You are here

Microsoft Edge browser gobbles up Google's privacy-fail cookies

public://webform/writeforus/profile-pictures/richi-2016-480.jpg
Richi Jennings, Industry analyst and editor, RJAssociates

The new Edge browser from Microsoft now shares the same open-source rendering engine as Google Chrome. However, it doesn’t share la GOOG’s affinity for tracking cookies. It seems privacy is the new sweet treat.

In tests, “Chredge” nuked almost a quarter of Google’s creepy cookies. And that’s using its default configuration.

This, of course, might merely reflect Google’s dominance of the online ad market. Or it might not. In this week’s Security Blogwatch, we ponder the possibilities.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: ZAMination vs. douglby.

[ GDPR, CCPA and privacy. TechBeacon's new guide rounds up what your team needs to know. Plus: Get the Best Practices for GDPR and CCPA Compliance white paper. ]

Chromium fork knifes Google?

What’s the craic? Nick Farrell reports—Edge might hit Google hard:

Microsoft's Edge browser might be built on the same open-source code as Google Chrome, but … it might make a mess out of Google's business model. On January 15, 2020, Microsoft is scheduled to roll out a completely revamped Edge [which] includes a feature called Tracking Prevention.

It mostly seems designed to kick Google's goolies.

Says who? Ed Bott does the analysis—My tests show that one in four items blocked are from Google:

Tracking Prevention: If that name sounds familiar, you're not imagining things. Microsoft added a Tracking Protection feature to Internet Explorer 9, back in 2011. … In the new Edge … the implementation is more usable and more sophisticated, with multiple Trust Protection Lists taking the place of a single TPL.

By default, Tracking Prevention is turned on, with the Balanced setting selected. According to Microsoft, that setting "blocks potentially harmful trackers and trackers from sites you haven't visited," without breaking functionality in the websites you visit.

[I] loaded a selection of 66 pages from a wide variety of websites [mainly] mainstream news publishers and tech sites. … Tracking Prevention blocked a total of 2,318 trackers, or an average of 35 on each page. Of that total, 552 were from Google domains … a mind-boggling 23.8%.

Whoa, bogus. Gregg Keizer rules, dude:

What the Redmond, Wash. company this week called a "release candidate" of the final version can be downloaded from the firm's website. … Now in finished form, tracking prevention is switched on by default and boasts a polished and prominent UI.

Microsoft put Edge on the same path Mozilla and Apple set Firefox and Safari, respectively, staking out an anti-tracking position. Not only does this play to users concerned about online privacy … but it positions the Chromium Edge as different from Chrome.

Ironically, Edge's planned Jan. 15 launch date will come a day late for most Windows 7 users. The day before … Microsoft will issue Windows 7's final … public security fixes, then officially retire the 2009 OS.

Twist the knife, why don’t ya? Microsoft veep Yusuf Mehdi paints it as The browser … for business:

60% of the time people spend on the PC is within the web browser. [But] is our data safe and our privacy protected as we surf the web?

We believe you should know who has access to your data and have the control to choose what you share. Microsoft Edge starts with tracking prevention on by default, so you don’t have to take any actions to immediately start having a more private browsing experience.

For IT Professionals, we are also announcing … a new security baseline for … Edge. Security baselines are pre-configured groups of security settings and default values that are recommended by the relevant security teams. Microsoft Edge has its first security baseline now in preview, making it fast and easy for IT professionals to have a recommended starting point for security and compliance policies.

But swebs is all, like, “meh”:

There are many more popular browsers than Edge out there, such as Firefox, Opera, Brave, and Safari, as well as various open source forks (Palemoon, Chromium, etc.) … To a privacy minded user, Edge would be the last option to consider for someone switching from Chrome, especially due to Microsoft's history of aggressive spying "analytics" as well as general anti-competitive behavior.

What will this do businesses funded by ads? JaredOfEuropa is concerned:

This feature does not block ads, but tracking. … Consumers may not even notice that the ads they are being served are slightly [less] relevant for them.

This may not matter as much to the larger advertisers, but without effective targeted ads, the smaller ones might decide their advertising budget is better spent elsewhere (like on specific sites frequented by their demographic, as was the norm before Google dominated the market).

Whatever happened to the Microsoft mantra of “embrace; extend; extinguish”? olliej says times have changed:

[Google now does it] under the guise of standards. Essentially they flood standards bodies with unending half assed specs that make it difficult for smaller browsers … to keep up. Then make their properties depend on those half assed features.

While at the same time making sure those new specs also aid their primary business of spying on and tracking users without consent. Then saying any browsers that don’t support those abusive features are holding back the web.

However, Krzysiek Szczepanski—@cyber_kris—finds it inflexible:

The option of whitelisting certain domains would be nice.

Meanwhile, enitihas snarks it up:

Tracking prevention in Edge makes sense for Microsoft, as they already have more than enough tracking in Windows itself.

The moral of the story?

This is part of a growing trend. Widespread tracking prevention might affect your business, or it might even break your web-based apps. Make your software privacy-first now (or pay later).

[ Get on top of access with TechBeacon's guide to identity governance, and see the IGA leaders. Plus: Learn how to secure and manage cloud-based Linux resources with Active Directory in this Webinar. ]

And finally

Earworm warning: I’ve got a bone to pick with you

Previously in “And finally”

You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Laura Santo (Pixabay)

[ Explore TechBeacon's guide to SecOps challenges and opportunities. Plus: Download the 2019 State of Security Operations report. ]