ExplainersPrivacy Tools

Is Microsoft Edge Privacy Friendly?

The browser you use dictates how much data other websites and other companies on that website collect from you. A single website may have a dozen different trackers on them, taking your IP address, location data, search history, browsing data and associating it with other collected info like your social media, your likes, preferences, and purchasing habits. Much of this data collection is done to compile behavioral or advertising profiles on you so the ads you see as you browse the internet (or check social media) are likely to elicit a click and maybe a purchase.

But your browser may protect you from all this data collection and limit how much data is shared or outright block certain trackers. We looked at Microsoft’s new browser, Edge, to see how it protects its users’ privacy at a default state and what additional settings are found in the browser itself.

Using Windows 10?

In a case similar to Chrome, whether you’re signed into Windows 10 or not (and whether you’re part of Microsoft’s ecosystem) will affect how certain data is used, collected, and shared. However, Microsoft does offer granular privacy controls that allow you to specifically dictate how certain data is used (and not used) for personalization or advertising purposes.

What does Microsoft Edge collect?

According to their support page on Microsoft Edge, browsing, and privacy, the browser collects diagnostic data associated with your device in order to help keep the browser “secure, up to date, and performing properly.” They claim only the data required is collected and it’s only kept as long as it’s needed to provide a service or for analysis. The diagnostic data, according to Microsoft’s privacy statement, includes device-level data such as hardware and processor data, operating system, and timestamps. The diagnostic data is associated with you via a device-level ID and a resettable browser ID. Some of the diagnostic data is stored, encrypted, for up to thirty days, but some of it may be de-identified, aggregated, and stored for up to two years.

This data is used for personalization or advertising purposes depending on some Windows 10 settings. If you have “tailored experiences” on, diagnostic data is used to provide personalized tips, ads, and recommendations. If you set it to Full, some diagnostic information is used, and if you set it to Basic, only device and performance data is used.

Browsing data is collected and stored on your device until it’s sent to Microsoft depending on your settings. Browsing data is used to find and fix problems and improve Microsoft services and, if you’re signed into your Windows 10 account, it (and your other online activity) will be used for advertising and personalization purposes. This browsing data is only stored for 45 days.

What does Microsoft Edge share?

Microsoft Edge also sends various types of data to the websites you visit. This includes your IP address, browser types and version, language, access times, and referring website address (meaning a website will know the previous site you were on). Edge also has a unique browser ID it sends to certain websites to help Microsoft aggregate data to improve certain services. 

Microsoft’s listed advertising partners include Verizon Media, AppNexus, and Facebook (they don’t name more but confirm that there are other partners). Collected data via your browser (and other Microsoft products and Windows 10 tools) is shared with these partners to personalize ads shown on various sites, apps, and products.

If you’re a Windows 10 user, you’ll also have an advertising ID, which advertisers can access through your browser as well, if you’re signed in. The ads shown to you are based on your Microsoft Edge online activity, as well as data tied to your demographic, location, search queries, interests and favorites, and how you use certain tools and products.

Any data that’s used for personalized advertising purposes is, by default, kept for 13 months, unless Microsoft gets your consent to hold onto it longer.

When you use Edge’s address bar (also a search bar), what you search, type, and click on, is sent to your default search provider (it’s Bing on Edge, unless you change it). Your cookies and IP address are also sent in order to improve search results. According to Microsoft Edge’s privacy white paper, if the browser “detects typing in the address bar that may contain sensitive information, such as authentication credentials, local file names, or URL data that is normally encrypted”, that data is not sent to the search provider. If your default provider is Bing, you’ll also send your unique browser ID but all the typed and search data is only kept for 6 months.

Privacy features

Autofill & Password Monitor

Microsoft Edge has an autofill feature that will ask you if you want to save your login information so you can quickly autofill in the field forms next time you need to log in. The information is kept on encrypted Microsoft services to allow you to sync between devices. You can also save your payment data this way.

Edge also has a Password Monitor feature that will warn you whether a saved password has been part of a data breach or not. The data is hashed and encrypted before it’s checked against known data breaches and Microsoft doesn’t keep this data after the check is made. This feature is only available if you’re signed in on your browser.

Shopping via Collections

Microsoft Edge lets you save sites, text, images, and products via Collections. If you save products and use the Compare Price feature, Edge will send product, site, price, and other data to Bing in order to find and compare prices from other retailers. This information is sent via HTTPS and no user identifiers are used or shared.

Location Sharing

Microsoft Edge will always ask your permission before allowing a website to access your location. If you choose to, Microsoft will share an approximate location Microsoft’s location service. This service collects your IP address and nearby WiFi access points to estimate your location. That approximate estimate is shared with sites.

When your location is derived this way, a randomly generated ID is used each time, and Microsoft does not keep any location data via Microsoft’s location service.

Native ad-blocker is available

The browser has an ‘Ads blocking’ option you can turn on that will stop intrusive or misleading ads from loading on sites. Microsoft blocks this using a list of known sites that shows these kinds of ads (this list is updated periodically).

Profile-based browsing is available

You can create different browsing profiles when you use Edge, which will separate associated data and limit how comprehensive a profile Microsoft and advertisers can compile based on your online activity. Different profiles may have different browser settings and will have different cookies and browsing history associated with the profiles. You can also use a guest profile to quickly browser under a different profile without having to completely set one up.

SmartScreen blocks malicious sites

This is more of a security feature but worth mentioning. Edge will block you from visiting a known malicious site or downloading a malicious file. Microsoft does this via its SmartScreen features—your data is never collected or stored in a way that could identify you. If you’re on Windows 10, you can expand SmartScreen’s functionality to block malicious apps as well.

InPrivate browsing

InPrivate browsing adds some additional protection as Microsoft limits what data is shared and how it’s used. Any typed character data in the address/search bar is not sent to search engines, browsing history isn’t used for personalization/advertising purposes and Microsoft won’t collect data about the sites you visit for product improvement purposes. You will be able to use autofill to log into things but you can’t create new ones.

Microsoft’s built-in tracker blocker

Microsoft has built-in tracking protection that comes in three different profiles. Here’s how Microsoft describes each of them.

Basic: Blocks potentially harmful trackers but allows most other trackers and those that personalize content and ads. 

Balanced (Recommended): Blocks potentially harmful trackers and trackers from sites you haven’t visited. Content and ads will likely be less personalized.

Strict: Blocks potentially harmful trackers and most trackers across sites. Content and ads will likely have minimal personalization. This option blocks the most trackers but could cause some websites to not behave as expected. For example, a video might not play, or you might not be able to sign in.

Microsoft’s description of Edge’s privacy profiles

All tracking profiles block cryptomining and fingerprinting as well.

By default, users are set to the ‘Balanced’ profile and you also have the capability to build your own whitelist by going to your settings and clicking on “Tracking Prevention.” You can also turn off tracking on the site you’re on by clicking on view site information in the address bar when you’re on a site.

Screenshot taken 10/4/2020

Microsoft gives you some information about the certificate a site is using (for security purposes), cookies allowed on the page, which tracking prevention profile you’re using, whether it’s on or not (a setting you can toggle for the site itself), and a list of the companies behind the blocked trackers (and how many trackers each company had blocked).

However, while you can build your own whitelist, you can’t set your privacy profile on a site-by-site basis. The profile you choose is set for all sites (except those on the whitelist).

Edge privacy defaults and setting options

Note: this refers to default settings for the MacOS version of Microsoft Edge

What Microsoft sets as its default for users makes a big difference in terms of how much privacy they have or can have and makes a difference when considering how good for privacy a browser is.

Upon installation and set-up, you’re automatically opt-ed into sending crash and error data for the browser (you can click it off before you set-it up). As you set-up the browser, you’re asked if you want to sign into your Microsoft account, but you can skip it and continue using the browser (remember – signing in lets Microsoft share and associate more collected browser data with partners and advertisers).

By default, you’re opted into sharing some of your data about your browsing and search history in order to make searching and Microsoft better. However, if you don’t sign in into your Microsoft account, you aren’t opted into sharing your data for personalized advertising and services (this option is only available if you sign in). You can also stop what you type in an address bar from being shared. Another helpful option is to turn on the “Strict” privacy profile whenever you open an InPrivate tab.

To have more control and privacy over your browser, you can go to the Site Permissions section of your settings. By default, Microsoft Edge will ask you before letting a site access your camera, location, microphone, serial ports. However, cookies and javascript are allowed without requiring permission. You can change this and a number of other settings here.

If you want the browser to keep even less data, you can set what data is cleared every time you close the browser (such as browsing history, cookies, cached images and more). By default, nothing is cleared but you have fairly granular controls here.

The Verdict: Microsoft is decent for privacy but needs improvement

When it comes to privacy, Microsoft is somewhere between Chrome and Safari (check out the links for our overviews). It collects a lot of data and wants to share it with their partners and advertisers and does so if you’re logged into your Microsoft account (which brings its own conveniences such as syncing bookmarks, login information, and more). Remember, Microsoft owns Bing, so there are economical incentives Microsoft has when it comes to sharing and collecting data so companies can more effectively target audiences with search ads.

However, unlike Google Chrome, it does provide a lot of options to let users opt-out of some data collection and sharing, though they’re not all default options. Their balanced tracker blocker seems a little anemic (as displayed earlier, the NYTimes page still loaded several cookies and advertisements) but their Strict profile setting blocked more trackers as well as the ads shown prior.

However, we would still recommend you download a privacy and ad-blocker extension for Microsoft Edge to ensure that websites and the browser itself isn’t collecting more data than it needs to. This way, you can sign into Microsoft and enjoy the convenient benefits it offers without giving up too much of your privacy.

However, if you really want more privacy out of your browser, you may be better off with Firefox or Brave, who offer more at a default and have stronger (and stricter) privacy protections for their users, with no incentive to collect and share your browser data.

Photo by Mohammad Rezaie on Unsplash

Show More
Back to top button