Chrome uses APIs from google.com, Edge/IE use APIs from bing.com. This amazing discovery was in headlines in 2010.
A more interesting blast from the past is the practice of capturing the search phrase in your browser sent to a competing search engine, and then noting the next visited page in your browser. This essentially captured the user's preferred link from your competitor's SERP (Search Engine Results Page), which led to legal challenges about search copying.
Using an API does not mean sending URLs of every web page.
I'm quite certain Chrome does not do that by default. There are a number of settings in Chrome that you can change to send URLs of every web page to Google, such as turning on history sync, the checkbox for "making searches better" or the "enhanced safe browsing" checkbox. None of that is enabled by default in a new installation of Chrome.
> the practice of capturing the search phrase in your browser sent to a competing search engine, and then noting the next visited page in your browser. This essentially captured the user's preferred link from your competitor's SERP
what about today, and for browsers not from Microsoft and Google, that are also offering search?
At a previous SaaS startup I worked for, we stored a bunch of clients' documents somewhere on e.g. example.com/documents - which included confidential items like checks and contracts. Customers would typically opt-out of requiring authentication for a lot of these documents so they could share them with others.
I noticed that when you searched for the company on Bing, you would actually see a bunch of these documents, despite nothing linking to it!
Of course I updated the robots.txt and yelled at leadership for the gaping security hole, but I was very surprised to see that Microsoft would send every link you crawled back to Bing to index. Distributed web crawling!
>Of course I updated the robots.txt and yelled at leadership for the gaping security hole
I've curious how there was a security hole when a client opted out of requiring auth? If the client wants them publically available then there was no security hole.
Secondly, I am wondering why you are yelling at leadership for something that seems like it was your responsibility.
the decisions on which basis the user opted out from auth was that they believed the links where obscure/private enough to be "non discoverable" (enough)
for example let's say your link is `example.invalid/documents/samcea45pwmcwwn325ewaruvon4pepwrm8euwawuvuer8u` and there is no non-authenticated index/listing available
under normal circumstances you could argue that this long id is comparable to a "simple" shared password i.e. knowing is a very weak form of authentication, except it doesn't have the same degree of protection wrt. storage, logs etc. But good enough for non-public non-secret data.
that is until you browsers without you knowing it or explicitly agreeing to it starts creating that index which shouldn't exist _and_ pushes it to a search machine...
(or a you have a virus infection which installs a link scrapper , now that I think about it edge pretty much acts like a virus in this case, lol)
Similar such links are all the time used for account setup or password reset, too.
There is nothing wrong with them, and intentional mall ware would likely be able to scrap whatever you additionally add to secure a shared link without password.
There is _a lot_ wrong with what edge is doing.
If edge would be hardware it would need to be destroyed in some countries because it counts as unauthorized spying device (but that law was never updated to the digital age).
The "security hole" was anyone could use search inurl:example.com/documents and get five pages of results with SSNs, credit card numbers, etc. plus the reputational damage of leads doing any amount of research into the company and seeing confidential documents on page 2 or 3 by literally just searching the company name. The startup was big enough that the data&reputational risk was easily 7 figures/yr
> I've curious how there was a security hole when a client opted out of requiring auth? If the client wants them publically available then there was no security hole.
Its possible they wanted the link to be easier to share with very specific people, but not necessarily be something found on bing.
Not really, no. That came about more from people claiming to have good security, but not disclosing their security practices and many of them turning out to be rather insecure.
Many products (Google Docs, Youtube, Office 365, Dropbox, etc) allow sharing things via unguessable URLs; it's a standard practice that was safe, until browsers and browser extensions decided it was okay to send private URLs to other parties.
I would not be surprised if the EU steps in at some point and fines them heavily for it.
There are a large number of services (Dropbox, Youtube, Google Docs, Office 365, etc) that use unguessable URLs for sharing and hence clearly don't share your idea of what it means to be "public" on the internet.
Oddly Bing seems to like PDFs more than other pages. I have a project that generates PDFs for logged in users. I see a handful of Bing/MSN IP addresses that keep on trying to view that page everyday, but MS has never tried to index other pages that need user authentication. So either Microsoft is really eager to index PDFs or my code the logs unauthenticated access attempts doesn't work on other pages.
This reminds me of a case I saw a couple of years, working for a company that delivered a document software. We had documents accessible through the web, open, but with a obfuscated URL, as a good amount of other companies in similar spaces. One morning we found a good amount of documents indexed in Bing, as well as invoices from some of Norways largest credit card companies, e-invoice suppliers etc.
We never got to the bottom of how it happened, but our theory was that Edge would send browsing history back to MS; and MS/Bing would index based on this. So this seems to be a practice that has been going on for a long time
I remember opening up a new HP laptop with Windows installed, around 2016. Out of curiosity I installed Wireshark and inspected some of the outgoing packets from pre-installed software on the Windows system. Alongside the usual telemetry, I found some packets being sent to an IP registered by the US military, straight to a military base, no proxy or anything. Maybe there’s a perfectly non-nefarious explanation but that investigation sure felt like it confirmed my suspicions…
Interesting. Does this actually have any security implications or is my paranoia for nothing?
In my head, “normal“ CAs used by browsers for example are held to a high standard of digital trust. Whereas trust in the US military as a CA sort of implies blind faith. But I honestly don’t feel that I know enough about TLS to know why I should trust, say, digicert or identrust, more or less than the US military.
The US Government issues their own certs for many agencies, so there's no commercial entity that acts as the CA. These CAs are installed by Windows just like most other CAs.
The computer is part of the cloud, but the user is paying for electricity and storage costs. At the loss of privacy the user gets all their data backed up in cloud discoverable through a bing web search from any workstation
I switched from Chrome to Edge 4ish years ago. It was honestly faster, didn’t rev up my laptop fan, and over time they added things like the automatic privacy tooling that I enjoyed.
Now they’re messing up where it matters. The endless promotion of Bing, making it hard to completely remove it from the browser, adding a huge fucking B button. All while ignoring glaring bugs that were making it impossible to use certain sites with Edge while working fine in its sister browsers. Now I’m swapping back to Chrome because this is purely intolerable.
Sometimes software doesn’t need iteration or more features. Sometimes it just needs to work!
Edge has been passable, Edge gained users, someone at MS suggested they should exploit those users more -- 'they're enjoying it, we can make it shit and exploit them for money instead, go us' is how I imagine that thought went.
If MS stay true to form then give it a year and Edge will be a fetid turd, but they'll add some lock-in from the OS; maybe Office online breaks in all the other browsers. The World will be worse, some middle-manager will get a promotion, shareholders will get a few more cents, so it goes...
This is what Cory Doctorow has described as the enshittification of companies and platforms. It's not a fluke - it was the plan all along. First you treat your customers well to build up a user base. Then you make things crappy for the users in order to bring in business partners (advertisers), which is what they're doing now. And later they will screw their business partners as well and redistribute all profits for their shareholders. And then the platform will die.
>'they're enjoying it, we can make it shit and exploit them for money instead, go us' is how I imagine that thought went.
That's exactly how it went. And since users keep allowing themselves to be exploited, that's how it'll continue to go.
Luckily, these days users seem to prefer being exploited by Google instead of Microsoft, so MS isn't able to force their shitty browser on everyone the way they did in the IE6 days.
Oh man, you must be too young to remember when companies had intranet sites that only worked on IE6 long after it was supported. That was pure hell as a young IT support drone. Good god.
Web Applets were pretty cool in theory at least, but a disaster in practice.
Also never fails to amaze me that if Adobe hadn’t been so lazy with making Flash performant on Mac, Steve Jobs wouldn’t have delivered the death blow. ActionScript was not a bad language!
Don’t forget that “news” keeps getting added back to your customized “new tab” page. That was there last straw for me on desktop. I switched to Firefox. It’s slower but still fast enough for my purposes.
On mobile, they broke the address bar somehow, so now I’m using Firefox everywhere, even though I never really planned to do so…
It’s a shame. It was a great browser for a while.
Edit to add: Firefox has the best “reader mode” of any browser I’ve tried. I’m actually really happy about that.
Microsoft has made some Windows-based optimizations to things like memory management. But, as far as I know, they've been upstreaming those optimizations back to the Chromium codebase. There are some things that aren't upstreamed like Startup Boost and Game Mode (or whatever they're called) where Edge runs as a minimal background process on login to reduce startup lag when first opening Edge or reduces resource usage when Windows detects that you're playing a game, respectively.
"24 ads and other trackers from The Verge attempted to load on that page alone; usually much more if those are allowed to succeed."
None attempted to load with the browser I am using. I was able to read the text of the article and follow any links on the page no problem.
One could hope that "web developers" will stop accepting money in return for putting this garbage into pages. IMHO this is unlikely to happen.
Alternatively, for recreational web use, one can stop using the browsers that auto-load the garbage by default. I did this and has worked better and better for over 20 years.
The popular browsers supplied by so-called "tech" companies have many "features" but they do not allow users to disable auto-loading.
I use ad blocking for decades thus am completely out of touch with how the internet is supposed to look like.
But the other day I used a clean browser to search for something in a store and the first search result was for a competing store! Very sneaky. It's all so fascinating.
I’m well aware of that and that’s my employer (AWS). But I’m not tsk tsking on a moral high ground and clutching my pearls about what the web developers are doing
ublock origin. i refuse to visit any website that tries to make it difficult for me.
The way internet is made, you either go onlyfans style paid only model where every "consumer" pays or like wikipedia where everything is open. Ads don't work, tracking doesn't work.
What i mean by not working is that with tools like ublock origin, these "one trick pony" fail so then they make the appeal "but think about the creator".
If you are so concerned about your revenues, go do onlyfans. otherwise assume you will not get any revenue ads.
Amen brother. Also, windows, especially server, used to ship with everything enabled by default but MS learned it was a security nightmare. I wish a basic browser would ship with this stuff opt-in or add-in only. Keeping up with this kind of bloat is exhausting.
This is such a weird gotcha. It's like telling a communist that they should just stop using money. We're all subject to forces beyond our control. The journalists writing these articles do not control what executives and business people at Vox Media do.
A lot of the excitement was dulled by the fact that a well designed, well engineered app needs money to pay those designers & engineers, and just like this instance, you can never really know whats being leaked or sold, unless it's a large open source project.
Yes, I know the old adage that if you're not paying for a product you are the product, and as I try and simplify my life and focus on having just a few really high-quality items in any category of life, getting screwed so often because of the need for companies to have as much information as possible updated as often as possible is really making it harder and harder to be the technology and internet enthusiast I once was.
> Yes, I know the old adage that if you're not paying for a product you are the product
Now it's just "You are the product". It doesn't matter how much you pay for something. You can spend hundreds on a copy of Windows, or thousands on a laptop or smart TV and still have your data collected and used against you at every opportunity.
It's free software now that's most likely to do what you want without also trying to screw you in secret, but even with open source software you have to watch it like a hawk. So much good software goes bad eventually and even well intentioned programs can have their own ideas on how much data is okay to send to third parties.
Very much so. I find myself wanting to pay for software. Once if it's just one major version, sub if there are indeed online up and running costs. But it has become so difficult to find honest solutions I just return to foss projects and donate some money.
Sometimes this isn't ideal, and then I go through the process again. It's baffling. There are some good companies out there ofc, and I do hope they continue doing the right thing.
Especially as all it offers is a tab tree and split content windows. Something that you can have since ages in Vivaldi natively or with just two add-ons in Firefox.
Also it's of course not a new browser. It's just the next Chrome GUI.
The "Peek" feature they showed in a tweet seems cool, is there an extension for that in Firefox? Where you can get a tab-within-a-tab to view an article or etc without opening a tab yet. I would definitely install an extension to be able to right-click "Preview Link" or "Preview Tab" or etc. I did a quick search for "Preview Link" and "Peek" and nothing really showed up. There was one "simple link preview" but I tried installing it and it just seems super buggy so I uninstalled.
The part I like lost about the peek feature is when it happens elsewhere in the OS. I click a link in outlook or iMessage and I pops up right there in context without jumping all the way to my browser. ESP nice for unsubscribe links in emails.
Despite my snark, I am genuinely curious after seeing a bit of what it actually looks like in their design meeting video. What are the unique features and what do you like about it?
For me the spaces organization, and how they handle tabs is really nice. Cleaning up open tabs every night (being keeping the archive if you need to re-find) is nice, and moving certain tabs up to the favorites area that are long-lived is nice. There's nothing super major that changes for me, but if you're the type of person that collects tabs and then doesn't do a great job organizing them, it could be really nice.
Follow creator feature? This must be the weakest reason I’ve seen in consumer tech and the bar is very low. Remember this is what the “…to improve your experience” refers to, from the privacy policy.
Iirc Edge “telemetry” is also used for the WebView2 runtime which affects Tauri (an Electron alternative) as well, so for the people who think that installing Firefox fixes the problem, that’s not true. The Tauri devs were rightfully pissed and harassed Microsoft, but last I checked MS didn't care. So it wouldn’t surprise me if this new “feature” is also part of WebView2, just because of the code share.
"This must be the weakest reason I’ve seen in consumer tech and the bar is very low."
Wym? It's decent feature (if you are the target for it). Ability to track your subscriptions from all of the different websites in one unified place (in this case your browser) is not a terrible product
Google relies on duration of stay data from chrome and google analytics to rank search results. Without knowing how much time people spend on a page, you don’t know if the said page is someone’s wishlist, or a wishlist tool, or the wishlist brand, etc. That’s why they were rewarding verbose content, that’s why SEO optimizers were shoving as much text as possible and that’s why GPT made it even easier to rank pages higher on search engines. Bing will collect every data point it can get its hands on legally. Anyone with ambitions to build a better search engine outside of LLM and even with LLM will be only as good as their data.
Respectfully, I disagree. Google and Bing both deliberately pollute their own search results based on advertising and SEO. This is a user-hostile practice that they can get away with because of inertia and oligopoly. At some point, they will become so user-hostile that an alternative will become appealing.
For example, a search engine that made a good-faith effort to filter out SEO-optimized junk like listicles and slideshow "articles" would be extremely interesting to me. Bonus points for allowing me to permanently blacklist entire domains from search results.
> Google relies on duration of stay data from chrome and google analytics to rank search results
Has Google said this? They might infer duration from time between clicks on different search results, but I've never seen evidence they are using data from Chrome and Google Analytics.
On one hand I find it hard to believe they do not use it. It's not like it's buried in the analytics dashboard. It's a pretty prominent metric. However, I have gotten websites organically ranked that I never implemented an Analytics tag on.
Yes, Google has said this. The use of telemetry from Google Chrome has factored into SERPs as far back as 2010 (perhaps farther but that's when I became aware of it).
Ah yes, 13 year old information. Maybe it was true then, it is not now. Cutts had a known pattern of denying anything and everything about their ranking data until cornered (see his video with Harry Shum of Bing when they caught Bing stealing Google clicks), so I would recommend against using him as a source for almost anything these days.
Believe what you want, but apply some basic logic - why would they not use data they already have?
> Until Microsoft completes its investigation and presumably patches this problem, we’d highly recommend turning off the “follow creators” feature in Microsoft Edge.
>“Microsoft Edge now has a creator follow feature that is enabled by default,” says Rivera in a conversation with The Verge. “It appears the intent was to notify Bing when you’re on certain pages, such as YouTube, The Verge, and Reddit. But it doesn’t appear to be working correctly, instead sending nearly every domain you visit to Bing.”
Until called out on it, thinking that Microsoft was quite happy with "follow creator" sending Bing what urls users go to.
Another slick trick of Edge that I have noticed is that after updates, various settings can change or new ones added, particularly those that involving privacy. So users have to always be wary and vigilant about checking all settings after any update.
Also worth mentioning, it is practically impossible to remove Edge from a Win 10 (and probably 11) installation. I tried nuking everything i could find, registry entries, Trusted Installer stuff, nope, keeps reinstalling itself after every update. I gave up.
It's the new ie in the sense that it provides an embeddable WebView for apps that need to securely display web content like oauth logins, so it's not realistic to remove all the files. :/
Maybe this is a good moment to rant, but I just don't get what the fuck it is that Chrome does that people just _will not_ get off the Chromium ride. They will happily bend over a table for Google/MS, all in order to not have to use Firefox. I've used Firefox for a decade and a half now, and I've never understood it. It has never failed me, and I've never needed anything else.
Email? Works. News websites? They work. Banking sites? Yep. Google Maps in 3D? Works. Which special, golden webshit is it that breaks on Firefox? And what do people mean Firefox is slow? I've tried Chrome, and boy either we live in differen universes, or there isn't, in fact, any difference in speed.
Firefox, for me, was very slow between 2019 and 2021. I used Firefox exclusively from 2016 to 2020, until I had to stop, because it just became unusable.
Now in 2023 Firefox is fast again, but so is Edge. As soon as Edge was usable, I ditched Chrome, and will only consider Firefox again if they add native vertical tabs.
My point is, browsers are continuously updated, so any claim about a characteristic must be specified in some timeframe.
Yeah totally agree. Ok tbh firefox was slow and heavy a few years ago, but that has not been the case anytime recently.
Honestly, imo for a decade or so now (since the times of the old opera), most browsers are more or less the same utility-wise, with only minor differences between them. Most of them nowadays are chrome clones anyway. And if there is a feature in one and not the other, there will certainly be some extension that adds it. So I do not see why not at least go for the best privacy option.
All my passwords & bookmarks are on chrome and to a lesser extent also Safari because for most of the last decade they were head and shoulders above Firefox in extensions support and speed/features I cared about and Firefox is still not meaningfully good enough to make me switch. There's just nothing especially compelling about it.
Not until a few years ago, Firefox on macOS just kept spinning the fans because it used that much CPU, for no reason. I stopped using FF since then, haven't bothered to install it again, might do it in the near future.
I tried using Firefox last year, I did for a few months. But it's the slowest out of all the major browsers on macOS. So I'm back to using Safari with Chrome/Edge for the few sites that don't work in it.
Very conveniently Edge started crashing just yesterday whenever I visited gitlab, which gave me an excellent excuse to switch my work machine to Firefox. Edge is an overall nice browser, but it's less stable than plain Chrom(ium) IMHO and MS really pushes hard their nefarious features, way more than I can tolerate honestly
As long as you're doing that you might as well go all out and work through the ever-growing list of "features" that generate outbound connections you never explicitly requested, but which Firefox makes anyway.
I believe it uses your selected provider. I looked in about:config and saw no URLs when searching for things like "search", "Suggestions" etc.
really the only way to be sure is to fire up wireshark. But I am on a work computer with a TON of crap running that is quite chatty. So i didnt look to verify.
...which is pretty funny, since I'd assume that if I begin typing an url, I'd assume it would primarily search and use my local browsing history. But no, it gives more weight to sending me to a google search, presumably so google has the chance to show some ads to me. User-hostile design, not happy with it.
The address bar is a search box. All of my Google queries go through it. So of course I want it to autocomplete Google search results, not just my local history. Fortunately it does both and gets the balance pretty right. It's 100% user-friendly design for me, satisfied customer over here.
I mean most people I know google "gmail" instead of typing "gmail.com" but I cannot see how this is an argument for being considered primarily a search box and not autocompleting "gmail.com", if anything kind of the opposite and all this is ridiculous.
If you're using Firefox the keyword for controlling that is 'frecency'. Adjusting the values there in about:config will let you boost history and bookmarks.
Firefox - not really. One of the very first changes done to firefox on installation - the URL bar is that: a URL and the search one is enabled by ctrl+k (instead of ctrl+L), and the default search engine has long be changed not to be google.
The hashed form of the URL might still reach Google as part of the Safe Browsing initiative, although a copy of the List of Naughty Websites is kept locally as well, so if you visit a known deceptive site, it need not ping their servers.
I don't think this is something with malicious intentions. Those folks worked on this feature probably didn't want deal with all the mess on cross-organization stuff whenever they need to support new sites/networks. They probably told the Edge team something like "This is a super high priority project from the SVP, just give me the ownership of this piece of code". Instead of implementing a proper client side domain filtering. Which is a worse problem ingrained in the org structure IMHO. Looks like they have no security/privacy process for this level of feature launches?
Yes, that's mainly what I was thinking of. Search suggestions, which are on by default. Chrome also has some sort of hostile site checker but that may use locally cached blacklists, I can't recall.
One note: I've noticed turning off this feature does not immediately turn off the feature. A browser restart (all instances) is required to take full effect (and stop sending traffic to that endpoint). Also keep an eye on the toggle--Microsoft Edge does not guarantee settings persist across updates.
>Microsoft Edge does not guarantee settings persist across updates. //
This sort of behaviour, which Firefox had indulged in in the past, is abhorrent. It needs punishment of the company and the controlling staff; they can not be trusted at all.
It’s probably a good idea to disable Edge...That is, stop using Edge (or Chorme), and start using an alternative browser...like Firefox. /s
More seriously, I wish there was a web browser built in a sort of cameleon fashion:
* layer 1 - the lowest layer would be some weird rotating engine that would use different browser engines to send disinformation to all websites, web apps. For example, at one moment websites see that i'm on FF, but the next moment on a version of (fake) "Chrome", etc. But, functionality, the user is unaware of what engine is actually driving the typical underlying browser processes.
* layer 2 - the middle layer would hold my personal/private data, like saved passwords, cookies that i desire, etc. This layer is in total control of the user and their data. Whatever configs and preferences are set by the user are saved in this layer, and it persists across browser upgrades, browser synching platforms (like Firefox Accounts), etc.
* layer 3 - is what the user sees as browser UI (the original term was "browser chrome" of coiurse), and interacts with the UX features...The user can use 1 of a few UI themes: 1 that "looks" like Firefox, another that looks like Chrome, another looks like Brave, Edge, etc. On top of these "browser skins", there could also be the typical browser-brand-specific themes that each native browser has available.
I should state that i know nothing about how browsers are developed...And I acknowledge from my armchair that the above would make developing a new browser crazy complex...but, wow, such flexibility i think would be pretty neat!
I'm also wondering if they send data to the Russian Yandex search engine as they have an agreement to have this search engine by default in some countries ?
This doesn't seem particularly shocking. What I'm surprised by is that Edge wouldn't have been reporting the full browsing history already (with the settings you get when just clicking through every dialogue box at first startup), and only started doing so with this feature. At least the privacy policy [0] suggests the former:
> Depending on your settings, this browsing history is sent to Microsoft, which helps us find and fix problems and improve our products and services for all users.
So is the news that they're doing this even when the "Help improve Microsoft products by sending optional diagnostic data about how you use the browser, websites you visit, and crash reports" option is off? That'd be unfortunate. Or is the news that it's sent to a Bing domain rather than a Microsoft domain? That is just stupid reporting.
Yes, the news is, as written, when the creator feature is on (and it is by default), all websites are reported to the Bing API endpoint. The other options you referred to aren't mentioned because their configured state is not relevant.
Specfically, the following request is sent:
GET /api/v7/followweb/isfollowable?appId=F1E45C4A7B95B48AC3F411C6214F6B861D0C276B&mediaUrl=https://www.domain.com/&edgechannel=stable HTTP/1.1
The configuration state of the option that allows Edge to send browsing history to Microsoft is pretty damn relevant when talking about a feature that involves Edge sending browsing history to Microsoft.
If the option is being ignored, it's the kind of thing that'll result in fines in multiple countries. If the option is being respected, it's not even a story. I assume you're the person quoted in the story and know the details, so thanks for clarifying. Sounds like it's the former then.
> What I'm surprised by is that Edge wouldn't have been reporting the full browsing history already
IIRC one of Sysinternals tools allows to pull list of accessed files, folders and sites regardless of the browser. In such case Edge wouldn't need to report history because OS does that already.
It's a mistery to me why Microsoft does not do the simple and obvious thing to siphon of a gazillion users from Google:
Just offer a simple clean interface to Bing + ChatGPT.
Without all the visual clutter and dark patterns.
Why do they keep the foot on the break by adding all that nonsense to their search engine?
Google is bringing in $160 Billion a year with their clean search result pages.
Why does Microsoft think they need to play clumsy tricks and add stuff on top of the search results to make a buck?
I see more users coming to my sites via DuckDuckGo - which searches via Bing - than via Bing itself. And that while Bing is the default search engine on the majority of new desktops and laptops out there. And the default search engine on many new tablets. Plus they have ChatGPT integration. It's just ming boggling how Microsoft wastes all that power with a bad UI.
> Google is bringing in $160 Billion a year with their clean search result pages.
No, Google brings in $X billion a year with all the ads and garbage they stuff in between those clean search results.
The same is true for Microsoft. There's no money to be made to run the service (let alone justify an American company's lust for growth and profit) without stuffing it full of ads to hopefully sell you something.
One has cute penguins in the background, both show a pop up dialog trying to get me to do something.
The layout of the results page for two sample search are almost identical.
Actually for "what is a barnacle" I think Bing wins for clarity of results.
When searching for "what dog food is the best", both Bing and Google give me an entire page full of ads before any actual results pop up.
On desktop, Google's "sponsored" marker is more obvious than Bing's, but no wheres near as obvious as it used to be when Google's motto was don't be evil.
Mobile search result ads are aggressively bad with Google, frequently I have to scroll down past a page and a half of ads before I get to actual results.
What's funny about bing is that it shows me what appears to be, from UI cues, a carousel of some sort but none of the controls do anything. (It went away after a refresh)
Also crazy that they wont let me use their new AI without downloading Edge. I'm not going to change my browser just to try a search feature. Do you want to get me using your service or not? Presumably my using Edge + Bing is only a minor improvement in conversion versus me using Chrome + Bing, relative to me not using Bing at all.
If you're talking about what I think you are, I was just noticing the same bug earlier today. It seems to be fixed now, at least on my browser. In any event the carousel control arrows are supposed to be on the vertical edges of the frame. If they disappear, you can click, hold, and do a slight drag motion on the image, and the carousel controls will reappear.
The difference is entirely understandable if you look at a MSN.com page from the early 2000s: it's a search bar with links web stories around it. Bing was created primarily keep that old audience from defecting to Google.
What worked for Google in a crowded search market in the year 2000 is not necessarily going to work for Microsoft Bing in 2023.
In any case, if Google's clean design was such a differentiator, they wouldn't need to pay Apple $15bn to make it the default search engine on Safari.
I honestly have no issues with the current Windows 11 user interface. In fact, I like it.
And I've been through a lot of operating systems, starting on the PcJr and DOS in the 80s, and every Windows version ever released.
I'm a software engineer and occasional gamer. I use Windows every day for both my job and for everything else, and I have no issues with it.
That's why I find all of the nostalgia a little weird. Some think Windows 95 was the "peak" Windows, others point to 7 and want their "aero glass" back, others say 10 is the best and refuse to upgrade to 11, some install the old start menus in the new versions, etc.
It's the same every time a new version comes out. Eventually people years from now will look back and want to try to make their desktops the way they remember their Windows 11 desktop looking.
> That's why I find all of the nostalgia a little weird.
This is an often repeated excuse. It certainly isn't nostalgia. There need to be adaptations, mainly for decent scaling for higher resolution devices. But that doesn't mean the latest iterations are good. Windows 7 wasn't good either, but it was better provided you have your standard hardware setup.
Same with the start menu. I don't install the old one, but I certainly don't use the new one either. My start menu is now win + e & win + r. Because the rest ist plainly useless. Granted, this was the case since Win7 too.
It isn't that people like the new version, they just have to use it and find a way to manage. And yes, people also said that the Win95 UI was crap too.
There were some geniune improvements over time, but they are rare. I couldn't name a single one for Win11 yet. There are a lot of negatives though that even surpass the negatives past updates might have brought about.
Well I don't see how that's wrong. They are a popular way for businesses to promote their goods and services. A city may be a popular tourist destination, just not for those that live in it. Same principle.
My Microsoft-branded Sculpt Ergonomic keyboard is fantastic. I have no idea if they designed it or build it, though. And even the tilted mouse that it came with is really good. Their previous ergonomic keyboard 4000-something, was also fantastic.
They are not conventional keyboards, they have slightly-updated interfaces including larger meta keys, a split hand layout, tenting and reverse tilting, integrated palm rest, and some other niceties. Yes, Microsoft is capable of shipping a decent user interface. Just not in software. ))
Turns out there are different classes of people with different preferences. There will ALWAYS be some customers unhappy with their decision, and they will typically be the loudest. The fact that you see more users hitting your site from DuckDuckGo than Bing is a pretty good indicator that this audience is not typical, since Bing usage is generally much higher than DDG.
Because they want to advertise they add FeATurES. There is no concern for utility and simplicity because this is not gonna bring users anyway, and it is nothing to really advertise.
All this modern corporate bullshit is just unbearable.
If your website’s target audience is tech related then it’s not surprising that DuckDuckGo is the origin regardless of bing being installed as the default search engine on windows machines/edge.
Microsoft makes an absurd amount of revenue already from Office and Azure. I say it's good that their software interfaces are more awkward than Google's, otherwise they would soon dominate everything.
Exactly. This "fact" gets repeated so often, but it's probably only technically true. e.g. DDG = Bing + crawl of top 500 sites that DDG does once a month
I was just taking DDG's word for it, but it wouldn't take that much to convince me that they were lying. Especially since they disappeared the page that listed all of their sources.
Sometimes I feel like Edge is made by 20+ different teams with no shared strategic goals that all work to make the business side of their slice of the browser look good, with no regard for long term health of the entire browser.
how is "a Microsoft product sends data to a Microsoft API for a specific feature" a surprising thing, although this seems to malfunction and send data even though it shouldn't?
If I sold you a digital camera, would you be surprised if I was uploading every picture you took to my servers? (Without telling you, of course.) Your blasé reaction is rather worrying.
At this point no. Virtually every IoT device requires upload to the manufacturer’s server to get even basic functionality, which of course breaks when the server goes offline. The privacy policies when they exist virtually never promise end-to-end encryption (a promise I wouldn’t trust anyway as corners are cut and there are unlikely to be security audits), and often imply sales of data to partners.
In this age of AI scraping every shred of data I suspect anything connected to the internet will be compromised in a back room deals, through lack of security, or through sub-contractors sharing what they can get their hands on.
I think reactions to this are more along the lines of horrified, but it is our accepted trade off in the name of cheap products.
I don't like this analogy for a number of reasons beginning with the difference between a free software that I know is internet connected and a purchased device that doesn't even need access to the internet.
Let me ask this: Would you be surprised to learn that Google Chrome sends data to Google when you enter something in the task bar to give you auto complete predictions? I wouldn't. The same is also true for Microsoft Edge sending data to Microsoft Bing to enable a feature of the Webbrowser.
Hmm, very interesting. It sounds like with a bit of wrapper code, futexes could be used instead of mutexes? If they are genuinely faster, there are many use cases where this would be valuable.
Is there a production-ready library for this? I do see the code in the article but I'm not sure I'm ready to venture into these deep waters myself.
Loved using edge, was happy to have a good alternative to Chrome. Then they added this Bing button and some weird Toolbar to the side, and I never used it since. Went back to using Chrome. Would’ve used Firefox, but it doesn’t seem to have a built in translator which I often need, and I’m not keen at all on installing some no name extension.
One surprising thing is that MS can be receiving an API call per web page from all Edge users, without noticing that they have a vast increase in traffic. It must be many times more requests than Bing itself. That must have required some serious devops firefighting.
Lol, I stopped using Edge a couple of weeks ago as after an update, it took 30+s to just switching to another tab, note that the CPU usage was below 10% and 48+GB RAM available.
Kind reminder that while a few people might be concerned and act upon this, the vast majority simply don't care and will opt into anything the program asks them to.
It says that microsoft answered that it is "investigating the issue" which is a pretty much standard response, but it does not confirm that microsoft did not implement this. But seeing that [they even have a master filter for which urls to send to the bingapis and which not](https://www.bingapis.com/api/v7/followweb/getdomainfilter?ap...) it seems definitely a feature.
I think it's correct, but understand your view too.
The feature they're referring to is configured remotely [1] with a set of domain filters that demonstrate the intent was to only capture a subset of sites. I think this is where I'm now supposed to refer to Hanlon's razor--Never attribute to malice that which is adequately explained by stupidity.
But their point is that it looks like accidental behavior? That is, it’s doing this in way more instances than the intent is with this new feature that is enabled by default?
Do you believe in such accidents? What the explanation for that would be? Something like: "Oh no, we had this enabled by accident, and by accident had configured a high-availability API endpoint to collect such calls on a massive scale. This all got compiled, configured and deployed by accident without our clear intentions to do so. We are sorry."
No, we had a feature enabled intentionally and it intentionally scans tons of popular websites, the only accidntal part that it scans more websites then intended. There is no reason to pretend there is some bigger conspiracy.
If microsoft really wanted to scan ALL urls that badly, they can... always just do exactly that?
But when they actually implement fairly decent feature that has a bug in it... it's probably a bug yes. They really have no reason to be sneaky about it
Can a browser just be a fucking browser? Every stupid fucking feature they cram in is yet another security issue waiting to explode in our face. Just make a damn browser and let us figure out how to "follow creators".
You won’t pay enough for it to make sense to support. That’s the harsh reality. Every single ‘altruistic’ browser has ended up on the dole of adtech because consumers will not pay even $0.01/pageview and publishers believe they’re worth $0.10-$1.00 per PV. I worked with an amazing founding team at Google and launched this [0] across many sites across the internet. People able to pay enough to fund the open web don’t, and people willing to pay realize that it gets pricey, fast.
Give us a break, nobody has done more to ruin journalism that Google manipulating ad auctions (bernake), rewarding click bait (doubleclick), and forcing small papers serving local markets to compete for search placement with massive companies like the NYT.
Google helping with “Adblock” is a farce considering research has shown a key reason people use as blockers is to protect their privacy…from Google.
Yes, that’s absolutely the primary driver, but the #2 reason for adoption is privacy and security concerns. Google still doesn’t understand this, hence the farce that is “Privacy Sandbox” which is utterly delusional.
Give me a Spotify for reading. I don't want to subscribe to Economist, New Yorker, Atlantic, Walrus, NYT, etc. Sometimes I want to read from one, sometimes another and all together to expensive to subscribe to all.
Google subsidized billions per annum to Apple and Mozilla to fund browsers and be the default search engine. So the open web is subsidized by ads. Nobody is willing to fund the alternative.
It's not altruistic, its stripping the browser down to its most basic essence. It is the core functionality. Why do we humans have such a hard time acknowledging an abstract thing without dirtying it with our stupid ambitions?
Nothing good is viable with the current tech "economy", where software is an endless death-march of feature-bloat to justify the unlimited (also known as cancerous) growth required by venture capital or public markets.
But I bet a couple guys could pull off an Opera 2.0 and make a nice living for themselves. You only need a couple thousand paying users at a very modest subscription fee to cover a couple of developers' salaries
These same tech players have complected the specs for the web/html/http so that only they can build browsers. There is no need for this, but here we are. And the whole Web Industrial Complex went right along with them because complexity is a nice revenue stream. Simplicity doesn't provide the rent seeking footholds that they predatory companies all exploit.
Can an operating system just be an operating system and not force ads into its user interface? Microsoft has already answered this as a NO, so I guess we already know the answer to your question from Microsoft’s perspective.
I'm saying this with extreme snark, but wait until smart homes become more commonplace and you won't be able to walk past your thermostat without Amazon pitching you new filters every six weeks over the smart speakers. Yes, there's many if's there, but the point is mostly profit motive usually trumps good taste.
Re: Windows, if we're not paying for it anymore are we still the customer? Even if that's a yes, it represents a cost for msft, so they seem to be looking to extract any amount of value out of it that they can. I doubt I'll use it past Win10, the downsides just keep piling up.
There's nothing less to expect from these fucking commercial browsers from giant companies. For the last 5 years+, I've been steadily noticing how they start small and "innocent", and once they reach a userbase, they will keep coming with shit baked in hard that will leak you to the world, invade you on your face, become a spy in your digital life, or just completely entangle you and make you a product of their open market.
Do not invest too much in any browser. This will make it easy to hop when they go to shit. Avoid using anything sticky such as password saving, bookmarks, and synchronization. Instead use other tools you control for that. We have so many browsers to choose from. I can adopt a new browser within minutes because of my setup. The same principle should be applied to any proprietary software or platform.
Seriously, EDGE has tons of useless stuff, so much you have to scroll the "..." menu in order to get the the freaking settings, and now a popup is asking me to enable some VPN or something? I didn't ask for a VPN, nor some coupons, nor Microsoft rewards, nor games, it's bloat...
> If you're not paying for the product, you are the product.
> Even paid products do this kind of stuff these days.
Yes, if you pay for the product, then not only are you still the product, but you're a sucker as well.
It's not quite that stark, but I don't see why a company would truly change its business model just because they charge a fee. It's too tempting to "do something with all this data," i.e. treat all consumer software as spyware.
In the beginning, they did cost money. Netscape offered a free version for home viewers (but charged companies - NetWare came with a user license). Microsoft sold a $29 "Plus Pack" for Windows that included Internet Explorer. That changed when Bill Gates decided to "steal Netscape's oxygen" and become the evil overlord that most people remember him as.
Show me a browser I can pay for that isn't full of bloatware crap and I'll pay for it. I've spent $15 this week alone on software, some of it I just donated money because it was useful once. I am the wrong commenter here to be telling "you're not paying", because I literally pay for all/most of the services and software I use, though I do understand I'm an outlier to some degree.
Actually, I just started using Safari at home recently, and I love it. Most Apple stuff, while locked down to some extent, seems to give me the freedom to actually be productive and do the tasks I need to do pretty easily. Sure, you have to adopt the "Apple Way" and use their software in somewhat the way that they designed it to be used, but for the most part it's really flexible and able to be used to achieve all of my goals in a simple way, without much fuss. Windows is laughable today and Linux is open and free but also has a minimal level of "fuss" you need to do in order to keep it working and get new software working. With MacOS I find I have to do almost zero maintenance and most of my time is productive. I'm going to switch my work PC to Mac as well as soon as this pile of silicon I'm using dies.
Microsoft hasn't been serious about charging users for Windows in a while. Free upgrades to Windows 10, free access to ISOs or tools to generate ISOs, and the penalty for an unlicensed install is no desktop background and a small watermark if you can't manage to trick windows into thinking it's licensed.
Yes, OEMs pay for Windows; probably businesses pay for Windows. It's pretty clear they've gone to an ad-supported model whether they're honest about it or not. And of course, paying for the product doesn't mean they won't suplement invoice revenue with advertising revenue.
People pay for Windows, MacOS iOS and Android based devices. Presumably they’re also paying for the software that runs those devices, ie the OS. And does anyone think that a web browser is not a core part of an OS today? Certainly MS doesn’t.
So yeah, MS is being paid for their browser. But a trillion dollar valuation is simply not enough.
> Presumably they’re also paying for the software that runs those devices
Not on Android. AOSP is free, but if you want to ship the play store then you have to also include the other Google apps. It is the Google data harvesting and advertising that pays for Android.
Companies are perfectly happy to sell you down the river to make a quick buck, too. Proprietary software cannot be trusted, because for-profit institutions cannot be trusted. They aren't in the business of serving you, they're in the business of chasing ever increasing profits.
Maybe those goals align at some point, but corporations' alignment drift makes AI look downright peachy.
I wish this phrase would die. You're the product either way. Company is either going to take advantage of the revenue stream or not regardless of whether you also pay for it.
"You're always the product and willingness and ability to pay for a nonessential service makes your disposable income an even juicer target to advertisers."
I think we should have 3 security levels in the browser: Level 1) Static content, no scripting allowed 2) Scripting allowed (like the current state but more restricted) Level 3) App like where you can allow the app to access certain resources.
The TSL shield/lock could have a number in it 1-3 where 1 is the highest level of security. And you have to manually click it to go to level 2 or level 3. Sites would have to use the noscript tag to beg users to enable scripting abilities. Most websites that are not app-like should consider rendering their content statically. Browsers would start out with level 2 as default, but like what has happened with web sites without https/TSL/SSL they would be "shamed" by the lock/shield icon. Unless the site has a security-level 1 header, then the site should load with highest security.
Mac user and web dev here - I appreciate a lot of things about the philosophy behind Safari, but I've lost untold hours to debugging and working around inane Safari bugs. It is truly the modern equivalent of IE for front end devs.
It also makes my blood boil that Safari both hides the full path of the URL you're currently visiting and doesn't implement the standard practice of giving you a preview of the full URL you're about to visit when you hover over a link. These are horrible choices for usability and security, especially at a time when phishing is so productive.
> Safari both hides the full path of the URL you're currently visiting and doesn't implement the standard practice of giving you a preview of the full URL you're about to visit when you hover over a link
Safari has both of these. Safari > Settings > Advanced > Show full website address, and View > Show status bar.
Moreover, I don't think either of them help out with phishing. The intention behind not showing the full website address is specifically to stop phishing, since it puts the emphasis on the domain name. (Is there a phishing situation where someone could spoof the domain name? Maybe, but I imagine in that case, they could spoof the rest of the URL as well). As for the status bar, I don't think anyone would look at it even if it was enabled by default.
Even assuming these features would help stop phishing (which I don't agree with), you can't make every single feature super easy and obvious. In addition, you can't infer anything about a design from a single user's experience with it.
And frankly, the Settings window and the View menu are not obscure places to put these options. Those are the first places you should look if you're in a Mac app and want to configure the UI.
If Safari was a 1:1 clone of Chrome but without (probably) sending my stuff to Google, I'd be all over it. Millions of other Mac users too. Instead I'm using Chrome on Mac just to get many websites to even work.
Why do we need yet another one clone of chrome? The majority of noticeable browsers nowadays are chrome clones. If you do not want to use chrome due to sending data to google, you can use chromium, brave, vivaldi, opera...
Parent commenter here. Before submitting that comment I literally checked once again to try and find these settings. I looked through the General, Tabs, Security, Privacy, and Websites settings. It didn't occur to me to look in Advanced for a display setting. I also looked through View, but never would have guessed that "status bar" is the name for the link preview feature.
The intention behind not showing the full website address is specifically to stop phishing, since it puts the emphasis on the domain name instead of misleading paths. As for the status bar, I don't think anyone would look at it even if it was enabled by default.
Intention is irrelevant when the end result can wind up misleading. See google removing the "m" subdomain once upon a time. Also this move to hide the full url comes at the reliance of instead looking for a green shield or some type of lock icon in the URL bar to ensure you're on https as safari hides this too.
In regards to the https problem specifically, while safari will say you are browsing an insecure page if using http, they do it in a horrible way - by adding text to the beginning of the url bar. Certainly if you were trying to reduce url confusion, you would add a separate symbol and label! I can click insecure icon on chrome and other browsers to read more about how, but I cannot do so on safari -- so much for trying to reduce confusion.
> Also this move to hide the full url comes at the reliance of instead looking for a green shield or some type of lock icon
The move to hide the full URL is to make the URL readable for the average user. People on this site might know how to parse URL components in their head, but the average user does not inherently understand the DNS hierarchy nor do many completely understand URI delimiters.
would be a little better indicator that it isn't their bank.
The padlock is mostly useless in today's world. It was useful in a time when ecommerce was young and otherwise legitimate sites were collecting information via http. There was an attempt to make it more useful with extended validation certs, but that solution didn't really end up being effective. Phishers could still register EV certs that spoofed other names, and adoption was too low to change user behavior.
To be fair, Safari would truncate that to `secure.bankofamerica.com.0-0.pw`, so not necessarily much better . But also not any worse than showing the full URL.
Fair enough. I'm remembering back to the original proposal from the Chrome team who were going to truncate all subdomains for this reason. But I think they backtracked some on that.
I'm confused by your point. You are claiming the padlock is mostly useless in today's world, but it's actually even more important in the world of hiding the full URL.
Criminals today phish people, use HTTPS, and people have a false sense of security because of those who told them “padlock = good”. The padlock served a purpose to drive http adoption. It does more harm than good today.
Browsers should instead upgrade to https automatically on all connections.
> Also this move to hide the full url comes at the reliance of instead looking for a green shield or some type of lock icon in the URL bar to ensure you're on https as safari hides this too.
What's the problem with this?
> Certainly if you were trying to reduce url confusion, you would add a separate symbol and label!
Why? I'm not following what's wrong with Safari's approach. You're stating your conclusions but not your reasoning.
> I can click insecure icon on chrome and other browsers to read more about how, but I cannot do so on safari
I love safari for my phone, but I prefer brave for my browser just because I still think chromium is the best browser, and brave has excellent security features. Plus its how I found this website, when you type "news" in the search bar it automatically re-directs you here.
Brave does an enormous about of non-browser "stuff." Video calls, offline playlists, customizable news feeds, crypto wallet... they are trying to build a "super app" rather than a browser. The idea is that you can trust them because they aren't FAANG, but the problem is that if they actually were to succeed then they would be FAANG.
I haven't used Firefox in ages but AFAIK it has very little bloatware. The problem, from the perspective of a web dev, is that it has quite a few rendering quirks/bugs. These days chromium sets the standard for the "correct" way to render things.
I use Firefox and do some web development on it sometimes and I don’t really notice many/any bugs either with 3rd party sites or ones I’m making, apart from things that are unsupported on purpose like the file access API
Though I have noticed some issues in Teams but that’s about it
Brave may do all that you touched on - but it also aggressively blocks tracking. And the added stuff is not pushed in your face - blocking tracking is though.
What do you mean? At least one of the cases was is routinely overblown to high heaven by people who hate the company and haven't actually read up on what happened.
Have you checked the settings for the extension in about:addons to ensure that the extension is enabled for private mode? Find the extension in the list, click on it or click the dots and click 'manage', on the details tab ensure that 'Run in Private Windows' is enabled.
I apologize if you are already well aware of this and that the problem is that is more complex than that.
FYI: You might be shadowbanned. A lot of your recent comments are marked as dead, without seeming low quality enough to get flags (including this one, which I just vouched for).
What's weird is that some of your comments aren't dead, and typically shadowbanned users have all of their comments auto-marked as dead. It's possible those got vouches though.
Firefox nags about getting a Mozilla account, uploading your history to Mozilla servers tagged with your email. Very private. Mozilla’s only step towards privacy is that it opens tabs all the time telling you how much Big Browser care about your privacy.
And don’t get me started on Firefox nagging people to use Mozilla VPN, and their push towards DNS over HTTPS, as in “Trust me dude, I want your logins, your passwords, your DNS and your VPN, and pinky swear I’m just a charity with benevolent intentions, Google just gives us money for… stuff.”
I am a Firefox user, and I think it better than the alternatives I'm familiar with, and I think I at least partially know what they are talking about?
I think the "opens tabs all the time telling you how much Big Browser care about your privacy" is primarily referring to the tabs that are sometimes opened when you restart the browser for the first time since a new update has been installed, telling you the sort of stuff that is in the new update, or sometimes talking about other projects they have.
Or like, "hey, try colors" or whatever.
I disagree with their insinuation that the push of their VPN etc. is for a nefarious purpose due to their receiving some funding from Google.
I just never look a the tabs it opens after an update. Unfortunately that's the exception the ad blockers can't catch, but at least it's just one click every 30 days or so.
It’s every time I open Firefox, which seems to be every few days.
We’re in the paradox that it is possible to claim there is no ad on a browser because you don’t look at them when they appear. Similarly, people who are satisfied with a government stance will see no problem in violently repressing opposition. Defects only appear when you are on the other side.
But they do appear, and they educate the users such as my parents into creating a Firefox account or assuming that Firefox equals privacy, which is clearly not the case.
> We’re in the paradox that it is possible to claim there is no ad on a browser because you don’t look at them when they appear
I didn't make that claim. I just said I immediately close them and don't mind them much because I basically only restart the browser when I reboot the PC (so about once a month because after that all kinds of bugs start to appear).
Of course I see them as problem, I assumed that was obvious from the rest of my comment.
Edge's vertical tabs are game changing, exceptionally useful and well-executed. No combination of browser extensions comes close (for me).
That's literally the only reason I use Edge. I want someone to release an "Edgium" like vscodium or, alternately, implement Edge's vertical tabs in Chromium.
TST is great, but it's nothing like Edge vertical tabs, which contain exactly the right amount of functionality for zero friction use. I have tried to get the same effect in Firefox, Vivaldi, pretty much anything that isn't Edge, but I keep coming back to Edge because it is so central to how I use the browser at a basic interaction level and, simultaneously, so simple to use that I can put up with (and deactivate) the other annoyances.
Brave has vertical tabs built in nowadays (though they're behind a flag, but they're more or less mature now), designed in a very similar way to Edge's.
I recently started using vivalid, which also has vertical tabs baked in. I tried some firefox browser extensions but I find them to be really sluggish and feel tacked-on.
Well I use Firefox as my primary browser, but one of my reasons for not using Chromium is the lack of automatic update functionality. Most of my software I don’t want auto-updating, but for my browser, I do want a notification of updates, and a single-click to install.
A browser costs a shitton of money to make. Even if you are just forking you need a lot of manpower. So no, you will never get a completely free browser that doesn't suck (slow, late to get security updates, can't render things right...)
It depends on what you mean. If you mean "to be disseminated throughout the whole damn company" then hell no. What kind of privacy is that? I don't care that Edge and Bing belong to the same company. Microsoft is a huge company.
That's probably smart. Seeing where people go on the web would probably be helpful if you're running a search engine. Maybe we should give Microsoft a break on this one. Going up against Google is a daunting task. Microsoft should use every advantage they can get.
I hate to break the news but Chrome does that too. I used similarweb to check my website that only I visited pretty much and it showed “other viewed websites” that only I visited. I tried some other small websites and saw websites such as “pornhub” in other visited websites.
I didn’t have any extensions or anything. I’ve reached out to similarweb and was conveniently ignored.
Just assume that all sites you visit is a publicly available data.
It shouldn't happen. A web browser is a completely separate tool from a proprietary search engine. It is not intuitive that the default web browser in an OS would share browsing data with a search engine.
Is it not totally normal and OK (and not a violation of any kind) for Microsoft to share user data with Microsoft? Fighting for user privacy is a laudable goal but in this particular case what, if any, ethical breach has occurred?
As others have commented, it's like being upset that Google Search is aware of websites you visited in Chrome. Is it unethical for that to be the case?
Of course it is unethical. The fundamental right to data privacy means that corporations are not allowed to track and profile their users activities without consent and contract. And such consent is purpose-bound, consenting to an autocompletion feature does not imply being ok with that data being used for whatever.
Imagine you buy some shoes and learn that they share location information with their manufacturer. Now you think "well they do have this feature warning me if you walk in a dangerous area, so i kind of knew they do", but then your health insurance changes your policy because "you haven't been walking enough".
Does it become more ethical when the shoe producer and the insurance company happen to belong to the some corporate group, because they are not sharing with a third party?
The primary ethical problem is about using the data for purposes the users did not know about and did not agree to.
People use Edge to browse the web. Microsoft adds a new feature called "Follow Creator" and enables it by default, without asking for consent, and then fails to disclose why exactly that feature needs to collect all urls their users browse to and what that data is used for. These are highly unethical business practices.
Knee-jerk Internet commentators think any packet going anywhere is a breach of their privacy which is funny because that's sort of the point of a network.
For me, this particular issue isn't about privacy, it's that these companies get to make their products better using my data and I get nothing out of it. Sort of how they train their AIs.
Privacy has been popularly re-defined to be "any data." Remember when people's name, address, and phone number was published in a big yellow and white book and delivered to everyone's driveway?
What we should want is compensation for the use of our non-PII data and a restriction on information about us that can be used to harm us, financial, medical, etc. to be restricted.
Chrome not telling Google I went to Amazon.com would be great, but Amazon knows I went there and if I use 8.8.8.8 so does Google anyway.
A more interesting blast from the past is the practice of capturing the search phrase in your browser sent to a competing search engine, and then noting the next visited page in your browser. This essentially captured the user's preferred link from your competitor's SERP (Search Engine Results Page), which led to legal challenges about search copying.