Mozilla re-admits Avast and AVG extensions removed from store for excessive data exfiltration

AVG owner Avast also just so happens to own a clickstream-data service called Jumpshot but claims that 'privacy is our top priority'...

Mozilla has re-admitted Avast and AVG browser extensions to its store, after they were updated to address claims they were exfiltrating excessive amounts of personal data.

The extensions namely, Avast Online Security, Avast SafePrice, AVG Online Security and AVG SafePrice, were removed earlier this month, after they were found to be sending a large amount of users tracking data to Avast and AVG servers.

Google also followed the similar action a few days later and deleted three add-ons from the Chrome Web Store.

Avast said in a statement that the company has reduced the amount of data being transmitted by those security extensions, and has also updated its privacy policies to explain to users exactly what data they send to the company. The extensions will now present a dialog box for users to confirm if they want URLs to be scanned.

It's not known whether the company has been reported to its appropriate data protection authority for investigation.

The data collected here goes far beyond merely exposing the sites that you visit and your search history

The privacy issue with Avast and AVG extensions was first reported by Wladimir Palant, the developer of AdBlock Plus, in October.

In an online post, Palant said that AVG and Avast extensions were collecting a large amount of user information, including search history, visited sites, page titles, operating system version, country code, and so on - far more than would be required for user security. .

All this data from the browser was being transmitted back to Avast and AVG servers. The collected data would enable the security firm to recreate the browsing session of a user.

According to Palant, the extensions didn't just check whether a website might be malicious or not, but requested data from the browser when the user switched tabs and even sent information on every link displayed when users conduct searches on search engines.

"The data collected here goes far beyond merely exposing the sites that you visit and your search history," Palant said.

AVG is a subsidiary of Avast and their respective browser extensions are essentially the same.

In a statement, Avast claimed that "privacy is our top priority".

It continued: "We are committed to the security and privacy of personal data.

"We are listening to our users and acknowledge that we need to be more transparent about what data is necessary for our security products to work, and to give them a choice in whether they wish to share their data further and for what purpose."