Microsoft was found to have collected too much user privacy as early as Windows 10 was released, and Microsoft released multiple versions to improve privacy. Researchers have discovered that Microsoft has collected a large amount of information through the pre-installed EDGE browser, including user security identifiers and open web pages.
On Twitter, researchers say that the main collection of user information is Microsoft’s protection component, which is the SmartScreen filter. This filter is actually not only used on the Microsoft Edge browser, but Microsoft deployed this filter in Internet Explorer very early on.
😱 Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID). pic.twitter.com/zHMLUGwo9w
— scriptjunkie (@scriptjunkie1) July 19, 2019
The role of the filter is to help users intercept all kinds of harmful information, mainly including phishing websites, scam websites and other files with viruses. To this end, Microsoft collects all the URLs accessed by the user, all the files downloaded, as well as the identifier of the user security principal and the account identifier. Using Security Identifiers and Account Identifiers Microsoft can identify whether a user has turned on filters, what content to access, and remind users when necessary.
In the Microsoft Help documentation, the company said that the filter does collect data when it checks the relevant files, including file names, file hashes, download paths, and so on. What puzzles researchers is that Microsoft collects identifier information and sends it to Microsoft. This can also cause information leakage for users. At the same time, researchers suggest that Microsoft should learn other browsers. Other major browsers usually do not collect all the URL details that users visit. However, Microsoft has not released a response on this matter, and the UWP version will soon be replaced by Chromium Edge.