Web Browser Extensions Caught Spying On Chrome and Firefox Users

Representation of data transfer due to web browser extension spying.

Not too long ago, we warned users about why some online ads they see seem to be precisely targeted to their tastes and interests, including the spooky tendencies of websites remembering browsing and shopping preferences from visit to visit or device to device. It turns out that Avast and its recently acquired AVG, have been doing a lot of background spying and data pilfering through their “free” web browser plugins.

Data pilfering is widespread and very profitable, and data thieves seem to have no problem getting willing “victims” counting the number of people using “free” products that come with all kinds of terms and conditions. So much so that some even boast of the ability to provide “[I]ncredibly detailed clickstream data from 100 million global online shoppers and 20 million global app users” that advertisers can analyze “…however you want: track what users searched for, how they interacted with a particular brand or product, and what they bought. Look into any category, country, or domain.”

All from a user looking for a solution to protect them from online threats and installing a web browser extension that is supposed to protect them from such invasion of privacy.

As reported by the creator of Adblock Plus, Wladimir Palant, Avast has been spying on the users of their antivirus products, and appears to have been doing so for years, through their Avast Online Security web browser extension which is promoted as having the ability to provide “maximum protection” from spyware and other online dangers.

The sad fact is that sometimes, users are not even aware that they have the extension because the Avast Secure Browser has Avast Online Security installed by default and is hidden from the extension listing and cannot be uninstalled by regular means.

The scary part of all this is that Avast products heavily promote their “secure browser” and even sets itself up to be used automatically in a so-called “Banking Mode.” Avast bought AVG a few years ago, so this spying also applies to the AVG Secure Browser with the built-in AVG “Online Security” extension.

The extensions involved, so far, for Firefox and Chrome web browsers are:

Avast Online Security/AVG Online Security – designed to warn users when they visit a malicious or phishing website;
Avast SafePrice/ AVG SafePrice – designed to help online shoppers learn about best offers, price comparisons, travel deals, and discount coupons from various sites.

These four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including detailed browsing history.

According to Palant, the extensions are sending a large amount of data about users’ browsing habits, listed below, to the company’s servers — “far beyond what’s necessary for the extension to function.” The information sent to Avast  include:

  • Full URL of the page you are on, including query part and anchor data,
  • A unique user identifier (UID) generated by the extension for tracking,
  • Page title,
  • Referrer URL,
  • How you landed on a page, e.g., by entering the address directly, using a bookmark or clicking a link,
  • A value that tells whether you visited a page before,
  • Your country code
  • Browser name and its exact version number,
  • Your operating system and its exact version number

The ultimate outcome of this spying is that the company and its affiliates  are able to use tracking tab and window identifiers as well as user actions to “create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier.”

How To Protect Yourself

Even though web browser makers like Mozilla and Opera have reportedly removed the extensions from their add-on libraries, would you really trust Avast not to do it again?

We’ve seen this script before, and they sang the same tune then. Our recommendation is to stay away from Avast products, if you can. There are better, less intrusive alternatives.

Remember that not all “free” products are created equal. Some are specifically designed to lure unsuspecting users into a data mining trap, and by using the software you inadvertently give the vendor access to what could be very private information, including financial transactions.

In addition, if you are using Chrome or Firefox, uninstall any browser extension you do not recognize or did not install yourself. It could be one of the infamous drive-by download adware masquerading as a useful tool.

If you have the Avast Secure Browser installed, uninstall it, and look for a safe alternative. For users of Microsoft’s Windows 10, the built-in Windows Defender is as good as any on the market today, if not better. In this case, once the Avast software is removed, Windows Defender should automatically take over as the default antivirus/anti-malware application.

However, we believe that the best way to manage the abuse of web browser extensions is to use an enterprise-grade web content filtering service that has the ability to automatically block suspicious traffic.

If you need assistance in implementing a web protection strategy, Tech Prognosis can help. Call us at (512) 814-8044, or use our contact form.