Edge’s SmartScreen is sending your personal data to Microsoft

Vlad Turiceanu
by Vlad Turiceanu
Editor
0 Comments
Download PDF

Edge's SmartScreen is sending your personal info to Microsoft

Security issues and shared data were always problems that affected Windows 10 and Microsoft Edge users. Many of them expressed their concerns over the years and migrated to other browsers because of that.

A new security leak regarding the SmartScreen feature of Microsoft Edge was discovered by a security researcher:

Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID).

This raised a lot of concerns and controversy in the community, and a lot of users were surprised by the discovery:

Never even thought of SmartScreen as the culprit, always assumed it was Edge itself or something in the OS.
Even on a dev environment these settings are problematical, (1) in terms of user privacy of the dev, but especially the applications concerned (think about how often stuff is encoded in URL), but also (2) in terms of corporate espionage/data exfiltration from corporate networks.

Although SmartScreen is used to reveal malware and phishing, sharing URL’s and account ID’s sound more like privacy invasion.

This is a big issue because Edge could send sensitive information to Microsoft and could also track your browsing history. Admittedly, the URL sharing isn’t such a big deal.

But the fact that the data could be linked to you through the Security Identifiers (SID) is a major concern that has to be addressed by Microsoft sooner rather than later.

On the bright side, Chromium Edge users will be happy to know that this version of the browser no longer shares the SID, so your personal information and browsing history are anonymous.