Bleeping Computer Article: Avast and AVG Firefox Extensions Pulled from Mozilla

[The Sniggler]

Interesting piece today on Bleeping Computer that Mozilla removed Avast and AVG add ons due to possible tracking:

https://www.bleepingcomputer.com/news/software/avast-and-avg-firefox-extensions-pulled-from-mozilla-addons-site/

FYI

[DavidR]

See, https://forum.avast.com/index.php?topic=230801.msg1528082#msg1528082.

However, this statement I believe is inaccurate as far as I'm aware.

When Avast and AVG antivirus is installed, the software will also install their respective Firefox and Chrome extensions named Avast Online Security, AVG Online Security, Avast SafePrice, and AVG SafePrice.

The user is still in control over what they have avast install, I never install any of the browser add-ons as I have these covered in add-ons I already have installed.  The same is true of what main components the user allows to be installed by default.

Bleeping seems to a thorn in the ass about AVG & Avast.

[Patrick2]

Software if do a custom install, only installs as far as I know the shields you choose,  Though I also don't use Firefox or Chrome browsers on my systems lately,   been sticking with Microsoft Edge

[RejZoR]

Oh boy the idiotfest on Firefox Subreddit about this is astounding. If you praise Mozilla, upvotes will come. If you want to make reasonable statements and question decisions, downvotes will be made. Sigh.

[polonus]

Hi RejZoR,

Just scanned here to see what avast is collecting. Nothing out of the ordinary, the common google analytics as everybody does,
which is secure while the <<cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content >>

This however could be added to the settings for more security:
<<The page loads 3 third-party JavaScript files and 6 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised>>. (as we do not want another data-breach, do we?  ).

See what the scan returned for the forums: https://webcookies.org/cookies/forum.avast.com/9115320

TLS score: C-Grade, capped due to 64-bit cipher (IDEA, RC2, DES or 3DES)

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

P.S. For me they do not have to measure my site engagement for the forum site,
 it has been a steady full one hundred for well over thirteen years. 
Re: https://www.chromium.org/developers/design-documents/site-engagement

Damian

[jaje]

Also this:

https://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html?m=1

[Tangy]

Not only
https://www.ghacks.net/2019/12/03/mozilla-removes-all-avast-firefox-extensions/
https://www.reddit.com/r/firefox/comments/e5p8a2/mozilla_removes_avast_and_avg_extensions_from/

[Asyn]

Avast-Statement: We have offered our Avast Online Security and SafePrice browser extensions for many years through the Mozilla store. Mozilla has recently updated its store policy and we are liaising with them in order to make the necessary adjustments to our extensions to align with new requirements. The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks. It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user's identification.

We have already implemented some of Mozilla's new requirements and will release further updated versions that are fully compliant and transparent per the new requirements. These will be available as usual in the Mozilla store in the near future.