AVG aint been ish for a while but I expected better of Avast…. oops on me…
Mozilla removed today four Firefox extensions made by Avast and its subsidiary AVG after receiving credible reports that the extensions were harvesting user data and browsing histories.
The four extensions are Avast Online Security, AVG Online Security, Avast SafePrice, and AVG SafePrice.
The first two are extensions that show warnings when navigating to known malicious or suspicious sites, while the last two are extensions for online shoppers, showing price comparisons, deals, and available coupons.
EXTENSIONS CAUGHT SNOOPING IN OCTOBER
Mozilla removed the four extensions from its add-ons portal after receiving a report from Wladimir Palant, the creator of the AdBlock Plus ad-blocking extension.
Palant analyzed the Avast Online Security and AVG Online Security extensions in late October and found that the two were collecting much more data than they needed to work — including detailed user browsing history, a practice prohibited by both Mozilla and Google.
Seeing that his original blog post didn’t get the traction he hoped, and neither browser maker intervened to take down the extensions on their own accord, Palant said he reported the extensions to Mozilla developers yesterday, hoping that the organization would take action — which, it did, removing all four add-ons within 24 hours.
Avast told ZDNet they are working with Mozilla “to resolve the issue.”
“The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks,” an Avast spokesperson told ZDNet. “It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user’s identification.
“We have already implemented some of Mozilla’s new requirements and will release further updated versions that are fully compliant and transparent per the new requirements,” the Avast spokesperson said. “These will be available as usual on the Mozilla store in the near future.”
EXTENSIONS STILL AVAILABLE ON CHROME WEB STORE
“The only official way to report an extension here is the ‘report abuse’ link,” he said. “I used that one of course, but previous experience shows that it never has any effect.
“Extensions have only ever been removed from the Chrome Web Store after considerable news coverage,” he added.
However, Google is expected to remove the four extensions, as the browser maker has historically cracked down on extensions that collect user browsing records.
For example, in July 2018, Google staff temporarily removed the Stylish extension until it removed the code that harvested users’ web browsing history.