Author Topic: AVG Antivirus Plans to Collect & Sell Your Personal Data to Advertisers? (Read 23470 times)

ewemoa · « **on:** September 20, 2015, 09:53 AM »

Didn't check in detail myself, but came across the following:

This new policy, which will come into effect on October 15, clearly explains that AVG will be allowed to collect and sell users' "non-personal data" in order to "make money from our free offerings so we can keep them free."

Here's the list of, what AVG calls, "non-personal data" the company claims to collect from its customers and sell to interested third-parties, specifically online advertisers:

* Browsing History,
* Search History,
* Meta-data,
* Advertising ID associated with your device,
* Internet Service Provider (ISP) or Mobile Network you use to connect to AVG products,
* Information regarding other apps you have on your device.

Previous policies allowed the firm to only collect:

* Data on "the words you search",
* Information about any malware on the users' machine.

via https://thehackernew...9/avg-antivirus.html

May be someone else can confirm?

mouser · « **Reply #1 on:** September 20, 2015, 10:04 AM »

I am a user of AVG and if this turns out to be true I will drop it like a hot potato.

As a rule I am much less concerned about privacy and data collection than most people, and generally don't worry about anonymous statistic gathering, but what's described here is absolutely outrageous -- so far beyond the pail that it is hardly conceivable.

Can this possibly be true, that AVG is about to flush its reputation down the toilet and start a mass exodus and loss of trust that they will never be able to regain?

For a security tool to do this.. I'm just speechless..

Surely this can't be right?

Innuendo · « **Reply #2 on:** September 20, 2015, 12:37 PM »

Oh, not only can it be right....it gets worse! According to this article:

http://www.techspot....-can-sell-users.html

An AVG spokesman explained that AVG has always sold users' data and it has always been disclosed in previous versions of their privacy policy, but it was not laid out in a plainspoken way.

And evidently this new transparent privacy policy is already up on AVG's site for anyone to peruse themselves.

mouser · « **Reply #3 on:** September 20, 2015, 12:52 PM »

Ridiculous.

That page does say this:

For its part, AVG has stated there will be a way for users to opt out once the privacy policy is active. "Those users who do not want us to use non-personal data in this way will be able to turn it off, without any decrease in the functionality our apps will provide," a company spokesperson said.

Although the page mentions a clearer privacy policy coming out in October, it's not clear at all whether this collection of data is already happening.

Looking at the options in the *current* version of the program, it's very unclear whether one can turn off these things or just tweak some subset of the nasty information collection:

Screenshot - 9_20_2015 , 12_50_26 PM.png

AVG Antivirus Plans to Collect & Sell Your Personal Data to Advertisers?

dr_andus · « **Reply #4 on:** September 20, 2015, 12:55 PM »

An AVG spokesman explained that AVG has always sold users' data and it has always been disclosed in previous versions of their privacy policy, but it was not laid out in a plainspoken way.
-Innuendo (September 20, 2015, 12:37 PM)

I haven't followed the story closely but from the headlines I gathered that AVG are touted as the honest guys telling us as it is, while everyone else does it but hides in legal gobbledygook. So dumping AVG and switching to a competitor might not solve the underlying problem.

But it does sound like AVG have shot themselves in the foot, as naturally a lot of people are going to drop them now. Then everyone else will learn that honesty doesn't pay in this business, and things settle back as they were...

As I had to do a clean Windows install recently, I lost AVG in the process and have just gone with MS Security Essentials instead, as it got installed by the Windows updates more or less automatically. Well, we know that MS is also entering into the private data collection game, so I don't know if MSE is any better in that regard.

What I can say though that scanning files with MSE is way faster than it was with AVG. Generally my 5-yr system is pretty snappy, I don't know how much of that can be put down to not having reinstalled AVG (or maybe it's just the effect of the clean install).

mouser · « **Reply #5 on:** September 20, 2015, 01:27 PM »

I haven't followed the story closely but from the headlines I gathered that AVG are touted as the honest guys telling us as it is, while everyone else does it but hides in legal gobbledygook.

The notion that collecting and reporting "browsing and search history" is standard operating procedure for an antivirus/firewall tool is insanity -- it's completely counter-intuitive and unacceptable -- it has nothing to do with the job of these programs. And for software we pay (yearly) for?!?!?

It better not turn out to be true.

dr_andus · « **Reply #6 on:** September 20, 2015, 02:51 PM »

The notion that collecting and reporting "browsing and search history" is standard operating procedure for an antivirus/firewall tool is insanity -- it's completely counter-intuitive and unacceptable -- it has nothing to do with the job of these programs.
-mouser (September 20, 2015, 01:27 PM)

Sure, I'm not saying I knew it all along or that it's OK for them to do so. But in the light of how even Microsoft is putting user data collection at the heart of its business model, it no longer surprises me. I've only ever used free a/v programs, and probably there are lots of others like me out there, so it means "we" were the product. But if I'd paid for it, I'd be doubly incensed.

Anyway, it supports the point expressed by some on this forum that a/v software are spamware...

J-Mac · « **Reply #7 on:** September 20, 2015, 10:35 PM »

Here's another comment about this from Woody Leonard's blog:

We just learned last week that AVG Free, the antivirus product, does something similar.

I was shocked to learn last week that Firefox – long a bastion of snooplessness – has started using data that it collects to target ads, as well.

He also mentions Firefox as one who is doing similar.

Jim

app103 · « **Reply #8 on:** September 21, 2015, 12:24 AM »

Don't most anti-virus/anti-malware apps flag applications that collect this type of data and phone it home, labeling them as PUPs, spyware, or malware?

And search/browsing history isn't always anonymous or non-personal. History says it isn't.

panzer · « **Reply #9 on:** September 21, 2015, 02:42 PM »

Mouser, this story is mentioned three times one after another on https://www.donationcoder.com/blog/.

f0dder · « **Reply #10 on:** September 21, 2015, 03:32 PM »

I've said it before, and I'll repeat ad nauseam: just stick with Microsoft's anti-malware.

mouser · « **Reply #11 on:** September 21, 2015, 03:58 PM »

Mouser, this story is mentioned three times one after another on https://www.donationcoder.com/blog/.
-panzer (September 21, 2015, 02:42 PM)

thanks for the heads up -- fixed.

Innuendo · « **Reply #12 on:** September 21, 2015, 08:41 PM »

The problem with Microsoft's anti-malware efforts is that it only alerts on detection of cracks and keygens while blissfully letting evil through.

Other than OS upgrades, when was the last time you saw the MSE *engine* upgraded (not signatures)?

f0dder · « **Reply #13 on:** September 22, 2015, 01:37 PM »

Other than OS upgrades, when was the last time you saw the MSE *engine* upgraded (not signatures)?
-Innuendo (September 21, 2015, 08:41 PM)

Not needed to protect against the stuff regular users get hit with.

The really nasty stuff will never be discovered by anti-malware, but then again, those shouldn't be a worry to you unless you're into international terrorism, or are setting up the next Silk Road

Stoic Joker · « **Reply #14 on:** September 22, 2015, 06:00 PM »

I'm with f0dder on this one. Hay, we all know what the real game is...and that the players at that level will never get caught with/by anything we can get access to. So it's really just a game of cost, and MSE has the lowest "cost" (time/resources/money) to do ~85% of the job. The next 10% requires payment of a massive resource (waste) usage penalty...plus much time and money dealing with licensing, FP's and a whole host of other pointless shenanigans. The last 5% is at a level we can't even dream of touching ... So why keep getting sheeple-ly sucked into a game that can't be won.

Because Ultratastic AV or not, it always comes down to a dialog box that says Ok/Cancel ... And you either choose wisely at that point, or you don't.

wraith808 · « **Reply #15 on:** September 22, 2015, 06:28 PM »

Because Ultratastic AV or not, it always comes down to a dialog box that says Ok/Cancel ... And you either choose wisely at that point, or you don't.
-Stoic Joker (September 22, 2015, 06:00 PM)

This x1000. Winpatrol and Malwarebytes have saved my family more times than any AV. Thankfully, I have lifetime to both.

Innuendo · « **Reply #16 on:** September 23, 2015, 07:26 AM »

Not needed to protect against the stuff regular users get hit with.

The really nasty stuff will never be discovered by anti-malware, but then again, those shouldn't be a worry to you unless you're into international terrorism, or are setting up the next Silk Road
-f0dder (September 22, 2015, 01:37 PM)

I understand what you are saying, but MSE doesn't stop *anything*. I've watched people get infected by a drive-by ad banner while 'protected' by MSE. Dialog boxes popping up willy-nilly on the screen auto-installing this or that through Java, Flash, and Silverlight vulnerabilities. All the while, that happy little green MSE icon stays green till the bitter end.

This particular person got hit with a prompt to update their Adobe Flash & it looked identical to the real dialog box prompt Adobe puts up on the screen. They just hit "OK" to upgrade before I could say, "Hey, wait a second...".

For a very tech-savvy person, MSE may be fine...or running no AV at all, but 'mom'-level technical literacy needs something a lot more proactive in keeping baddies (any baddies, Microsoft!) out.

wraith808 · « **Reply #17 on:** September 23, 2015, 11:11 AM »

I understand what you are saying, but MSE doesn't stop *anything*. I've watched people get infected by a drive-by ad banner while 'protected' by MSE. Dialog boxes popping up willy-nilly on the screen auto-installing this or that through Java, Flash, and Silverlight vulnerabilities. All the while, that happy little green MSE icon stays green till the bitter end.
-Innuendo (September 23, 2015, 07:26 AM)

In your experience. In mine? I've had it protect against things in downloads, things on pages, and just things in general. And the icon doesn't change in my experience- it pops up. The icon is based on whether you're protected.

Innuendo · « **Reply #18 on:** September 23, 2015, 05:29 PM »

In your experience. In mine? I've had it protect against things in downloads, things on pages, and just things in general. And the icon doesn't change in my experience- it pops up. The icon is based on whether you're protected.
-wraith808 (September 23, 2015, 11:11 AM)

In my experience and in the experience of many other people I know who have had to work on many computers that are 'protected' with MSE that has the green icon, no pop ups, and even doing a full scan on the PC tells you that your computer is safe, all the while malware is causing popup ads and other evilness to prosper on the computer.

Independent AV tests rarely have MSE score better than 60% in tests. Microsoft's reply? It's baseline protection. It's not meant to be comprehensive or catch everything. They probably don't want security software devs to band against them for a lawsuit in the EU.

MSE is the consumer version of Microsoft Forefront Security, which BTW, is a discontinued product. We're saddled with it at work & at least once every couple weeks the desktop IT team has to spring into action to go cleanse a virus off someone's workstation. I rarely have extremely strong opinions about something preferring to each person to have their own tastes, but MSE is garbage and I'll defend my position to the bitter end.

wraith808 · « **Reply #19 on:** September 23, 2015, 05:47 PM »

In your experience. In mine? I've had it protect against things in downloads, things on pages, and just things in general. And the icon doesn't change in my experience- it pops up. The icon is based on whether you're protected.
-wraith808 (September 23, 2015, 11:11 AM)

In my experience and in the experience of many other people I know who have had to work on many computers that are 'protected' with MSE that has the green icon, no pop ups, and even doing a full scan on the PC tells you that your computer is safe, all the while malware is causing popup ads and other evilness to prosper on the computer.

Independent AV tests rarely have MSE score better than 60% in tests. Microsoft's reply? It's baseline protection. It's not meant to be comprehensive or catch everything. They probably don't want security software devs to band against them for a lawsuit in the EU.

MSE is the consumer version of Microsoft Forefront Security, which BTW, is a discontinued product. We're saddled with it at work & at least once every couple weeks the desktop IT team has to spring into action to go cleanse a virus off someone's workstation. I rarely have extremely strong opinions about something preferring to each person to have their own tastes, but MSE is garbage and I'll defend my position to the bitter end.

-Innuendo (September 23, 2015, 05:29 PM)

So we have different experiences. That's cool. But I have it installed along with winpatrol and malwarebytes on 9 computers. That combination along with an aware user has stopped everything that has tried to infect. With an unaware user, not so much. So each person to their own experiences and preferences. You can argue the point, but I won't argue along with you on this. $:-\$

Onward!

Stoic Joker · « **Reply #20 on:** September 24, 2015, 06:34 AM »

In my experience and in the experience of many other people I know who have had to work on many computers that are 'protected' with MSE that has the green icon, no pop ups, and even doing a full scan on the PC tells you that your computer is safe, all the while malware is causing popup ads and other evilness to prosper on the computer.
-Innuendo (September 23, 2015, 05:29 PM)

How many of the people in that test group were running with administrative rights?

x16wda · « **Reply #21 on:** September 24, 2015, 06:50 AM »

MSE is the consumer version of Microsoft Forefront Security, which BTW, is a discontinued product. We're saddled with it at work & at least once every couple weeks the desktop IT team has to spring into action to go cleanse a virus off someone's workstation. I rarely have extremely strong opinions about something preferring to each person to have their own tastes, but MSE is garbage and I'll defend my position to the bitter end.
-Innuendo (September 23, 2015, 05:29 PM)

I'll toss my two cents in. Same situation here, in fact SCEP (same stuff but tied to SCCM) allowed a bunch of boxes to pick up Conficker just this week. (Not even anything interesting - Conficker for gosh sakes!!)

Innuendo · « **Reply #22 on:** September 24, 2015, 05:51 PM »

How many of the people in that test group were running with administrative rights?
-Stoic Joker (September 24, 2015, 06:34 AM)

That I couldn't say, but are you taking the position that making sure administrative rights are not granted in order for AV to be effective is a valid requirement?

Innuendo · « **Reply #23 on:** September 24, 2015, 05:54 PM »

So we have different experiences. That's cool. But I have it installed along with winpatrol and malwarebytes on 9 computers. That combination along with an aware user has stopped everything that has tried to infect. With an unaware user, not so much. So each person to their own experiences and preferences. You can argue the point, but I won't argue along with you on this. $:-\$
-wraith808 (September 23, 2015, 05:47 PM)

Oh, we're not arguing...just a friendly discussion. Honest.

However, you are running complementary programs alongside MSE in order to provide accurate security. WinPatrol and MalwareBytes are both awesome products. Have you ever seen MSE stop anything from installing other than a keygen/crack, though?

Innuendo · « **Reply #24 on:** September 24, 2015, 06:00 PM »

I'll toss my two cents in. Same situation here, in fact SCEP (same stuff but tied to SCCM) allowed a bunch of boxes to pick up Conficker just this week. (Not even anything interesting - Conficker for gosh sakes!!)
-x16wda (September 24, 2015, 06:50 AM)

Thank you, x16wda. Yes, SCEP basically is the same as Forefront which is the same as MSE (I say this for the benefit of those who do not know). I am not sure where the communication breakdown is, though. If one's anti-malware solution can not prevent infection by something that was released in 2008 it's time to re-evaluate one's choice of protection.

People use MSE because it comes with Windows and it's free. If one must use something free, I suggest checking out BitDefender Free. It's very light on resources, has won many awards, and comes in either at the top or near the top of all independent AV tests.