Author Topic: Why does the Chrome extension need to "access your data on all websites" ?  (Read 9820 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Hi,

I just had a pop-up in the Google Chrome browser about Avast Web Rep needing approval for some new permissions. One that I'm finding a little disturbing is the ability for the extension to "access your data on all websites".

Can someone please explain why anyone would want to give any browser extension or add-in that kind of permission. I appreciate your reply(s).

Regards . . .

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
How do you think avast wep-rep can work without those permission(s)?

REDACTED

  • Guest
Hi Eddy (et al),

Thanks your reply. Let me clarify my query:

If I go to a site, make a purchase, get to the payment page, enter all my data include credit card and CIV number, why would I want Web Rep and possibly AVAST Software s.r.o to be able to read that data when I hit the confirmation/submit button? Would that happen or do I not understand how Web Rep actually works?

Another example: I go to a page that has my profile information. Say that includes some very personal or private financial information. Why would I want to send that information to AVAST Software s.r.o? Would that happen or do I not understand how Web Rep actually works?

Please understand that if I knew the answers to these questions, I would not be asking them.

Thank you for your assistance.

Regards . . .

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
« Last Edit: July 22, 2014, 03:49:12 PM by Pondus »

REDACTED

  • Guest
Another example: I go to a page that has my profile information. Say that includes some very personal or private financial information. Why would I want to send that information to AVAST Software s.r.o? Would that happen or do I not understand how Web Rep actually works?

If you install WebRep in your browser, you are providing your very personal data streamed to Avast. They will be very happy! Also you should know that Avast uses plaintext to communicate with the Avast servers, so the data will not be encrypted.

If you need some type of website checking tool. Firefox has such a thing included. It is on the Options/Security menu. But I would still disable it, it is unnecessary. If you are worried about malicious content on websites, install the "NoScript Security Suite" addon for Firefox, it is free on the Firefox addons website. It is the best thing out there.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
You seem to forget that https sites aren't scanned.
That includes your bank site, or any other encrypted site.
I personally don't give out any "sensitive" information except on an encrypted site. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
If you install WebRep in your browser, you are providing your very personal data streamed to Avast.

That statement is nonsense.

You have 2 options here:

Stay with Webrep and disable data sending (of webrep) through the WebRep settings.

Use an alternative Web Reputation add on. WOT is a well established one.

The AOS add-on has nothing to do with protection other than the coloured lights of the avast! community ratings and that the Web shield does all the HTTP and malware blocking.

« Last Edit: July 23, 2014, 02:11:17 AM by Alikhan »
Windows 10 Home 64-bit • Avast Free (latest stable version) •  Malwarebytes 4 Premium (On-Demand) • Windows Firewall Control • Google Chrome • LastPass • CCleaner • O&O ShutUp10 •

REDACTED

  • Guest
You have 2 options here:

Stay with Webrep and disable data sending (of webrep) through the WebRep settings.

Use an alternative Web Reputation add on. WOT is a well established one.

The AOS add-on has nothing to do with protection other than the coloured lights of the avast! community ratings and that the Web shield does all the HTTP and malware blocking.

A better option is to uninstall avast's Web Shield. You can do it by going in Windows to Control Panel/Programs and Features/ and select avast!. Then change the installation of the program and remove the Web Shield. It is unnecessary and sends data to Avast.

The only avast feature of any benefit is the File Shield. Or the Mail Shield if you use local email software. The rest are unnecessary and can be uninstalled.

You could try to disable sending of data from the settings in avast. But I have noticed avast still attempts to send data out. It just ignores the settings.

To use avast safely you need to firewall it. You need to block outgoing traffic from AvastEmUpdate.exe,  AvastUI.exe and AvastSvc.exe. All three will attempt to connect out, regardless of any setting you choose.



Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
You have 2 options here:

Stay with Webrep and disable data sending (of webrep) through the WebRep settings.

Use an alternative Web Reputation add on. WOT is a well established one.

The AOS add-on has nothing to do with protection other than the coloured lights of the avast! community ratings and that the Web shield does all the HTTP and malware blocking.

A better option is to uninstall avast's Web Shield. You can do it by going in Windows to Control Panel/Programs and Features/ and select avast!. Then change the installation of the program and remove the Web Shield. It is unnecessary and sends data to Avast.

The only avast feature of any benefit is the File Shield. Or the Mail Shield if you use local email software. The rest are unnecessary and can be uninstalled.

You could try to disable sending of data from the settings in avast. But I have noticed avast still attempts to send data out. It just ignores the settings.



To use avast safely you need to firewall it. You need to block outgoing traffic from AvastEmUpdate.exe,  AvastUI.exe and AvastSvc.exe. All three will attempt to connect out, regardless of any setting you choose.

If you had any idea of what you were talking about, I'd be surprised.

The web shield is one of the main protection shields COMBINED to work with the File shield for to prevent infections. There are infections which the web shield can block and the file shield can't, this works vice versa.

On top of that, the web shield doesn't send any statistics. All it does is scan HTTP traffic and protect you while browsing.

You could with a firewall block avast! to stop outgoing traffic but I wouldn't recommend it.
Windows 10 Home 64-bit • Avast Free (latest stable version) •  Malwarebytes 4 Premium (On-Demand) • Windows Firewall Control • Google Chrome • LastPass • CCleaner • O&O ShutUp10 •

REDACTED

  • Guest
The web shield is one of the main protection shields COMBINED to work with the File shield for to prevent infections. There are infections which the web shield can block and the file shield can't, this works vice versa.

On top of that, the web shield doesn't send any statistics. All it does is scan HTTP traffic and protect you while browsing.

You could with a firewall block avast! to stop outgoing traffic but I wouldn't recommend it.

The Web Shield is unnecessary. To stop malicious content in the browser, install NoScript Security Suite as I mentioned earlier.

I do not believe for one moment that statistics are not sent to Avast.

The original poster expressed concern that his private data was at risk of being sent to Avast. In my experience testing the software, this is true. At the very least, data on web sites visited are being sent out to a remote avast server, so is lots of other data. If you firewall avast, nothing is sent out at all. If you care about the privacy of your data, it is a step worth doing.





Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks


The Web Shield is unnecessary. To stop malicious content in the browser, install NoScript Security Suite as I mentioned earlier.

I do not believe for one moment that statistics are not sent to Avast.

The original poster expressed concern that his private data was at risk of being sent to Avast. In my experience testing the software, this is true. At the very least, data on web sites visited are being sent out to a remote avast server, so is lots of other data. If you firewall avast, nothing is sent out at all. If you care about the privacy of your data, it is a step worth doing.
What a load of rubbish, the webshield provides far more benefits than just using NoScript which can/should be used as an added layer only.

Removing the webshield also doesn't stop or inhibit avasts data collection ( which is non identifying ) and all you are instructing users to do is to make themselves more vulnerable on the web by removing a feature that protects from where most infections are prevalent.

REDACTED

  • Guest
Removing the webshield also doesn't stop or inhibit avasts data collection ( which is non identifying ) and all you are instructing users to do is to make themselves more vulnerable on the web by removing a feature that protects from where most infections are prevalent.

Non-identifying like sending a unique hardware key and the Windows machine name with the data? Because that is what I caught it trying to send. I don't consider that anonymous. Particularly as it links to the registration information. One may even call that spying.

I see all the high-posters are on tonight. Busy working for Avast.

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
None of the information collected is personally identifiable as it states in the EULA if you cared to read it and the high posters as you say also don't work for avast ??? another thing you are ill informed on :)

REDACTED

  • Guest
You seem to forget that https sites aren't scanned.
That includes your bank site, or any other encrypted site.
I personally don't give out any "sensitive" information except on an encrypted site. :)

Hi bob3160,

I didn't consider the difference between ssl and non-ssl pages. In theory, no one should be able to read an encrypted data stream except the party(s) that holds the private key.

As long as this is true, I have no problem enabling WebRep. Good point and well taken. Thanks!

Regards . . .

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
You seem to forget that https sites aren't scanned.
That includes your bank site, or any other encrypted site.
I personally don't give out any "sensitive" information except on an encrypted site.<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />

Hi bob3160,

I didn't consider the difference between ssl and non-ssl pages. In theory, no one should be able to read an encrypted data stream except the party(s) that holds the private key.

As long as this is true, I have no problem enabling WebRep. Good point and well taken. Thanks!

Regards . . .
Your welcome.:)
Just remember that nothing on the Internet is ever 100% safe from prying eyes. The NSA and other Govt. agencies can always get access to even encrypted information. All they need is the proper authorization.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet