Microsoft's new Chromium-based Edge web browser fires off more than 130 requests to almost 50 endpoints when it is first run.
That's according to former Microsoft engineer, Jonathan Sampson, who has examined six of the best-known web browsers and the communications they make in the background when web users first start using them.
Most of the requests appear to be made to Microsoft properties, encompassing Windows, LinkedIn, Bing, Skype, MSN, Visual Studio, and Smartscreen. The data sent to the address ‘activity.windows.com' also includes the email address used on logging-on to Windows 10.
What happens when you install the Edge (Chromium) Beta build and run it for the first time? I was curious.— Sampson (@jonathansampson) August 27, 2019
On first-run, Edge fired off 130+ requests to nearly 50 endpoints. Here they are, sorted by total calls.
Time to take a closer look. pic.twitter.com/kIVaKIUNbJ
The Windows.com entry, Sampson notes, retrieves information from Windows Activity History. This, according to Microsoft "helps keep track of the things you do on your device, such as the apps and services you use, the files you open and the websites you browse.
"Your activity history is stored locally on your device and, if you've signed-in to your device with a Microsoft account and given your permission, Windows sends your activity history to Microsoft. Microsoft uses the activity history data to provide you with personalised experiences… and relevant suggestions."
In terms of potential data collection and tracking related to online adverts, scripts are loaded from Facebook, Reddit, Google and other properties, Sampson continues.
A closer look reveals that Opera is sending extra bits too, including my native resolution, browser window size, and a lot more
"This Insider tab also sends data about my device and such to the Double Click servers (Google). There are numerous redirects when Edge calls out to http://px.ads.linkedin.com. All of them set cookies. The last one looks like it assigned a universal ID," writes Sampson, who described his review as "exhausting".
That total of 130 requests made by Edge compares to 26 for Firefox, 32 for Google Chrome, 23 made by Brave, and 31 by Vivaldi. Only Opera approaches Microsoft Edge for the number of calls it makes, including 19 calls just to Yandex.ru, the Russian search giant, as well as Amazon, Google, and Walmart.
"Back to Yandex though. Opera not only pings them, but informs them that I am setting up a new profile with Opera (via the referer header and query string). This header also goes to Facebook, Google, and Hotjar. All of these now know that I am a fresh Opera user," continues Sampson.
This Insider tab also sends data about my device and such to the Double Click servers (Google). There are numerous redirects when Edge calls out to https://t.co/dYtv4inH2w. All of them set cookies. The last one looks like it assigned a universal ID. pic.twitter.com/xmzqWO3Y75— Sampson (@jonathansampson) August 27, 2019
He also notes that Opera transmits data often used to ‘fingerprint' PCs to create unique profiles of web users.
"A closer look reveals that Opera is sending extra bits too, including my native resolution, browser window size, and a lot more. Unfortunately, it isn't clear what the other bits are representing. One parameter is called "gdpr" with a value of 14."
Distraction is one of the oldest tricks in the book, but the rush to digital has made it easier
The document was not password-protected and contained no protective markings
Should a Zero trust approach be used when it comes to end point security given the rise of hybrid working? If so, which solutions are the most recent and effective? How important is education around endpoint tech security for the workforce? Will North,...
Stuart Sumner speaks to David Garfield, CEO and co-founder of secure browsing firm Garrison. They discuss Garrison's journey from idea through to scale-up employing over 100 people, all whilst staying true to the original vision. Garfield also discusses...
Facebook is giving 'free pass' to terrorists through end-to-end encryption, said director general Ken McCallum