I think it's correct, but understand your view too.
The feature they're referring to is configured remotely [1] with a set of domain filters that demonstrate the intent was to only capture a subset of sites. I think this is where I'm now supposed to refer to Hanlon's razor--Never attribute to malice that which is adequately explained by stupidity.
But their point is that it looks like accidental behavior? That is, it’s doing this in way more instances than the intent is with this new feature that is enabled by default?
Do you believe in such accidents? What the explanation for that would be? Something like: "Oh no, we had this enabled by accident, and by accident had configured a high-availability API endpoint to collect such calls on a massive scale. This all got compiled, configured and deployed by accident without our clear intentions to do so. We are sorry."
No, we had a feature enabled intentionally and it intentionally scans tons of popular websites, the only accidntal part that it scans more websites then intended. There is no reason to pretend there is some bigger conspiracy.
If microsoft really wanted to scan ALL urls that badly, they can... always just do exactly that?
But when they actually implement fairly decent feature that has a bug in it... it's probably a bug yes. They really have no reason to be sneaky about it
