The Microsoft Edge logo with a big arrow struck through it pointing away from it. 🅭

EdgeDeflector enforces your default browser setting in Windows

Microsoft wants its Windows customer base to use its new Microsoft Edge web browser. Users don’t even need to choose it as their default browser. Seemingly normal-looking web links all over Windows 10, the Cortana digital assistant, and Microsoft apps like Mail, News, and Your Phone force-open in Microsoft Edge rather than in your system defined default web browser. Comtraya!

EdgeDeflector is a tiny new helper program I developed that says “that isn’t cool!” to Windows. It lets you use your default web browser even when Windows normally force-opens Microsoft Edge instead. The app is tiny and it’s free to install and use.

I don’t hate Microsoft Edge — maybe you do! — but I do believe users who have bothered to configure a different default web browser should be allowed to keep using that default web browser. Edge is a portal for Microsoft to push its own features and services, and to collect personal data about people’s browsing habits. Understandably, Microsoft wants to push their own web browser. But this isn’t the way to do it.

Get this app on Windows Get source on GitHub

Update (): EdgeDeflector does not work in Windows 11 build 22494 and newer! Microsoft made changes to Windows to block it. It still works in older Windows versions.

How does it work and what does it do?

There’s no complicated logic or magic to how EdgeDeflector works. Cortana and some of the core apps for Windows 10 use a special URI protocol to mask normal URIs and have them open in Microsoft Edge. Instead of the regular link, Microsoft apps and services uses its own microsoft-edge: link schema.

As no other browser recognize this protocol and the protocol isn’t configured by the default web browser setting, Microsoft Edge is left as the only program that can open the link even when there are other browsers installed on the system.

EdgeDeflector registers itself as a program capable of opening these special microsoft-edge URIs. When you click one of these links after installing EdgeDeflector, Windows will ask you how you want to open the link. By choosing EdgeDeflector, EdgeDeflector will rewrite the link to become a regular web link and pass it back to Windows. Windows will then open the link with your default web browser — whether that’s Firefox, Chrome, Vivaldi, something else, or indeed Microsoft Edge.

Open link with EdgeDeflector

How indeed do you want to open this web link?

Standards and URIs

You can’t change the default web browser away from Safari on iOS. To get around this, Google Chrome and pretty much every other web browser started adding their own browser vendor URI prefixes that worked the same way as the microsoft-edge URI on Windows 10.

This allowed other app vendors and other apps by the browser vendor to open links in their browser of choice. It’s a neat little work around for something that wouldn’t ever have been an issue if Apple had allowed a greater level of customization on iOS.

The special vendor URIs on iOS and now Windows 10 are all about vendor lock-in. As a user, your choices for what software you want to run are limited by corporate interests that conflict with your ability to choose your preferred web browser. This is unhealthy for the mobile web as a whole, and it’s an unhealthy and undesirable development on desktop operating systems.

I don’t believe the other browser vendors should register and attempt to hijack this vendor specific browser schema by default. Although it’s technically possible, as evidenced by the existence of EdgeDeflector, this would only instigate an undesirable war with Windows where ultimately even more lockdown is the most probable end result.

If you agree with me and want Windows to stop forcing the use of Microsoft Edge and rather have it respect your choice of default browser, please let Microsoft know in the Windows Feedback Hub (requires Windows 10.)

Microsoft Edge has two and a half custom URI protocols in addition to the standard http and https. These are the mostly undesirable microsoft-edge and the as of yet unused microsoft-edge-holographic, plus the read schema. It’s unclear what microsoft-edge-holographic is supposed to do; as of now it creates an infinite loop of opening tabs in Windows preview builds.

The read protocol for Edge’s reading view, e.g. read:/entry/edgedeflector-default-browser, is more interesting but I’ve already covered it in a separate article. I believe that the read URI is quite a good innovation and would love to see other web browsers implement this URI schema. Firefox, Safari, and Vivaldi all have their own reading views with their own URIs – and they’re all terrible in comparison with Edge’s neat little read: links.

Wait— doesn’t this program of yours already exist?

Only after completing the programming on EdgeDeflector as a weekend project, did I discover that there already was a program that tries to do the exact same trick as EdgeDeflector. (I was using Bing for search that week, go figure.) SearchWithMyBrowser seems to be quite popular based on the number of articles written about it.

However, after quickly reading through the code I discovered serious problems such as a arbitrary code execution vulnerabilities (e.g. microsoft-edge:calc.exe would open the Calculator app rather than a browser) and unwittingly executing invalid commands on the system level for some of the microsoft-edge URIs that are found in Windows.

I’d already thought of and addressed these problems to the best of my ability in EdgeDeflector. I’ve contacted the author of SearchWithMyBrowser to let him know about the problems. Another of these programs has received quite a lot of media attention in the tech press in the past, so there should be quite a few vulnerable systems out there. Ouch.

Update (): SearchWithMyBrowser has since been updated to version 1.0.0 which patches most attack vectors for the vulnerability mentioned above. This version also introduces usability improvements like a binary distribution package.

Note on responsible disclosure of security vulnerabilities: I’d problems getting in touch with the developer privately, and ended up posting about the vulnerability on the public bug tracker for lack of a private communication channel.

As SearchWithMyBrowser doesn’t have auto-update nor any way to notify users of new versions, the vulnerability will probably remain unpatched for the majority of users for the lifetime of their Windows installation whether an updated version of the software had been made available or not.