PureBasic Forums - English

Seems microsoft edge has a key logger built in.
I noticed repeated requests to nleditor.osi.office.net, when I was writing a message in the forum.
It's supposedly a spelling and grammar service but the fact it's key logging should be a little worrying.
If it's unblocked it establishes a tls connection and sends off encrypted packets to nleditor.osi.office.net 52.109.112.219
I don't have the time to MITM it to see exactly what it sends but it seems to be a fairly recent as far as I can tell and it is also reported to be present in the webview2 browser control if anyone is using that.
Dnscope blocked it, which is why I saw it. see in the log.

idle wrote: Thu Oct 20, 2022 10:43 pm Seems microsoft edge has a key logger built in.

https://www.ghacks.net/2022/09/19/dont- ... -features/

yes that disables it
go to edge://settings/languages , and either turn writing assistance off or set it to basic.
The fact it's on by default is just wrong, the behavior's has been reported in the edge webview2 control just a week ago.

The fact it's on by default is just wrong

Come on, it's Microsoft corporation.
They only have your best interests at heart

LOL

Paul wrote: Fri Oct 21, 2022 1:39 am

The fact it's on by default is just wrong

Come on, it's Microsoft corporation.
They only have your best interests at heart

LOL

I better be careful with the key words I use or a swat team might turn up.
The real worry is the risk it poses for developers using the webview2 control.

@idle,
Well spotted. Thank you.

Thank you from me as well.

Android and Windows both have multiple telemetry subsystems... Even if a process isn't logging some native subsystem is sending keywords and source code and binary data along with stats and specs... I think MacOS does too.. Commercial Linux distros have some kind of telemetry around package managers...

Pretty sure they all collect data from cloud and sync services too despite claims of encryption...

idle wrote: Thu Oct 20, 2022 10:43 pmIt's supposedly a spelling and grammar service but the fact it's key logging should be a little worrying.

Yes, but... any app that corrects spelling and grammar literally has to know what you've typed (and/or read your text).

BarryG wrote: Sat Oct 22, 2022 2:34 am

idle wrote: Thu Oct 20, 2022 10:43 pmIt's supposedly a spelling and grammar service but the fact it's key logging should be a little worrying.

Yes, but... any app that corrects spelling and grammar literally has to know what you've typed (and/or read your text).

Spelling and grammar can easily be checked in the browser itself, it doesnt need to upload your key strokes to the cloud for processing or collection. The fact it does this by default and also does it in the webview2 control presents a pretty serious security risk which is rife for abuse in my opinion.

tj1010 wrote: Android and Windows both have multiple telemetry subsystems... Even if a process isn't logging some native subsystem is sending keywords and source code and binary data along with stats and specs... I think MacOS does too.. Commercial Linux distros have some kind of telemetry around package managers...

Pretty sure they all collect data from cloud and sync services too despite claims of encryption...

I expect they all do to some exent but we don't need to accept it.
In my current session, Dnscope has blocked 90% of the requests out of a total of 29,623 only ~3000 have got through, most of those domain requests are related to microsoft and google related domains and that's just on my desktop.

idle wrote: Sat Oct 22, 2022 4:33 amit doesnt need to upload your key strokes to the cloud

Oops, I overlooked that bit. Yes, that's a worry, then.

BarryG wrote: Sat Oct 22, 2022 5:13 am

idle wrote: Sat Oct 22, 2022 4:33 amit doesnt need to upload your key strokes to the cloud

Oops, I overlooked that bit. Yes, that's a worry, then.

Sure is. It's not so much the browser though but the implications it has for applications using the embedded controls.

I am not surprised Microsoft would do something like this. Years ago when I still used Windows I went on a crusade to turn off the forced updates and stumbled upon their data collection service that when toggled off warns you that you're making your system unsafe by not allowing them to collect your personal data. It's pretty scummy, and I would be very surprised if Google wasn't doing the same thing.

The worst thing is if the system sends the MFT of the hard disk, for example, when the OS boots, when the user cannot control the OS. Moreover, it will send it in a couple of seconds, and then someone will analyze the data structure and decide which data is of interest to him.

Amazing what they try to pass as legitimate software these days...