’t write about it formally here at first because it’s so clearly wrong about Edge. But I finally asked Microsoft to respond to the issues raised by the paper.
“From a privacy perspective [sic] Microsoft Edge and Yandex are much more worrisome than the other browsers studied,” the paper notes. “Both send identifiers that are linked to the device hardware and so persist across fresh browser installs and can also be used to link different apps running on the same device. Edge sends the hardware UUID of the device to Microsoft, a strong and enduring identifier than cannot be easily changed or deleted.”
That’s not true.
“Microsoft Edge asks for permission to collect diagnostic data for product improvement purposes and provides the capability to turn it off at any later point,” a Microsoft representative told me. “This diagnostic data may contain information about websites you visit; however, it is not used to track your browsing history or URLs specifically tied to you.”
The study also claims that the new Edge sends “25 requests” to Bing.com for every letter that the user types into the address bar while performing a search. Edge “transmits web page information to servers that appear unrelated to search autocomplete,” the paper notes.
“This is not accurate,” the Microsoft representative said.
“Microsoft Edge’s address bar provides an autosuggest feature where characters typed into the address bar are sent to your default search engine to provide autosuggestions,” they added. “This feature is on by default in most browsers as expected by customers. People can turn off Search Suggestions in Microsoft Edge Privacy and Services settings, just like other browsers. [And] users can disable sending browsing data to Microsoft.”
Microsoft provided a few other data points about the privacy and security features in the new Edge:
- Microsoft is committed to privacy.
- If you’re signed into Microsoft Edge, you have the option to sync your browser history so that it’s available on multiple devices. You can easily view and delete this on the privacy dashboard.
- Microsoft Defender SmartScreen is enabled by default to help prevent customers from unknowingly visiting malicious websites … While this functionality is turned on by default, customers can disable it at any time from Microsoft Edge’s Privacy and Services settings.
- Microsoft Edge includes default tracking prevention to help customers protect their online privacy by blocking third-party tracking across sites in both Windows and macOS. The study did not take measures such as these into account.
- Microsoft adheres to GDPR requirements and Microsoft Privacy policies, which provide user privacy and keep our products secure and up to date for the best possible customer experience.
Here are a few more resources:
And my conclusion:
While I agree with the academic paper that Brave is most likely the most private and secure mainstream browser “out of the box,” I feel that the new Edge, Mozilla Firefox, and Apple Safari are all in roughly the same place from the same perspective (and that perhaps Apple’s recent moves have reshuffled things enough that it is in sole possession of second place for now).
Disagree all you want. But Microsoft is not malicious, and Edge was designed specifically to protect your privacy, not invade it. But the same cannot be said for Google Chrome. Chrome is very clearly the least private mainstream browser, since the product exists almost solely to track its users across the Internet and provide that infrastructure and the data it yields to advertisers, its primary source of income.