I seems to send all urls you visit to Microsoft, Symantec, Emisoft, Webshield, Norton, Gdata Security, and/or BitDefender, depending on your settings. And of course, those URLs can be changed on the next update.

This is true, and they do. I'm replacing Comodo's Valkyrie API with Symantec's Browser Protection API for performance reasons. But, no data is logged, and only the minimum amount of data is sent to each provider.