In a new study comparing back-end data exchange among some of the most popular web browsers, Microsoft’s new Edge browser appears to be lagging behind Chrome, Firefox, and Safari in regards to web browser privacy. The study was published last month by Douglas J. Leith from the School of Computer Science & Statistics at Trinity College Dublin, Ireland (via Betanews), and it shows that even respectable browsers like Firefox share details of visited web pages with backend servers.
Overall, the study splits six of the most popular web browsers into three groups: the most private group includes only the open-source Brave web-browser, the second group (less private) includes Chrome, Firefox, and Safari, and the third group (least private) includes Microsoft Edge (version 80.0.3987.87) and Russian web browser Yandex.
To create these three groups, Leith analysed back-end data exchange during the first startup, general web browsing, on browser close and restart, etc. Brave ended up as the most private browser that shares no details of visited web pages with backend servers, unlike Chrome, Firefox, and Safari. However, Leith noted that these 3 browsers “can all be configured to be much more private but this requires user knowledge (since intrusive settings are silently enabled) and active intervention to adjust settings.”
Unfortunately, Microsoft Edge and Yandex didn’t fare well in Leith’s various tests:
From a privacy perspective Microsoft Edge and Yandex are much more worrisome than the other browsers studied. Both send identifiers that are linked to the device hardware and so persist across fresh browser installs and can also be used to link different apps running on the same device. Edge sends the hardware UUID of the device to Microsoft, a strong and enduring identifier than cannot be easily changed or deleted. Similarly, Yandex transmits a hash of the hardware serial number and MAC address to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.
This isn’t the first time that someone points out privacy issues in Microsoft’s new Edge browser. Back in August, former Microsoft engineer Jonathan Sampson pointed out that the new Edge made 130+ network requests to nearly 50 endpoints on first launch, far more than Google Chrome. Leith’s new study goes further by showing data transmitted while Microsoft Edge is idle, as well as data transmitted by search autocomplete. If you use Microsoft Edge as your default web browser, the full study is definitely well worth a read.
