Avast Antivirus Was Spying On You with Adware (Until This Week)

Status
Not open for further replies.

Jaspion

Level 17
Verified
Jun 5, 2013
835
This touches on a much bigger picture. The grey line between just enough and too much is wide at the moment. DNS, ISPs, any antivirus or any program that checks visited URLs for your safety or other reasons... there's many ways in which information is collected, and by various persons. The line must be drawn very finely but very visibly, for as Spidey said 'with great power comes great responsibility'. Our data is increasingly going through scrutiny and has potentially built a database of Skynet proportions, all the while we wonder who is putting all of this work under scrutiny.

If we break a one-way mirror, and shift the paradigm of transparency, is it still considered bad luck?
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
:(:(:( this makes me sad, Antivirus + adware or spying is like a buddhist monk with a rpg
something very wrong with that picture,,,,
*Laughing* out loud at the image of a Buddhist monko_O spy in an RPG!!!:p:D

I've definitely been away from gaming far too long!!:rolleyes:

This also speaks volumes concerning a moral dilemma that is older than history.

On a serious note, and in principle, I might consider uninstalling Avast at some future time, and yet I think (wasn't it mentioned by someone earlier?:)) that we very well may have the ability to un-check those options by choosing not to use the shopper/saver extension:confused: in question.
I agree, in as much, that the gathering of our personal activities and information/spying on us without communicating/transparency is a devious condition, but the foundation toward keeping our valuable identities safer (IMHO) is layering our security and using only a closely monitored "spending account"; and how about purchasing less, and reducing our transactions, banking, and click happy impatience online (sorry, but that's the crux of our security problems) *as my wife just announced she must make a bank transfer (yes, online because it's easier:confused:).:rolleyes:
Yes, I'm often paranoid while in the same breath I Thank God for Malware Tips!!:p
..and what I've learned is just do the best we can to be safe. If switching AVs makes us feel more secure, Go For it!:) Just remember there are worse things o_O (people) out there, and they're not as easily seen as Avast!
*steps off soapbox*;)
 
Last edited:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Everyone who is saying they won't use avast! Antivirus again, you don't think all other vendors have shady practises too?

Why do you think a custom install is recommended over an express install? But at least Avast! still give users the choice of a custom install, unlike Norton, Bitdefender or Kaspersky.

Avast! (WebRep) Online Security was a very much unneeded browser from the beginning, you don't need a browser extension to block phishing or malicious sites. A modern browser does this for you if you hadn't noticed already.

However, yes, avast! Should not have bundled SafePrice into Online Security browser extension.
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Yes, Warrior, trust is becoming more and more of a rare treasure from which we tend to lose more than we discover while gathering more and more cynicism.:( ..and it is not limited to AVs we used to trust.

Somewhat off topic, but applicable because of the money:
  • I'd related to one of our Trusted member friends how our car had been photographed while driving on the approach to a toll road and fined $25 even though I had exited safely and well before the fast pass cards were required. The official letter gave us the option to wave the fine by simply registering with the toll lane authority (a $10 fee + $40 deposit which must always be kept with at least a $40 balance and deducted as needed from our Bank Account) plus an additional transponder would be required:eek: (another $50 deposit + $40 quarterly service charge) and we would still be held libel to pay 85 cents for having been in the lane in the first place.o_O Because of this disease of greed that has gone viral in our world, the legally unfair highway robbery of a $25 fine transformed, after all, into quite a bargain!!!:rolleyes::D
 

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
Hello everyone

It's the price of free products.
.
not at all. is Microsoft free? Internet providers? well, no but they collecting much more data then avast.
it is simply the price that call net.

and to all paranoid people no one give you guarantee that the other anti viruses wont spy on you, if privacy is your concern don't use the net

avast was and still is one of the best free av on the market
 
Last edited:
S

Sr. Normal

not at all. is Microsoft free? Internet providers? well, no but they collecting much more data then avast.
it is simply the price that call net.

and to all paranoid people no one give you guarantee that the other anti viruses wont spy on you, if privacy is your concern don't use the net

avast was and still is one of the best free av on the market

The difference is that if I want to pay for an operating system, payment. If I want to pay for an internet connection, so payment.

But Avast will not let you decide. Avast recommends an extension of a misleading way and does not warn of its
" dubious " effectiveness. When you install just expect the opposite of what it does.

That's the difference , I decide for myself, and what i see , Avast also decides for me.

I do not doubt the quality of the antivirus , which is magnificent as I think so is their lack of ethics.When these practices are tested antivirus others , either I will use them.

Kind regards and have a nice day
 
G

Guest28

Update VLK's Response. https://forum.avast.com/index.php?topic=157693.0
A couple of days ago, howtogeek.com published an article about Avast and accused us of spying on our users. Given that the article contains a number of inaccuracies I feel it is necessary to react. As these are some pretty serious allegations, I also hope that we will be given some room on their site to defend ourselves. We requested the opportunity to discuss the author’s findings, but he declined to do so.

The article basically says that Avast used the SafePrice browser extension to spy on its users. That the SafePrice extension (which they first call “adware”) collects all URLs that the user visits, and then sends them to the cloud, together with a user ID. To demonstrate the problem, they used Fiddler (a free browser monitoring tool) to dissect the requests being generated by SafePrice and found the user ID in some of the requests, concluding that the product is “spying”. Finally, they say that all of this was true up until last week when we made SafePrice a standalone extension (removed it from the main Avast Online Security extension).

Let me start by saying that Avast’s browser extensions, together with some other modules inside Avast, rely heavily on cloud functionality. That is, in the particular case of URL scanning, we do transfer the URL the user is visiting, together with additional metadata to the Avast cloud, which then does the necessary processing and synchronously returns the answer. By scanning URLs in the cloud, Avast is able to detect malicious activity, from viruses and malware, phishing and hacking. You may not realize but collecting URL information for this very purpose is extremely common in the security industry, as this information is essential to providing this kind of service.

Now, regarding Avast SafePrice. SafePrice searches the web and offers its users the best price possible when shopping online from sites we trust, safeguarding users from possible online scams. While formerly the user had to do research and visit price comparison portals, SafePrice now offers automated help to find the best and trustworthy offerings. Avast SafePrice sends data to our server regarding the products our users are looking for and the URLs they are visiting. All personally identifiable information is stripped in real time, so the shopping data is completely anonymous. Again, I don’t think this can come as a surprise to anyone – I mean, did you expect SafePrice to have all the product IDs and all the offers stored locally? That just doesn’t make sense at all.

Originally, SafePrice was indeed part of the main Avast browser extension (as the article suggests). However, as most of the people in this forum know, in July 2014 we changed the strategy and moved it to a separate extension. The installation of this extension is now completely voluntary (on an opt-in basis) and its presence doesn’t influence Avast’s efficiency to block malicious sites. Since we have made this change, SafePrice accumulated almost 3 million installs just from the Chrome Web Store alone and became the most popular shopping extension for Chrome.

By the way, the other allegation was that Avast pushes SafePrice while recommending that users remove other similar browser extensions via Avast Browser Cleanup (BCU). I have explicitly checked our BCU database of community ratings and found that all the major shopping extensions, including PriceBlink, InvisibleHand, Shoptimate, and Groupon have good ratings and are not recommended for removal by BCU. Only those that our community of users have assessed as poor are so recommended.

One of the other issues raised by the article was whether the user ID is PII (personally identifiable information) or not, and why it is being transferred. The Avast user ID is a random, machine-generated ID that is created during the installation of the product. So by itself, it is certainly not a piece of PII. And the reason we include it in the request is because context is very important. The efficacy of a security product is severely limited if requests are done without a context, i.e., if it is not possible to tie them together into a “stream”. And in the case of SafePrice, we use the user ID just to be able to count our active users. In general, we really don’t see anything bad in doing this, in fact, if we were, we would have probably tried to hide what we’re doing in some way – while, as the author of the article uncovered quite easily using Fiddler, the user ID is there just as a regular json field. Which makes me even more frustrated, as it is very likely that if we actually made the field less noticeable, the article probably wouldn’t have been written. We’re not trying to hide anything.

Now, the key is not only what information is collected, but also what is done with the collected information and how the user is informed about the collection process. Avast is committed to protecting its customers on all fronts, which is why we inform our users, even beyond our EULA and Privacy policy, that their browsing information will be collected but stripped of personally identifiable information and used to improve services, such as online web security. We actually tried to make this very, very explicit, and that’s why we have the screen (attached) in the Avast installer.

As you can see, the title of the screen says “Please Don’t Skip This – Read it Carefully”. Honestly, I don’t know how to make it more explicit than this.


If you have any additional questions, I’d be happy to answer them.

Thanks,
Vlk
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top