https://www.schneier.com/blog/archives/2021/11/is-microsoft-stealing-peoples-bookmarks.html Schneier on Security Menu * Blog * Newsletter * Books * Essays * News * Talks * Academic * About Me Search Powered by DuckDuckGo [ ] [Go] ( ) Blog ( ) Essays (*) Whole site Subscribe Atom FeedFacebookTwitterKindleE-Mail Newsletter (Crypto-Gram) HomeBlog Is Microsoft Stealing People's Bookmarks? I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it's too late. Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it? (Not that "user error" is a good justification. Any system where making a simple mistake means that you've forever lost your privacy isn't a good one. We see this same situation with sharing contact lists with apps on smartphones. Apps will repeatedly ask, and only need you to accidentally click "okay" once.) EDITED TO ADD: It's actually worse than I thought. Edge urges users to store passwords, ID numbers, and even passport numbers, all of which get uploaded to Microsoft by default when synch is enabled. Tags: browsers, Microsoft, privacy, web privacy Posted on November 17, 2021 at 7:53 AM * 44 Comments Comments Pawel Komarnicki * November 17, 2021 8:16 AM This whole "keep asking" loop is such a shady antipattern that it's high time to have a proper guideline for that. I would just make it an opt-in system like the good email newsletters are: you are presented with the button to share your data with the app, and then (and only then) a system dialog is shown. Nothing around that should be automated in any way! Ted * November 17, 2021 8:29 AM It looks like Microsoft released some documentation on "Microsoft Edge - Policies" for Enterprise on 11-9-21. It is only a 472 minute read, but there is some info on Forced Synching, for example: ForceSync Force synchronization of browser data and do not show the sync consent prompt https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies saladpope * November 17, 2021 8:32 AM Agreed that user error is a bad term for this, but it requires user action (I think). Edge prompts for a switch to "default browser settings" at startup, and that appears to include synch. Gross. Enamel B * November 17, 2021 9:17 AM @Ted "Only a 472" read is hilarious. Thanks for the heads-up though, we can now finally enable this setting for our users. I can see the problem for normal users but for enterprise making sure users can drop their PC in the water and have everything synced down on a new PC is a godsent. Ted * November 17, 2021 9:24 AM Ps: I opened Microsoft Edge (Home) for the first time ever. And nothing was synced yet as far as I know. I had to go to Settings > Profiles > Import Browser Data to select which Browser and its corresponding data I wanted to import. There I could select one of my other browsers and its corresponding data (i.e. Favorites or bookmarks, saved passwords, payment info, etc.) In my Edge browser, Sync (listed under Settings and Profiles) is grayed out and I can't open it. (Maybe this is because I'm not signed in with a Microsoft account for the purpose of syncing data across devices?) Ted * November 17, 2021 9:28 AM @Enamel B: Lol! Yes let's get ourselves a very big cup of coffee Winter * November 17, 2021 9:31 AM "which means that Micorosoft sucked up all of their bookmarks" I think that if MS stores such data outside of the originating computer without prior consent (!= opt-out) of the user that would be a breach of the GDPR in Europe. "User Error" is not a good defense here as the GDPR requires "Meaningful Consent", which means the user has to actively do something that indicates they understood what they were doing. But we first have to see that this actually is the case. Not that Google does not go through great lengths trying to get me to sync Chrome whenever I use it. Patricia * November 17, 2021 9:46 AM The ONLY thing I've found truly useful about edge is the ability to easily display/edit/annotate pdf files. That should have been in all browsers decades ago. Anyway, it reminds me of detroit cars always being decades out-of-date. 6449-225 * November 17, 2021 9:59 AM Isn't there a Ramones song, "Hey little luser, I wanna steal your bookmarks" ? Bear * November 17, 2021 11:09 AM I was thinking about new features for browsers the other day, Forced synchronization was not amongst them, but two settings related to sync were. Sync profiles however, were. There's a browser I use for work and research, and there's a browser I use for private stuff. If there were separate profiles, and the browser gave me a dialog box every time I started it up to ask which one, then I could sync the business profile but not the private profile, on the same browser. The other was encrypted block sync. Your browser saves your sync information as an encrypted block using a key you specify, and transmits the block to whatever server you sync with. When you sync, you get that block - still encrypted - back, and your browser reloads its information. So when you sync you need to specify a key, or at least you need a high-entropy passphrase. Which is something I've wanted for years, and would be fairly easy to implement. With encrypted block sync, I would be entirely okay with a browser syncing by default - although it couldn't do so silently without access to my keys and passwords, which is desirable behavior from my POV but most people would allow it just to shut up the dialog box asking for the key. Additional desirable features not related to sync: A WYSYWIG editor that saves in correct standards-conforming HTML. A Search bar that can do unit conversions, solve or plot equations, call up and display maps, and do basic language translation locally, without even generating a request. A 'Cache' that stores local copies of reference material - pages drawn from some sites that I need to read fairly often and look things up in have stable content. I should be able to tell the browser what sites those are and let it maintain a local cache. With the option to search local resources first and generate a request if not found, OR display the local cache to avoid delays while sending a request and verifying that the stable content is still stable, or using local cache for fallback only in case of network disconnection. Or maybe a debug function that runs a diff and displays changes. Robert * November 17, 2021 11:40 AM @Bear Firefox Sync in entirely encrypted, see https:// hacks.mozilla.org/2018/11/firefox-sync-privacy/ That Chrome and derivatives (with the exception of at least Brave) don't do it is because they want your data in plain text. mexaly * November 17, 2021 12:13 PM When I got to passport numbers, wondering how brazen can it get, that I remind myself: feed garbage to the information tyrannosaurs. A friend of mine despises grocery store loyalty cards, so he trades them with his friends. It fogs the data that he hates to provide, and he still gets the discounts. Martin Ewing * November 17, 2021 12:56 PM Users need to know that everything in the cloud is available to our corporate overlords by default. And most everything is moving to the cloud. So why am I trusting all my data to Google Drive, gmail, etc.? Reliable, convenient, and cheap seem to trump privacy... Petre Peter * November 17, 2021 3:13 PM My soul is crying for how technology has been prostituted. Terry Cloth * November 17, 2021 4:50 PM @mexaly: I just lie on the application. I don't mind the store knowing there's someone who usually buys Oreos and milk together, but they have no need to know it's me. If they send a check for a reward, I'll never see it, but that's small beer. Zian * November 17, 2021 5:30 PM @Robert Thanks for the Mozilla link. It's refreshing to see someone implement it with those goals. I had ignored the Firefox sync feature because I assumed it had been implemented in a way that I would not like. Clive Robinson * November 17, 2021 11:24 PM @ Petre Peter, My soul is crying for how technology has been prostituted. Wrong word, it implies there was an equitable transaction. There is a more appropriate word for when some one forces themselves on others. noone * November 18, 2021 2:22 AM I don't know why they want all the bookmarks. They already have all URLs one visits. A german blogger recently wrote about this: https:// www.kuketz-blog.de/ microsoft-edge-datensendeverhalten-desktop-version-browser-check-teil4 / Winter * November 18, 2021 2:43 AM @noone "I don't know why they want all the bookmarks. They already have all URLs one visits." I agree, we can laugh about the bookmarks, they get literally everything you do, all with a client ID included. Compare that to the other browsers. I checked Vivaldi, Chrome, and Mozilla Firefox. None of them submitted "obvious" data about user behavior. However, they do send enough to do browser fingerprinting. I am not qualified to see whether there might be obfuscated PII included. Winter * November 18, 2021 2:48 AM PS: The original German page translates well (checked with Google Translate). Francesco Mantovani * November 18, 2021 2:51 AM Interesting. And in their Policy Statement I don't see nowhere the word "encrypted". Are they storing this in plain text? How do they handle my privacy on their side is not explained. Are my Swiss data staying in Switzerland or travelling across Europe or going to US? Vladimir Katalov * November 18, 2021 3:07 AM Well, all the vendors (not just Microsoft but also Google and Apple) allow to sync browser history, passwords and lots of other sensitive data. The only difference is that Microsoft did not implement additional encryption. In contrary, Apple use "end to end encryption" (well, sort of). Gert-Jan * November 18, 2021 5:32 AM The "keep asking" loop can be countered the way Android handles permission requests. The first time you get to see the request. The second time you see the request with the additional checkbox "don't show again". When checked, there is no third time. On newer Android versions, this "don't show again" is not asked anymore, but implied when the user rejects the request. But the argument about meaningful consent (to conform to GDPR) is a valid one. I've accidentally clicked "Yes" on some request simply due to timing. I wanted to click on something on the page, but just at that exact moment a permission request popped up exactly where my pointer was. If vendors wanted too, they could mitigate that issue by delaying the opt-in button; only enabling it after a second or two. For meaningful consent, I'd argue that a 2 second delay is always justified. Who? * November 18, 2021 5:41 AM Time to move to software that works for us, and not the other way. These days not only corporations that offer "free stuff" like Google or Facebook -whatever it is named now- but even those that sell the right to use their software/hardware tools must not be trusted. Open source and, in some way, free software too are the way to go; but even in this case keep an eye on any project you depend on and do not trust blindly on something just because it is under a BSD/MIT/GPL licensing. And, of course, keep offline anything you can. Only a few of my computers have Internet access and, most of these computers with some sort of Internet reachability, have HTTP/HTTPS traffic blocked or --to be more precise-- do not have a rule allowing that class of traffic on a 'block all' default firewall set up. Who? * November 18, 2021 5:51 AM One more thing... they key is not why it happened, but why let us it happen yet. The first step is not allowing it occur, and not whimper when it happens. It happened because we allowed it to happen. I would certainly not use a browser from a corporation that a few years ago broke into millions of computers running its operating system to remove a "bad patch" that locked the upgrading mechanism without even requiring a user consent. From my point of view it was a "zero click" exploit. By the way, access was through the browser. It is clear when your hardware runs operating systems like Windows, OS X, Android, IOS (both Apple and Cisco's one) you do not own the computer. JonKnowsNothing * November 18, 2021 7:51 AM @ Winter @noone re: All the bookmarks * Some bookmark systems allow tags and sometimes comments (comments can be written into the text part of the URL). * Some will assign a Key Word keyboard link (open up multiple links). * They may also get the layout of how you store bookmarks if you folder them. * Some systems can keep date/time of access and recent viewing or other ranking methods which show which sites are most active and which sites are dormant but still On Your List. (1) If you are a "person of interest" its could be interesting to some. There is a direction that LEAs have been moving for their PoliceItAll, which is using AI/ML systems to do predictive policing. A recent MSM article about one (of many) systems used by the LAPD (Los Angeles, California USA) that pulled in all social media and interactions not just of the person of interest but all their friends, their online groups, reading sites etc. Every aspect of Meta that the software vendor could collect and calculated a "probability of future crime". Guilt by technical association. Makes a nice graph. === 1. Not too long back there were discussions of JSON vs HTML file extensions. FireFox native bookmark backup can use JSON or HTML and both of the resulting file sizes are huge. 3d party bookmark backups export to HTML and are only a fraction of the size. Not Gonna Get It! * November 18, 2021 9:00 AM Is M$ doing X,Y,Z? Try it and find out! No. But you should try it! No. Could you just check if... No. I don't play with proprietary bullshit, especially turds flowing from the mouth of One Microsoft Way. Clive Robinson * November 18, 2021 11:57 AM @ JonKnowsNothing, ALL, If you are a "person of interest" its could be interesting to some. Who is not a person of interest these days? You have agencies within central government that regard and treat "the citizens as the enemy". Then you have regional and local "guard labour" bring funded and supplied by Central Government. To increase not just surveillance, but tactical deployment. Even if you are dead and six feet down you are probably still on somebodies list... In reality crime is dropping for reasons other than LEO's abilities. All new technology from the likrs of Palantir is giving LEO's is bigger suspect lists, that actually hampers most investigations... Why because the "machine learning" behind it is runing from rules in files upto 20years old when a "good kicking around the back" was a standard investigative tool. Thus the thugish mentality we had hoped was going via computers is being given a new lease of life to come back and haunt us. In the US the statistics on plea deals tells you exactly how the system works. They just throw charge after charge at you untill you plead guilty to anything... In other parts of the world that behaviour is regarded as mental tourture and an abuse of human rights. Oh and it is actually illegal in the US to deny somebody a jury trial, something they forget to tell you for some reason... And it is said that technology is improving things... But from what viepoint, 1, Politicians 2, Guard Labour 3, Lawyers 4, Private Prison profiteers 5, Those selling the technology 6, Press 7, Victims 8, Society 9, Suspects It appears that money is the driving force behind all but a couple in that list... Jon * November 18, 2021 4:45 PM @ mexaly, Terry Cloth I just didn't sign up at all. After a few times the cashiers got exasperated enough that they just gave me a 'discount' card. Now, I'm sure that because I've used credit cards with them, they have put two and two together and know roughly who I am, but not that I have consented to anything besides "Take my money in exchange for groceries". Still, I highly encourage pissing in the databases. The more rot they have in them, the more worthless they become. JonKnowsNothing * November 18, 2021 6:10 PM @Clive, @All re: Jury Trial and other missed Civics Lessons IANAL In the USA we also have the right to a "Speedy Trial". Not too long ago over on Marcy Wheeler's site there was a review of what "speedy trial" means as there was a SCOTUS ruling on "tolling". So.. IANAL and I didn't know what any of that meant... There is a court timer called "toll" and when the timer starts the "tolling" starts. It governs the amount of time allowed between different parts of the trial. If the "tolling time expires" and the step has not completed then other aspects of the procedure may change with all timers becoming unlimited timers. Think of it like a competition chess clock, once you make your move you punch the toggle button which starts the clock on the other side. Once they make a move they punch their clock and the timer shifts to your side again. If your timer expires you lose even if you have numerical advantage. One might think it is in the person's best interest to have a speedy trial and get things sorted out ASAP. Except it appears that rarely happens. There must be some advantages to not punching the tolling timer, one of them maybe for the prosecution and another for all the legal fees that get racked up. The person, if not among the wealthy, sits in jail for the duration even if they are supposed to be "innocent until proven guilty". It also seems that "pretrial detention" counts extra towards the ultimate sentence. So having the tolling bell expire means you get bonus credit for sitting in jail, even if the jury finds you Not Guilty. All very confusing. ymmv IANAL === (1) MW has the sentencing guideline tables for the 37thDec group. SpaceLifeForm * November 18, 2021 7:07 PM @ Robert, Who?, Ted, Clive, Freezing_in_Brazil, ALL Grease leaks Try FF. Not saying it is perfect, but the alternatives are not your friend. lurker * November 18, 2021 8:53 PM @Plymouth Baskin Colonies The application Chrome has requested to install KeyChain... quoi??!! Justa Comment * November 19, 2021 1:16 AM I had an even worse (in my opinion) experience on a Samsung phone: I used the YouTube app to copy links that I wanted to share with friends. I was (still do the same) very careful to not give permissions to my contact app to, for instance, YouTube. In the same way I gave no permissions to the YouTube app. Everything fine with that for a few years. Then, suddenly, I think it was during the spring 2019 when I was doing exactly that (ie copying the link to a video inside the YouTube app) the same YouTube app suddenly suggested people that I could share the clip with. I recognised the names from my contact list (nick-names and so forth). I checked the permissions for the contact list app and the YouTube app instantly and there were no changes. The permissions were exactly as I had set them. But still, the YouTube app obviously had a look at my contact list. I have never used the YouTube app in a smart phone since (but of course, the damage is done). br X Robin * November 19, 2021 2:51 AM 1. On store cards: very soon paper till receipts will disappear, replaced by some sort of electronic communication. This will probably be managed via store cards, so to have a proof of purchase a store card will be obligatory. How this will be managed if I buy an item in one shop and walk into another with no proof I've bought the items I'm carrying, I have no idea. But the number of store cards I carry and the completeness of the data stored therein will be startling. 2. An alternative to obligatory store cards will be dedicated phone apps for every trader you buy from. I have a handful of apps on my phone and I really don't want any more. I am very conscious of the fact that I have zero knowledge, and even less control, about what information these apps are sharing. At least with a browser I can install privacy add-ons; with apps I can do ... nothing. Peter A. * November 19, 2021 4:29 AM @Robin: Poland have just enacted electronic receipts for customers (optional - for now). Before, it was obligatory to give every customer a paper receipt with all legal/tax data on it (failure to do it risks a steep fine for the merchant; there were even a few widely reported provocation/ entrapment cases stipulated by tax officers). From now, there's a possibility of providing e-receipt "with the consent of and in a form agreed with the customer". It is not clear yet what would be the offered method(s) - initially probably SMS/email, but how the customer would provide the phone number/email address is not specified; and how the merchant would collect and protect that data. Some big chains already announced they are ready to provide e-receipts via dedicated apps. Some have been doing it for some time already in addition to official paper receipts, offering extra perks for using their apps. The other end of the receipt is worse. Before 2020, all sales (there are still some exceptions for small businesses, but are being closed gradually) had to be recorded on a certified register with non-volatile append-only memory system, reports needed to be retained for several (5?) years. This is a problem for merchants as the commonly used thermal print paper bleaks. Since 2020, more and more areas of business (starting, not surprisingly, with automotive: gas stations, repair shops etc.) have to use registers with obligatory Internet connection to the tax office, to send out each sales receipt in real time. Robin * November 19, 2021 5:38 AM @Peter A Yes, here in France things are moving iun the same direction. I assume it's an EU wide initiatrive but on a quick search I didn't turn up any links to EU or EC law. Who? * November 19, 2021 9:45 AM @ SpaceLifeForm I am running FireFox on OpenBSD; it is my only browser (ok, sometimes I use the Tor-targeted flavour too). Some years ago I started setting up FireFox with some enterprise features (like a restrictive policies.json and a hardened mozilla.cfg), so I cannot inadvertently set an insecure parameter. lurker * November 19, 2021 10:34 AM @Justa Comment: but of course, the damage is done The damage was done of course in Palo Alto. It's getting harder and harder to run a stock commercial Android phone without a Google account. If you run thru the standard setup procedure on a new device, and login to an existing G acct, before you can get to the settings Do Not Sync [default is Yes, Sync], it will have started to populate a Contacts list on your device, derived from the archived mail and phone history. Yup, those phones sure are smart... name.withheld.for.obvious.reasons * November 19, 2021 3:33 PM If I understand it correctly, Apple does the same thing. If does a bookmark synchronization with the apple cloud storage system to keep your favorites "safe". There does not appear to be a way to turn this off either, unless of course you forgo using Apple's browser. It also is to allow your iPhone to be married up to your Apple computer to share that data "seamlessly". I often wonder who this mysteriously named "seamlessly" is. Do they have a first name, like Effortlessly? insert.barcode.here * November 20, 2021 7:16 AM crApple, Goggle, Microsuck, Faceboot ... none of them have any power if you take their TCP/IP away from them. Those who don't know TCP/IP are doomed to be enslaved by it. Stop feeding the beasts and they will stop growing out of control. You have the technology to seize and keep absolute control over your online footprint. All you have to do is use it. Install OpenVPN. Route your devices to that host. Configure that host firewall to block icloud. No more crApple cloud. Configure the iptables to block all domains in Goggle's ASN. No more goggles. Configure the iptables to block all domains in Faceboot's ASN. No more faceboots. If you want a nice blueprint for a Pi of Terror, add the following to the OpenVPN/iptables host: Pihole with whitelisting/blacklist redirecting to dnscrypt-proxy to Quad9 DNS for DNS resolution. Squid with whitelisting/blacklisting redirecting everything else to privoxy to Tor. OpenVPN on that with your devices set to use the host for DNS and web proxying. Make the data hoarders requests run the gauntlet of fear and block them at any point you like. Don't resolve their DNS. Don't request their HTTPs. Let IPfilter block anything you missed. And yeah, this is all in addition to browser plugins like NoScript, CanvasBlocker, Ghostery, PrivacyBadger, uBlock, DecentralEyes, etc. Ted * November 20, 2021 7:50 AM @insert.barcode.here Re: Install OpenVPN If you have that technical level of understanding, you are most likely ahead of the game. However... @SpaceLifeForm posted a link to an article about securing your digital life a few days ago. It was the finale in a four part series. The author has this to say about VPN's: That's about it. Otherwise, VPNs aren't much more effective in protecting your privacy than what you already get from visiting sites that use modern Secure HTTP (HTTPS). Your thoughts? https://arstechnica.com/information-technology/2021/11/ securing-your-digital-life-part-4/ Jakob * November 20, 2021 12:53 PM The best option is probably to avoid having a Microsoft account at all/logging in with a Microsoft account on your device. Not exactly easy to do these days, when setting up a newly bought computer the setup wizard will not allow that unless you skip the "connect to the Internet" step before (or switch to airplane mode and disconnect the Ethernet cable at the time it asks you to set up an account). The same also goes for Android, as soon as you log in with a Google account you basically loose control of what is uploaded to Google. With Aurora store you can still get apps from Google Play without having to log in the whole device. SpaceLifeForm * November 20, 2021 3:33 PM @ Ted, ALL Actually, I purposely did not post the link. You were just paying attention, and connected dots. Kudos to you. The reason I did not post the link was because Bruce was already covering the series, and I thought he was going to put up another article on that. I do agree with the point. Use of VPN or TOR is painting a target on your back. https://techgenix.com/webrtc-leaks/ Those of you using VPN or TOR, may want to check out https://ipleak.net/ And see if you are leaking your real WAN ip. Ted * November 20, 2021 3:53 PM @SpaceLifeForm, ALL The ipleak site is making me Atom Feed Subscribe to comments on this entry Leave a comment Cancel reply Login Name [ ] Email [ ] URL: [ ] [ ] Remember personal info? Fill in the blank: the name of this blog is Schneier on ___________ (required): [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comments: [ ] [loader] Allowed HTML * * * *
    1. * 
       Markdown Extra syntax via
https://michelf.ca/projects/php-markdown/extra/

[Preview] [Edit]

[Submit] 

 [                                             ] 
 [                                             ] 
 [                                             ] 
 [                                             ] 
 [                                             ] 
 [                                             ] 
 [                                             ] 
D[                                             ] 

- Wire Fraud Scam Upgraded with Bitcoin New Rowhammer Technique -

Sidebar photo of Bruce Schneier by Joe MacInnis.

About Bruce Schneier

[Bruce-Schn]

I am a public-interest technologist, working at the intersection of
security, technology, and people. I've been writing about security
issues on my blog since 2004, and in my monthly newsletter since
1998. I'm a fellow and lecturer at Harvard's Kennedy School, a board
member of EFF, and the Chief of Security Architecture at Inrupt, Inc.
This personal website expresses the opinions of none of those
organizations.

Related Entries

  * Why I Hate Password Rules
  * Hiding Vulnerabilities in Source Code
  * Security Risks of Client-Side Scanning
  * Recovering Real Faces from Face-Generation ML System
  * Identifying Computer-Generated Faces
  * Designing Contact-Tracing Apps

Featured Essays

  * The Value of Encryption
  * Data Is a Toxic Asset, So Why Not Throw It Out?
  * How the NSA Threatens National Security
  * Terrorists May Use Google Earth, But Fear Is No Reason to Ban It
  * In Praise of Security Theater
  * Refuse to be Terrorized
  * The Eternal Value of Privacy
  * Terrorists Don't Do Movie Plots

More Essays

Blog Archives

  * Archive by Month
  * 100 Latest Comments

Blog Tags

  * 3d printers
  * 9/11
  * Aaron Swartz
  * academic
  * academic papers
  * accountability
  * ACLU
  * activism
  * Adobe
  * advanced persistent threats
  * adware
  * AES
  * Afghanistan
  * air marshals
  * air travel
  * airgaps
  * al Qaeda
  * alarms
  * algorithms
  * alibis
  * Amazon
  * Android
  * anonymity
  * Anonymous
  * antivirus
  * Apache
  * Apple
  * Applied Cryptography
  * artificial intelligence
  * assassinations

More Tags

Latest Book

We Have Root

More Books

Support Bloggers' Rights! Defend Privacy--Support Epic

  * Blog
  * Newsletter
  * Books
  * Essays
  * News
  * Talks
  * Academic
  * About Me