It's not really a problem
As no-one actually uses Edge.
If they do they need their head examined.
An independent researcher claims to have uncovered a security flaw in Microsoft Edge. The issue enables any website to identify someone by their username from another website, according to Ariel Zelivansky. More specifically the bod alleges that Edge exposes the URL of any JavaScript Fetch response, in contradiction to the …
^This.
I've encountered a handful of people who were using a particular browser (be that Chrome, Firefox, etc) on a previous version of Windows, but on 10 were using Edge and didn't even realise. Some were aware that something had changed about the way "the internet" works, but that was it.
"As no-one actually uses Edge."
a) I wish you were right
b) Sadly, I know that you're wrong
c) They DO need their heads examined
I'm sure the data harvesters and miners will take full advantage of this "feature" for as long as its available, then cache the information, and use it to target ads, etc..
Apparently a reddit user name can also be discovered (see 1st entry on the reddit thread mentioned in the article)
URLs shouldn't even REDIRECT to information that's a potential security/privacy problem. Sounds like time for another RFC.
>As no-one actually uses Edge.
No but AFAIK you still have it and even worse the version of Adobe flash that ships with it sitting on your hard drive if you use Windows 10 which is getting harder and harder to avoid in crappy Windows land. Pretty funny how often Secunia flags that garbage code (as it rightly should).
https://www.netmarketshare.com/browser-market-share.aspx?qprid=2&qpcustomd=0
about 14% market share is a lot of head examining
Most of the el reg readers wont but userland peoples dont really know how or care to change the default browser (every time w10 decides to change it back for no apparent reason)
If you read MSDN blogs then this sort of attitude seems endemic to Microsoft: if it doesn't cause Microsoft employees a problem, then any reason they can find not to deal with the problem will do.
"It's not a problem because you can only cause it if something else happens first"
"It's not a problem because that's how it's designed, even though it violates the specification, because it needs to be compatible with Excel 3.0 or whatever"
"It's not a problem because it's already on our fix list".
Microsoft: the customer is never right.
> Quite a few Opensource projects have exactly the same blind spot
....but at least you can properly investigate the problem and fix it yourself if you so choose. And you're not paying for the poor service.
Yes, you can decide to not use their browser. Then along comes and update and wham bang, thank you maam and all your settings like default browser have been reset to what Nanny Microsoft thinks you want.
And because they have in their esteemed wisdom decided to include (shudder) flash (shudder) there is little incentive for website designers/developers to retire it. a Doh Moment as after all everyone who used the internet is using Windows 10 aren't they? (well that's what MS want us to believe).