Fact or Fiction, if Fact is this something I should be concerned about?

c/p

ESET spies on you, more than one could ever imagine: where it claims to protect your privacy, it actually collects and distributes information about you and your surfing habits to third parties, including Adobe and other internet "intelligence" and/or "ads" networks. ESET puts lots of cookies on our computers. Some are legitimate and harmless, others are just unacceptable (hitbox, websidestory/omniture, interclick, 207.net) because they are installed without user's knowledge and consent - no opt out.


I remember having read an article by Randy Abrams (Director of Technical Education - ESET LLCon) on ESET Threat Blog. Andy said "Adobe Flash is, in my opinion, the most ubiquitous spyware in the world and no products detect it as such. The reason it goes undetected is that it also has numerous legitimate uses, however, there is growing evidence that indicates significant abuse. If you have Adobe Flash on your computer, and most of you do, you are probably being spied on and Adobe does their best not to let you know or do anything about it."
Well Randy, just replace "Adobe Flash" - not Adobe -with "ESET", the intro for a new article is ready!

I began to doubt the good faith of ESET examining their EULA (End User License Agreement):

Data on End User and Protection of Rights. You agree that through communication of the Software with the computer systems of the Provider or of its business partners data may be transferred, the purpose of which is to ensure the functionality of and authorization to use the Software and protection of the Provider’s rights.

So far so good, it's all about the functionality of the software, nothing to worry about. Nothing? Let's have a closer look at things that happens when you visit ESET website.

To that purpose, I used a fresh portable version of Firefox, with no extensions installed, no browsing history, no cookies, fully clean. I first visited eset.com, then this blog and finally The Software Repository - each in a separate tab. I then closed the browser and analyzed the cookies listed by MozillaCookiesView. I deleted irrelevant cookies generated by visits to this site and to The Software Repository (google, shoutmix, analytics, youtube, etc.) and kept only ESET and unknown ones. The results can be found in the picture below (click to enlarge).



What are those cookies by hitbox, interclick, doubleclick, 207.net? Were they placed after I visited eset.com? In order to determine whether the cookies were linked to eset.com, i went to SiteSpeedLab, a site that analyses site speed, also disclosing external links from/to the site.

The picture below clearly proves that eset.com is directly responsible for calling elements by interclick, doubleclick, 207.net, and hitbox when displaying its main page. Which elements? Cookies, my friends!




Are they dangerous? Who do they belong to? What kind of data do they collect and to which purposes?

1. Doubleclick. DoubleClick is and "ad management and ad serving technology foundation for the world's buyers, creators and sellers of digital mediaowned", operated by Google. DoubleClick's Privacy Policy relies on Google's 5 Privacy Principles. Principle 4 states "To best serve the full range of our users, Google strives to offer them meaningful and fine-grained choices over the use of their personal information. We believe personal information should not be held hostage and we are committed to building products that let users export their personal information to other services."

Problem: only users with a Google account can fine tune the use of their personal information ...

2. Hitbox is much worse. Enter hitbox.com, you'll be redirected to Omniture, Adobe's Online Marketing Suite ... This extremely powerful web intelligence system "allows to perform complex data mining queries on historical click-stream data and integrate detailed click-stream data feeds with internal data systems". Omniture.com "measures and analyzes non-identifying, aggregate usage, and volume statistical information from Site visitors in order to administer the Site, and to constantly improve the quality of our service and site performance, such as providing more relevant content to you during your visit(s)".

How Omniture.com uses cookies: "When you interact with the Site, we strive to make that experience easy, meaningful, and relevant. When you come to the Site, our web server uses cookies to improve your interaction with the Site by, for example, remembering your preferences and dynamically serving more relevant content to you. More specifically, we use cookies to measure your behavior on the Site and to save personal settings on specific pages."

Controlling the Use of Cookies: "You have the ability to accept or decline cookies." Hey, guys at Omniture, I didn't visit your site!

3. 207.net. 207.net is a domain used by Adobe to help provide portions of its Adobe® SiteCatalyst® and Adobe® SearchCenter+ products. Specifically, this domain is used by Adobe to place cookies, on behalf of its customers, on the computers of visitors to customers' selected websites.

As part of its privacy policy, 207.net offers an opt out mechanism for customer's website visitors - ESET in our case - who don't wish to allow their session visitation information to be aggregated and analyzed by Adobe.

4. Interclick. Interclick is yet another marketing/data intelligence agency. In its privacy policy, the company states it "provides consumer opt-out, allowing consumers to opt-out of all interclick data use". It has an opt-out page that gives the ability not to be identified for interclick's network advertising services.

5. What is spyware? The Anti-Spyware Coalition defines Spyware (and Other Potentially Unwanted Technologies). They are Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

- Material changes that affect their user experience, privacy, or system security;
- Use of their system resources, including what programs are installed on their computers; and/or
- Collection, use, and distribution of their personal or other sensitive information.



Conclusions. After a single visit to (any) ESET website, I got unwittingly embarked in several marketing/survey/intelligence tracking processes. I also proved that ESET is directly responsible for placing cookies on my computer, which are not related to the proper functioning of the software, without my knowledge or consent. I say that ESET must be seen as spyware as it meets at least 2 of the criteria listed by the Anti-Spyware Coalition. Funny enough, ESET is one of the top-rated members of the Coalition!

Instead of protecting users from spyware, ESET is also spyware. I therefore recommend those who paid for the software to complain with ESET about these unfair practices. I recommend all ESET users to remove the software (both NOD32 Antivirus and Smart Security) - a painful process -, then delete all ESET related cookies listed in this article, and finally install some decent safety product.

 

None of these cookies poses a problem to user's privacy. Our web team will respond here with an official statement soon.

 

I have no problem with it.

 

For those interested you can manage your flash player privacy settings here:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html

 

I have no problem at all

 

It wasn't so much whether or not you or anyone else may have a problem with it, it is more so that why is the AV program allowing/permitting/participating in the placing of those cookies?

Is that a normal function of AV/security programs?

 

I had this "live" Adobe settings link as a desktop icon long ago, but dumped it on getting fed up with Adobe. I have completely forgotten how I got an icon from this settings panel. Do you know how to do this ?

John

 

Eset has my full confidence that they will not disclose sensitive personal information.They have not given me the opportunity to prove otherwise, quite the contrary. And by the way, you can always run In-private mode leaving none or almost none cookies traces behind. We all know that, we all are bombarded with cookies when we surf the net. But you can always set and tweak your Browser, to minimize the impact. I fully trust Eset business ethics.
Best Regards

 

I could be wrong but I think I read a year or two ago that Adobe changed it so that the only way you can access that control panel is by going to their web page now.

 

Thanks for your help.

Ya `aint seen nuttin yet ! While I was away, after messing about I found it.

Save your link in Bookmarks or Favorites. Then go to :-
Start>Search>"Adobe Settings"> Search results list.

Find "Adobe Settings" on the list in Documents & settings/All users/Application data.
RT click and OPEN file. A whole load of gunge shows up. Find Adobe Settings Manager, RT click, select Create Shortcut. It will ask if you want it on the desktop - say YES.

The Shortcut icon is then on your desktop. Just LT click and the live Settings Manager page comes up on the Internet via your browser.

WHEW ! And that`s it.
John

 

Are you talking about Eset when you say "In-private" mode? If so, where is that hidden in the advanced menus?

Also why has adobe all of a sudden decided to load a ton of crap on your machine when all i really wanted/needed was Adobe reader (adobe AIR, live, adobe.com etc.)

thanks chris

 

I have to admit I find this rather surprising and wait to see eset's response.

 

OP you're proposing removal of ESET AV/AS software because their web site deposits cookies. I think this is an overreaction and should be clarified that the NOD32 programs are not creating this issue. It is from using a web browser to Eset web sites.

 

I dont know if the OP wants to do that or.... really wants to find an answer to his questions.
I understood that he spoke about the website, not the Product GUI

 

did you have time to check other AV vendors websites and what happens when those are visited?

 

Hello,

We try to be very transparent in our privacy policy and in what we do online, so here is also a very transparent explanation:

On our site at www.eset.com, we include tracking code for several third-party analytics services. We only use the largest and well trusted tracking services - Google, Doubleclick, Adobe, and others listed below. These services are well trusted by many other companies, and are used in some form by the vast majority of commercial websites.

We could summarize it in few sentences: We do not sell or transfer any personally identifiable information. The data is anonymous and statistical only, and we only use it to analyze the web traffic and optimize our website. If we had any doubt that the privacy of our online visitors could be jeopardized in any way, we would not use such tracking services!

Here are brief explanations for each of the tracking services:

• googleadservices.com – Tracking service for pay-per-click advertising through Google.com. It's one of the largest pay-per-click advertising services and well trusted by many companies. We use this tracking service, to make sure we get a return on our investment in Google’s pay-per-click program. We do not pay any attention to user data.
• interclick.com and doubleclick.com – Tracking services for banner advertising, similar to Google’s program described above.
• offermatica.com – Tracking services for Test&Target, which is now part of Adobe through their acquisition of Omniture. We use this to test website changes, new designs and optimize our site. It allows us to do A and B version website testing, for example, we want to test a new image on our website – 50% of users get to see the new image, and 50% of users get to see the old image, and we can tell, which image is more successful based on how many users click on it.
• google-analytics.com – This is the golden standard of web analytics, it's an excellent free service and we use it mainly as our backup to Omniture HBX (also known as Hitbox/WebSideStory) and Omniture SiteCatalyst, which offer more features.
• hitbox.com – Hitbox is web analytics service and was acquired by Omniture, which was in turn later acquired by Adobe. It offers better reporting than Google Analytics.
• 2o7.net – SiteCatalyst is product of Omniture, and the company was aquired by Adobe. SiteCatalyst became their new flagship product, and we're switching to this from HitBox.

One way to block the cookies is to adjust your browser settings to block all third-party cookies or even to block all cookies, if you wish to do so.

For information on blocking cookies within Mozilla Firefox, see the Cookies|How To|Firefox Support article on Mozilla's support site.

For information on blocking cookies in Microsoft Internet Explorer, see Block or Allow Cookies article on Microsoft's web site.

If you have any futher questions, please feel free to post them here or send a private message, as you feel is appropriate.

Regards,

Aryeh Goretsky

 

Hello cmangle
Sorry about not being clear, I were referring to the opportunity you have in many browser, to run in a state where cookies is not being saved. IE8 calls it In Private, Chrome calls it incognito, and so on.
Best Regards

 

The MVPS HOSTS file will do the job

At the other hand: there is another opinion possible. As dadkins (Rest In Peace David) used to say: "what cookies, I don't care "

 

Block 3rd party cookies in your browser, no "block lists" needed.

 

recommend the Ghostery browser addon, which helps in preventing websites from tracking users

 

Indeed, blocking cookies doesn't stop all these trackers:

 

Where did you find this gem?

 

This gem is in Internet Explorer under Tools, Internet Options, Privacy settings.

 

Thank you!! I was scrolling down to see if there would be anyone with half a brain who was going to make that statement. Do people really believe that the behaviour of Eset's website (similar to many, many others) reflects on the software itself and warrants naming it 'spyware'!? I think not.

 

If you use adblock in Chrome (and perhaps FireFox) you could enable the EasyPrivacy list in your subscriptions: