Avast Antivirus Was Spying On You with Adware (Until This Week)

Let the discussion begin. Don't shoot the messenger. I personally do not use the browser plugin.

http://www.howtogeek.com/199829/avast-antivirus-was-spying-on-you-with-adware-until-this-week/

 

Response from Vlk with, hopefully, a more detailed response soon.

https://forum.avast.com/index.php?topic=157693.0

 

i am not saying this article was right or wrong but this is the reason i stopped using avast a good while back. they started throwing literally anything and everything into the suite. imo it got ridiculous. and when i selected custom install and opted to not install many things it harassed me about installing those later. i really did like avast as an av but i will never use any av that they throw everything in like that. hoping vlk can shed light on this.

 

His(Vlk) explanation should be very interesting

 

IMO, people that use Avast Free are not entitled to complain, since they haven't paid for anything and, much likely, that activity is covered by Avast EULA. Generally, people should have a better understanding that a company is not a charitable organization and should not expect "free lunches" from them.

Avast paid users, if affected, are totally entitled to complain though.

 

Sensational news is sensational. Even if it's riddled with nonsense.

People should also understand that cloud needs unique identifiers to know what client is plugged to the cloud. Unique identifiers are as identifiable as IP address. Sure it gives away some of your identity, but without it, you can't do internet communication. Besides, it's not like the UID "hash" says exactly who you are. It's just a number that may give away your online behavior and trends, but in 220+ million userbase, do you really think someone at avast! HQ (which is under a volcano btw, every evil villain has a HQ there) is sitting in front of a computer, searching a base of 220+ million users looking at your profile and laughing with an evil tone at your browsing history? Have some trust in a company you prefer. If you don't, what the hell are you still doing with it on a computer? Just like you expect a store where you shop to safely handle your personal info, just like you expect bank employees to handle your personal and financial info safely and discretely, you trust AVAST Software. Bank employee could just as well tell all about your financial status to everyone, but they firstly have too many clients to even remember and secondly, their business rules demand that they don't do this kind of stuff. I handle sensitive personal information at work as well, from full names, addresses, phone numbers, citizen PIN numbers, tax numbers, but because i respect their privacy, i don't give away the data, i don't sell it to anyone, i don't tell it to anyone, i don't track anyone with it (unless the user requests that because they lost the original papers and then we try to follow the lead). Why do you think software firms work any differently? There is always certain amount of personal data involved everywhere. But no one seems to be ram paging about it, just when they somehow find out something about antivirus company and then they start making sensational news based on zero evidence. They didn't even bother to present their findings to the company in question and request proper answers. Then, if answers ween't given back, release the data and start questioning things (it has to be fishy if you don't get any answers right?). But no, they just forgot all that and made big news without informing themselves properly. Joy oh joy...

 

It seems they were collecting information, with the likely intention for selling data, milk a few bucks from a freeloaders.

From there EULA:

 

Then again, when there's a thread or article that is badmouthing a favourite product of a certain individual, it will be full of nonsense anyway. Not referring to anyone in this poor universe~

@Rico
I do feel sorry for those freeloaders. Is the EULA for paid product users any different?

 

Explanation from Vlk.

https://forum.avast.com/index.php?topic=157693.msg1140066#msg1140066

 

A storm in a teacup, at least for me. If you don't like how cloud services work you are out of luck nowadays.

 

I don't believe it matters if the EULA is different for "free vs paid" Avast, or for that matter, any other product. The industry is very competitive, & any way to make an extra buck will be exploited or tried. What was wrong was to have, the shopping feature turned on by default, they did the correct thing, (when out-ed), by removing it, & now offer it as an opt in. This seems acceptable! Some folks go to extreme measures to insure privacy, while others could care less.

I also believe, if you use it & like it, you should move from free to paid version, which in turn will help the company who's product you like. Same for donation software.

 

False statement. As a cloud engineer I can tell you that there is almost no need in the majority of cases to give up any privacy, or have your activities data mined. It's a myth that the cloud automatically means you agree, accept, or are victim of this. It's simply not true, and doesn't excuse the actions in this case.

 

Did you read Vlk's response?

Your demeanor and comments around the forum remind me of a member who was banned not too long ago. Were you formerly, PC Doctor or DoctorPC?

 

One thing is just having cloud (and being rather useless) or you have a cloud and you actually learn from it. To do so you need unique identifiers that in the end make data have some sense. Otherwise you're just collecting dead data that means nothing to you (or very little). Or you're not collecting anything, in which case i'd wonder why do you even have a cloud system... And it's funny how people get all obsessed by IP addresses or user hashes. Probably because 95% of them don't even know IP is as crucial for online communication as is full postal address for the postman to deliver the mail to your home. If he'd only have a street address but no house number, the whole thing is meaningless. But because IP's change for a lot of service providers, unique user hashes are needed (or at least useful), because unlike IP's, they will stick. But so do IP's for many users that don't have dynamic IP's. Is anyone harassing ISP's for using static IP's and thus uniquely identifying users by the IP alone (i bet pretty much all of them don't even know this fact to begin with)? I don't ever recall anyone doing that. But it's a thing that has existed ever since we crawled out of the 56k claws... And doesn't seem to bother anyone and it can track you in ALL services, not just within avast! like their user hases do. But that is a problem and static IP's aren't. Hm.

 

The quote from the EULA (message #7 user Rico) is clear about data mining. It would be important to me know if the EULA is different for their paid products before I'd consider buying a license. I accept data mining in an adware product, but that isn't acceptable to me in a paid subscription product.

 

http://www.avast.com/eula

 

Has anyone even bothered to read Vlk's response? Geez...

Official reponse from Vlk (Ondrej Vlcek aka Vlk is AVAST Software COO):
http://www.avast.com/about

 

As others have noted, my post was written after reading Vlk's explanation, it was not a general commentary about cloud privacy.

By the way, this part seems pretty revealing to me: "I also hope that we will be given some room on their site to defend ourselves. We requested the opportunity to discuss the author’s findings, but he declined to do so."

 

That explains it very well. Although I have not used Avast products for quite some time, I did not think they would be spying on their users.

 

Vincent Steckler posted there as well.

https://forum.avast.com/index.php?topic=157693.msg1140265#msg1140265

 

I stopped using other than the real time module with Avast for some time already ,since it went yellow orange or whatever the skin theme is.
But even with that module it has a strange behavior opposed to version 4.x ,a lot of connectivity and random slow boots due to it.
No wonder it may send stuff.Latest version at least tells you it collects personal info.
I have uninstalled Avast and went for the China AV stuff

LE: Don t worry they will do it next week too

 

People ditching avast! over privacy and going for Chinese products that have always been questionable. Hm...

 

Interesting conclusion

 

Please do uninstall Avast and use the China AV stuff that has some dedicated threads around here ,the one that uses BD and/or Avira ,then after a few days of usage reinstall Avast.
I am using PC-s made in China ,with firmware made in China like many other millions out there ,so what is the problem if the thing works better than what we do in Europe.
Avast itself has become more "questionable" than the Chinese AV-s so this reason is no more an issue for me ,i moved on (as it s weaker in all other functionality areas also ).

 

Comparing super ultra limited firmware (that is Made in China) with a software that can basically do anything since it's running on a kernel level (and is also Made in China) is not exactly a comparable thing... I'm not saying they are spying, but i'm just telling you a very technical thing on what gives that possibility. And while firmware allows, it's so limited i find it very unlikely unless if it goes for a highly sophisticated targeted attack. I don't see that happening to a home user. Government stealing users porn browsing history? His bank account with probably negative balance? Right...

And people ditching things for one sided attacks that were clearly inaccurate and the authors even refused to talk about it with developers, that already tells me fishy things are happening. If i were after the truth i sure as hell would meet up with developers and talk about it. You can go really technical then with questions and not just capturing few strings in a browser. But they felt like they know more than a developer itself. If you'd feel after a meet that you didn't get your answers, you can still leave original posting where it is. If you get new findings, you can update it. But they just plain arrogantly ignored it and left it as it is. Sorry Howtogeek, i'm not siding with avast! because i'm avast! fan (sure people will again hold on to this for sure) but because YOU failed to deliver. Anyone can bash anyone with some baseless accusations and if you're good enough at convincing people with nonsense, they'll just follow that as the ultimate truth, even if it's basically a lie.

And ultimately, Howtogeek, visit it without AdBlocker...

I see 4 banners on their webpage. Nice way to generate traffic and profit from making a lot of noise and bringing people to your webpage by making semi false big headlines and sensational news. And now, here is the kicker. avast! Online Security extension (ironic isn't it?) detected "BlueKai" on their webpage. They even have a tagline "Big data for marketing". Sorry Howtogeek, if you'd really value user privacy so much, you'd have NO banners on your webpage that make targeted offers and you wouldn't be using BlueKai. Period and end of discussion. Sweep around your front door first, before you go accusing others...