← Search Engines
D

Bing

Serious concerns
Microsoft · 🇺🇸 United States
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
Manufacturer: Microsoft

The bottom line

Every Bing search feeds into Microsoft's advertising network of 801 partners. Edge's address bar sends what you type to Microsoft before you even press Enter — a feature called "search suggestions" that's on by default. Researcher Zach Edwards found Edge sending full URLs of pages you visit to Bing servers. Your browser is reporting your activity in real time. Bing is embedded in five places across Windows: the Start menu, the taskbar search, Cortana, Edge's address bar, and the Windows search indexer. Microsoft has made it deliberately difficult to switch — in 2023, they removed the ability to change the default search in the Edge address bar for European users until EU regulators intervened. Bing isn't a choice. It's a default that resists being changed.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
2/4 MODERATE
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
0/4 N/A
Is it actually secure?
Honesty
2/4 MODERATE
Can I trust what they say?
ACCEPTABLE Moderate concerns. Standard privacy hygiene applies.
3Contradictions
0Critical
2High
1Medium
2Sources
Findings by concern
Spying 2/4 MODERATE 1 finding
⚡ highfirmware analysis vs policy claims
Every Bing search feeds into Microsoft's advertising network of 801 partners. Edge's address bar sends what you type to Microsoft before you even press Enter — a feature called "search suggestions" that's on by default. Researcher Zach Edwards found Edge sending full URLs of pages you visit to Bing servers. Your browser is reporting your activity in real time.

What they claim: Bing provides helpful search with privacy controls.

What we found: Queries linked to Microsoft account, IP, device IDs. First PRISM participant (2007). Same ecosystem: Outlook (801 ad partners), DiagTrack, Copilot AI. Edge sends keystrokes by default.

Data Sharing 2/4 MODERATE 1 finding
⚫ mediumpolicy claims vs firmware analysis
Every search you make on Bing trains Microsoft's AI models — Copilot, Bing Chat, and whatever comes next. There's no wall between "searching" and "training." Microsoft's terms of service grant them a licence to use your search queries for product improvement. When you ask Bing a private question, you're also teaching Microsoft's AI. The search bar isn't just a search bar — it's a training data pipeline.

What they claim: Copilot AI provides helpful answers from Bing.

What we found: Copilot processes queries through AI infrastructure. Search data used for AI training. No clear separation between search and AI training pipelines.

Honesty 2/4 MODERATE 1 finding
⚡ highfirmware analysis vs regulatory findings
Bing is embedded in five places across Windows: the Start menu, the taskbar search, Cortana, Edge's address bar, and the Windows search indexer. Microsoft has made it deliberately difficult to switch — in 2023, they removed the ability to change the default search in the Edge address bar for European users until EU regulators intervened. Bing isn't a choice. It's a default that resists being changed.

What they claim: Users can choose their search engine on Windows.

What we found: Bing default in Edge, Windows Search, Start Menu, Cortana, Copilot. Requires multiple steps and third-party tools to change. Microsoft actively resists easy switching.

What happened to real people
Documented incidents involving Microsoft products and user data.
First PRISM participant (2007). 31% of US legal demands come with secrecy orders — 1,974 gag orders in H1 2025 alone. Users never told their data was demanded. [source]
Storm-0558: Chinese hackers used a stolen Microsoft signing key to access US government officials' email accounts. Microsoft's own infrastructure was the attack vector. [source]
What your data is worth to governments
Microsoft complied with 6,288 government data requests in H1 2025. That's 31% of demands include secrecy orders. Microsoft has been a confirmed PRISM participant since 2007. Under this programme, the NSA collects stored communications. The company is legally prohibited from telling you. Jurisdiction: US (CLOUD Act, FISA Section 702, Patriot Act).
Documented: First PRISM participant (2007). 31% of US legal demands come with secrecy orders — 1,974 gag orders in H1 2025 alone. Users never told their data was demanded.
Documented: Storm-0558: Chinese hackers used a stolen Microsoft signing key to access US government officials' email accounts. Microsoft's own infrastructure was the attack vector.
What is PRISM? · What is the CLOUD Act? · Transparency report
Sources