Microsoft Edge leaks all websites you visit to Bing API

The revelation that Microsoft Edge is leaking all the websites you visit to the Bing API has raised security breach concerns. Microsoft's response was not delayed.
 Microsoft Edge leaks all websites you visit to Bing API
READING NOW Microsoft Edge leaks all websites you visit to Bing API

Microsoft Edge added a feature in January 2022 that allowed users to follow creators like YouTubers. However, this “follow creators” feature seems to be buggy in the latest update, according to new reports. It seems like data privacy can be breached as every website URL visited seems to be sent to Bing API servers as “binapis.com/api/v7/followweb/isfollowable”.

The issue was first discovered by a Reddit user hackermchackface a few days ago. hackermchackface wrote: “What is causing Edge to leak all visited URLs after the last update? API: bingapis.com/api/v7/followweb/isfollowable ?

The GET request contains the full url of each page visited.

Searching for a reference to this url yields little results, there is no documentation about this feature. The json response shows the type as “FollowableStatus”, which returns 0 Google results, which is rare.”

Edge response from Microsoft has not been delayed

It was quick to respond to this from Microsoft. Rafael Rivera, Microsoft MVP and Stardock engineer, said: “Microsoft Edge now has a creator tracking feature enabled by default, apparently meant to notify Bing when you’re on certain pages like YouTube and Reddit. But it doesn’t seem to work right, instead it sends almost every domain you visit to Bing”

Microsoft has confirmed that it is aware of such reports. Caitlin Roulston, Microsoft’s director of communications, said: “We are aware of the reports, are investigating, and will take appropriate action to resolve any issues.”

Comments
Leave a Comment

Details
177 read
okunma39533
0 comments