back to article Mozilla locks nosy Avast, AVG extensions out of Firefox store amid row over web privacy

The Firefox extensions built by Avast have been pulled from the open-source browser's online add-on store over privacy fears. Adblock Plus founder Wladimir Palant confirmed this week Mozilla has taken down the Avast Online Security and Avast-owned AVG Online Security extensions he reported to the browser maker, claiming the …

  1. Terry 6 Silver badge

    Actually

    I've always assumed those add-ons to my AV programmes were beyond their remit, and avoided them accordingly.

    not trusting anybody on the internet, ever, seems to be the best policy.

  2. Anonymous Coward
    Anonymous Coward

    And you wonder why I use FF and not a chromium based browser.

  3. Graham 32

    URL history?

    "It is necessary for this service to collect the URL history to deliver its expected functionality."

    Why the history? I would have thought the current page would be enough. (Although if used for long enough they effectively have the history anyway.)

    1. Zippy´s Sausage Factory
      Devil

      Re: URL history?

      You could argue that if you know the referrer and it's a cess pit of links to dodgy sites, then that's a fairly good reason for blocking the referring page too, I suppose.

      That said, I'd trust anyone making that statement as far as I can throw an overweight elephant.

      1. Claptrap314 Silver badge

        Re: URL history?

        African or Asian?

        1. Tigra 07
          Trollface

          Re: URL history?

          Or pot-bellied?

  4. ken jay

    it gets to something when its safer to let one russian antivirus have any data it collects just to hide yourself from american companies

    1. keb

      Avast is Czech not Russian.

      1. Anonymous Coward
        Anonymous Coward

        He was probably referring to Kaspersky

        1. doublelayer Silver badge

          In that case, Avast is Czech, not American. Either way you go, it's a generalization on countries that doesn't work for the scenario.

  5. Pascal Monett Silver badge

    Gosh, I remember when Avast was free

    It was a plucky little AV program, efficient and user-friendly. I dropped it when it started charging and dropped the free version.

    My how it has gone all wrong.

    1. bobbear

      Re: Gosh, I remember when Avast was free

      I too have left Avast behind..

      1. Anonymous Coward
        Anonymous Coward

        Re: Gosh, I remember when Avast was free

        That's okay, Sir Mix-a-Lot still wants her even if you don't.

    2. Terry 6 Silver badge

      Re: Gosh, I remember when Avast was free

      https://www.avast.com/en-gb/free-antivirus-download

      1. Steve Davies 3 Silver badge

        Re: Gosh, I remember when Avast was free

        Indeed but like being able to NOT buy something from Amazon without signing up for Prime... Possible but dammed hard work.

      2. Evilgoat76

        Re: Gosh, I remember when Avast was free

        Yes, but it installs a ton of crapware, for example, Safeprice and their browser it'll also try and ram the VPN app down your throats. We were vocal supporters of Avast once, its now on our "kill on sight" list.

        1. EnviableOne

          Re: Gosh, I remember when Avast was free

          I hate whats happend to CCleaner since they took over piriform

    3. Steve K

      Re: Gosh, I remember when Avast was free

      Same with AVG

    4. Unicornpiss

      Avast is already adware

      I stopped using it years ago when the constant marketing became overwhelming.

    5. Tigra 07
      Facepalm

      Re: Gosh, I remember when Avast was free

      There's still a free version. It's filled with nagware about leaking IP addresses, discounts on the paid version, and "the Government can see what you do online" scare tactics.

      It completely ignores that I have a paid VPN to tout this bullshit and tries to install Chrome whenever it gets the chance too.

    6. fajensen
      Black Helicopters

      Re: Gosh, I remember when Avast was free

      I dropped it when I got spooked by Avast secretly inserting a proxy-SSL service in front of my 'NNTP' client, then finding out that it pretty much did that for everything SSL. Only NNTP was rarely used so little tested and this threw some exceptions.

      First thought was: "Why the f*ck would they do that!?" to scan for viruses obviously, but, what else could they do with that proxy?

      Then I figured that Avast was perhaps much *too* nice, polished and even well-maintained for a free piece of proprietary software. 'Someone' was maybe paying big money for the capability of building hashes of all the files on all computers on the planet and, for example, monitoring which hashes moves over SSL to where and likely having access to getting copies of the traffic going over SSL.

      'Someone' rolling in that kind of unquestioned, permanent, funding would be someone with interest in the communication gathering. Like the NSA or just maybe the CIA.

      1. Tigra 07
        Devil

        Re: fajensen

        Does your tinfoil hat interfere with, or enhance your WiFi signal?

        1. BlueTemplar

          Re: fajensen

          Snowden ?

          Though since Avast is a Czech company, maybe it *is* paranoid...

        2. fajensen

          Re: fajensen

          Shouldn't you be droning some weddings or something?

          1. ds6 Silver badge
            FAIL

            Re: fajensen

            Nice comeback, bro.

            If you're gonna complain about an antivirus product doing what it advertises re: SSL (actually, it's TLS...) then you should probably look into CloudFlare MitM on probably 80% of sites you visit; guarantee you'll blow a gasket. Even el Reg used to use them, seems like they don't now though.

  6. spold Silver badge

    European answer

    GDPR - Chapter II Principles - Article 5 - Principles relating to processing of personal data - Article 5.1 (c).

    Proportionality and over-collection for the purposes. Complain to your local european data protection authority which will have it's own country implementing law for GDPR.

  7. Prst. V.Jeltz Silver badge
    Go

    "100 million global online shoppers and 20 million global app users. Analyze it however you want: track what users searched for, how they interacted with a particular brand or product, and what they bought. Look into any category, country, or domain" – which sounds a lot like the data the Avast and AVG extensions collect.

    This might not be a popular view but ...

    I really dont give a shit. If i can get a free adblocker / AV for the price of telling them I bought a dildo from Amazon - so be it .

    It beats paying for it

    I have a lot more data to give away than cash.

    1. My-Handle

      Informed choice

      You are perfectly entitled to your view, and it is not an unreasonable one. But likewise it is not unreasonable for people to expect a degree of privacy and I suspect many such people would pay for that.

      Avast aren't allowing you that choice. They're taking that data regardless of your opinion and often without your knowledge. That's the real issue here.

      1. Anonymous Coward
        Anonymous Coward

        Re: Informed choice

        But Avast _IS_ allowing you the choice. You make the choice by using them. If he is willing to provide his data to them in exchange for something of perceived value, then it is his choice and the rest of us are wrong in trying to censor that.

        1. eldakka

          Re: Informed choice

          But, until now at least, it hasn't been an informed choice. prior to this news, would one have been aware that that's what they are doing, i.e. you are exchanging that data for those services?

          Making that informed choice is acceptable, even if I wouldn't do it, but it hasn't been an informed choice.

    2. LeahroyNake

      You got an upvote just for comedy value.

      Now on to the dildo... I'm looking for a 4ft purple one to reenact my favourite mission in Saints Row, really want a glow in the dark one as well you know.... Just to pretend I'm in Star Wars or something. If you just search for it I'm sure you will show up in an amazon bucket dump or something sooner or later. I can then get it delivered to your shed and pop over while you are in work to pick it up.

      Thanks in advance, L Skywalker.

      1. WolfFan Silver badge

        Surely Leia Skywalker would just trust the force...

        And, in any case, there’s always a Wookie handy.

        1. Cessquill

          Were that it were, but I bent my Wookie.

        2. The Dogs Meevonks Silver badge

          If you have to use force on the dildo... you need a little more for(c)eplay.

        3. BigSLitleP

          As Limp Bizkit once sang....

          She did it all for the Wookie, c'mon, the wookie, c'mon, so you can take that cookie, and stick it up your

      2. J. Cook Silver badge
        Coat

        ... I think Bad Dragon* might be able to, uh, take care of you.

        * Exceedingly NSFW, and/or possibly sanity.

        1. Paul Crawford Silver badge

          I just had to search for Bad Dragon and lo! It also makes hentai / alien tentacle dildos! You have been warned...

      3. Unicornpiss
        Paris Hilton

        Barney the purple dinosaur..

        "Now on to the dildo... I'm looking for a 4ft purple one"

        Sing it... "I love you. You love me.."

    3. The Dogs Meevonks Silver badge

      Judging from the downvotes... you're quite right.. not an unpopular opinion.

      I'd like to tell you why.

      That kind of wilful ignorance is exactly the reason we have this shitshow of an internet we currently have... where every single company thinks it has the right to harvest every single bit of private data bout every one without consequence. You complete and utter failure to give any care in the world, allows them to continue to push the boundaries of what is moral, ethical and in any way acceptable.

      You are part of the problem, and whilst people continue to think like you.. nothing will change and people like me will continue to do everything in our power to block and render any data collected as worthless as is possible.

      1. Prst. V.Jeltz Silver badge

        well , you clearly feel very strongly about this but you've not actually mentioned what the problem is - just that you are opposed to data collection.

        Is it that the adverts you receive might be relevant to your interests? oh no ! the horror!

        So much amazing stuff is free on the internet because of things like this:

        - free email accounts

        - free antivirus

        - free adbnlockers

        - free ffs sake i dont need to draw u a picture

        Think of it like TV

        nobody like or wants adverts - but they make it free.

        And as i said , id rather give data away than money.

        I can even give my data away more than once to different parties

        i can copy and reproduce my data to give it away again.

        i cant do that with money

        1. TheProf

          "nobody like or wants adverts - but they make it free."

          Nearly correct but the adverts are paid for by you whether you watch them or not. Those hundreds of thousands of pounds for 30 seconds during the FA Cup final don't come from nowhere.

          1. Prst. V.Jeltz Silver badge

            you mean whenever i buy something some of that money is going to the marketing department of that company?

            I guess you're right.

            I normally only buy cheap stuff from Amazon and Ebay from companies that just use those marketplaces search engines as their marketing.

        2. Unicornpiss
          Meh

          I wouldn't mind paying a reasonable fee..

          ..to not be bombarded with ads. I'm far from rich, but we don't all have to accept the lowest common denominator just because it's free, do we?

          Mostly I will go out of my way to block every ad I can though. I don't mind the quiet, relevant ads such as on this site. I mean the blinking, aggravating atrocities that block content you're trying to view. And I hate the way you go to a site looking for software only to find 10 giant buttons to download worthless crap while the actual link to what you're looking for is about 1mm in size. Also hate when you're on a mobile device and navigating a minefield just to get to the next page of your article without inadvertently clicking on the trash that surrounds what you're trying to read. News sites that do that or that won't display content without turning off an ad blocker either get their ad scripts blocked by me or if too inconvenient, I can just find content elsewhere. The companies that allow these ads for a little revenue boost are scamming the system too--they only care that the ad shows as delivered, even if you instantly closed the popup before it finished loading, so they purposely make it easy to inadvertently click something you don't want. Which is just shitty.

          I make a point of utterly avoiding anything aggressively marketed in these ways, even when the product would be useful to me. And I think everyone should. People's acceptance of continual annoyances is why the Internet is a swamp that must be waded through to get to the clear water. Avoiding marketing and the capture of personal data is also one of the reasons that I use Linux everywhere I can.

          1. Prst. V.Jeltz Silver badge
            Trollface

            Re: I wouldn't mind paying a reasonable fee..

            well if you didnt click on these inviting looking

            "Guess what film star x looks like now" or

            "she didnt realise why people were staring"

            links , you wouldnt be in the firing line of the crap canon :)

        3. Carpet Deal 'em
          FAIL

          Personally, I have no issue with the concept of ad-funded services in and of itself; it's the personal data collection that needs to go.

        4. Teiwaz

          Think of it like TV

          I might agree (sort of) - I think a lot of users are more than happy with 'Free' in exchange for ads and usage tracking, they don't see the value on what they using to pay for these services, and won't until they get hit by an identity thief or some other fraud.

          Perhaps companies feel their product would be less attractive if consumers knew how much of their activity was monitored - most people will click through without reading impatiently anyway.

          But TV? It's not usually that free down to just ads, there's channels and who charge subscription and serve ads.

          And the rub is, even with all this data collection, companies who pride themselves on targeted advertising still seem to be wide of the mark - The fact that these companies think their 'expertise' might be useful in medical diagnosis scares me.

        5. Anonymous Coward
          Anonymous Coward

          > Think of it like TV.

          No. When I watch a programme or advert on TV, the company making the advert doesn't get to know what programme I watched before, what programmes I looked at yesterday, where I live, and all the rest of it.

          1. Prst. V.Jeltz Silver badge

            they do. Well they know a lot , for istance

            They know that if you see an advert that they've placed in the middle of "The only way is Essex" then you are a {insert stereotype}

            1. Unicornpiss
              Black Helicopters

              TV

              If you're using a cable box or streaming service, who knows what telemetry is going back to the mothership. At least with a stream on a PC, if you have the ability, the time, and enough headache medicine, you can figure out some of what is being monitored. With a sealed cable box, with its own modem built in, who knows how much of your activity is being tracked? They may even know how long it took you to get fed up and mute a commercial, or change to another channel. And if you're using any kind of cloud-based DVR or one included by your service provider, all kinds of demographic info is being harvested. And you're paying a hefty fee for the privilege of having your activities monitored.

            2. Anonymous Coward
              Anonymous Coward

              "before".

              Besides, it's good they know the programme I'm currently watching - they can customise the advert accordingly - this is analogous to an online advertiser knowing what web site he/she is advertising on, which is fine, and doesn't require tracking the viewer.

              Personally, I'd prefer to see (on this page) adverts for virus scanners than adverts for a sound system I bought last week.

      2. Anonymous Coward
        Anonymous Coward

        re. Judging from the downvotes..

        the problem (with humanity) and downvoting is that the (vast) majority of users here are UNLIKE the vast majority of mainstream users "out there". So, while his views here are fringe and he'lll be downvoted to oblivion, his views are definitely mainstream, and 99.9% of the mainstream, if not more. After all, this is the sole reason the internet's become such a shilly, shitty, "place" - overwhelming majority of people DO. NOT. CARE.

        p.s. and no, I don't think human nature's gonna change. No facebook or google scandal, on any scale will change human "DO. NOT. CARE" :/

        1. Prst. V.Jeltz Silver badge
          Big Brother

          Re: re. Judging from the downvotes..

          like the The Dogs Meevonks's post above.

          You didnt mention what the problem is.

          Is it that if AVAST log which websites ive been to , then within a year the government will have me in a gulag , and my neighbours will have been executed because i posted that I voted green?

          1. Aussie Doc
            Big Brother

            Re: re. Judging from the downvotes..

            I don't judge but maybe 'they' are interested in your dildo purchase. Nefarious deeds, perhaps?

  8. Anonymous Coward
    Anonymous Coward

    Shouldn't

    Firefox proactively block all extenstions and Addons that suck data ?

    If data has to be analysed maybe firefox can setup a cloud so the data is never actually received by the app makers.

    Any apps that are very useful but spylike then maybe Firefox could sponsor and own an open source version so that they are the only people who may have access to the data

  9. adam payne

    It is necessary for this service to collect the URL history to deliver its expected functionality.

    I remember when Avast was a small free light free Anti-Virus that used to shout Warning..a virus has been detected whenever it found anything.

    Those days are long gone and now I see the bloated mess it has become, almost like it took the AVG bloat route after they purchased them.

  10. IJD

    Avast is still free for the basic AV package...

    1. Terry 6 Silver badge

      I had been with Kaspersky free for a while. But it developed an intolerance for Thunderbird, or vice versa.

      It seemed to cause TB to keep thinking it needed to update, and pop a message saying so, but then couldn't. Even when it was up to date.

      A minor problem and there is a fix out there.

      Easier to just switch to a different free AV.

      BTW I started using free AV products when they moved from a purchase model to an annual subscription.

      Though I do like the freedom to switch when I like, too.

  11. Anonymous Coward
    Anonymous Coward

    Maybe avast should follow Palant's lead and provide a whitelist of good websites they trust (and won't log) that promise not to be bad in exchange for money ;)

  12. developer_xxl

    stop using avast

    I've stopped using avast a little more than 2 years ago and it's safe to say, one of the best decisions I will never regret. avast must end their operations

    1. gzgweilo

      Re: stop using avast

      Any recommendations for an adequate anti virus that doesn't try to slurp your data?

      1. Anonymous Coward
        Anonymous Coward

        Re: stop using avast

        I just use common sense instead of AV.

        I only download drivers or software from the manufaturers.

        If I click on a link to download a picture , or a word doc , or a torrent and the file is called

        infectme.exe , i dont click go.

        simple

      2. Brewster's Angle Grinder Silver badge
        Windows

        Re: stop using avast

        Uninstall them and rely on Windows Defender?

      3. BlueTemplar

        Re: stop using avast

        Linux

      4. Unicornpiss

        Re: stop using avast

        "Panda" seems to be okay and is free. And it doesn't spam you to death with ads.

  13. NonSSL-Login

    Every company slurps as much data as they can get away with as new-age marketing types have told them its all about monetizing data now.

    Lets add bluetooth and an app to <device>, say a toothbrush, and then we can track how, when and where they use the device and sell the data is another new trick.

    Lets sell you an expensive tv but then pipe our own adverts straight to it while also sending back to the mothership what programmes they watch, when and for how long!

    Its happening everywhere and laws and regulations dont seem to stop them taking the piss every chance possible. We need more to protect us from data slurping companies.

  14. Anonymous Coward
    Anonymous Coward

    So..

    We're collectively aghast at Avast then?

    OK. Noted.

    :)

    1. Prst. V.Jeltz Silver badge

      Re: So..

      yeah screw those bastards!

      trying to give us an AV solution for £0.00

      who do they think they are?!

      1. jospanner

        Re: So..

        You work for them, don't you?

      2. Fred Flintstone Gold badge

        Re: So..

        Methinks your sarcasm reservoir is empty.

        As it is Friday, could I suggest you refuel it at the nearest pub?

  15. Anonymous Coward
    Anonymous Coward

    Ah yes, Avast

    My siblings laptop had been infected by a fake Firefox update that used PowerShell and Wscript to modify the Windows registry for persistence and to commit ad click-fraud pulling down hundreds of video ad impressions which I later recovered from the raw disk image I created using open-source recovery software .

    I had reached out to abuse department of the registrar only to be ignored even after escalting to a supervisor on a recorded call.

    Months later this registrar is mentioned only by their location in a semi-redacted endictment of a man extradited from the Ukraine.

    All the while a paid version of Avast was running quietly with nothing to report, partially knackered by a simple one-line script using the Windows TaskKill command.

    There is also a dodgy "antivirus/cleaner" app on the Play store that uses Avast's detection engine that can break out of it's sandbox to access other apps data by becoming a Device Administrator that many users have reported being tricked into installing by scary pop-up warnings that threaten users with SIM card damage or worse unless this app is installed only to get charged a fee if they do not unsubscribe within 3 days after install.

    This ad fraud can be traced as far back as 2013.

    From the Play Store reviews from December 2nd 2019:

    "Your scareware app has frozen my internet, threatened to lock my phone within 24 hrs if I don't download your app, use it for 3 days free then be given the privilege of paying $24.99 for a year of using it, charged to my cc on file with Samsung.

    If I'm charged I will sue you..."

    And then there are the many user complaints on Avast's user forums of Avast getting installed as a "bundle" when trying to install CC-cleaner, ignoring opt-out checkboxes and users reporting strange processes running on their Windows box with bizarre devil-may-care attitude response from the devs.

    I guess in a way I should be thanking Avast, it was the afore mentioned Android app that alerted me to what had been going on with Facebook years before it became a worldwide scandal and the reason I no longer allow ANY third party apps on my devices and the reason I learned how to flash my devices with Lineage OS and deleted all social media.

    The average person installs these "security" products to try and protect themselves from the very things these apps and browser extensions are doing.

    /rant

  16. Mike 137 Silver badge

    "Google Chrome is where the overwhelming majority of these users are..."

    Hardly worth using (or indeed blocking) these extensions if you're using Chrome. It does all the snooping you could want entirely unaided, as does Google by multiple other means.

    1. JCitizen
      Go

      Re: "Google Chrome is where the overwhelming majority of these users are..."

      @MIke 137 ----- That is exactly right. I install DuckDuckGo and it does a much better job blocking everything on the web sites than Avast did, and you can adjust the controls for each site and support sites that need the ad dollar to stay in business. It especially works on Chrome which is why it was developed. I'd swear Chrome runs faster with it enabled.

      Avast is fairly good for a free ware AV, but I have a life time license for MBAM, so I don't need it anymore. I use my PC as a restricted user, so the bugs can't take over, and simply run CCleaner to make sure no attack files are left over from surfing the web. Unfortunately Avast bought CCleaner, so now it is getting slow - but I don't know any other file cleaner that can remove Zombie files and LSOs, and the minute I can find one that is less of a problem,, I will switch to it.

  17. Anonymous Coward
    Anonymous Coward

    Avast does this without collecting or storing a user's identification.

    whenever a business approached with a straightforward inquiry, begins to spout vague and ambiguous replies, I can see a worm, wriggling on a hook. Not that I would trust these companies in the first place, once you run a business and hit the bottom with FREE!!! you've got to find revenues SOMEWHERE, so you grab a shovel and burrow deeper into your "users".

    p.s. and OT, shame not every business can afford to be so gloriously, long-term unprofitable amazon-style...

  18. BlueTemplar

    Hmm, Flattr ?

    Is this why Flattr isn't on Firefox store (anymore) ?

    (Of course Flattr has been *very* upfront as to what they collect and why...)

  19. Tristan Young

    The makers of Avast became dodgy bloatware creators. I kicked Avast's ass to the curb years ago. Their software was slowing down PCs and even created some unexpected reboots and lost Windows system files during its time protecting against malware (but not protecting against itself). The very thing that was supposed to keep our computers safer became the very problem we desired to avoid.

    Best practices have kept our systems malware-free. Avast was purely a drain. Not surprised that they were slurping more data than was truly necessary through browser plugins, and kudos to Firefox for removing them from the addon store. This should extend to existing installs by way of an election page explaining things to the user, and giving them the option to remove the offending addons.

    1. JCitizen
      Windows

      @Triston Young

      Avast used to be a good AV, but I found that a fully updated PC with all apps updated, and running as a restricted user, can protect against malware incursions just as well. However I still use the paid version of MBAM just in case, and it does well enough alone. I now recommend just using Windows Defender for most folks and train them to watch out and think before clicking on pop ups; and all is well - expecially if they clean the files often. Unfortunately Avast bought Piriform so now CCleaner is slowing down, but until I can find another free file cleaner that removes LSOs and Zombie files, I'll have to put up with another Avast product again.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like