In recent weeks, Adblock Plus creator Wladimir Palant detailed how four browser extensions from Avast and AVG “upload detailed browsing profiles of their users.” Google this evening removed three of those named add-ons from the Chrome Web Store.

AVG is a subsidiary of cybersecurity firm Avast, and both essentially offer the same extensions with different branding. Online Security warns about malicious sites, while SafePrice is a shopping tool.

According to the Adblock Plus developer, all four collect data that “exceeds by far what would be considered necessary or appropriate even for the security extensions.” For example, information sent back includes URLs and whether you previously visited, how you arrived at a page, and what system you’re using:

The data collected here goes far beyond merely exposing the sites that you visit and your search history. Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab.

Some of that collection can be justified, but there are other ways to operate a security extension. For example, Google Safe Browsing checks local lists that are periodically downloaded to provide the same warnings when visiting dangerous pages.

As of this evening, Avast SafePrice, Avast Online Security, and AVG SafePrice have been removed from the Chrome Web Store, though AVG Online Security is still available. This follows similar enforcement by Opera and Firefox earlier this month. However, Avast worked with Mozilla to get both Online Security extensions listed again over the past week by removing unneeded collection, and will presumably issue similar fixes for the Chrome counterparts.

Avast sells collected browsing data that’s useful for discerning shopping habits. This has resulted in Congressional scrutiny about the resulting “failure to protect consumers’ data.” The company has defended the browser data it collects, while arguing that the info retained and sold is anonymized.

Update 12/20: Avast Online Security and AVG Online Security are now back on the Chrome Web Store after “limiting the use of data,” and explaining what changed in its privacy policy. Avast also issued the following statement today:

“Privacy is our top priority and the discussion about what is best practice in dealing with data is an ongoing one in the tech industry. We have never compromised on the security or privacy of personal data. We are listening to our users and acknowledge that we need to be more transparent with our users about what data is necessary for our security products to work, and to give them a choice in whether they wish to share their data further and for what purpose. We made changes to our extensions including limiting the use of data and these changes are explained clearly in our Privacy Policy. Our browser extensions Avast Online Security and AVG Online Security are back on the Chrome Store, and on the Mozilla Store (since 12/17). It’s important to us that users understand that we’re listening to concerns about transparency and data use, and striving to do better and lead by example in this area.”

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author