Report: Microsoft Edge leaks private browsing data locally - gHacks Tech News

Report: Microsoft Edge leaks private browsing data locally

A not-so recent report indicates that Microsoft's Edge web browser may be leaking web browsing data of the browser's private browsing mode locally.

The researcher's investigation of locally stored data by Microsoft's Edge browser came to the conclusion that the browser is storing private browsing data in a local database even after the session is ended.

According to the report, Edge reveals websites visited in private mode in the browser's WebCache file.

Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser’s WebCache file.

The WebCache file is located under the user directory, precisely here:

\Users\user_name\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Please replace user_name with the name of the user account that you are using on the Windows 10 computer.

edge webcache

It is interesting to note that Edge seems to share the browsing history cache file with Internet Explorer, and also with versions of those browsers on other devices if the same Microsoft Account is being used to sign in to the machines.

Obviously, Edge should not leave any data traces behind after the user exits private mode., and that is something that Microsoft needs to address.

On the other hand, it is not as if private modes are offering full protection against information leaks, considering that information may still remain available locally and also remotely after a user exits the session.

A common issue is the DNS Cache for instance, which may reveal information about hostname look ups in private browsing mode.

In addition, if an attacker gets access to a computer locally, other possibilities become available that are way scarier than leaking which sites a user may have visited in private browsing mode.

Edge's main issue at this point is that it does not provide users with options to clear the browsing data completely on exit or start of the browser.

This leaves third-party solutions like CCleaner which can be used to clear all browsing data or a selection automatically, for instance when the system is shut down.

Microsoft is working on Edge as part of Windows 10 and it is likely that options will become available in the future. Another possibility is that extensions may fill feature gaps, but it is still unclear when Microsoft will make them available in first Insider Preview builds and stable builds of Windows 10.

For now, the best bet is to use CCleaner, a manual solution to delete the file regularly, or another browser.

Edge is not the only browser that reportedly leaks private browsing information. Google's Chrome browser too leaked information in the recent past.

Summary
Report: Microsoft Edge leaks private browsing data locally
Article Name
Report: Microsoft Edge leaks private browsing data locally
Description
Microsoft Edge reveals websites visited in the browser's private mode even after the private browsing session ended according to a forensic analysis of the browser's cache files.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Ken Saunders said on January 28, 2016 at 3:14 pm
      Reply

      “A not-so recent report ”
      Still, great timing.

      ” Data Privacy Day
      As part of Microsoft’s longstanding commitment to privacy, we mark Data Privacy Day every year through a variety of efforts. Held annually on January 28, Data Privacy Day aims to increase awareness of privacy and data protection issues among consumers, organizations, and government officials. ”
      http://www.microsoft.com/en-us/twc/privacy/data-privacy-day.aspx
      And
      “Your privacy is our priority:
      http://www.microsoft.com/security/online-privacy/overview.aspx

      Quite funny huh?

      1. Jason said on January 29, 2016 at 3:37 am
        Reply

        Hahaha! I can’t believe that’s an actual thing. Way to go Microsoft…

    2. anon said on January 28, 2016 at 4:20 pm
      Reply

      CCleaner is overkill and does things it shouldn’t do. Simply use another browser until Microsoft updates Edge to make sure the file is deleted completely, which will be done soon since they already recognized the issue as valid. Internet Explorer and Firefox are good choices.

      1. soc.on said on January 29, 2016 at 10:55 am
        Reply

        Hi anon,

        mighty tools need a careful hand while their usage. So don’t blame CCleaner to be an overkill, if it tries to do the job in a professional manner. You also won’t drive your car at 160 mph trought the city, also it could manage it.

        Just waiting for Microsoft to fix Edge’s current issue is just waiting for ever as there will always be issues in Edge (just extrapolate the issue history of the Internet Explorer). If you use Edge you will quickly notice it is not only a web browser. In fact, it tries to be the opposite of its name: Its like a tumor in the center of Windows, putting its tentacles to every data serving point of your activities, trying to wipe of the edges (!) between your home, the internet and Microsoft’s global ecosystem. It tries to be your personal butler, serving you form the door to the edge of your bed.

        But would you accept a butler with a malicious integrity? – Remember, he knows more about you, than your fiance!

        So reducing the possible impact of issues by a regular cleanup of data collections is an important task in your continuous efforts to preserve a grade of privacy and security.

      2. Corky said on January 29, 2016 at 11:15 am
        Reply

        I’m not sure saying Microsoft will fix the issues soon is much of a reassurance, it’s been 3 months already since this issue was first made public so it’s not like Microsoft haven’t had plenty of time.

        Having said that I’m not sure what’s more worrying, that Microsoft wasn’t aware their own software was doing this or that they didn’t know, either of those two options are equally worrisome for different reasons.

    3. Rott said on January 28, 2016 at 5:09 pm
      Reply

      those are not edge cache files, those are telemetry webcache :D ( just kidding but probably they look pretty similar )

    4. birmingham said on January 28, 2016 at 5:26 pm
      Reply

      If I clean it, can I be accused of thoughtcrime?

    5. Corky said on January 28, 2016 at 6:11 pm
      Reply

      It can’t be true, Terry Myerson told me Windows 10 is the most secure operating system they ever made.

      /Sarcasm

    6. ddk said on January 28, 2016 at 6:25 pm
      Reply

      The AppData folder holds a lot of secrets including cookies and browsing data and is also a launching point for ransomware & other exploits where malicious files are executed.

      I think that folder is also hidden by default.

    7. Dave said on January 28, 2016 at 7:56 pm
      Reply

      If you are using Edge browser its like using spyware itself :)

    8. Jackal said on January 28, 2016 at 8:59 pm
      Reply

      No biggie. Chrome also warns about being tracked by ISPs even in Incognito mode. If anyone *really* wants to see where you’ve been on the Net, i’m sure they could do it no matter what Browser you used.

      1. Someone said on January 29, 2016 at 7:53 am
        Reply
      2. Corky said on January 29, 2016 at 5:05 pm
        Reply

        If it’s no biggie then why bother with an Incognito mode at all?

        Also this isn’t really the same thing as being tacked by your ISP, after all if your ISP wanted to track you there’s not much of anything that would prevent that, even TOR could be tracked using DPI (afaik).

        What’s happening hear is very different as your supposedly private browsing is being stored locally and, more importantly, remotely if you’re using a Microsoft account. Is that remotely sent browsing history encrypted during transmission, is it stored encrypted on Microsoft’s servers, who has access to the keys needed to decrypt your remotely stored browsing history?

    9. soc.on said on January 28, 2016 at 9:39 pm
      Reply

      Just to drop the severity of the issue by stating there are much more scary things out there harming my privacy is not an appropriate argumentation. You also could argue “Why should I lock my door if someone can enter through the next window by using a brick.”
      We should care about every little lockup security breach. Only sum of our efforts, we can raise a wall for our privacy and security.

      So I appreciate the appearance of this article very much. Hopefully, by spreading the knowledge Microsoft and the other “Big Five” will notice we are watching them. It’s a tiny pebble to slow them down on their way to optimize the automated observation of the individuals.

    10. S2015 said on January 30, 2016 at 6:59 pm
      Reply

      Personally, this news does not shock me at all: Edge is just a newly released browser program, which will def. contain some unknown bugs, holes and alike. More, nVidia GPU too has the ability to leak a user’s browsing history… For details, read Geek.ng

    11. Marc said on February 2, 2016 at 2:03 am
      Reply

      Microsoft does not do privacy any longer. They have become the consumer of all data with the release of Windows Last. Why this should be a mystery to anyone is what is baffling.

    12. p said on February 8, 2016 at 10:32 am
      Reply

      I think Chrome does same. Favicons stored in bookmarks, for example, etc, are also collected in private mode. I use Chrome always in incognito mode with removal of cookies on exit option, and still its user data folder size only keeps growing. The only solution I have, is to start Chrome with a custom script that creates a fresh profile and copies only the data I know about from the old one – not a solution for everyone :), but it works for me.

    13. CHEF-KOCH said on February 13, 2016 at 10:35 pm
      Reply

      This is fixed now with KB3135174.
      http://windows.microsoft.com/en-us/windows-10/update-history-windows-10

      “Fixed issue with Microsoft Edge browser caching visited URLs while using InPrivate browsing.”

    14. tony said on June 5, 2016 at 8:34 am
      Reply

      Wecachekiller will now delete the file webcachev01.dat.

    Leave a Reply