Skip to main content

Microsoft Edge is leaking the sites you visit to Bing

Microsoft Edge is leaking the sites you visit to Bing

/

It’s probably a good idea to disable Edge’s follow creator feature until this privacy issue is fixed.

Share this story

Illustration of the Edge logo
Illustration by Alex Castro / The Verge

Microsoft’s Edge browser appears to be sending URLs you visit to its Bing API website. Reddit users first spotted the privacy issues with Edge last week, noticing that the latest version of Microsoft Edge sends a request to bingapis.com with the full URL of nearly every page you navigate to. Microsoft tells The Verge it’s investigating the reports.

“Searching for references to this URL give very few results, no documentation on this feature at all,” said hackermchackface, the Reddit user who first discovered the issue. While Reddit users weren’t able to uncover why Microsoft Edge is sending the URLs you visit to its Bing API site, we asked Rafael Rivera, a software engineer and one of the developers behind EarTrumpet, to investigate, and he discovered it’s part of a poorly implemented new feature in Edge.

“Microsoft Edge now has a creator follow feature that is enabled by default,” says Rivera in a conversation with The Verge. “It appears the intent was to notify Bing when you’re on certain pages, such as YouTube, The Verge, and Reddit. But it doesn’t appear to be working correctly, instead sending nearly every domain you visit to Bing.”

Microsoft first started testing this new creator follow feature in Edge last year before rolling it out more broadly in recent months. It’s designed to let you follow your favorite content creators on YouTube and across the web. If you disable the feature, URLs are no longer sent to bingapis.com.

Microsoft Edge’s follow creator feature.
Microsoft Edge’s follow creator feature.
Image: Reddit (Leopeva64)

Microsoft has a master filter (available here) for this creator follow feature, which includes domains like Pornhub where URLs are blocked from being sent to the Bing API site. It looks like, for every previously unchecked URL you visit, it passes it to bingapis.com, which has huge privacy implications, especially when this functionality is enabled by default.

“We’re aware of reports, are investigating and will take appropriate action to address any issues,” says Caitlin Roulston, director of communications at Microsoft, in a statement to The Verge. Microsoft hasn’t yet explained why URLs are being sent to this bingapis.com service or how Edge has been configured to send nearly all of the sites you visit over to Bing.

Until Microsoft completes its investigation and presumably patches this problem, we’d highly recommend turning off the “follow creators” feature in Microsoft Edge. Chances are you never knew it existed and will never use it, so it’s not a function you’re likely to miss. To do so, navigate to Settings, choose the Privacy, Search and Services tab, and scroll down to Services. Toggle off the switch beside Show suggestions to follow creators in Microsoft Edge, and you should be fine.