four extensions offered by Avast and its subsidiary AVG installed,
you should disable or remove them as soon as possible.
- Avast Online Security
- AVG Online Security
- Avast SafePrice
- AVG SafePrice
Why? Because these four widely installed browser extensions have
been caught collecting a lot more data on its millions of users
than they are intended to, including your detailed browsing
history.
Most of you might not even remember downloading and installing
these extensions on your web browser, and that’s likely because
when users install Avast or AVG antivirus on their PCs, the
software automatically installs their respective add-ons on the
users’ browsers.
Both online security extensions have been designed to warn users
when they visit a malicious or phishing website; whereas, SafePrice
extensions help online shoppers learn about best offers, price
comparisons, travel deals, and discount coupons from various
sites.
The malicious behaviour of Avast and AVG extensions was
discovered almost a month ago by Wladimir Palant, who detailed how
the extensions are sending a large amount of data about users’
browsing habits, listed below, to the company’s servers — “far
beyond what’s necessary for the extension to function.”
What users’ data is being sent to Avast?
- Full URL of the page you are on, including query part and
anchor data, - A unique user identifier (UID) generated by the extension for
tracking, - Page title,
- Referrer URL,
- How you landed on a page, e.g., by entering the address
directly, using a bookmark or clicking a link, - A value that tells whether you visited a page before,
- Your country code
- Browser name and its exact version number,
- Your operating system and its exact version number
“Tracking tab and window identifiers as well as your actions allows
Avast to create a nearly precise reconstruction of your browsing
behavior: how many tabs do you have open, what websites do you
visit and when, how much time do you spend reading/watching the
contents, what do you click there and when do you switch to another
tab. All that is connected to a number of attributes allowing Avast
to recognize you reliably, even a unique user identifier,” Palant
said.
Over this weekend, Palant reported his findings to both the
browser makers, Mozilla, and Google, of which Mozilla took
immediate action by temporarily removing the extensions from its
Firefox Add-on store within 24 hours until Avast resolves the
issue.
without user disclosure or consent,” Mozilla said.
Since Mozilla didn’t blacklist the extensions altogether or
automatically removed them from users’ browsers, it should be noted
that these extensions would remain active for existing users and
continue spying on them.
On the other hand, all the four extensions are still available
on the Google Chrome Web Store, but Palant believes they will be
removed by the tech giant after “considerable news
coverage.”
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/krmHFAqCccE/avast-and-avg-browser-plugins.html