Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Pindakaas on March 04, 2012, 03:19:19 AM
-
I want to install Avast 7 Free , but i have read the EULA of Avast.
It says that personal information gathered will be send to partners , distributors , agents etc , how is that caring for the user's privacy ?
And if u use Webrep it will see all sites u visit and all google searches etc.
And it also can send the personal information to other country's , that maybe have less protective data laws , so AVAST doesnt take responsibility , if you send personal information , make sure their privacy policy is similar to Avast policy , not worse.
So if i care a little about my privacy , why should i use Avast ?
Ive read other eula's from other antivirus vendors , and some do NOT send information to third party's , why Avast cant be like that , instead it is going the GOOGLE direction.
Or am i seeing it wrong , then please correct me.
-
Hi,
+1
Could an Avast Team member please comment on this?
Somewhat shocking.
-
I'm not exactly sure what is it needed to comment when EULA explains it pretty well. The info stated above the line mentioned by you explains what may be gathered (exactly). It just says your data may also go through avast! distributors or agents. This only means that if you bought your copy of avast! through distributor, some of the info might go through him. But doesn't explicitly says it will always go that way. Pretty much all the data that goes to the avast! lab directly is out of limit for anyone else, including distributors or any other avast! affiliate. Only the HQ can access that data and i'm quite sure not just about anyone but just the staff that works with that (ie virus lab).
-
But about that it is sending information to other country´s who not may have high protective privacy standards , why not make sure if you send information , that their privacy policy is similar as that of Avast ( not that it is perfect but )
It is not that you cant make a living if you dont send out personal information to the whole world , i mean i know a antivirus vendor who has 1 of the best signatures and they dont send personal information to third party's.
They use all the information collected , only to make themselfs better as a product , not in their wallet.
So my opinion is to care more about the users privacy , and not only caring about the wallet.
Avast has tons of users , they can make the product very good without acting like google.
I always liked Avast , so please set it straight.
-
I have been using Avast for almost 4 years, and have never had major problems, nor felt the need to register on the forum to ask questions or register a complaint, however in reading the EULA for the latest version of the software, I just had to register so that I could post my concern about this document.
The Avast 7 EULA (for all versions, not just the freeware) is vastly more intrusive than the EULA & Privacy Policy from version 6 (they were separate documents then). Anyone who is concerned about their privacy should carefully read section 8 (especially sections 8.3 & 8.4 about emails, section 8.9 about WebRep, as well as the paragraphs following the numbered list of what information is collected, which describes who could be given this information). The use of ambiguous terms/phrases like: "The information collected by the Software is generally not correlated with any other personal information..."
andThe collected information may be transferred to third parties or to other countries that may have less protective data protection laws than the country or region in which you are situated (including the European Union). AVAST takes measures to ensure that any collected information will receive an adequate level of protection if and when transferred.
(my boldface emphasis)
is so vague that Avast could argue that the agreement promises no privacy protection at all.
I've already discussed this with people from my company's IT and Legal departments, and if this EULA stays as is, it is doubtful that we will upgrade to version 7 or purchase future licenses. I would be surprised if most companies (who bother to read the EULA) would agree to this document. I still haven't decided about whether I will upgrade my personal copy to version 7 (but it looks doubtful).
I am stunned (and saddened) by this massive change in the agreement.
EDIT: Here's a link to the EULAs for easy access: http://www.avast.com/eula (http://www.avast.com/eula)
-
PrivacyMatters, adequate means the maximum we can handle it.
Privacy concerns to us and we take it seriously.
If you do not trust in your security company, you won't trust in the product.
-
First of all, I have to offer respect that anyone actually read the EULA, its nice to feel a little less weird. :D
Second....if you are going to compare other countries to the EU's standards of privacy, almost all are going to look inadequate. Eu's privacy standards are some of the strictest in the world.
That aside....you have to expect this out of anything with privileges as high as an anti-virus that incorporates cloud features. It is basically a legal disclaimer saying in short "we can only do so much". And honestly, as far as someone snooping on the data sent, have you looked at it? (C:\Program Files\AVAST Software\Avast\Setup\setup.log) Its pretty cryptic.
@PrivacyMatters....if your "company" is big enough to have an IT department, shouldn't you be using an Avast! business product? Business Product tend to fit business needs (like more privacy) better than consumer ones.
-
@PrivacyMatters....if your "company" is big enough to have an IT department, shouldn't you be using an Avast! business product? Business Product tend to fit business needs (like more privacy) better than consumer ones.
We do have a corporate license. In fact I was the one who recommended Avast over another product (which shall remain nameless) that we had been using for many years (to clarify, it's not my company, I'm just an employee there).
And as I mentioned in my first post, the changes to the EULA apply to "all versions, not just the freeware". As far as I can see, section 8 is identical for the corporate and consumer licenses, and is almost the same for the freeware (in the freeware license, it just looks like a few paragraphs were re-arranged, but the content seems to be the same).
-
And as I mentioned in my first post, the changes to the EULA apply to "all versions, not just the freeware". As far as I can see, section 8 is identical for the corporate and consumer licenses, and is almost the same for the freeware (in the freeware license, it just looks like a few paragraphs were re-arranged, but the content seems to be the same).
Avast concerns about privacy in any of its products versions, paid or free.
-
Could you tell me why my post caused a green "! Watched" icon to appear in the forum near my account name? According to Simple Machines (who wrote the forum software):
Watched Members provides a simple interface to keep an eye on troublesome members and problem instigators.
Is simply mentioning my concern about privacy issues, and telling users to read the EULA terms for themselves enough to consider labeling me a "troublesome member" or "problem instigator"?
EDIT: I now see that Pindakaas has earned the same "Watched" label. I'm proud to be sharing it with her/him!
-
Could you tell me why my post caused a green "! Watched" icon to appear in the forum near my account name? According to Simple Machines (who wrote the forum software): Watched Members provides a simple interface to keep an eye on troublesome members and problem instigators.
Is simply mentioning my concern about privacy issues, and telling users to read the EULA terms for themselves enough to consider labeling me a "troublesome member" or "problem instigator"?
EDIT: I now see that Pindakaas has earned the same "Watched" label. I'm proud to be sharing it with her/him!
I guess we cant have freedom of speech , and we cannot tell whats worrying us , if they have nothing to hide , they dont have to worry right ?
It almost looks like they want to warn us to not investigate to deep into the truth.
-
PrivacyMatters, it's the tone and attitude that is not we - avast team and other old users - expect.
Weren't you answered in your concerns about privacy?
-
Please, both, back on topic. Thanks.
-
If I'm reading correctly, the EULA says "Unless you have permitted otherwise, the information is used anonymously...".
-
Right , most people will just click next if installing Avast but ok.
Most people will just trust Avast to do the right thing by clicking next.
Most people dont bother reading the EULA , maybe they dont care or they just dont think about it , my opinion is just to make the privacy policy of Avast actually a ''privacy'' policy.
I mean by that , to make it a little more privacy heavy.
-
Weren't you answered in your concerns about privacy?
Tech, your assurances in the forum are fine, but I and (especially) the company I work for have to go by what we agree to in writing. And the written EULA does not make me feel comfortable with Avast's protection of our privacy. Especially given how much it has changed from the privacy policy in previous versions. Here's the link to the privacy policy for version 6: http://www.avast.com/privacy-policy (http://www.avast.com/privacy-policy). Compare that to the privacy section in the new EULA, they are (as I said before) vastly different.
To igor, the phrase you quoted is contradicted by other sections in the agreement - the "generally" phrase I mentioned before, and especially section 8.3:
8.3 Information about the sender and subject of emails identified by the Software as potentially infected, together with the information on the nature of identified threats;
I find it hard to see how this can be done truly anonymously. And it's not just incoming email, Avast can scan outgoing email as well, which then identifies me as the sender. Even if the sender's name isn't used, combining an IP address with the subject of an email and providing that information to anyone other than the intended recipient of the email crosses a line that I'm not comfortable with.
Look, other people may be totally fine with this. But as has been stated by others, most people don't bother to read the EULAs, and I'm just suggesting that people carefully read the EULA for themselves and make their own decision.
-
The layers have the final word. The EULA must apply to all countries around the world and all situations.
But, what matters to me and all avast users is what avast do with any information and how could it handle it privately.
The seriousness of the company is what concerns. The trustfulness of our users.
But, for sure, if you don't trust in your security company, it is better to move.
-
List of IP addresses and e-mail subjects would certainly appear rather personal to me, too (but before you said that, something like that has really never cross my mind... I mean, e-mails and their subjects are hardly of any interest. Anything like building a list of sent/received e-mail is certainly not done, besides the privacy issues, what would it be good for?)
If the IP addresses are used for anything, then it's some geographical distribution of something (i.e. statistics). Single IP address is irrelevant (and the pure amount of data basically prevents the exact matching you might be imagining).
My guess (but it's my personal opinion, I didn't know that the EULA has been changed anyhow) is that the change is simply the lawyers trying to avoid any possible liability for any unexpected/hypothetical future problems (after all that's what EULAs are generally for, right?). The previous EULA has been written a long time ago by who knows who... and probably needed some "facelift".
I'm certainly not aware of any changes in data processing, and I believe no non-agregated (i.e. identifiable) personal information should be given to anyone (with the exception of the registration data for the reseller you purchased the license through, if they already don't have that info).
But I can understand that what I'm saying doesn't really change what is written there.
-
List of IP addresses and e-mail subjects would certainly appear rather personal to me, too (but before you said that, something like that has really never cross my mind... I mean, e-mails and their subjects are hardly of any interest. Anything like building a list of sent/received e-mail is certainly not done, besides the privacy issues, what would it be good for?)
Maybe for investigation , if it is requested by a law order , or other investigation by other company's who might have some use for it ( marketing wise )
-
Well, that's quite a hypothetical scenario... if we were really ordered something like that by the law, I don't know if they would ask us whether our EULA permits that. But the user would already have to be identified somehow (we couldn't really enable such logging for all users, the servers wouldn't survive such load), and releasing a special program version just to handle a particular user... I really don't think that would happen. If this is your only worry about that, then you can sleep peacefully :)
As for marketing... I can imagine using some of the information we already have for our own marketing, but selling users information to 3rd party companies, for unrelated marketing, that would IMHO be way over the line a security company could do. And as I said, the user base is big and the servers have limited resources (not mentioning the subsequent processing), so adding submissions of unrelated stuff (at the expense of the needed information - false alarms, malware/heuristic detections etc.) is rather unlikely.
-
Here's the link to the privacy policy for version 6: http://www.avast.com/privacy-policy (http://www.avast.com/privacy-policy). Compare that to the privacy section in the new EULA, they are (as I said before) vastly different.
I ran an avast 6.0.1367.0 setup program on a machine with avast 6 already installed. You can see the "main page" in attachment one. The "End User License Agreement" link at the top, when clicked, caused a temporary eula.txt file to be created and displayed. This EULA had no privacy section. The Privacy Policy link under "Improve avast...", when clicked, initiated a GET http://www.avast.com/go.php?verb=privacy-policy-community&src=setup&lang=eng and that ultimately took me to the same page or content as the URL you posted above. Said content appears to be a simple privacy policy applicable to the avast website rather than the software. I'm not sure the link always took you to the same destination page as that is controlled by the webserver and theoretically something could have changed.
I took a look at where avast 6 had previously been installed. There is an EULA text file down in there. It has a modified date of Feb 22, 2011 and a creation date of March 6, 2011. Various other files have a creation date of March 6, 2011 such that I believe that is when avast 6 was installed on the machine. A quick Google suggests that may have been shortly after it was released. I took a look at the corresponding PDF at http://www.avast.com/eula. That PDF has a PDF creation date and modification date of Feb 22, 2011. I compared ONLY the privacy section in that PDF to the privacy section in the EULA text file in the installation directory. The privacy sections are identical (I copied the section text into txt files, cleaned up some white space differences, then verified the hashes matched).
Based on this, it appears to me that what we see at http://www.avast.com/eula is what was shipped with avast 6 but not necessarily what someone saw when they clicked on the setup program privacy policy link.
-
This information gets collected by Avast ,
8.1 URLs of visited websites that the Software identifies as potentially infected, together with the information on the nature of identified threats (e.g. viruses, Trojans, tracking cookies and any other forms of malware) and URLs of several sites visited before the infection was identified to ascertain the source of the infection;
8.2 Information and files (including executable files) on your computer identified by the Software as potentially infected, together with the information about the nature of identified threats;
8.3 Information about the sender and subject of emails identified by the Software as potentially infected, together with the information on the nature of identified threats;
8.4 Information contained in emails reported by you as spam or as incorrectly identified as spam by the Software;
8.5 Copies of the files identified by the Software as potentially infected or parts thereof may be automatically sent to AVAST for further examination and analysis;
8.6 Certain information about your computer hardware, software and/or network connection;
8.7 Certain information about the installation and operation of the Software and encountered errors or problems;
8.8 Statistical information about threats detected by the Software; and
8.9 If your version of the Software includes the Website reputation function, which provides information on reputation of web sites as potential sources of malware, and you set the Website reputation function to active, the Software may send AVAST the URLs of all websites you want to visit and the results of your web searches through search engines.
This is what they do with it ,
The information collected by the Software is generally not correlated with any other personal information related to you that AVAST may be processing such as information given by you to AVAST or its distributors or agents during the process of ordering and downloading the Software. Unless you have permitted otherwise, the information collected by the Software is used anonymously in aggregation with similar information from other users of the Software for analytical purposes to identify new viruses and threats and for improvement and development of the Software and for statistical purposes.
And it gets worse ,
The collected information may be transferred to third parties or to other countries that may have less protective data protection laws than the country or region in which you are situated (including the European Union). AVAST takes measures to ensure that any collected information will receive an adequate level of protection if and when transferred. Notwithstanding anything to the contrary in this Agreement or any Documentation or other materials provided to you in connection with the Software, AVAST reserves all rights to cooperate with any legal process or government inquiry (including, but not limited to, court orders and law enforcement requests) related to your use of the Software. In connection with such cooperation, AVAST may provide documents and information relevant to a court subpoena or government or other legal investigation, which may include disclosure of your personally identifiable information. AVAST may also use statistics derived from the collected information to track and publish reports on security risk trends.
No personal information gets send ?
It gets send to even other country's and also for court orders and law enforcements request.
And they can also use the info to track and publish reports on security risk trends.
How is that safe ?
Why does Avast need to send information to foreign country's with less protective data laws ?
For the legal isseus i can understand , if it gets a court order , but most AV vendors give information out free will.
If the information is send to the other country's , the other country's can send the info to yet another country or company , and so on , so it goes worldwide.
My opinion is only send information to company's who have similar privacy policy , and only send info to the company that you actually need to send information , for example transactions.
Not for marketing , that is my opinion , a antivirus is there to protect you in general , not with double standards.
-
The text says "other country ... than the country in which you are situated".
That's quite obvious - after all, AVAST Software itself is located in a different country unless you're Czech (and we certainly don't have special storage in every possible country in the world to keep the "local" data there) - so it applies to any possible submit there is.
-
Also some comments of RejZoR here: https://www.wilderssecurity.com/showthread.php?t=319578
Could make things clearer.
-
Firefox says that the connection is not secured , wierd
-
The text says "other country ... than the country in which you are situated".
That's quite obvious - after all, AVAST Software itself is located in a different country unless you're Czech (and we certainly don't have special storage in every possible country in the world to keep the "local" data there) - so it applies to any possible submit there is.
I live in the Netherlands , to what country is it transferred then ? , to Czech Republic then right ?
-
Definitely.
-
Definitely.
?
-
Definitely.
?
http://g.co/maps/c9kgj
-
Yes, the company is located in Prague, so there's where the data go, too.
-
Yes, the company is located in Prague, so there's where the data go, too.
Initially.
-
What are you implying with that? avast! is not selling the data to anyone. Why don't you go accusing Kaspersky, Symantec, AVG and everyone else as well? They use very similar techniques and mechanisms of collecting data. I'd really like to hear what has avast! done to deserve all this. I'd really like to hear that.
-
What are you implying with that? avast! is not selling the data to anyone. Why don't you go accusing Kaspersky, Symantec, AVG and everyone else as well? They use very similar techniques and mechanisms of collecting data. I'd really like to hear what has avast! done to deserve all this. I'd really like to hear that.
Why should i go to them , i dont want to use their products , well i did use Norton before , but i removed it from my computer because they do not take your privacy serious , they are even known to put holes in their security for federal malware ( i dont know if they still do it but ), and AVG is spreading their toolbars in allot of wrappers , which i do not like either , but thats not my point now , i wanted to try something else , i wanted to try Avast , that is why i ask these questions so i can make up my mind if i want to install it or not.
And im not saying Avast is bad or something , they are improving and improving their security products , they have 1 of the best ( if not the best ) free antivirus product in the world , but im not doubting that , i want to know about privacy , if i like something and i want to try it , i want to make sure i am satisfied with it , if i didnt want it i wouldnt even bother posting a thread , i cant fight the whole world.
-
So, how many times do we have to repeat the same thing that avast! is:
a) not intentionally mining personal data
b) not selling or distributing it to anyone
-
So, how many times do we have to repeat the same thing that avast! is:
a) not intentionally mining personal data
b) not selling or distributing it to anyone
So why i read this then ,
8.1 URLs of visited websites that the Software identifies as potentially infected, together with the information on the nature of identified threats (e.g. viruses, Trojans, tracking cookies and any other forms of malware) and URLs of several sites visited before the infection was identified to ascertain the source of the infection;
8.2 Information and files (including executable files) on your computer identified by the Software as potentially infected, together with the information about the nature of identified threats;
8.3 Information about the sender and subject of emails identified by the Software as potentially infected, together with the information on the nature of identified threats;
8.4 Information contained in emails reported by you as spam or as incorrectly identified as spam by the Software;
8.5 Copies of the files identified by the Software as potentially infected or parts thereof may be automatically sent to AVAST for further examination and analysis;
8.6 Certain information about your computer hardware, software and/or network connection;
8.7 Certain information about the installation and operation of the Software and encountered errors or problems;
8.8 Statistical information about threats detected by the Software; and
8.9 If your version of the Software includes the Website reputation function, which provides information on reputation of web sites as potential sources of malware, and you set the Website reputation function to active, the Software may send AVAST the URLs of all websites you want to visit and the results of your web searches through search engines.
The above information gets send too ,
The information collected by the Software is generally not correlated with any other personal information related to you that AVAST may be processing such as information given by you to AVAST or its distributors or agents during the process of ordering and downloading the Software.
The collected information may be transferred to third parties or to other countries that may have less protective data protection laws than the country or region in which you are situated (including the European Union).
Or am i seeing things wrong , then correct me.
-
The EULA is the EULA. You read it, and if you do not like it, I suggest you change products.
You quote the EULA, and then ask if you are wrong? Of course you are not wrong, you directly quoted the EULA. "Seeing things wrong"? Your eyes work fine.
It is almost like you are testing?....comparing every statement to the EULA, waiting for some kind of "AH-HA!!" moment when all your darkest fears are revealed to be true and justified. But you already had your moment when you read the license agreement. It is as clear a statement as you are going to get from any company, written with legal help to help protect against liability.
-
The information collected by the Software is generally not correlated with any other personal information related to you that AVAST may be processing such as information given by you to AVAST or its distributors or agents during the process of ordering and downloading the Software.
This question was already answered.
The collected information may be transferred to third parties or to other countries that may have less protective data protection laws than the country or region in which you are situated (including the European Union).
This question was already answered.
-
The changes in the EULA are obviously related to the new Avast features.
WebRep is one thing -- as the URL database is in the cloud, it's quite obvious that the URLs are being transferred to our servers. Similarly for FileRep (file hashes + metadata).
This is basically how these things work (the database cannot be stored locally, simply because it's a multi-terabyte thing).
Regarding the "personally identifiable information" clause - please note that the term "personally identifiable" is quite stringent. For example, the IP address is considered as "personally identifiable" (at least in the European jurisdiction). Yes, we have to work with your IP addresses (because that's how communication on the Internet works). Yes, we do store server-side logs (containing this info), as without them, we wouldn't be able to troubleshoot any infrastructure problems.
Regarding the transfer of the information to third parties or to other countries. Well, this is a bit subtler. We reserve the right to work with technology partners, and if useful, share some information with them (e.g. number of users running each version etc). The clause is probably little too vague (or too scary) - the EULA was written by our law firm and they always try to put in more than less.
(Same applies e.g. to the tracking cookies mentioned there -- avast currently doesn't do anything with these but they're still mentioned there)...
Thanks
Vlk
-
WebRep is one thing -- as the URL database is in the cloud, it's quite obvious that the URLs are being transferred to our servers. Similarly for FileRep (file hashes + metadata).
Regarding the avast 7 WebRep:
- What portion of the URL is sent to avast? Just hostname? Hostname and some path? Hostname, path, and query params?
- Will WebRep send such information to avast when the user is visiting a site via HTTPS? If so, is that only done when a user is using a search engine via HTTPS (to provide reputation info for sites listed in the results) or is it also done in some other cases?
Regarding the avast 7 FileRep:
- What is the metadata that is sent? Does it vary based on filetype?
- A wide range of filetypes can contain some kind of threat (executables, various "office" type files that support macros, at least some types of media files, some image files too IIRC). Will FileRep only send you information about traditional executable file types or will it also send information about such other filetypes?
PS: I hope you understand that some of us aren't casting aspersions regarding your handling of information. We just want to understand what the software on our machine might send to you.
-
The changes in the EULA are obviously related to the new Avast features.
WebRep is one thing -- as the URL database is in the cloud, it's quite obvious that the URLs are being transferred to our servers. Similarly for FileRep (file hashes + metadata).
This is basically how these things work (the database cannot be stored locally, simply because it's a multi-terabyte thing).
Regarding the "personally identifiable information" clause - please note that the term "personally identifiable" is quite stringent. For example, the IP address is considered as "personally identifiable" (at least in the European jurisdiction). Yes, we have to work with your IP addresses (because that's how communication on the Internet works). Yes, we do store server-side logs (containing this info), as without them, we wouldn't be able to troubleshoot any infrastructure problems.
Regarding the transfer of the information to third parties or to other countries. Well, this is a bit subtler. We reserve the right to work with technology partners, and if useful, share some information with them (e.g. number of users running each version etc). The clause is probably little too vague (or too scary) - the EULA was written by our law firm and they always try to put in more than less.
(Same applies e.g. to the tracking cookies mentioned there -- avast currently doesn't do anything with these but they're still mentioned there)...
Thanks
Vlk
Ok thanks for clearing that up , you say if useful share some information with them , like number of users running each version , what else ?
Because numbers of users running each version is not really personal information.
I ask much but i want to be sure.
-
@ Pindakaas,
If you're worried about your privacy, why are you on the internet ???
Sorry but if I where to read every Eula that comes with a program before I install it, I wouldn't be using
99% of them. Most of the legal jargon that appears in there is written to protect the company in case some one there screws up. ;D
-
Guys, these are all legitimate question and I appreciate them.
But I have to get some additional info, as frankly, I don't know the answers to all the questions. Let me follow up with you tomorrow.
Thanks
Vlk
-
Guys, these are all legitimate question and I appreciate them.
But I have to get some additional info, as frankly, I don't know the answers to all the questions. Let me follow up with you tomorrow.
Thanks
Vlk
Ok thanks , appreciate it.
-
Guys, these are all legitimate question and I appreciate them.
But I have to get some additional info, as frankly, I don't know the answers to all the questions. Let me follow up with you tomorrow.
Thanks
Vlk
Any details yet ?
-
Just for anyone following this, OP thread-hopped, but here are his answers.
http://forum.avast.com/index.php?topic=95250.msg759717#msg759717
http://forum.avast.com/index.php?topic=95250.msg759758#msg759758
-
Yea , the other thread are all my questions , this thread can be closed.
-
Yea , the other thread are all my questions , this thread can be closed.
Threads don't usually get closed. We simply allow them to fade away by no longer posting in them. :)
-
Yea , the other thread are all my questions , this thread can be closed.
Threads don't usually get closed. We simply allow them to fade away by no longer posting in them. :)
Fair enough.
-
Please re-arrange the following words into a well known phrase or statement:
Teacup
Storm
A
In
A
You either trust the software makers or you go elsewhere, a simple choice
-
Please re-arrange the following words into a well known phrase or statement:
Teacup
Storm
A
In
A
You either trust the software makers or you go elsewhere, a simple choice
And if you're not sure about a company, then all of these questions should have been asked and answered before the installation of the product.
Once installed, it's pretty much water under the bridge. :)
-
Please re-arrange the following words into a well known phrase or statement:
Teacup
Storm
A
In
A
You either trust the software makers or you go elsewhere, a simple choice
Too late sorry , discussion is over , go find another topic to get off.