AVG Proudly Announces It Will Sell Your Browsing History To Online Advertisers

An anonymous reader writes: AVG, the Czech antivirus company, has announced a new privacy policy in which it boldly and openly admits it will collect user details and sell them to online advertisers for the purpose of continuing to fund its freemium-based products. This new privacy policy is slated to come into effect starting October 15. The policy says: We collect non-personal data to make money from our free offerings so we can keep them free, including: Advertising ID associated with your device; Browsing and search history, including meta data; Internet service provider or mobile network you use to connect to our products, and Information regarding other applications you may have on your device and how they are used.

Epic Fail?

[ToxicBanjo]

Haven't used any of their products but it sounds to me that in this age of data breaches and privacy dwindling that people are not going to take kindly to this move. I think they'll see a huge drop-off in the use of their services.

Re:

[Anonymous Coward]

Did Target and Home Depot lose lots of customers? Yeah, didn't think so.

Re:Epic Fail?

[ToxicBanjo]

Did Target and Home Depot lose lots of customers? Yeah, didn't think so.

Completely different situation. AVG is saying they will include your browser history and searches, so on. For your analogy to be comparable it would have to be Target and Home Depot following people around who leave the store to see where else they shop, what they buy, and what they look for in catalogues/flyers. And then sell that to 3rd parties.

Re:

[Anonymous Coward]

So you think a massive data breach of credit and debit card information wouldn't cause people to stop shopping with a company but their browser history is going to be the tipping point? lolwut?

Re:

[garbut]

A breach is very different from a policy.

Re:

[david_thornley]

No, credit cards have about as much to do with FDIC as hedgehogs do. Nor is FDIC a simply taxpayer bailout, since banks pay into it. Presumably, in a massive bank failure, it could become a taxpayer bailout, but that again has nothing to do with credit cards.

My legal protections with a credit card are that I'm liable for $50 in fraudulent charges if I notify the issuer reasonably promptly. In fact, all credit card issuers I'm familiar with in the US waive that $50. That's their decision, not the gove

Re:

[whoever57]

For your analogy to be comparable it would have to be Target and Home Depot following people around who leave the store to see where else they shop, what they buy, and what they look for in catalogues/flyers. And then sell that to 3rd parties.

Or just getting their customers to sign up for "a loyalty card", which supermarkets seem to be very successful at.

Re:

[camperdave]

Ah! but that's opt-in.

Re:

[Cinnamon Beige]

For your analogy to be comparable it would have to be Target and Home Depot following people around who leave the store to see where else they shop, what they buy, and what they look for in catalogues/flyers. And then sell that to 3rd parties.

Or just getting their customers to sign up for "a loyalty card", which supermarkets seem to be very successful at.

Almost none of those are much use outside of the store--and given that nearly every single one in my area does tailored coupons, if they were that good at stalking customers I'd not be getting coupons for peanut butter and pork. That, or they want me dead.

Re:

[yuhong]

Win10's privacy policy may be a bit vague but it didn't explicitly state that they would be selling browser history or other sensitive data like AVG does.

Re:

[yuhong]

Given to anti-piracy groups?

Did they announce the hack ahead of time?

[raymorris]

If the perpetrators announced that they planned to hack Target and sell your credit card information, would you have shopped there, knowing what would happen? I wouldn't. Maybe you are that stupid, but I don't think most people are.

Ceasing to shop at Target AFTER the hack had already occurred would be closing the barn door after the horses has bolted. You'd only be hoping to indirectly influence management of other companies to hopefully increase the budget for security, which might reduce the risks of some breach somewhere. Switching from Target to Walmart after the news only increases your own risk, because Target's systems were swarmed with security experts from the FBI and private security companies - they got READ security conscious real quick.

Here AVG is announcing ahead of time, "if you use our product we WILL release your information." You can choose now to not have your information released by not using their product.

Re:Epic Fail?

[mjm1231]

People will forgive your mistakes. What you do intentionally is another matter.

Re: Epic Fail?

[NapalmV]

I missed the part where Home Depot and Target announced that they will knowingly and intentionally selling your credit card numbers to hackers. If they had such notice posted by the cash register, would people still swipe?

Re:

[Desler]

Poor guy. He had to leave with his golden parachute. *crocodile tears*

Re:

[Anonymous Coward]

I'm willing to bet a big chunk of AVGs users consists of parents/family of people who installed it for them way back when they were one of the go-to solutions and those people don't know or care that they even have options.

Re:

[JMJimmy]

Luckily AVG's decline started long ago and many of those people switched their parents/families to avast!

Re:

[wardrich86]

Who will probably be next to pull this stunt. It already bothers me when it gives me pop-up "warnings" about some of the sites I visit. Like keeping anonymous and crap.

Re:

[Baloroth]

Easy enough to get around that with avast, just enable silent mode. I've been running with that on constantly for years.

Re:

[wardrich86]

It stops the pop-ups, but the fact that the AV is paying that close attention to the sites that I visit... I have no idea if it's selling any of this information.

Reminds me of JetBrains and Mozilla!

[Anonymous Coward]

This reminds me of what has happened with JetBrains, a Czech company who makes popular programming tools.

They recently announced [jetbrains.com] some significant licensing changes that involved a subscription model. As any sane person would expect, the customers absolutely hated this decision. The uproar was significant, with an extreme level of dissent. Paying customers, many of them who had been customers for years and years, explained that they will move away from JetBrains' products immediately.

Given the extreme degree of public outrage regarding these completely unwanted licensing changes, JetBrains said they'd listen to the customer feedback [jetbrains.com].

In the end, JetBrains backpeddled [jetbrains.com] somewhat and adjusted the licensing options. However, many customers are still unhappy, and severe damage has already been done. Lots of long time JetBrains customers are now suffering from the dreaded FUD: fear, uncertainty, and doubt. Because of this, many are still considering moving to alternate tools.

All it takes is one single change like this, doing something that the customers do not want, and everything goes to hell. Previously loved companies can become distrusted outcasts.

Mozilla could be considered an extreme case of this. Once considered among the most respected and beloved organizations, years of unwanted changes to Firefox have driven away many of Firefox's users (Firefox's market share across all platforms is likely in the single digits now [caniuse.com]). Users just don't like being treated poorly, especially if there are alternatives! Firefox's users got fed up with the constant and awful UI changes, so they moved to Chrome. Now Mozilla is facing irrelevancy, as they end up with fewer and fewer people using their software. It's a real shame, but that's what happens when you shit all over your users and customers!

Re:

[gweihir]

Full agree on Firefox. I mean, how stupid can you be? This must be at the very top of the stupidity ever displayed by a popular FOSS project. Well, there is Gnome, of course.

Re:

[Hognoxious]

In the end, JetBrains backpeddled

You mean they issued an RMA?

Re:

[Cinnamon Beige]

[...]

However, Chrome's performance is also far better than Firefox's, for real world browsing.

So if you use Firefox, you get a shitty UI, and shitty performance.

If you use Chrome, you get a shitty UI, but good performance.

[...]

I usually have a resource monitor running in the background, especially when I'm browsing. I have both Firefox and Chrome, too, and I can and will have lots of tabs open since I've often been flipping between many, many pages as I'm working, especially if I'm doing research for a paper--as a result, stability and resource management are pretty major, as well as crash recovery and performance under heavy use. This probably works decently well as a heavy-duty test for real-world browsing, too, unless you re

Re:Epic Fail?

[Lunix Nutcase]

Doubtful. Most of their customers aren't likely even going to be aware of the change in the first place.

Re:

[Anonymous Coward]

Problem will be the computer guys, who will make sure to tell all their customers that data is being sold.

Re:

[tlhIngan]

And based on what evidence do you claim that most people are using AVG because of some mythical "computer guy" versus just downloading it themselves because some random website recommended it or it was simply preloaded by the OEM of their computer?

Preloaded AV is almost always McAfee or Symantec - these companies pay the OEM lots of $$$ in order to preload 30-day, 6 month or even 1 year trial subscriptions onto new PCs. OEMs love it because it subsidizes the price of the PC (which is why Windows PCs cost le

Re:

[lgw]

You promoted his "some users" to your "most users", and then argued it wouldn't be "most", but he never made that claim.

I think the news will get to enough users to cause a problem, over time. Most low-information PC users turn to someone technical for help eventually. I have no idea how many of those "knows computers" people are /. readers, or will otherwise have heard of this, but I'd bet it was a significant percentage. However, that will be spread over years, and ther may not be enough of a immediate

Re:

[Type44Q]

This is especially true, considering their savvy customers switched to other AV programs over a decade ago (for me, it was when I caught Blaster [wikipedia.org] on an Winblows system running fully-updated AVG)...

Re:

[Anonymous Coward]

Why would they? They are perfectly open and honest about it, which is more than you can say about f.ex. their American counter-parts.

Re:

[kheldan]

You're right; my first reaction to reading this was "Hmm, I don't use AVG right now, but I'm sure as hell not going to use it in the future, or recommend it to anyone for any reason". What they're doing is, in my opinion, not appropriate for an antivirus/antimalware producer to be doing, since they're operating like malware. What they should be doing, is to start charging for their software, if they're short of money. Let the market decide whether or not their product is good enough to pay for. If it's not

Re:

[kheldan]

Uh... I think you responded to my comment when you thought you were responding to someone else, because I can't make heads or tails out of what you said in the context of what I said; I'm saying that it's irrelevant whether they're telling you they're going to collect and sell data about their users, they shouldn't be doing it at all, and if they need money then they should just start charging for their software instead. Don't know about whoever it was you intended to respond to, but I don't cry when someth

Re:

[BitZtream]

Which is ironic considering they'll continue on using all the services that hide or lie about the fact that they do this very thing.

NOTHING is free. The laws of physics simply don't work that way, and they do apply to people and behavior as well. People will move on to another product ... which is selling their information due to a clause that sounds completely benign in paragraph 12 of page 43 of the EULA.

*sigh*

People will cut off their nose to spite their face at the drop of a hat.

Re:

[rtb61]

There are various version of free. In this case you would think by now, government would be producing digital policemen and providing them free because the cost of that is less the the cost of the losses to the community. So a decision to provide free security software from government sources, saves the community money and saves them much more than the cost of producing that software so that net gain is completely free (fuck lost corporate profits).

Re:

[account_deleted]

Comment removed based on user account deletion

Best alternative?

[sproketboy]

What's the best alternative right now for windows?

Re: Best alternative?

[snowsnoot]

How about not even using one. Most of them suck anyway, they don't catch the clever malware and they hog resources and slow down your PC. Just be smart on the web, rely on the Windows built-in tools and you don't need one I find.

Re: Best alternative?

[Opportunist]

I dare say that's like saying "I don't need no safety belt, I know how to drive a car".

Yes. Problem is, you're not the only one driving. Neither are you the only one making connections in your machine. And I'm not even talking about some kids you may or may not have which seem to be a magnet for all kinds of malware.

There are far too many programs on your computer that open up connections that can be (and are) abused as attack vectors. You open a PDF (a benign one, not one sent by "lawyer" telling you about that unpaid ebay bill) and your PDF-reader starts making connections. You open up a game selling platform and it opens up a browser that connects to its maker or the maker of the game you plan to buy (or just look at). And we're not even touching browsers, online ads and them being one of the key contemporary attack vectors.

And no, Windows tools don't cut it. Why? Because EVERY malware HAS to circumvent them Because they are installed on EVERY Windows machine. No way around it. Malware has to be tested against them (and yes, it is) and has to be undetectable by everything every user has by default installed. Because, well, why bother launching a virus that is detected BY DEFAULT?

And no, malware doesn't need admin privileges anymore to cause damage. Just ask anyone who has been subjected to cryptolocker and its various variants. The current batch of banking trojans also doesn't need any elevated privileges to cause troubles. All it takes is a certificate and some creative rerouting of your traffic...

Re:

[fafalone]

You seem to think that the extremely rare malware to make it through on such a vector would then be stopped by AV. Unlikely. If you're well versed in security practices and diligent in following them, especially blocking ads and properly configuring your firewall, AVs are of no benefit and just waste resources.

Re:

[Xenx]

I'm having trouble determining if sarcastic, an idiot, or a troll. You try to reinforce your negative opinion of AV software, by stating you use AV software.

Re:

[camperdave]

Ah! I see. Use the built in browser to download and install linux, and then be malware free. Clever.

Re:

[david_thornley]

I write bad fiction* using multiple windows with vim, myself. This works great on Linux, and it is a creative endeavor. I think you lack imagination.

*Most people go through a period of writing bad fiction before they write good fiction. My bad fiction period is several decades and still going. I'd like to write good fiction sometime, but as long as I'm having fun, who cares?

Re:

[Anonymous Coward]

Eset Nod32.

You have to pay for it, but it's worth it.

Re:

[tompaulco]

I didn't like Eset. We had it on our corporate systems and it was a resource hog. We had to take our laptops home so that we could work 24 hours a day for the company for no extra pay, and I left it on all night at home, but it would not run the full scan overnight. Instead, it would run it as soon as you got back in to work, and would churn on the hard drive for about an hour.I'm sure this was partly the corporate setup.
I'm neither with that company, nor Eset anymore.

Re:

[Anonymous Coward]

Microsoft Security Essentials. Back it up with Spybot Seach and Destroy or Malwarebytes MBAM or both.

Try not to download stuff from shady sites. If you're really concerned with something run it through Jotti or Virustotal or VirSCAN.org.

Re:Best alternative?

[andymadigan]

Windows Defender. No, seriously. I haven't seen any issues over 2 years, even with multiple non-technical users. It works, stays out of the way, doesn't slow the machine down, doesn't demand money or personal information.

Re:

[sproketboy]

Thanks. Finally a serious answer. ;)

Re:

[wbr1]

Bitdefender free

Re:

[Opportunist]

Wait, I'm confused, he said it's for Windows? What's his problem with crashes?

Re:

[bigfinger76]

Shill script needs updating.

Re:

[CronoCloud]

If the Ubuntu privacy thing bothers you there's always:

sudo apt-get remove unity-lens-shopping

There are also plenty of other distros. I personally recommend XFCE spins of Fedora/RHEL/CentOS.

Re:

[Cro Magnon]

Compared to Windows 10, complaining about Ubuntu's privacy is like an elephant calling a cow big.

Re:

[Jarik C-Bol]

Bitdefender is scamware, or at least it was last time I messed with it. "Free AV" then a month later "Pay 30$ to unlock your free AV!"

Re:

[hudsucker]

You need to download the free product.

Bitdefender.com > Home Users > Toolbox > Free Antivirus leads to Bitdefender Antivirus Free Edition [bitdefender.com].

Re:

[Ja'Achan]

If that link redirects to the localized homepage (like it does for me) try the 'platform' icon link on this page [bitdefender.com]

My reaction

[satch89450]

sudo vi /etc/hosts
i
127.0.0.1 avg.com
:wq

Problem solved. Can't sell what you don't have.

Re:My reaction

[Opportunist]

Getting updates for the AV suite might be a wee bit complicated now, though...

Re:

[thegarbz]

You think he's worried about updates to AVG when his OS requires the use of commands such as "sudo" and the program "vi"?

They made the disclosure

[onepoint]

At least they made the disclosure, which is a step in the correct direction for a consumer to make a choice.
while I might not like it, it's correct.

Re:

[BitZtream]

Exactly.

You know what they are going to do, there is no confusion, you can simply choose not to use their product or pay in a different way for a version that doesn't sell your info.

You can make an informed choice, which makes it fair, and imo, acceptable to do so.

Re:

[Desler]

Except their policy states:

Unless the specific product states otherwise, all AVG products and services are included under this Privacy Policy.

So there's no reason to believe that their pay products aren't doing the same thing. The only choice is to stop using all their products.

Re:

[janoc]

They have been at this for a while. AVG was autoinstalling extensions into all Windows browsers that automatically redirect your browsing through an AVG proxy (supposedly to keep you safe from viruses, ehm) for a long time. So this was only a matter of time.

BTW, AVG is not really a Czech company anymore. They have moved to the US and in the Czech republic is only their R&D centre now (Czech programmers cost 1/10th of what an US one would).

Re:They made the disclosure

[ultranova]

At least they made the disclosure,

Did they actually make the disclosure, or was it buried somewhere in a 50-page legalese boilerplate document that exists precisely to hide anything important?

Because there's lying, lying by omission, and lying by drowning someone in so much irrelevant detail important things go unnoticed. All are forms of intentional deception, and none should be excused.

Re:

[lurker412]

They sent me a heads up email with a link to the new policy. So they're being up front about it. That said, I don't care for it. I've used their free version for probably close to 10 years, but I'll be looking for a replacement soon. Avast? Microsoft Essentials? Dunno. In all that time, I think AVG gave me one false positive and once it failed to warn me of something that I could immediately see was suspicious. Not a single true positive, IIRC. My sense is that the threats these days are much more

See the positive side

[Opportunist]

At least you get something in return, you get an antivirus product free of charge.

With some competitors, you pay for the privilege to have your privacy sold off.

Re:

[Intron]

My definition of "free of charge" does not include frequent pop-ups telling me to pay for an upgrade to be really protected. I tried Avast and AVG and ended up getting a non-intrusive alternative.

Re:

[Opportunist]

Probably to avoid the usual fallout of being mocked for using $product which has $flaws and $speculation_about_privacy_invasion.

Insert the values of your choice for the variables. It's all valid.

AVG is dreadful

[JustAnotherOldGuy]

In my experience AVG is dreadful and only somewhat effective.

I used it for years when it was good, and then it started to want to do updates that never "took"...so it would try to do the update again, and again, and again. Sometimes it would start but not run or it would error out. Then it started displaying nag screens with ads for the "Pro" version.

I dumped it and moved to Comodo which seems less needy and doesn't pester me with ads.

Ask and you shall receive.

[Deathlizard]

So. More ask Toolbar disguised as AVG Secure search...

Similar to

[tompaulco]

This is similar to a company selling both radar detectors to the public and radar systems to the police.
I stopped using AVG in favor of Avast probably 5 or 6 years ago, maybe longer now, I can't remember. The thing with AV is that you have to keep changing companies every 4 or 5 years because the awesome one goes from being free and relatively resource unintensive to being not free, a resource hog, and sometimes, as in the case of AVG, even sells your information to the people who are the source of most of the viruses.

The cycle of a product

[Dan East]

It's interesting watching so many software products (and OSes, etc) go through the same cycle. A new player comes on the scene and innovates or simply does things better than the competitors, they become popular and get a decent install base, they stagnate and / or bloat, their usefulness and effectiveness drops, and then often times they turn Evil as a last ditch effort is made to monetize what is left of their users.

I really liked AVG at one time. For me it was the free go-to antivirus product, and it really did a better job removing the malware of the day when it was at its peak (oh, around 8-10 years ago).

The good point about it

[Blaskowicz]

It will not long so long, because the AVG software will flag it and it will delete itself.

Alternatives to AVG

[BringMyShuttle]

A timely PC MAG review rating many free anti-virus programs: http://www.pcmag.com/article2/... [pcmag.com]

Don't let the door hit your bum on the way out, AVG

Re:

[grimJester]

Thanks, this is what I came here to find.

Re:

[phantomfive]

The sad thing is that none of them work very well. But at least some don't spy on you horribly.

Re:

[Chris Mattern]

Norton?? Dear God, no. If you're willing to step up to the plate and pay for something decent, ESET is pretty good.

Not mine

[drinkypoo]

I never installed the browser add-on component.

But I guess now I'll move to Comodo anyway, and hope that's better for a while

Re:

[ihtoit]

I think I'll get back to work on my read-only browser sandbox. It seems to be the only way to be sure these days.

Sad.

[astro]

It's sad. There was a time, not SO many years ago, where I strongly recommended AVG to people as the lightest, least intrusive Antivirus solution for Windows. The decline makes me frown.

kudos

[shentino]

Kudos to AVG for being honest enough to admit it in advance and gives its potentially paranoid customers a chance to opt out.

I wish more companies did this. It's a little slimy, but it's a lot LESS slimy when they don't try to hide it.

No, I'm not being sarcastic.

Avast

[fluffernutter]

I switched to Avast a long time ago.

HTTPS scanning

[Artem S. Tashkinov]

./ has neglected an even bigger elephant in the room: most modern AV products insert their own HTTPS certificate into the OS you're running for your "safety" and "protection".

In short they scan the traffic which wasn't meant to be scanned by third parties, thus AV vendors circumvent the vary basis of encryption.

Welcome to a brave new world. Then your PC hasn't really belonged to you since 2008 or something but no one cares anyway: http://libreboot.org/faq/#inte... [libreboot.org]

I wonder if there's anything left to buy nowadays which is yours truly and which doesn't spy on you or have a dozen of backdoors for NSA/CIA/M5/etc.

Re:

[LVSlushdat]

Yes, there is.. and you don't have to "buy" it... Its called Linux.. Of course, having said that, I wonder how long it will be before the "government" decides that anybody who is not doing their internet business with an "approved" operating system, namely Windows or Mac, will be marked as a "terrorist".. I hope I'm dead and buried by then, but the way the world is going, I wonder (I'm 65 y/o now)....

Re:

[jonwil]

I run the free version of AVG (without any of the browser add-on crap installed) and I dont see any indications that its MITM'ing SSL traffic inside SeaMonkey (my primary browser).

Re:

[ledow]

Sorry but that's not true - and Google and other websites, not to mention end-users, are capable of detecting these kinds of things.

To intercept traffic, you need to have accepted a trusted root certificate at some point. Doing so can MITM traffic but all your local SSL connections will be signed by that cert. That rings alarm bells in modern browsers, not to mention it's as simple as double-clicking the green bar to find it.

No modern AV that I've used has done this. However, I *have* manually pushed su

Re:

[ledow]

P.S. Try https://www.grc.com/fingerprin... [grc.com]

If your fingerprints on that page differ from the fingerprints on your browser's cert for those sites, you're being MITM'd.

e.g.
www.grc.com
01:56:D3:AC:CF:5A:3F:B8:8F:0F:B4:30:88:2D:F6:72:4E:8C:F2:E0

They know their customers

[Behrooz Amoozad]

Ignorant

AVG Filtering Negative Press?

[threc]

Well would you look at that: http://i.imgur.com/YsNjWCc.png [imgur.com]

Thanks for protecting me AVG. /sarcasm

Re:

[ledow]

That's just scumbaggery of the highest order, and you're not the first to report it.

Fuck you, AVG, and I was someone who sent dozens, if not hundreds of people your way over the years by my recommendations - and not just "free" users.

Comodo are my current "least hated" equivalent, but even they are doing some funky shit with their shellcode injection options being active EVEN WHEN DISABLED and interfering with things like the newest versions of Chrome being able to load successfully. Shit like that shouldn

Re:

[nadaou]

My guess is that it found the hosts file localhost blackholing in this post:

http://yro.slashdot.org/commen... [slashdot.org]

No conspiracy theories needed.

p.s. why haven't you uninstalled AVG yet? Will it detect itself as malware now?

AVG Internet Security blocked this article

[pefisher]

So I went into the AVG control center, turned link scanner off, reloaded the page, and now it's letting me read it.

People still use AVG?

[Dunbal]

Seriously I stopped using AVG like 9 years ago when they started dicking around caching web pages and sticking their nose where they didn't belong.

so whats next ?

[bobjr94]

Their data collection will include doccuments read during scans or returning some of the images on your computer ? Sounds like the next step.

When virus scanners become viruses

[WaffleMonster]

Way to destroy your brand. It will be amusing to watch other virus and malware scanner pushing updated definitions to detect and remove AVG.

At the risk of getting flamed...

[ewhenn]

At the risk of getting flamed, at least they disclose and are up front about it. I can guarantee you that lots of companies are selling your personal data... ermmm.. I mean "anonymous marketing information" without telling you about it. To me that's infinitely worse. While I don't like AVG's actions, at least they have the decency to tell you about their policies in direct terms.

And this is a surprise?

[Chris Mattern]

Remember, when they give you the software for free, you're not the customer. You're the product.

Re:"you are the product" is for Cows

[Irate Engineer]

You are all products. Products get SOLD! SOLD! products SOLD! YOU PRODUCTS!!!

Mooo!

Re:

[Opportunist]

I know, I know, he's running for president, but we don't have to steer every discussion on /. towards McAfee.

Fuckin' astroturfers...

Re:

[Opportunist]

Yes, it was an admittedly bad attempt at being funny.

Sorry, but you don't expect me to use A-material for charity, do you?

Re:

[Dahamma]

No, you don't get it - your fingerprints and DNA aren't personal! They don't actually have your name spelled in them...