Mozilla Removes Avast and AVG Extensions From Add-on Portal Over Snooping Claims (zdnet.com) 26
Mozilla today removed four Firefox extensions made by Avast and its subsidiary AVG after receiving credible reports that the extensions were harvesting user data and browsing histories. From a report: The four extensions are Avast Online Security, AVG Online Security, Avast SafePrice, and AVG SafePrice. The first two are extensions that show warnings when navigating to known malicious or suspicious sites, while the last two are extensions for online shoppers, showing price comparisons, deals, and available coupons. Mozilla removed the four extensions from its add-ons portal after receiving a report from Wladimir Palant, the creator of the AdBlock Plus ad-blocking extension. Palant analyzed the Avast Online Security and AVG Online Security extensions in late October and found that the two were collecting much more data than they needed to work -- including detailed user browsing history, a practice prohibited by both Mozilla and Google.
Thank you Mozilla (Score:5, Insightful)
For keeping us safe.
Thank you Wladimir Palant (Score:5, Informative)
Mozilla removed the four extensions from its add-ons portal after receiving a report from Wladimir Palant, the creator of the AdBlock Plus ad-blocking extension.
Thank Wladimir Palant for doing the actual hard work.
Re: (Score:1)
Wladimir? Sounds like a Russian. Better watch out for that guy!
Re: (Score:3)
You sound like a binary virus.
Wladimir Palant is German.
https://palant.de/about/ [palant.de]
Re: (Score:2)
OK. Just don't mention the War.
Re: (Score:3)
Thank you!
Removed from Chrome and reported abuse with this story link.
https://imgur.com/5KZe0nu [imgur.com]
Re: (Score:2)
AVG in this instance is not what you think it is. You're referring to the platform version. This is a browser extension.
Re: (Score:2)
Nor an irrelevant AC.
They should come clean with EXACTLY what that is. (Score:5, Insightful)
I can empathize, at least in terms of accounting with what the folks at AVG/Avast are doing - they provide what they see as important services that people need, and are part of a moving ecosystem of exploits and vulnerabilities, on the 'white hat' side.
Of course, folks are going to be increasingly blind to this, the same way that people are blind to the value of the highway system they drive on and do business with.
But advertisers are still hungry. Google sells data to them all the time, anonymized, to better target their spending. The same as billboards on the highway, and the tools used to test the success of that.
The trick is keeping that data gathering anonymous. Keeping your vulnerability protection tool from being a sort of vulnerability itself.
In that circumstance, you have to be VERY up-front with exactly what you're making your money on.
I gave up on AVG because they were becoming a really nasty form of nagware, and pushing more and more third party crap in their update installers. I didn't want to have to scour forum threads every update to make sure there wasn't yet another thing I had to remove or registry tweak or hack to remove some nag from their user interface.
This selling data is yet another one of those - but I do understand their pressures. But they will lose much more if they don't REALLY clarify this one.
If they just put out one of those bullshit marketing videos talking AROUND what they sell, just providing empty assurances or sideways explanations, then they fail at their basic task of being trustworthy here.
No, they have to tell us, in a full video form, what is in every packet sent to them, what is in the database data they sell in aggregate, why they get paid for their anonymous data, and how it hires folks that keep doing important work.
Otherwise, they go from white hat to dark grey hat security researchers. They have to see that.
Ryan Fenton
Re: (Score:2)
But Peter Norton looks like such a trustworthy guy!
Re:They should come clean with EXACTLY what that i (Score:4, Interesting)
How do you define that then?
They are FAR from perfect - but bundling a bunch of removal scripts and detection heuristics is about all you can do in an automated way. It's as 'white hat' as a goal as I can think of without providing manual services.
The money making side is shady as hell, I can agree - but that's not really a different color hat, that's capitalism, until it interferes with the goal of detecting/removing malware.
I think it speaks more to the shape of our market, and how difficult it is to provide basic timely community services economically in the face of shared threats.
Whatever your hat, whatever your intention, the shape of the market seems to be towards unmet needs and growing vulnerabilities in this case. These companies keep going the same direction for many reasons, the more they try and serve the general community.
Ryan Fenton
Re: (Score:1)
Detection heuristics are useless. The anti-virus companies are the ones distributing the malware in order to make money.
Re: (Score:2)
Thing is, there's no such thing as anonymized data.
Google a bit, search a bit, but it is startling easy to re-link data to a person post-anonymization. Essentially?
Any data collection means? No privacy!
What has happened to AVAST? (Score:2)
Re: (Score:2)
Avast is joining the gold rush. The money is not in the products and services they offer -- it's in the data we provide them.
Like you, I've noticed the changes across the board where the core quality is sacrificed for the mining efforts.
Re: (Score:2)
From what I see, Avast is advertising upgrades for its own products. Useless stuff too like CCleaner. It's not great to be sure, but at least they're not showing you ads for beer, soap, and autos.
The truth about antivirus (Score:1)
I found the truth about it guys: https://i.redd.it/y059nwkfhbw3... [i.redd.it]
Must Be 'More' Than Mere 'Claims' (Score:1)
Shocked! Shocked, I say! (Score:1)
Given a lot of viruses and malware come from supposed "anti-virus" companies how could this be?
Oh and Mozilla, that's some great consistency you've got there. What exactly do you think extensions like Honey [mozilla.org] do?