AnsweredAssumed Answered

Mozilla removes all Avast Firefox extensions...(anyone surprised?)

Question asked by kingfish on Dec 27, 2019

If you search for Avast or AVG on the official Mozilla Add-ons website, you may notice that no results by these companies are returned. Neither Avast Online Security or SafePrice, nor AVG Online Security or SafePrice, are returned by the Store currently even though these extensions exist.

It appears that Mozilla removed these extensions from its Store. When you try to open one of the Store URLs of Avast or AVG extensions you get a "Oops! We can't find that page" error message.

Update: The extensions are available again. Avast provided us with the following statement:

“Privacy is our top priority and the discussion about what is best practice in dealing with data is an ongoing one in the tech industry. We have never compromised on the security or privacy of personal data. We are listening to our users and acknowledge that we need to be more transparent with our users about what data is necessary for our security products to work, and to give them a choice in whether they wish to share their data further and for what purpose. We made changes to our extensions including limiting the use of data and these changes are explained clearly in our Privacy Policy. Our browser extensions Avast Online Security and AVG Online Security are back on the Chrome Store, and on the Mozilla Store (since 12/17). It’s important to us that users understand that we’re listening to concerns about transparency and data use, and striving to do better and lead by example in this area.“

End

avast avg firefox add-ons removed

The extensions are not blacklisted by Mozilla. Blacklisted extensions are put on a blocklist -- which is publicly available here -- and removed from user browsers as a consequence.

Update: Avast provided the following statement:

We have offered our Avast Online Security and SafePrice browser extensions for many years through the Mozilla store. Mozilla has recently updated its store policy and we are liaising with them in order to make the necessary adjustments to our extensions to align with new requirements. The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks. It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user's identification.

We have already implemented some of Mozilla's new requirements and will release further updated versions that are fully compliant and transparent per the new requirements. These will be available as usual in the Mozilla store in the near future.

Avast and AVG extensions have been removed but are not blocked which means that the extensions remain installed in Firefox browsers for the time being.

Mozilla added several dozen extensions for Firefox to the blocklist on December 2, 2019 which collected user data without disclosure or consent, but Avast's extensions are not on the list.

What happened?

Wladimir Palant, creator of AdBlock Plus, published an analysis of Avast extensions in late October 2019 on his personal site. He discovered that Avast's extension transmitted data to Avast that provided Avast with browsing history information.  The data that the extension submits exceeded what is necessary to function according to Palant.

The extensions include the full address of the page, the page title, referrer, and other data in the request. Data is submitted when pages are opened but also when tabs are switched. On search pages, every single link on the page is submitted as well.

The data collected here goes far beyond merely exposing the sites that you visit and your search history. Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier.

Palant concluded that the collecting of data was not an oversight. The company states in its privacy policy that it uses anonymized Clickstream Data for "cross-product direct marketing, cross-product development, and third-party trend analytics.

Mozilla is in talks with Avast currently according to Wladimir Palant. Possible scenarios are that Mozilla will add the extensions to the blocklist that it maintains or will request that Avast makes changes to the extensions before they are reinstated.

The extensions are still available for Google Chrome at the time of writing.

Mozilla removes all Avast Firefox extensions - gHacks Tech News 

Outcomes