Microsoft Edge Exposes Bing API Addresses of Attended Sites

Users have noticed that a bug seems to have crept into Microsoft Edge – the fact is that, starting with build 112.0.1722.34, the browser passes all the URLs that users visit to the Bing API. In theory, this allows Microsoft to monitor all online activity of Edge users if the company decides so.

Let me remind you that we also wrote that Bing Chatbot Could Be a Convincing Scammer, Researchers Say, and also that Phishers Can Bypass Multi-Factor Authentication with Microsoft Edge WebView2.

The problem was first discovered by a Reddit user with the nickname HackerMcHackface. In his opinion, the error is related to a disabled content aggregation feature in Edge called Collections, which prompts content creators to create special offers for users.

Apparently, since the release of Microsoft Edge build 112.0.1722.34, the default behavior of Collections has changed. Whereas in previous versions of Edge this feature was limited to a subset of social networking sites, including YouTube and Pinterest, it’s clearly more widespread now.

For example, when visiting whitelisted pages, URLs are typically sent to the Bing API to determine whether the browser should show a pop-up window with some kind of recommendation that will appear in the user’s address bar. If the user clicks on such a popup, content from that author will be added to Collections.

Microsoft Edge and Bing
Collections example

However, according to HackerMcHackface, a request to bingapis.com, with the full URL of the page being visited, is now almost always transmitted, allowing Microsoft to monitor all Internet activities of Edge users.

Let me also remind you that the media wrote that Microsoft to Limit Chatbot Bing to 50 Messages a Day.

Microsoft representatives told The Verge journalists that they already know about this problem, and the company’s specialists are already investigating.

According to the publication, the idea seemed to be to notify Bing when a user is on certain pages (like YouTube or Reddit), but something went wrong and now Bing gets information about almost every domain a person visits. .

Until the issue is fixed, Edge users are strongly advised to disable this feature by going to settings, under the “Privacy, search, and services” tab, and unchecking “Show suggestions to follow creators in Microsoft Edge” at the bottom of the page.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *