Quick FYI if you use Microsoft Edge Browser Wallet

PostHoc25

So this is a real, real weird one. 

A couple of days ago I entered an online competition using my for spam gmail account. A few hours later I received a confirmation of my entry addressed to my full name. EXCEPT, this was a name I changed 15 years ago. It had no connection to my gmail account, wasn't in autofill anywhere because I simply don't use it. I contacted the company, assuming they had sourced it via some weird old database, but even that as a reason didn't feel right.

Their reply was that I had typed in that name. Weirder because all the entry form required was an email address. I did some investigating on the competition page as it is one that allows repeat entries over time. I clicked around and found a link to my 'account profile' auto-created from logging in via the spam mail address. The only info there was my current spam email address with my old name.

So where had it auto-filled from? I clicked around some more and got taken to the settings page for Microsoft Edge Wallet which I do use for online shopping:

From an Edge browser window, click the three dots top left, then: Settings>passwords and autofill>Payment methods>Personal Info

I cannot describe the variety of names, partial names, friends names, contacts details that were somehow connected to personal info in Wallet. No clue what manner of cookies had gathered up the data to dump there but one clear location was from some recent family history research I had done on Find My Past.

All the relatives names - living and deceased - I had searched had been copied over to my wallet?! And because I'd used my old name pre-change in the searches, it had also connected that somehow. Why it randomly selected that pairing of my old name and new spam email for the competition, who knows because there were more than 30 options.

I have now deleted all the erroneous names linked there and am reaching out to Find My Past to see if they have any thoughts although I'm not really expecting anything of help from them - am assuming they will blame cookies and Microsoft, but thought I would mention it incase anyone else wants to check and clean up their personal info on Wallet. It's weird too that I never submitted payment info to Find My Past and used a different email address for that site, but I did do all the FMP searches in Edge browser.

If anyone has any thoughts, do share. Besides that, hope the above is of help and makes sense :-)

Eyeful

Good practice is to use at least three different browsers. 
1. Use first browser for surfing the internet.
2. Use second browser for on line shopping only.
3. Use third browser for on-line banking only. 

Jami74

Eyeful said:

Good practice is to use at least three different browsers. 
1. Use first browser for surfing the internet.
2. Use second browser for on line shopping only.
3. Use third browser for on-line banking only. 

I wonder how many people do that.

Chief_of_Staffy

I use Chrome and just click Incognito when I need to ensure a 'clean' browser. I believe Edge has the same, called InPrivate. That's what it's for.

PostHoc25

Jami74 said:

Eyeful said:

Good practice is to use at least three different browsers. 
1. Use first browser for surfing the internet.
2. Use second browser for on line shopping only.
3. Use third browser for on-line banking only. 

I wonder how many people do that.

Yes, I suspect even with the best intentions, I would totally forget which to use for which :-) Plus, this is luckily, the first alarming data/privacy issue I have ever experienced online in 30+ years of internetting.

I'm thankful it was so clearly connected to one specific site (although names from other random sources were also there). I have contacted FindMyPast, who were equally alarmed but like me, suspected it is more of a Microsoft collecting data issue than them offering info situation.  I also put in a privacy/security request to Microsoft asking why there would be any need to auto-populate info in a Wallet function.

I don't hold out much hope for any definitive answers, but let's see!

PostHoc25

Chief_of_Staffy said:

I use Chrome and just click Incognito when I need to ensure a 'clean' browser. I believe Edge has the same, called InPrivate. That's what it's for.

Yes, I do use InPrivate at times. My issue is not so much data being collected - I get that it is part of the world we live in and on the whole, I'm fairly ambivalent about it tbh :-) My specific query is related to why Wallet would need to be auto-populated, and moreso, where they consider useful places to get the data from to auto-populate it with. Feels like an unnessary feature and on this occasion obviously caused an issue! :-)

booneruk

A lot of browsers will try to be helpful by memorising how you fill in address forms. Things like Bitwarden can do it too - it's about convenience when filling out forms in the future. 

It sounds like if these wallet names were sent to this competition site then an autofill of text fields (forename, surname etc) would have happened, but you say there were no such fields. That is quite a mystery actually.

These wallet entries won't be stored in cookies by the way, cookies are packets of information that a site will set. The browser will have other mechanisms to store data locally for the wallet.

Keep us updated!

PostHoc25

booneruk said:

Keep us updated!

Will do. Yes, I do rely on auto-fill out of laziness a lot, but why it added searches from a genealogy website to wallet specifically is baffling! Thanks for the info re: cookies!

PostHoc25

Some small progress after a 40 min online support chat with Microsoft. Need to go back to FindMyPast next week then will post conclusion!

PostHoc25

Right click and open image in new tab to see larger font on screengrabs!

Okay, so in short, as suspected, Microsoft Support say that FindMyPast do have some control over this, FindMyPast say, all I can do is turn off auto-fill on Edge and that they have no control over the data taken from forms filled on their site.  

I sent them the screenshot of the advice given by MS Technical Support but they still said it was nothing they could do from their side, nor would they confirm if the reccommended protocols for coding their site were in fact being used.

My first email raised the issue and I asked if it was a cookie issue, which FindMyPast felt it was, as per their reply:



I then told them I'd been in touch with MS Support and emailed them a screengrab of the technical advice which highlighted that it was not in fact a cookie issue (thanks booneruk for explaining this also!):





The reply from FindMyPast


I double-checked they had taken on board the suggestions about coding:



Thier final reply:


So, all we can say at this point is that they feel it is ultimately down to me having auto-fill enabled, rather than them protecting name searches done on their website. A bit disappointing, but as a non-technical person myself, I feel like they aren't going to budge. Auto-fill seems rather all or nothing, sadly, in terms of what info it is adding into the Edge Wallet profile.

I also raised with MS Support that it would be helpful to be able to nominate a default or primary name and address auto-fill for use when filling in forms. Generally mine defaults to most used, which is what MS Support said it should do, using my correct info and saving time.

But as this whole incident has shown, it can also randomly link info auto-filled from elsewhere, and by simply entering an email, behind the scenes, it is auto-filling an incorrect name.