🅭

Brave and Firefox to intercept links that force-open in Microsoft Edge

Microsoft has inadvertently re-heated the web browser wars with the company’s anti-competitive changes to Windows 11. It made it more difficult to change the default web browser and has expanded the use of links that force-opens Edge instead of the default browser.

The latter issue is something I addressed in with the release of EdgeDeflector. Instead of using regular https: links, Microsoft began switching out links in the Windows shell and its apps with microsoft-edge: links. Only its Edge browser recognized these links, so it would open regardless of your default browser setting. I created EdgeDeflector to also recognizes them and rewrites them to regular https: links that would then open in your default web browser.

The Brave web browser added support for the microsoft-edge: URL scheme with version 1.30.86, released last week. So, you no longer need to install EdgeDeflector if you’re using Brave as your default browser. It’ll pop up as an option when you click on a microsoft-edge: link.

This makes Brave the first web browser to implement support for Microsoft’s anti-competitive URL scheme. However, it’s not the only browser doing so. Mozilla developer Masatoshi Kimura has also written patches to implement the protocol into Firefox. It has yet to pass review and get merged into Firefox, but the ball is rolling. Firefox’s implementation is part of its overall Windows 11 shell integration work.

The new implementations in Brave and Firefox follow the exact parsing logic I wrote for EdgeDeflector. It’s not the only way to parse them, it’s not the best way to parse them, but it’s the way every third-party implementation now parses them. Neither codebases attribute the code to EdgeDeflector, although both are clearly inspired by it. (Don’t get me wrong, I’m fine with this.)

You may, of course, continue to use EdgeDeflector and let it do its pro-consumer choice thing regardless of your preferred browser of choice. It’s just becoming less relevant now that more browsers natively handle the protocol.

Brave Software is also considering taking things one step further. The company is planning to intercept Windows Search/Cortana links to Bing and redirect them to its users’ default search engine instead.

This change may sound like a good thing, but I’m not a fan of the move. Microsoft is using its market position to promote its search engine very visibly in the Windows shell. It’s a bit icky because Brave Software benefits financially from directing more searches to its search provider partners, and its own Brave Search portal.

Brave is treading into dangerous and uncharted waters by rewriting the destination of a link. This resembles the “growth hacking” tactics employed by [mostly Russian] search portals and malware that was prevalent around 2010. These potentially unwanted applications (PUA; colloquially known as “crapware”) would redirect search links, replace or inject affiliate codes, and link to frame farms that would surround a page with extra ads.

It was common to bundle such PUAs with the installers for other popular software of the time. So-called “install-path revenue” was the primary funding for freeware for over a decade. This eventually necessitated the need for web browsers and operating systems to implement “search setting protections” and “default browser settings protections”.

Modern web browsers implement protections that try to block changes to their default search engine settings. These protection block unauthorized changes to the search setting, but also protect the browsers’ revenue stream from search partners. Unfortunately, distinguishing between a user-initiated change to the setting and changes made by malware has proven difficult. Web browsers had a tough time navigating these waters over the years, and it has led to many user-hostile changes. E.g. it’s become difficult to manage, and backup and restore your browser profile.

Likewise, operating systems including Android, iOS, macOS, and Windows include protections to prevent unauthorized changes to the default web browser setting. Let’s all take a minute to appreciate that Windows 11 now meets the definition of a PUA by subverting the default browser setting.

Annoyed by Microsoft’s anti-competitive changes to Windows 11, Mozilla put its developers on the task of cracking the default browser protection in Windows 11. Unfortunately, they succeeded. This success isn’t a good thing, however. The default browser protection is there for a reason, and it’s not just an antitrust issue. If Mozilla can bypass it, so can PUA and malware.

Some Microsoft apps explicitly say “Open with Bing” or “Search with Bing”. In these situations, Brave will break user expectations by redirecting them elsewhere. Then again, many links in the Windows shell look like links to documentation, but instead link to a Bing search result. In Windows 7 and earlier, these links pointed directly at documentation authored by Microsoft.

I believe it’s anti-competitive of Microsoft to ignore the default browser setting to promote its own web browser. However, I’m less convinced about hijacking search links. If the user enters a search query into a Bing search box, then surely the expected result is to end up on Bing. Users might disagree with the design decision to include a Bing search box in the Windows shell, but they still chose to use it.

I’ve been requested to implement a Bing-to-Google redirect into EdgeDeflector since day one. I’ve always resisted; EdgeDeflector has always been about restoring the functionality of the default browser setting. Users can always install redirect extensions in their web browsers if they truly never want to end up on Bing. However, a users’ choice of search engines is, at least in my mind, separate from their choice of web browsers. Although that might not be the case anymore as a diminishing number of people are aware of the difference.

The browser wars are truly re-heating. The game is afoot — and I must say, the timing is weird. Regulators around the world are aggressively scrutinizing big tech for anti-competitive practices, yet everyone on the field is playing dirtier by the day.

So, how did we get here? Until the release of iOS version 14 in , you couldn’t change the default web browser on iPhones and iPads. Google has many apps for iOS, including a shell for its Chrome browser. To tie all its apps together, Google introduced a googlechrome: URL scheme in . It could use these links to direct you from its Search or Mail app and over to Chrome instead of Apple’s Safari browser.

These vendor-specific URL schemes were introduced to combat Apple’s anti-competitive behavior on its iOS platform. Microsoft just turned the racket on its head and changed more and more links in its operating system and apps to use its vendor-specific URL scheme. The original sin was Apple’s, but Microsoft is gulping the juice of the apple with gusto.

Related reading