Avast and AVG Browser Extensions Spying On Chrome and Firefox Users

This article came across my newsfeed on Facebook.

https://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible.

Avast Online Security
AVG Online Security
Avast SafePrice
AVG SafePrice

Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including your detailed browsing history.

Most of you might not even remember downloading and installing these extensions on your web browser, and that’s likely because when users install Avast or AVG antivirus on their PCs, the software automatically installs their respective add-ons on the users’ browsers.

Both online security extensions have been designed to warn users when they visit a malicious or phishing website; whereas, SafePrice extensions help online shoppers learn about best offers, price comparisons, travel deals, and discount coupons from various sites.

The malicious behaviour of Avast and AVG extensions was discovered almost a month ago by Wladimir Palant, who detailed how the extensions are sending a large amount of data about users’ browsing habits, listed below, to the company’s servers — “far beyond what’s necessary for the extension to function.”

What users’ data is being sent to Avast?

Full URL of the page you are on, including query part and anchor data,
A unique user identifier (UID) generated by the extension for tracking,
Page title,
Referrer URL,
How you landed on a page, e.g., by entering the address directly, using a bookmark or clicking a link,
A value that tells whether you visited a page before,
Your country code
Browser name and its exact version number,
Your operating system and its exact version number

“Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier,” Palant said.

Over this weekend, Palant reported his findings to both the browser makers, Mozilla, and Google, of which Mozilla took immediate action by temporarily removing the extensions from its Firefox Add-on store within 24 hours until Avast resolves the issue.

“This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” Mozilla said.

Since Mozilla didn’t blacklist the extensions altogether or automatically removed them from users’ browsers, it should be noted that these extensions would remain active for existing users and continue spying on them.

On the other hand, all the four extensions are still available on the Google Chrome Web Store, but Palant believes they will be removed by the tech giant after “considerable news coverage.”

Read about this too on ghacks.net.
If true, I would be very disappointed in Avast.

You could have read about it in the Avast forums, had you checked :wink:

There are other topics also.
https://forum.avast.com/index.php?topic=230901.0

There are other glaring problems on which they promised a fix that they (not yet / never) delivered:
https://forum.avast.com/index.php?topic=229164.0

I am talking about HTTPS-MiTM-Inspection of TLS connections. Even if you DON’T have the modules installed that use this feature.
A memory hook alters Firefox settings in RAM at launch. Please bring this to attention again that we can also sort this issue out once and for all.

EDIT:
Please leave this in the thread, as this is also about browsing history and Firefox and no less of an issue.

This has actually nothing to do with the Avast Browser Add-ons (the subject of this topic), but the Web Shield. You have received your answer in the topic you mentioned and we/you will have to await a response from Igor or see when 19.9 is released, which is still technically in Beta.

Correct, but decrypting the entire encrypted TLS/SSL traffic of a Browser due to using EnterpriseRootsSettings and the Avast WebShield is no less boosting my trust.
Especially when said module is UN-installed and the memory hook still latches onto my browser.

No problem, you saw I was told the fix did not make it into 19.8 but I am inclined to politely remind the AVAST Team of this being important.
I thank igor and you for the work, but I still hold him to his word that this won’t be overlooked for 19.9 :wink:

(I don’t have webshield installed and still Firefox is being hooked. Use a process explorer to see the Avast modules changing settings as proved in my thread.)

EDIT:
I remade my post in the other thread with explanation why this still is an issue about both Firefox and Browsing history.
TLS inspection gives access to the full browsing history and data.

As I said this really is off-topic for this thread, so continuing just draws it further off-topic.

You should continue in that thread as you have mentioned.

Wow… okay I will obey… good thing tech blogs and the internet archive exist.

I will simply stop posting.

Edit:

Gaining access to browsing history by means of a browser addon or by means of webshield and TLS inspection are TWO SIDES OF THE SAME COIN.
The topic is privacy in Firefox, and firefox and browsing data is inspected in both cases.
I was on topic, but I was silenced.

No, I chose to become inactive out of my own free will. Silenced in my country, silenced here.
Two sides of another coin.

Enjoy ruling

No need to stop posting, just keep it on topic.

Avast-Statement: [i]We have offered our Avast Online Security and SafePrice browser extensions for many years through the Mozilla store. Mozilla has recently updated its store policy and we are liaising with them in order to make the necessary adjustments to our extensions to align with new requirements. The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks. It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user’s identification.

We have already implemented some of Mozilla’s new requirements and will release further updated versions that are fully compliant and transparent per the new requirements. These will be available as usual in the Mozilla store in the near future.[/i]

So is Avast Antitrack Premium affected? ty

Hello
I have been following this case since December 4, 2019.
I find this attack on Avast completely unfair!
When you know what Google is doing with our info.
I posted on a European computer forum (a reference) to defend the quality of Avast which I have used free for 9 years without any worries.
Now it’s Chrome that is blocking my extension and I don’t see how to reinstall it permanently?
https://forum.pcastuces.com/avast-f25s81464.htm
https://forum.pcastuces.com/chrome_supprime_avast_online_security-f6s77177.htm
https://forum.pcastuces.com/a_propos_de_firefox_-f6s63031.htm?page=249&#6094283

Why Google is removing these useful extensions from Chrome Webstore?

Coz “tracking” of users is bad apparently. Oh teh irony coming from Google lol

They are removed from Google Chrome? I don’t think so, or maybe they were removed then they restored them again…I don’t know but I see a button says “Available on Chrome”

Hello
Please … click on my second link.
Thank you
Whenever I authorize it, Chrome disconnects it:
https://imgur.com/a/r9ZpHh5
I don’t know how to post a capture here

I see…You can move to Firefox browser if you want to use Avast Online Security.
I don’t use Avast Online Security, I am good with 15 (security and privacy) add-ons some of them are recommended by Firefox.
I can send you my own collection of (security and privacy) add-ons , you can use them with Avast online security if you want.

Thank you ,
Excuse the translation, I’m French but I only post here for Avast’s answers.
I know Firefox and Chrome well, I work very often in duo, so at the same time with these two browsers.
I know well the recommendations of Firefox (modules)
I have reduced my modules and / or extensions to the maximum for several years …
Behind each module, there is a developer
And, I don’t know them all… :-[
I understand Raymond Hill well to follow him regularly

When you are in the Reply window, click the ‘Attachments and other options’ below the window to expand and allow attachments.

Me too I don’t know all the developers but I try to make my browser in full protection.
I don’t care about knowing the developers.
I read the reviews, and how many users use an extension, and when it was last updated. That is what I need to know.
But Ok…I understand you.