Czech Authorities Investigate Avast Over Data Collection

· · Link

Investigations are underway to examine Avast’s practice of collecting and selling its users’ browser histories.

Avast, which is based in the Czech Republic, claimed it was stripping away users’ personal details from the collected browser histories as a way to “de-identify” the data, and preserve their customers’ privacy. However, the joint investigation from PCMag and Motherboard found the contrary: The same data can actually be combined with other information to identify the web activities of individual Avast users, including their internet searches. As many as 100 million users had their data collected.

I’m glad there are investigations. As I found out last week, there are likely other companies participating in this data collection practice.

Avast Probably Isn't The Only Antivirus Company Selling User Data

· · Link

In today’s episode of The Mac Observer‘s Daily Observations podcast, Kelly and I did our Security Friday. We talked about two security articles this week, and answered a reader’s question about antivirus programs. I mentioned that people shouldn’t use Avast since it was revealed they collected and sold user data. Now, in the irony of ironies, I got an email today from someone offering me Trend Micro user data.

We have an updated contact list of Trend Micro Users, which can support your marketing campaigns. The database will have access to complete contact information of Trend Micro Users including Emails, Phone number, Mailing address and other relevant data fields. Please let me know your interest in acquiring the list and I will get back to you with counts and pricing. Also, let me know if you are interested in acquiring similar technology users contact list.

That’s a no from me, fam.

Leaked Documents Reveal Antivirus Surveillance Industry

· · Link

Leaked documents reveal that an Avast antivirus subsidiary called Jumpshot packages what you do on your computer and sells it to companies like Google, Microsoft, Pepsi, and more.

The data obtained by Motherboard and PCMag includes Google searches, lookups of locations and GPS coordinates on Google Maps, people visiting companies’ LinkedIn pages, particular YouTube videos, and people visiting porn websites. It is possible to determine from the collected data what date and time the anonymized user visited YouPorn and PornHub, and in some cases what search term they entered into the porn site and which specific video they watched.

I write a lot about privacy and security, and I try hard to be optimistic that eventually things will change and some day we will have a federal privacy law.

French Police Defeat Retadup Botnet Infecting 850,000 Computers

· · Link

French police have defeated a botnet that infected over 850,000 computers. It was created with the Retadup malware. With the help of a web host, they cloned the command & control server and used it to disinfect the zombie computers.

“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”