Microsoft's new Chromium-based Edge web browser fires off more than 130 requests to almost 50 endpoints when it is first run.
That's according to former Microsoft engineer, Jonathan Sampson, who has examined six of the best-known web browsers and the communications they make in the background when web users first start using them.
Most of the requests appear to be made to Microsoft properties, encompassing Windows, LinkedIn, Bing, Skype, MSN, Visual Studio, and Smartscreen. The data sent to the address ‘activity.windows.com' also includes the email address used on logging-on to Windows 10.
What happens when you install the Edge (Chromium) Beta build and run it for the first time? I was curious.— Sampson (@jonathansampson) August 27, 2019
On first-run, Edge fired off 130+ requests to nearly 50 endpoints. Here they are, sorted by total calls.
Time to take a closer look. pic.twitter.com/kIVaKIUNbJ
The Windows.com entry, Sampson notes, retrieves information from Windows Activity History. This, according to Microsoft "helps keep track of the things you do on your device, such as the apps and services you use, the files you open and the websites you browse.
"Your activity history is stored locally on your device and, if you've signed-in to your device with a Microsoft account and given your permission, Windows sends your activity history to Microsoft. Microsoft uses the activity history data to provide you with personalised experiences… and relevant suggestions."
In terms of potential data collection and tracking related to online adverts, scripts are loaded from Facebook, Reddit, Google and other properties, Sampson continues.
A closer look reveals that Opera is sending extra bits too, including my native resolution, browser window size, and a lot more
"This Insider tab also sends data about my device and such to the Double Click servers (Google). There are numerous redirects when Edge calls out to http://px.ads.linkedin.com. All of them set cookies. The last one looks like it assigned a universal ID," writes Sampson, who described his review as "exhausting".
That total of 130 requests made by Edge compares to 26 for Firefox, 32 for Google Chrome, 23 made by Brave, and 31 by Vivaldi. Only Opera approaches Microsoft Edge for the number of calls it makes, including 19 calls just to Yandex.ru, the Russian search giant, as well as Amazon, Google, and Walmart.
"Back to Yandex though. Opera not only pings them, but informs them that I am setting up a new profile with Opera (via the referer header and query string). This header also goes to Facebook, Google, and Hotjar. All of these now know that I am a fresh Opera user," continues Sampson.
This Insider tab also sends data about my device and such to the Double Click servers (Google). There are numerous redirects when Edge calls out to https://t.co/dYtv4inH2w. All of them set cookies. The last one looks like it assigned a universal ID. pic.twitter.com/xmzqWO3Y75— Sampson (@jonathansampson) August 27, 2019
He also notes that Opera transmits data often used to ‘fingerprint' PCs to create unique profiles of web users.
"A closer look reveals that Opera is sending extra bits too, including my native resolution, browser window size, and a lot more. Unfortunately, it isn't clear what the other bits are representing. One parameter is called "gdpr" with a value of 14."
Budget carrier confesses to hack in January 2020, and has informed the Information Commissioner's Office
The Travelex ransomware raises the question, once again, of whether organisations should be obliged to provide more information
No zero-days patched in the latest release
Attack, which came as firm was preparing for Covid measures, was a 'perfect storm' CEO says
Make passwords at least 13 characters long and protect email with a strong passphrase, police advise
With Covid-19 related fraud through the roof it's time to review password policy, says South East Regional Organised Crime Unit