BitDefender TrafficLight breaks your privacy

Discussion in 'privacy problems' started by m00nbl00d, May 31, 2012.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I've been waiting for this to be solved by BitDefender, and so I gave it a month for them to address the issue, as I don't think it would require a lot of time to address it, only will.

    That said, if you're using BitDefender TrafficLight, you should be aware that whenever you perform a search or access a website, it will check with BitDefender's cloud to see if the URL is malicious/fraudulent. So far so good. The real issue is that, it does it so over HTTP and not HTTPS.

    I just thought I should alert you about it, in case you didn't know it already.

    BitDefender actually agreed with me that sending the info over HTTP breaks our privacy, and that they were already considering implementing the communication over HTTPS, instead of HTTP. Right. :rolleyes:

    Not only is the info sent over HTTP, but the actual search query is also sent to BitDefender. This was also one of my concerns, and I asked them to strip the information, and only send the URL, but not the search query.

    So, I suppose this is the same old question: Security at what cost? Breaking our (=users in general) privacy? o_O :thumbd:
     
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Maybe I'll disable that extension, m00n.
    Who needs this sort of behavior?
    Thanks for posting.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It's kind sad that such a great extension works this way, and no change in the horizon so far. I have relatives using it, because they wouldn't handle default-deny setups and all that, and so protecting them at the browser level is the best bet. I just hope BitDefender has a change of heart.

    Maybe if more users start complaining about it, to them, they'll change TL's behavior... or not. :argh:
     
  4. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land

    Thanks for the info.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    By the way, anyone can easily verify it with Google Chrome. If you open chrome://net-internals/#events and then perform a search, you'll see quite a few connections to nimbus.bitdefender.net over HTTP, and one of them sends the full search query.

    You don't need anything fancy like Wireshark. :D
     
  6. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Thanks for the info. Uninstalled.

    PD
     
  7. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    this is inexcusable especially from a security firm but am I correct in thinking that as long as all my traffic is routing thru a VPN it will be encrypted regardless ?
     
  8. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Thank God I had remove it a month ago. Now I'm never gonna get it back.:cautious:
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Popcorn -> VPN -> Trafficlight servers

    Popcorn -> VPN = Encrypted
    VPN -> Trafficlight = Unencrypted
     
  10. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    er ok wow :eek:
    uninstalled
     
  11. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,561
    I found Trafficlight destroyed my ping scores. Went from 20ms to 530ms. Also, I found that was extremely resource heavy, especially disk io and CPU time. I just uninstalled.
     
  12. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I agree. Inexcusable. Thanks for the heads up!
     
  13. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    same here, quite ridiculous.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    When m00n first shared his finding back on 5/31 I disabled the TL Chrome extension.
    I just now removed it.
    I think I'll email BD with a link to this thread and see if there is any response.
     
  15. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    The BD contact said he had forwarded my message (essentially a link to this thread) to the TrafficLight team, and thanked me for the feedback.
     
  16. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,561
    Thanks
     
  17. x942

    x942 Guest

    Thanks for posting! I've been doing some Reverse Engineering of TL but hadn't gotten far. I think I will be taking another look.
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    How long has it been? :rolleyes: A week? :D Maybe Romania has different time zones... :rolleyes: ;)
     
  19. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    My guess is that, in the greater scheme of things, from their perspective, the backlash (in terms of loss of users) from your discovery isn't profound enough, and they just aren't motivated to change. Which is, of course, unfortunate.
     
  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Unfortunately, I do have to agree with you. I wonder if anyone has contacts with major technology websites? Or even inside contacts with EFF? Maybe EFF could compare various security applications (which may also include browser extensions), and see how they break our privacy. This should be an awakening call... or not. :argh:
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I hope you will try another test again at some point in the future, just in case they decide that complying with your suggestion is the right way to go! Wouldn't that be something? ;)
     
  22. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I actually visited Chrome Web Store moments ago, but there's no update for TrafficLight. The latest version dates from February. They need to upgrade the extension, to actually communicate over HTTPS as well. So, when an upgrade comes out, it may mean something. Let's hope. It's actually awful that a great extension like TL breaks our privacy.
     
  23. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I'll try to keep an eye on that too, m00n.
     
  24. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
  25. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, should we say about ~ Snipped as per TOS ~ time? :argh: Anyway, great news. TL is a great extension, and it was kind of mad to see that the query was done over HTTP.

    They did not mention whether or not the new version will also strip search engine queries, and only send the domain itself. Hopefully, they will strip our search queries.

    Anyway, I'm glad they will finally do something about it; something that should never have been an issue, and also something that should have been solved a long time ago.

    Thanks for the heads up! :thumb:
     
    Last edited by a moderator: Aug 6, 2012
Loading...
Thread Status:
Not open for further replies.