Edge Browser Scores Worst in Test of Telemetry Privacy (zdnet.com) 51
"New academic research published last month looked at the phone-home [telemetry] features of six of today's most popular browsers and found that the Brave browser sent the smallest amount of data about its users back to the browser maker's servers," reports ZDNet:
The research, conducted by Douglas J. Leith, a professor at Trinity College at the University of Dublin, looked at Google Chrome, Mozilla Firefox, Apple Safari, Brave, Microsoft Edge (the new Chromium-based version), and the Yandex Browser.
"In the first (most private) group lies Brave, in the second Chrome, Firefox, and Safari, and in the third (least private) group lie Edge and Yandex...." [T]he professor found evidence that Chrome, Firefox, and Safari all tagged telemetry data with identifiers that were linked to each browser instance. These identifiers allowed Google, Mozilla, and Apple to track users across browser restarts, but also across browser reinstalls...
[T]he most intrusive phoning-home features were found in the new version of Microsoft Edge and the official Yandex Browser. According to Prof. Leith, both used unique identifiers that were linked to the device's hardware, rather than the browser installation. Tracking users by hardware allows Microsoft and Yandex to follow users across installations and potentially link browser installs with other apps and online identities. The professor said that Edge collected the hardware UUID of the user's computer, an identifier that cannot be easily changed or deleted without altering a computer's hardware. Similarly, Prof. Leith also found that Yandex transmitted a hash of the hardware serial number and MAC address to its backend servers.
"As far as we can tell this behaviour [in Edge and Yandex] cannot be disabled by users," the professor said.
The article also points out that Brave was the only browser that didn't use search autocomplete functionality to collect and send back information on a user's visited web pages. (Even though this can be disabled in Firefox, Chrome, and Safari, it's on by default.)
But Edge and Yandex "also sent back information about visited web pages that did not appear to be related to the search autocomplete feature, suggesting the browsers had other ways to track users' browsing habits."
"In the first (most private) group lies Brave, in the second Chrome, Firefox, and Safari, and in the third (least private) group lie Edge and Yandex...." [T]he professor found evidence that Chrome, Firefox, and Safari all tagged telemetry data with identifiers that were linked to each browser instance. These identifiers allowed Google, Mozilla, and Apple to track users across browser restarts, but also across browser reinstalls...
[T]he most intrusive phoning-home features were found in the new version of Microsoft Edge and the official Yandex Browser. According to Prof. Leith, both used unique identifiers that were linked to the device's hardware, rather than the browser installation. Tracking users by hardware allows Microsoft and Yandex to follow users across installations and potentially link browser installs with other apps and online identities. The professor said that Edge collected the hardware UUID of the user's computer, an identifier that cannot be easily changed or deleted without altering a computer's hardware. Similarly, Prof. Leith also found that Yandex transmitted a hash of the hardware serial number and MAC address to its backend servers.
"As far as we can tell this behaviour [in Edge and Yandex] cannot be disabled by users," the professor said.
The article also points out that Brave was the only browser that didn't use search autocomplete functionality to collect and send back information on a user's visited web pages. (Even though this can be disabled in Firefox, Chrome, and Safari, it's on by default.)
But Edge and Yandex "also sent back information about visited web pages that did not appear to be related to the search autocomplete feature, suggesting the browsers had other ways to track users' browsing habits."
Why does this NOT surprise? (Score:5, Insightful)
Since this IS Microsoft we're talking about, this should NOT surprise ANY of us who understand Microsoft and its need to learn all there is to know about EVERYbody who uses their products.
Re:Why does this NOT surprise? (Score:5, Insightful)
Edge originated as part of Windows 10, which is literally an operating system with spyware you can't disable (unless you have the high-end editions that normal people don't get to buy even if they want to). It's hardly a surprise to find its telemetry doing creepy things.
Re:Why does this NOT surprise? (Score:4, Interesting)
I highly recommend "Debloater", which will strip out a lot of that crap (but probably not all of it).
https://github.com/Sycnex/Wind... [github.com]
It gets rid of a ton of shit (and registry keys, scheduled tasks, etc):
3DBuilder, Appconnector, Bing Finance, Bing News, Bing Sports, Bing Weather, Fresh Paint, Get started, Microsoft Office Hub, Microsoft Solitaire Collection, Microsoft Sticky Notes, OneNote, OneConnect, People, Skype for Desktop, Alarms, Camera, Maps, Phone, SoundRecorder, XboxApp, Zune Music, Zune Video, Windows communications apps, Minecraft, PowerBI, Network Speed Test, Phone, Messaging, Office Sway, Windows Feedback Hub, Bing Food And Drink, Bing Travel, Bing Health And Fitness, Windows Reading List, Twitter, Pandora, Flipboard, Shazam, CandyCrush, CandyCrushSoda, King apps, iHeartRadio, Netflix, DrawboardPDF, PicsArt-PhotoStudio, FarmVille 2 Country Escape, TuneInRadio, Asphalt8, NYT Crossword, CyberLink MediaSuite Essentials, Facebook, Royal Revolt 2, Caesars Slots Free Casino, March of Empires, Phototastic Collage, Autodesk SketchBook, Duolingo, EclipseManager, ActiproSoftware, BioEnrollment, Windows Feedback, Xbox Game CallableUI, Xbox Identity Provider, and ContactSupport
You can also use the OEM tool to generate a Win 10 ISO that contains what you want, and ONLY what you want. Here's one tutorial on doing it, but there are lots of others out there:
https://searchenterprisedeskto... [techtarget.com]
Re: (Score:2)
Why not just install Linux?
Re: (Score:2)
Why not just install Linux?
I did, I've been a happy Linux Mint user for 1 year, 3 months and 7 days (not that I'm counting). I'm never going back to Windows as my daily driver.
But, on another PC I have to run a bit of software that only exists on Windows, so that's why I offered this advice. Sometimes you have no choice.
Re: (Score:1)
Why not just install Linux?
I did, I've been a happy Linux Mint user for 1 year, 3 months and 7 days (not that I'm counting). I'm never going back to Windows as my daily driver.
But, on another PC I have to run a bit of software that only exists on Windows, so that's why I offered this advice. Sometimes you have no choice.
Happily into my 13th year. Started with DOS 1.0 kept with MS until the DRM in Win2K Pro bit me for doing something legal then began the "Linux Experiment". Currently using Netrunner Core.
Re: (Score:2)
Why not just install Linux?
It's the games, stupid!
Re: Why does this NOT surprise? (Score:2)
Yes, for those living in the basement, it's the stupid games. What about all the smart businesses?
Re: Why does this NOT surprise? (Score:2)
Re: (Score:2)
None of that has anything to dow the spy war services.
Where did I say that it did?
Perhaps a reading comprehension course is in order for you.
Re: (Score:1)
Great post! Used this. Love the results!
Bookmarked it for the future!
Thanks!
Re: (Score:1)
If you must use Windows 10, it's best to just pirate the enterprise LTSC version. Even better, try to get a hold of the Windows 10 China government edition as it's, ironically, the most privacy oriented version because the Chinese government forced Microsoft to strip out all telemetry. I have absolutely no guilt in pirating or recommending others to pirate anything by Microsoft after the supremely unethical shit they pulled with Windows 10.
On topic, this privacy test would have been more useful with more br
Re: (Score:3)
So having installed and briefly used, then uninstalled including clearing browser history, the Edge Beta, should I presume that it left all of its tracking bits behind and active? Would be a reasonable presumption, but what are they and how could they be found?
Then ... the *original* Edge wasn't a piker regarding data collection either. I used it mainly to download Firefox in a fresh Win10 install, then abandoned it.
Corporate will probably still love Edgium. It has an IE mode - needed for a lot of internal
Re: (Score:2)
Re: (Score:2)
Do you have evidence of this? Or are you just sayin'?
Re: Why does this NOT surprise? (Score:1)
"customer data is a product that Microsoft can then sell to the gestapo."
FTFY
Re: (Score:2)
M$ targets you directly and sells that, https://ads.microsoft.com/ [microsoft.com] and https://about.ads.microsoft.co... [microsoft.com]. They are selling your privacy as a product, they are the most rotten anal retentive arseholes from kindy grown up, those that spied on other kids, told lies about everyone and tattled all the times. There those fuckers are on the M$ board and in it's executive offices. Yeah, they are the worst kind of privacy invasive dickheads and it killed the phone business and is killing xbox slowly but surely and k
It's not supposed to surprise. (Score:2)
The more surprising thing is that Chrome apparently doesn't do this, since Google is (rightfully) seen as being about as evil as Microsoft.
And at least to some around here it would be surprising to learn that Yandex does this.
Although I'm sure those people already have some kind of excuse why this is somehow completely ethi
Privacy is one issue of many (Score:5, Informative)
> The more surprising thing is that Chrome apparently doesn't do this, since Google is (rightfully) seen as being about as evil as Microsoft.
Google absolutely collects user data in order to target their ads. That is, of course, their business model.
Microsoft has regularly practiced a dozen different kinds of evil.
So they are similar only if the ONLY thing that matters to you is data collected.
Even if *privacy* is the only thing that matters to you, one difference that led to Google's huge success is that they never sold the user data like other data-collecting companies did. The old model was that the companies which collected the data sold it to advertisers. Google changed that up by keeping the data to themselves and selling ads directly. So even on privacy alone, Google is better than Facebook, magazine publishers, etc etc.
Re: (Score:1)
Re:Monetization? (Score:5, Informative)
The problem with studies like this is that they use the default settings and don't account for other issues with the browsers. Okay, defaults are very powerful and many people don't change them, but for example Firefox does ask you after install if you want to enable the telemetry or not.
Brave has a built-in cryptocurrency scam based on Etherium. The built-in ad blocker lets some ads through in exchange for payment in cryptocurrency. Obviously getting paid requires some amount of tracking to see how many ads you viewed and on what sites.
The Chrome result is interesting. A lot of people here claim it records every site you visit and everything you type in and sends it to Google, but they never show any proof. Well here is some evidence that it doesn't.
Re:Monetization? (Score:4, Interesting)
>"but for example Firefox does ask you after install if you want to enable the telemetry or not."
Indeed. And in addition to the warnings/prompting for permissions, there are plenty of opt-out settings in the regular preferences menu. And even more control in about:config, most of which are well-documented. And then, there is the whole Firefox source code, right there.
>"The Chrome result is interesting. A lot of people here claim it records every site you visit and everything you type in and sends it to Google, but they never show any proof. "
The problem is that, being a binary blob, the only way we can see what it is doing is based on I/O. Some of that I/O is bound to be encrypted and could easily be piggybacked into legit packets sent for other reasons, and at any time in the future. So we can never really know everything it does. Same with Edge, but perhaps even worse- since it is likely to have far more "interaction" with the OS, which has its own "methods" of tracking/storing/relaying data.
Re:Monetization? (Score:4, Insightful)
Well there is a really easy way to tell if Chrome is hiding its telemetry from you (which would be illegal in the EU, several billions of Euros fine etc.)
Just visit a few non-Google sites and see if any data goes to anywhere but those sites. Use simple sites that don't use objects from any other domain. In fact just make them yourself and check that no other IP addresses are accessed.
Re: (Score:3)
>"Just visit a few non-Google sites and see if any data goes to anywhere but those sites. "
Like I said before, the transmission could be delayed- minutes, days, weeks, months. Not saying this is happening, only that it is possible. Then when you finally do visit a Google or Googl-i-fied site, it uploads at that point. Or it uploads stuff when you "update" the browsers or something in it, like a "safe list", etc.
Re: (Score:2)
If that's your level of distrust then I have to ask if you have reviewed the entire Firefox source code, and the source code of all the add ons you use? And build it from source every time? Or maybe the same with Chromium?
And do you really think it's worth Google risking a massive fine and reputational damage to get the tiny amount of data they could hide that way?
A more realistic threat to you is the possibly of the browser being insecure. Based on the number of CVEs it looks like Firefox is the second bes
Re: (Score:2)
Not saying this is happening, only that it is possible.
The term for this is spreading FUD.
You are shitposting in an attempt to spread Fear, Uncertainty, and Doubt.
Re: (Score:2)
Same for Firefox. The presence of source code does not mean that the binary blob that you downloaded matches that source perfectly. More analysis is needed.
Re: (Score:2)
>"Same for Firefox."
No, it is not the same. On one, you can never really know. On the other, you can (but I never said it would be easy).
>"The presence of source code does not mean that the binary blob that you downloaded matches that source perfectly."
That is true. Unless people HAVE checked it, since, unlike Chrome and Chome-clones, source is available. So you can just check a simple hash on the binary. Or you can compile it yourself. Granted, most people don't do this. But it is *possible*.
Re: (Score:2)
This is disabled by default. It's also not a scam.
Re: (Score:2)
Do you really think that you are going to get paid, and that being paid in Etherium is not a scam? And that letting some ads through is safe?
Reminds me of that experiment where they found they could pay people trivial amounts of money to give up personal information and safety.
Re: (Score:1)
And there's nothing you can do no there's nothing you can do about it [youtube.com]
The Good and The Bad (Score:2)
Some people use that browser.
Serious question...: (Score:2)
Re: (Score:3)
Such information would be subject to change at any time. I did try to block the Microsoft telemetry servers by IP once, years ago - but learned only that they are in close proximity to Windows update, Onedrive, Skype and something-to-do-with-Office servers. I'm guessing Microsoft hosts them all in the same infrastructure, and it's probably Azure.
Re: (Score:2)
Because users are dumb and would attempt to block those sites at the router. Just like those idiots who turn off Windows update wholesale and then complain that their computer is infected. Try blocking some Microsoft IPs and watch how much actually breaks on your computer so you can see just how silly that idea actually is.
Shocking (Score:1)
Yes, it's very very very shocking that a product made by Microsoft is relentlessly tracking you and sending every bit of that sweet, sweet data it can scoop up back to people who want to sell it.
Who could have imagined such a thing??
But it is true that Edge is "the best pre-installed browser that you can use to download a better browser."
Out of the Box (Score:2)
All very nice and interesting, but we all know that Web Browsers using their default configuration are absolute utter shitstorms.
What would be useful is to a comparison *AFTER* all the user-accessible privacy and no-spying options are engaged.
Userful information would be that there is NO WAY to configure Microsoft Edge to have ANY security or privacy whatsoever -- there are no user configurable parts at all.
Chrome is almost completely unconfigurable, and the options that you can configure have absolutely ze
Edge is a fantastic browser (Score:1)
to download the duckduckgo or other browser.
So any telemetry shows when i download a browser or when it sneakly opens itself for certain links or searches about once every 2 weeks. (not sure why/how it does that btw if you want to tell me how to suppress it entirely. I'm on win10)
Who uses brave (Score:2)
Brave also pays you cryptocurrency (Score:1)
So that you can buy child porn on the dorknet.