(title map viaSoftpedia)
It is reported that,MicrosoftUse the SmartScreen feature to protect users from potentially dangerous website attacks.
The principle is to submit the page information (website URL) currently accessed by the user to Microsoft according to a report connection maintained by Microsoft.serverGo to analysis.
However, the information it sends (including the SID) is not hashed. Microsoft wrote in the official document:
A SID is a unique identifier for a security principal that can be authenticated by the operating system for any entity, such as a user's computer account, or a security-related context process/thread.
In theory, by using the SID identifier included in the report, Microsoft can clearly know who isWindowsSmartScreen is enabled in 10 and accessed.By default, Edge's SmartScreen settings give a "warning".
However, Microsoft acknowledged in the privacy statement that certain information was indeed submitted to the company in order to provide follow-up support for SmartScreen, as this is how the feature works.
The company wrote: "When checking files, relevant data is sent to Microsoft, including file names, hashes of file contents, download paths, and digital certificates."In this regard, the researchers recommend using a method similar to other browsers to improve the Windows operating system.
Firefox, Chrome, and Safari don’t send users’ browsing history to the cloud. They simply compare the 4-byte URL hash prefix with the bad hash hash list that was downloaded.
Unfortunately, at the time of writing, Microsoft has not commented on the matter.