“The app locates where Google Chrome, Microsoft Edge, and Mozilla Firefox store their cookies, queries for cookies with names they are interested in (such as MUID), retrieves their encrypted content, and then proceeds to decrypt them, all without user intervention,” Rivera said in response to Microsoft’s claims. “The cookie values then appear to get sent to or are used by Microsoft.”