What you need to know
- A new study about browser privacy ranks Microsoft Edge last among several popular browsers.
- A critical difference between Edge and other browsers is that Edge sends data about people's hardware.
- Microsoft seems to disagree with the findings, or at least the conclusions people took from them.
Updated March 24, 2020: Added additional comments from a Microsoft spokesperson.
A recent study about browser privacy ranks the new Microsoft Edge last among several popular browsers. The study by Douglas Leith from the School of Computer Science and Statistics at Trinity College, Dublin, states that Microsoft Edge collects data about people's hardware. Over time, this collected data could reveal people's identities. The study ranks Microsoft Edge below Brave, Google Chrome, Mozilla Firefox, and Safari. Microsoft Edge is tied with a browser called Yandex.
The study by Leith breaks popular browsers into three groups, stating, "We find that the browsers split into three distinct groups from this privacy perspective. In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari, and in the third (least private) group lie Edge and Yandex."
The study is lengthy and takes a deep dive into how popular browsers handle data and privacy. One excerpt states:
From a privacy perspective Microsoft Edge and Yandex are much more worrisome than the other browsers studied. Both send identifiers that are linked to the device hardware and so persist across fresh browser installs and can also be used to link different apps running on the same device. Edge sends the hardware UUID of the device to Microsoft, a strong and enduring identifier than cannot be easily changed or deleted.
Chris Matyszczyk took a deep dive into the study for ZDNet and also spoke with Microsoft about the findings. Matyszczyk says that he sensed Microsoft isn't happy with the study. A spokesperson from Microsoft had this to say:
Microsoft Edge sends diagnostic data used for product improvement purposes, which includes a device identifier. On Windows, this identifier enables a single-click ability to delete the related diagnostic data associated with the device ID stored on Microsoft servers at any time (from Windows settings), something which is not offered by all vendors.
The same spokesperson also added:
Microsoft Edge asks for permission to collect diagnostic data for product improvement purposes and provides the capability to turn it off at any later point. This diagnostic data may contain information about websites you visit. However, it is not used to track your browsing history or URLs specifically tied to you.
Microsoft seems to disagree with the conclusions made by Leith. Notably, Microsoft highlighted in its statement to Matyszczyk that people can delete collected diagnostics and turn them off. The study states that the UUID sent by Edge is "a strong and enduring identifier than cannot be easily changed or deleted." Microsoft's statement to ZDNet states that Windows "enables a single-click ability to delete the related diagnostic data associated with the device ID stored on Microsoft servers at any time."
In a statement to Windows Central, a Microsoft spokesperson said the study's suggestions that "browsing data associated with Search Suggestions can't be disabled" is not accurate. Other features designed to protect users, like Microsoft Defender Smartscreen, can be disabled as well, the spokesperson added.
"Additionally, Microsoft Edge includes default tracking prevention to help customers protect their online privacy by blocking third-party tracking across sites in both Windows and macOS," the spokesperson said. "The study did not take measures such as these into account."