A Dublin professor has released a paper on web browser privacy. Edge is singled out for using hardware identifiers in requests and unnecessarily sharing entered URLs with Microsoft:
“From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search auto-complete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search auto-complete”
proesterchen
<blockquote><em><a href="#525062">In reply to paul-thurrott:</a></em></blockquote><p>I don't know what the basis is for judging Google guilty unless proven innocent while presuming Microsoft's innocent until proven guilty, especially in the face of the findings of this paper.</p><p><br></p><p>I'd rather measure them both against the same stick, and frankly, they both collect more data than I would choose to supply them with, given proper user controls.</p>
proesterchen
<blockquote><em><a href="#525392">In reply to paul-thurrott:</a></em></blockquote><p>I guess I just don't see (or don't know, giving them the benefit of the doubt) the actions Microsoft has taken to warrant an inordinate amount of trust.</p><p><br></p><p>There are however at least a few decisions I'm aware of that definitely decrease their users' privacy.</p><p><br></p><p>So I don't know how Microsoft would overcome a default attitude of 'trust no one'.</p>
proesterchen
<blockquote><em><a href="#525725">In reply to paul-thurrott:</a></em></blockquote><p>Your contention appears to be that Microsoft is less bad than Google. My contention is that they are both not good enough to warrant trusting either by default.</p>
proesterchen
<blockquote><em><a href="#525715">In reply to madthinus:</a></em></blockquote><p>That's certainly one way to do it, but not necessarily the only, and most definitely not the most privacy-focused.</p><p><br></p><p>Along the lines of anti-virus software, browser vendors could just as easily deploy a set of signatures to a local instance checking for flagged sites, which would completely eliminate the need to send any information back. (though the vendors may want to ask users to contribute information back on an opt-in basis)</p>