X
Business

A professor says Edge is the worst for privacy. Microsoft isn't happy

Could it be that Google was right to accuse Microsoft Edge of being insecure? New research suggested it's the least private browser you can have. So I asked Redmond what it thought.
Written by Chris Matyszczyk, Contributing Writer
microsoft-edge-logo-icon-20201.jpg

On the edges of privacy protection?

There they were, fighting like little children.

The emergence of Microsoft's new Edge browser appeared to have Google in a tantrum-filled tizzy.

Google accused Edge of being insecure. Which, coming from Google, bordered on entertaining. In turn, Microsoft sniffed that apps from the Google Chrome Web store would mess up Edge's slick functioning.

Then along came an apparently impartial referee to offer a truly grim assessment.

Professor Douglas Leith, from the School of Computer Science and Statistics at Trinity College, Dublin, decided to examine web browser privacy in some detail. Detail is what academics do.

His conclusions made for bracing reading.

Leith studied how all the main browsers communicate with backend servers. He described his results like this: "We find that the browsers split into three distinct groups from this privacy perspective. In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari, and in the third (least private) group lie Edge and Yandex."

I confess to feeling more than one volt of jolt here. Not only is Edge said to be one of the two least private browsers, but Firefox and Chrome are at the same level?

And there I was believing you could trust Google no more than you can toss a tennis ball at a whale and expect it to see it again. And there I was thinking Edge had wonderful built-in privacy, mostly because Microsoft said it had and I'm monstrously gullible. And there I was trying Edge and finding it a very likable, speedy browser.

The issue, as far as Leith is concerned, is that Edge (and Yandex, if that is your browser bent) doesn't link to browser installations, but the device's hardware.

Because of this, says Leith: "Both send persistent identifiers than can be used to link requests (and associated IP address/location) to backend servers."

The ultimate effect is that, over time, the data collected can reveal your identity. Which doesn't sound ideal. Especially as there's apparently nothing the user can do to prevent it.

I thought it was time to contact Microsoft for its view and receive an identifiable response.

I sense the company isn't happy. It wonders the research -- performed, oh no, on a Mac -- adequately compared like to like.

A company spokeswoman told me: "Microsoft Edge sends diagnostic data used for product improvement purposes, which includes a device identifier. On Windows, this identifier enables a single-click ability to delete the related diagnostic data associated with the device ID stored on Microsoft servers at any time (from Windows settings), something which is not offered by all vendors."

She added: "Microsoft Edge asks for permission to collect diagnostic data for product improvement purposes and provides the capability to turn it off at any later point. This diagnostic data may contain information about websites you visit. However, it is not used to track your browsing history or URLs specifically tied to you."

So that settles it. Surely you're regularly turning your permissions on and off. Or perhaps not.

Of course, all human wailing about privacy rarely does too much good.

Most people have no idea how and how often their data is being laundered, nor to whom. Most have given up, believing it's all out there, all the time, even as we rail against our domestic conversations being recorded by Alexa and her sisters.

Tech companies have insisted they're getting better at this privacy thing. They've even started to (say they) care.

Ultimately, though, it seems they still prefer to know everything about us. In a discreet, respectful way, of course.

How Microsoft lost its monopoly in web browsers

Editorial standards