Friday, January 17, 2020

How to turning off Microsoft Edge data sent to Google Plex

How to turn off data sent to Google from new Microsoft Edge

Everyone should use new Microsoft Edge over Chrome because its way better for privacy.

Do this before you start using Microsoft Edge, because you'll have to clear browsing all history.

Firstly, edge://settings/privacy - Choose  
Tracking prevention STRICT as a bare minimum.

1. From section disable the following; 

  • edge://flags/#edge-widevine-drm
  • edge://settings/privacy. Under Clear browsing data, select Choose what to clear, select the check box for Cookies and other site data, and select Clear now to remove any stored identifiers. You can stop Adobe Flash DRM from ever being used by going to edge://settings/content/flash.
  •  edge://settings/content/protectedContent

2. Under edge://flags/

  • Experimental QUIC protocol - disable
    QUIC is the name for an experimental protocol and it stands for Quick UDP Internet Connection. The protocol supports a set multiplexed connections over UDP, and was designed to provide security protection equivalent to TLS/SSL, along with reduced connection and transport latency
    Some websites are not being filtered because they use the QUIC protocol. QUIC is not a standard SSL protocol and it is not filtered by MITM (certificate is not signed by MITM). To check if a website is using the QUIC protocol in Google Chrome, install the "spdy http2 indicator" extension.
    Also recommend you set up a firewall rule to prevent this.
  • disable all WebRTC flags which can be used a permanent tracker by various sites including Google. This can be used like Adobe Flash Cookies, which cannot be destroyed and re-spawn for permanent tracking cookies. See my post on how to remove them.
  • Connect to Cast devices on all IP addresses - disable - more info.
  • Cast Media Route Provider - disable - more info.
  • DIAL Media Route Provider - disable - more info..
  • Mirroring Service - disable - more info.
  • All Omnibox flags - disable - Microsoft trusted third party
  • Generic Sensor Extra Classes - disable -  unknown potential connections
  • All experimental built-in modules - disable - unknown exposure
  • TopSites from NextUrlService - disable - Microsoft trusted third party
  • Secure DNS lookups - disable - privacy issues, more info.

From section we have; 

Digital Rights Management and Media Licenses

When a website offers media content that’s protected by Digital Rights Management (DRM), Microsoft Edge uses a secure playback pipeline to ensure the content is not copied or accessed improperly. As part of this feature, Microsoft Edge may store DRM-related data on your device, including a unique identifier and media licenses, and may transmit that unique identifier to a media licensing server specified by the content provider. When you use the website, Microsoft Edge retrieves the DRM info to make sure you have permission to use the content. This data helps to validate access to the protected content and ensure a seamless media experience.
Microsoft Edge supports DRM via the Encrypted Media Extensions (EME) API for HTML5 sites. The EME API allows websites to communicate with a DRM provider called a Content Decryption Module (CDM). Different DRM systems, such as Google's Widevine or Microsoft's PlayReady, may be supported by their own CDM implementation. Content providers may choose to support one or more potential DRM systems and may utilize the functionality of the EME API to decide which DRM system to use for a specific client. Learn more about EME privacy.
Microsoft Edge supports PlayReady DRM only on Windows 10. PlayReady is an DRM implementation to deliver media experiences such as 4K video and Dolby Atmos audio. Microsoft Edge uses the Windows Platform Media Foundation APIs to support PlayReady. To validate access to protected content, Microsoft Edge utilizes the Windows 10 operating system which uses a unique identifier and communicates that with the PlayReady service. All EME, CDM, and browser data for PlayReady that persists on the device is stored and maintained on Microsoft Edge. Learn more
Microsoft Edge supports Google’s Widevine DRM and this option is on by default. Microsoft Edge will periodically fetch updates for Widevine from Google servers. The use of Widevine may include communications to Google. Users may opt out of using Widevine in Microsoft Edge by disabling the Widevine DRM flag at edge://flags/#edge-widevine-drm. Widevine has the capability to create a unique device identifier and transmit it to Google. For more specific information on Widevine and privacy, see Google’s privacy policy.
Microsoft Edge supports Adobe’s Flash Access DRM, which is used by some sites instead of HTML5. You must give permission to allow Adobe Flash when a site requests it. When a site uses Adobe Flash Access DRM, Microsoft Edge will give Adobe access to a unique device identifier. You can clear and reset any locally stored instances of this identifier by going to edge://settings/privacy. Under Clear browsing data, select Choose what to clear, select the check box for Cookies and other site data, and select Clear now to remove any stored identifiers. You can stop Adobe Flash DRM from ever being used by going to edge://settings/content/flash.
When you request access to encrypted HTML5 media like an online movie, Microsoft Edge will create a license request to decrypt the media. The CDM being used will create the license request which contains a request ID. This request is sent to the license server. No part of the license request contains any personally identifiable information, and the license request is not stored on the device.
When returning the media license, a media identifier is created which is unique to the user and the site. This ID is not shared between sites and is different for each site. A session ID, used to identify a playback session, is sent with the media identifier to decrypt the media. The media identifier is stored locally on the device and may be stored with the content provider.
All DRM and content protections can be turned off by going to edge://settings/content/protectedContent.
  • Turning off Allow sites to play protected content will disable playback for CDM-based DRM systems such as PlayReady and Widevine, but not for non-CDM-based systems like Flash Access DRM. Flash is managed by a separate site permission at edge://settings/content/flash. Turning this off will cause media functionality to stop working properly.
  • Turning off Allow identifiers for protected content will prevent the creation of identifiers for Flash Access DRM and prevents Widevine from periodically fetching updates from Google. This may cause some media functionality on some sites to stop working properly.

No comments:

Post a Comment