Author Topic: Avast Antivirus Was Spying On You with Adware (Until This Week)  (Read 66683 times)

0 Members and 1 Guest are viewing this topic.


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #1 on: October 23, 2014, 01:51:58 AM »
I'm not.
All this information is already mentioned on the avast website.
Guess they didn't read it and also not the EULA.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #2 on: October 23, 2014, 02:19:41 AM »
Thank you Kenny. The article contains a lot of incorrect information and mixes some facts together (such as the traffic generated by SafePrice and the traffic generated by the URL and antiphishing requests). We are preparing a more concise answer, please stay tuned.
If at first you don't succeed, then skydiving's not for you.

Offline kenny556

  • Full Member
  • ***
  • Posts: 104
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #3 on: October 23, 2014, 03:43:02 PM »
Yes an explanation would be good?

REDACTED

  • Guest
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #4 on: October 23, 2014, 08:23:43 PM »
VLK thank you cant wait :)

REDACTED

  • Guest
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #5 on: October 24, 2014, 04:43:59 PM »
We wouldn't want this to slip from the front page would we...

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #6 on: October 24, 2014, 05:10:06 PM »
A couple of days ago, howtogeek.com published an article about Avast and accused us of spying on our users. Given that the article contains a number of inaccuracies I feel it is necessary to react. As these are some pretty serious allegations, I also hope that we will be given some room on their site to defend ourselves. We requested the opportunity to discuss the author’s findings, but he declined to do so.
 
The article basically says that Avast used the SafePrice browser extension to spy on its users. That the SafePrice extension (which they first call “adware”) collects all URLs that the user visits, and then sends them to the cloud, together with a user ID. To demonstrate the problem, they used Fiddler (a free browser monitoring tool) to dissect the requests being generated by SafePrice and found the user ID in some of the requests, concluding that the product is “spying”. Finally, they say that all of this was true up until last week when we made SafePrice a standalone extension (removed it from the main Avast Online Security extension).
 
Let me start by saying that Avast’s browser extensions, together with some other modules inside Avast, rely heavily on cloud functionality. That is, in the particular case of URL scanning, we do transfer the URL the user is visiting, together with additional metadata to the Avast cloud, which then does the necessary processing and synchronously returns the answer. By scanning URLs in the cloud, Avast is able to detect malicious activity, from viruses and malware, phishing and hacking. You may not realize but collecting URL information for this very purpose is extremely common in the security industry, as this information is essential to providing this kind of service.
 
Now, regarding Avast SafePrice. SafePrice searches the web and offers its users the best price possible when shopping online from sites we trust, safeguarding users from possible online scams. While formerly the user had to do research and visit price comparison portals, SafePrice now offers automated help to find the best and trustworthy offerings. Avast SafePrice sends data to our server regarding the products our users are looking for and the URLs they are visiting. All personally identifiable information is stripped in real time, so the shopping data is completely anonymous. Again, I don’t think this can come as a surprise to anyone – I mean, did you expect SafePrice to have all the product IDs and all the offers stored locally? That just doesn’t make sense at all.
 
Originally, SafePrice was indeed part of the main Avast browser extension (as the article suggests). However, as most of the people in this forum know, in July 2014 we changed the strategy and moved it to a separate extension. The installation of this extension is now completely voluntary (on an opt-in basis) and its presence doesn’t influence Avast’s efficiency to block malicious sites. Since we have made this change, SafePrice accumulated almost 3 million installs just from the Chrome Web Store alone and became the most popular shopping extension for Chrome.
 
By the way, the other allegation was that Avast pushes SafePrice while recommending that users remove other similar browser extensions via Avast Browser Cleanup (BCU). I have explicitly checked our BCU database of community ratings and found that all the major shopping extensions, including PriceBlink, InvisibleHand, Shoptimate, and Groupon have good ratings and are not recommended for removal by BCU. Only those that our community of users have assessed as poor are so recommended.
 
One of the other issues raised by the article was whether the user ID is PII (personally identifiable information) or not, and why it is being transferred. The Avast user ID is a random, machine-generated ID that is created during the installation of the product. So by itself, it is certainly not a piece of PII. And the reason we include it in the request is because context is very important. The efficacy of a security product is severely limited if requests are done without a context, i.e., if it is not possible to tie them together into a “stream”. And in the case of SafePrice, we use the user ID just to be able to count our active users. In general, we really don’t see anything bad in doing this, in fact, if we were, we would have probably tried to hide what we’re doing in some way – while, as the author of the article uncovered quite easily using Fiddler, the user ID is there just as a regular json field. Which makes me even more frustrated, as it is very likely that if we actually made the field less noticeable, the article probably wouldn’t have been written. We’re not trying to hide anything.
 
Now, the key is not only what information is collected, but also what is done with the collected information and how the user is informed about the collection process. Avast is committed to protecting its customers on all fronts, which is why we inform our users, even beyond our EULA and Privacy policy, that their browsing information will be collected but stripped of personally identifiable information and used to improve services, such as online web security. We actually tried to make this very, very explicit, and that’s why we have the screen (attached) in the Avast installer.
 
As you can see, the title of the screen says “Please Don’t Skip This – Read it Carefully”. Honestly, I don’t know how to make it more explicit than this.
 

If you have any additional questions, I’d be happy to answer them.

Thanks,
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #7 on: October 24, 2014, 05:43:54 PM »
Thx for explnanation Vlk. Btw, i assume SafePrice is standalone only for Chrome, because for Firefox i still have it inside AOS settings. Not sure if it was pre-checked or not though, but it's still there.
Visit my webpage Angry Sheep Blog

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7170
  • When you think you know, Think Again
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #8 on: October 24, 2014, 06:12:00 PM »
Yes, I don't see anything out of line (sinister) here at all. I'm sure some may,
The added Screen certainly informed the user of intentions
No worries  :)

REDACTED

  • Guest
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #9 on: October 24, 2014, 07:44:49 PM »
VLK..thank you

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #10 on: October 24, 2014, 08:17:51 PM »
Thanks for the explanation.
The author may not have wanted this printed but there's always another way to get the message across:
http://discuss.howtogeek.com/t/avast-antivirus-was-spying-on-you-with-adware-until-this-week/20550/26?u=bob3160
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #11 on: October 24, 2014, 08:25:36 PM »
I've never believed in that stuff a) because it was incorrect b) I've trusted avast more than 10Y and it served me well, why should I believe  8) c) people, read the information in the setup

And VLK, thanks for even more detailed explanation :)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #12 on: October 24, 2014, 08:43:17 PM »
Thanks Vlk. Sad that the author does not want to discuss.
Anyway, I will be thinking twice (or more) on recommending Howtogeek for now on (if they don't change their policy).
The best things in life are free.

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #13 on: October 24, 2014, 08:54:17 PM »
It is in their FB too. And I was not able to be so gentle as Bob was commenting this  >:(

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast Antivirus Was Spying On You with Adware (Until This Week)
« Reply #14 on: October 24, 2014, 09:30:57 PM »
It is in their FB too. And I was not able to be so gentle as Bob was commenting this  >:(
They did reply to my post and claim that they were never contacted by Avast:
http://discuss.howtogeek.com/t/avast-antivirus-was-spying-on-you-with-adware-until-this-week/20550/28?u=bob3160


Being gentle is just a way to catch them with honey before you kill them with insecticide. :)

« Last Edit: October 24, 2014, 09:33:39 PM by bob3160 »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet