![]() Update 7/24/19: Microsoft responded with the following statement: That practice will only end if and when Microsoft decides to start hashing the URLs, which probably would require significant code changes across many of their products. It does, though, continue to send an unhashed URL. The good news is that the new Chromium-based Microsoft Edge no longer sends the SID during a SmartScreen request. The sending of the SID was an odd thing and does not seem to be referenced anywhere in Microsoft's SmartScreen documentation. Chromium-based Microsoft Edge no longer sends SID In a world where people are finally waking up to how little control they have over their data and how it is being used, this tradeoff may be worth it to put customers at ease. value of a threat model in which you don't trust the people who wrote the code you're running. Which is fine, but it's a tradeoff, data freshness and transfer size, vs. The alternative approach is to do what SafeBrowsing does, which is push the hash list to the client. ![]() While they are not doing anything sneaky, Microsoft can modify how URLs are sent so that they are hashed in a similar way that Chrome SafeBrowsing does it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |