23 July 19, 11:35
Quote:The original version of Microsoft Edge currently coming pre-installed on Windows 10 is sending the full URL of the sites you visit to Microsoft, according to a security researcher.
The data includes not only page information, but also the SID, which stands for security identifier, researcher Matt Weeks says on Twitter.
“Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID),” he posted.
Microsoft uses a feature called SmartScreen to protect users against potentially dangerous websites whenever they are loaded in the browser. SmartScreen works by analyzing the URL against a list of reported links maintained by Microsoft, so the page you visit is submitted to a Microsoft server to determine whether the site should be allowed or not.
Weeks, however, discovered that the sent information, which doesn’t appear to be hashed, includes the SID. Microsoft says the following about the SID in its official documentation:
“A security identifier (SID) is used to uniquely identify a security principal or security group. Security principals can represent any entity that can be authenticated by the operating system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account.”
SOURCE: https://news.softpedia.com/news/microsof...6786.shtml