Four Avast and
“This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” explained Mozilla.
The four extensions developed by Avast and its subsidiary AVG are:
Both Avast and AVG Online Security extension alert users to phishing, scam, and malicious sites when a user visits malicious
The popular extensions were found collecting a lot more data on millions of users, including their browsing history. These browser extensions are installed when users install Avast or AVG antivirus solutions on their computers on their PCs.
The suspicious behavior was first detailed by the security researcher Wladimir Palant reported who noted that these extensions were sending a large amount of tracking data about a user’s online activity to the URL https://uib.ff.avast.com/v5/urlinfo.
“Are you one of the
“But even if you didn’t install Avast Online Security yourself, it doesn’t mean that you aren’t affected. This isn’t
Below the list of data sent by the browser extensions to the above URL:
|uri||The full address of the page you are on.|
|title||Page title if available.|
|referer||Address of the page that you got here from, if any.|
|Identifier of the window and tab that the page loaded into.|
|How exactly you got to the page, e.g. by entering the address directly, using a bookmark or clicking a link.|
|visited||Whether you visited this page before.|
|locale||Your country code, which seems to be guessed from the browser locale. This will be “US” for US English.|
|userid||A unique user identifier generated by the extension (the one visible twice in the screenshot above, starting with “d916”). For some reason this one wasn’t set for me when Avast Antivirus was installed.|
|plugin_guid||Seems to be another unique user identifier, the one starting with “ceda” in the screenshot above. Also not set for me when Avast Antivirus was installed.|
|Type (e.g. Chrome or Firefox) and version number of your browser.|
|Your operating system and exact version number (the latter only known to the extension if Avast Antivirus is installed).|
The above data could be used to spy on users online and discover their habits and preferences.
“Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab.”continues Palant. “All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier,”
Avast and AVG can resubmit the extensions to the
Meantime, the extensions would remain active for users that have already installed them and will continue to collect the above information.
The four extensions are still available on the Google Chrome Web Store.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.