Skip to main content

Edge fails browser security rankings — but Microsoft isn't buying it

Microsoft Edge
(Image credit: Microsoft)

The new Chromium-based Microsoft Edge was gaining a lot of traction as users gushed about its alluring features -- even one of our editors considered ditching Chrome for Edge. But the Edge browser has a new PR setback on its hands: poor privacy.

Dublin-based researchers from Trinity College analyzed six browsers and rated the new Edge browser last, alongside Russian browser Yandex, for user privacy security (via WinBuzzer).

“From a privacy perspective, Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests to back-end servers," the researchers said.

In other words, yes, the Edge browser is collecting data from you.

"Edge also sends the hardware UUID of the device to Microsoft," the researchers added. To unpack this quote, a UUID is a universally unique identifier consisting of a 128-bit number to identify an Internet entity.

If you're wondering where other browsers, like Chrome, stand with user privacy, here's how Professor Douglas Leith (one of the study's researchers) classified all six browsers: "In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari, and in the third (least private) group lie Edge and Yandex," he told ZDNet.

The issue here with Edge, according to Leith, is that the browser persistently sends users' hardware ID to back-end servers (along with your IP address and location). And over time, the accumulated data can reveal your identity.

Chrome, Safari and Firefox tag requests with user identifiers, too, but Winbuzzer notes that this info is reset when the browser is reinstalled. Plus, all three browsers tag requests with varying identifiers as opposed to Edge's hardware-persistent identifiers.

Chrome has already been hinting that the new Microsoft browser is insecure, and now Dublin-based researchers are pulling the curtains back on Edge's not-so-great user security. Microsoft, of course, is not happy.

"Microsoft Edge sends diagnostic data used for product improvement purposes, which includes a device identifier," a Microsoft spokesperson told ZDNet. "On Windows, this identifier enables a single-click ability to delete the related diagnostic data associated with the device ID stored on Microsoft servers at any time."

In other words, Edge claims that it collects user data to optimize the browser for future upgrades, not to spy on users' browser history. And users can always switch off diagnostic data collection if it doesn't sit well with them.

Still, we can't help but hear Chrome whispering in the background, "I told you so!"