The Avast and AVG Firefox extensions are currently not listed in the Addons directory. They have apparently shared private information.
Mozilla has blocked Avast’s browser extensions in its official directory. Anyone looking for “Avast Online Security” in the Addons catalog will receive “0 results”. Also affected is the add-on “SafePrice”. Both are also under the brand name AVG appeared and also no longer in the directory to find. The extensions seem to have sent the entire browsing history of users to an Avast server. Browser addons as data collector.
The reason for the blocking could have something to do with Vladimir Palant: The Adblock Plus founder had already written in detail in October 2018 that Avast extensions would send personal information to the server uib.ff.avast.com. This is not necessary for the functionality of the addons, criticized Palant. The transmitted information contained, among other things, the URL of the visited page, the page title and the referrer. Avast could therefore create an extensive user profile and reconstruct the exact surf history, warned Palant in his blog.
However, the affected browser extensions of Avast and AVG are not on the block list of Mozilla, writes GHacks. Therefore, they can still be used and installed. Users who have set up an Avast addon will not experience any restrictions. Mozilla had recently added a few entries to the list but did not include any Avast extensions. Mozilla would probably first negotiate with Avast, Palant suspects. But there is no official statement yet. The Avast and AVG addons are still listed in the Chrome directory at this time.
Avast again … :-TD >:(
Avast has pretty much became scareware and malware with it spying on the user over the last few year’s. Why I finally stopped using it or recommending it.
I fully support that! :-TU :P0l
Thanks Pio - a great informative summary
Some further detailed information about what Avast has transferred for data.
- uri > The full address of the page you are on.
- title > Page title if available.
- referer > Address of the page that you got here from, if any.
- windowNum & tabNum > Identifier of the window and tab that the page loaded into.
- initiating_user_action & windowEvent > How exactly you got to the page, e.g. by entering the address directly, using a bookmark or clicking a link.
- visited > Whether you visited this page before.
- locale > Your country code, which seems to be guessed from the browser locale. This will be “US” for US English.
- userid > A unique user identifier generated by the extension (the one visible twice in the screenshot above, starting with “d916”). For some reason this one wasn’t set for me when Avast Antivirus was installed.
- plugin_guid > Seems to be another unique user identifier, the one starting with “ceda” in the screenshot above. Also not set for me when Avast Antivirus was installed.
- browserType & browserVersion > Type (e.g. Chrome or Firefox) and version number of your browser.
- os & osVersion > Your operating system and exact version number (the latter only known to the extension if Avast Antivirus is installed).
“But even if you didn’t install “Avast Online Security” yourself, it doesn’t mean that you aren’t affected. This isn’t obvious but “Avast “”“Secure””" Browser" has “Avast Online Security” installed by default. It is hidden from the extension listing and cannot be uninstalled by regular means, its functionality apparently considered an integral part of the browser.”
send data can collect logins, screenshot monitoring and collect wrong data…
This kind of monitoring can expose who saves login data, browsing history … >:-D
Was reading on their forums today and seen this.Kind of funny to think some really still trust having Avast on their pc.
Avast-Statement: We have offered our Avast Online Security and SafePrice browser extensions for many years through the Mozilla store. Mozilla has recently updated its store policy and we are liaising with them in order to make the necessary adjustments to our extensions to align with new requirements. The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks. It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user’s identification.
We have already implemented some of Mozilla’s new requirements and will release further updated versions that are fully compliant and transparent per the new requirements. These will be available as usual in the Mozilla store in the near future.
Avast sells user data to Google, Microsoft and Pepsi
Report in german from Stefan Beiersmann , 28.01.20 >>> Bericht: Avast verkauft Daten seiner Nutzer an Google, Microsoft und Pepsi | ZDNet.de
“The security provider Avast allegedly practices a lively trade in the data of its users. Via a subsidiary called Jumpshot, the developer of free and paid anti-virus software is said to be able to sell very personal data that allows users to be tracked. According to an investigation by Motherboard and PCMag, companies such as Google, Yelp, Microsoft, Pepsi and Intuit are among the customers.”
"The report is based on “leaked user data, contracts and other business documents”. The Avast software should record data about searches on Google and Google Maps or visits to certain websites such as LinkedIn, YouTube and even porn sites. The data is then supposedly processed and, according to Jumpshot, provides insights into user behavior “behind the most valuable walled gardens on the Internet”.
“In my opinion, antivirus software providers that act as data brokers are no longer security companies,” said Sam Curry, chief security officer of security provider Cybereason. “You should defend yourself with a clear, transparent language and remove conflicts of interest or, in my opinion, spyware that attracts customers with benefits that are misleading and frankly disgusting. Curry even goes so far as to make comparisons between Avast software and “possibly unwanted software” that collects and uses data in ways that users reject.”
A message from Avast CEO Ondrej Vlcek:
A Message From Avast ??? :-TD :-TD :-TD