Microsoft Edge still forcing itself on users in Europe

Updated Last month, Microsoft said that for customers in Europe, its Insider build of Windows 11 now opens web links associated with Windows system components in the user's actual default browser instead of in Microsoft Edge.

This was supposed to happen in Windows 11 Insider Preview Build 23531, and subsequent versions of Windows in the European Economic Area were expected to inherit that behavior.

The change was made to comply with Europe's Digital Services Act and the Digital Markets Act (DMA), which require that companies designated as "gatekeepers" like Microsoft from self-preferencing.

So far, there's no sign anything has changed, though Microsoft has until March 6, 2024 to comply.

"In my testing, the new Windows Insider build still force-opens Edge instead of the default browser whether you’re in the US, Norway, or Germany," said developer Daniel Aleksandersen in an email to The Register, echoing a statement he made in a blog post.

I can’t find any links anywhere in Windows 11 Dev Insider that has stopped force-opening Edge

"As far as I can tell, nothing has changed since Windows 11 stable. I’ve done some rather extensive testing, and can’t find any links anywhere in Windows 11 Dev Insider that has stopped force-opening Edge instead of the default."

Aleksandersen in his post discloses that he's an employee of Vivaldi Technologies, a rival browser maker, and says that his post is unrelated to his employment. He's also the developer of EdgeDeflector, a program created to circumvent Edge's URL scheme behavior.

The Register spoke with a developer familiar with Microsoft's technology who speculated that perhaps the change will be made to calling applications (e.g. Outlook) rather than Edge or Windows. These apps would be altered to run ShellExecute("https://targetsite") instead of ShellExecute("microsoft-edge:https://targetsite"), thereby handling those links in the default browser rather than Edge specifically.

"This is what I expected to find too," said Aleksandersen. "However, I see no reduction in the number of microsoft-edge: links, and no corresponding non-microsoft-edge variants added anywhere near where the existing microsoft-edge: links exist in the code."

"I would have expected to see either a new executable dedicated to handling microsoft-edge: URIs (something similar to EdgeDeflector), or a wrapper-function put around every call to microsoft-edge: that would handle the EEA-and-rewrite logic. It's also possible that they would make changes to OpenWith.exe itself (the program that is called when opening files and links that is responsible for file and protocol associations)."

But whatever is going on, Aleksandersen said there's no visible change in Windows strings and functions names and there's no functional difference.

• After injecting pop-up ads for Bing into Windows, Microsoft now bends to Europe on links
• EU monopoly cops probe complaints about Microsoft Azure
• More ads in Windows 11 Start Menu could be last straw for some
• Google veep calls out Microsoft's cloud software licensing 'tax'

Aleksandersen has followed such issues closely. He created EdgeDeflector back in 2017 to undo behavioral changes in Windows 10 that "hijacked" certain web links and opened them in Microsoft Edge if Windows users had designated a different default browser.

As he explained in a blog post about the situation two years ago, the behavior of Windows follows from Apple's refusal to allow iOS users to change the default web browser for iPhones and iPads until iOS 14 was released in September 2020.

To combat this behavior, said Aleksandersen, Google in February 2014 introduced a googlechrome: URL scheme. Google used this scheme to make links from its Search and Mail apps open Chrome on iOS instead of Apple's Safari browser.

Microsoft subsequently implemented its own microsoft-edge: URL scheme to handle URLs coming from Windows system components for Windows 10 services like News and Interest, Widgets in Windows 11, certain help links in the Settings app, search links from the Start menu, Cortana links, and links sent from paired Android devices.

Microsoft changed more and more links in its operating system and apps to use its vendor-specific URL scheme

"Microsoft just turned the racket on its head and changed more and more links in its operating system and apps to use its vendor-specific URL scheme," wrote Aleksandersen.

Back in 2021, Brave and Mozilla took steps to implement the microsoft-edge: scheme so they could intercept those links, but subsequently backtracked when Microsoft prevented third-party apps from overriding its own intervention.

Aleksandersen has suggested such meddling can be difficult to separate from malicious behavior if not explicitly authorized by the user. Altering user defaults (e.g. so searches get handled by revenue sharing partners) is a common tactic among abusive and malicious apps and browser extensions.

"There's a similar system in place on Android," said Aleksandersen. "By default, apps can open all registered links (there's a system in place requiring apps to demonstrate control over the domain before it can handle links on behalf of any domain). Crucially, users can go into an app's setting and revoke the app's domain associations. The user stays in control if they prefer to use the web browser."

"On iOS, like everything else, it's a black-box experience. Apps register and verify their domains and then that's it. The user has no say in whether an app can or cannot register itself as a handler for a given link."

Aleksandersen said that for a limited number of use-cases, this is a welcome and useful feature.

"I generally prefer Firefox's approach on Android," he said. "Open in the web browser by default, but include a button for opening the page in the associated app instead."

He also said the microsoft-edge: scheme would be fine if Microsoft had used it sparingly, for occasional Edge promotions on its website or for links that manage Microsoft Accounts.

"Microsoft can make a strong argument for having better security on the Microsoft Account website inside Edge," he said. "It could, for example, prevent browser extensions from running on this specific domain where they could hijack user accounts. It hasn't. But it could."

"I'd be annoyed with this scenario, but it wouldn't be the giant anti-competitive dick-move that is the current implementation. Now, it's a tech-bro 'growth-hack' that explicitly ignores the explicit preferences of Microsoft's own customers."

Vivaldi, coincidentally, began masquerading as Edge in June so Vivaldi users on mobile phones can access Bing Chat.

Microsoft did not respond to a request for comment. ®

Updated to add on September 14

In an email sent to The Register several days after this story was published, a spokesperson for the IT goliath said, “Microsoft has started to test and implement changes to bring designated services in full compliance with the EU’s Digital Markets Act by March 2024. We will continue to work with the European Commission as these compliance efforts progress.”