Mastodon 🐘

Yellow FlagReading the Czech decision a bit more (it’s a long text), it’s quite fascinating. It’s a second instance ruling, and the authority appears to have rejected Avast’s appeal in all points. Even more so: they are explaining to Avast that the privacy law doesn’t work the way Avast thinks it does.Did Avast decide to represent themselves without proper legal advice? Did they hire incompetent lawyers? Did their lawyers just give up, seeing this case as hopeless? Beats me. But they seem to have acted similarly incompetent here as with their media response.In particular, Avast tried to argue down the imposed fine based on the fact that the decision refers to a data collection period of “merely” two months. And they get the explanation that, as far as GDPR is concerned, violating the privacy of 100 million users on a single day would have already been sufficient. There is also the clarification that the data protection authorities aren’t as naive as to assume that violations only happened during these two months.And they also didn’t like Avast’s “but no actual harm was done” defense:<blockquote>“the harm caused to data subjects cannot be individually examined due to the large number of data subjects affected. As already stated, the privacy of data subjects has been compromised by the conduct of the Accused, and the effects on the rights of individual subjects may become apparent in the future. Furthermore, it cannot be safely stated that users have not been identified, nor that they are not already being targeted in any way based on knowledge of their preferences or behaviour.”</blockquote>Now to the funny part: Avast accuses the data protection authority of damaging them by <a href="https://uoou.gov.cz/cs/uoou-ke-kauze-avast" rel="nofollow noopener" target="_blank">publishing a short announcement back in 2020</a>. Mind you, the media shitstorm against Avast was already in full swing. And so the data protection authority simply states:<blockquote>“the Charged Company’s shares on the Prague Stock Exchange had significantly fallen even before the press release was issued”</blockquote>And on the claim that Avast should be excused because they didn’t know they were violating privacy laws:<blockquote>“At this point, the Appellate Authority considers it necessary to recall that the Charged Company provides software designed to protect the privacy of its users. As a professional in the information and cyber field, the Charged Company is thereby also expected to be extremely knowledgeable in the field of data protection. The Accused was aware of the risks of data processing and of the difficulty of achieving complete anonymisation of data (especially in a rapidly evolving technological environment) but decided to monetise the data of its users in the abovementioned manner anyway.”</blockquote>For some context: <a href="https://uoou.gov.cz/cinnost/ochrana-osobnich-udaju/ukoncene-kontroly/kontroly-za-rok-2019/kontrolni-cinnost-v-oblasti-ochrany-osobnich-udaju-2019/spolecnost-avast-software-sro" rel="nofollow noopener" target="_blank">the first-instance decision</a> fell in 2022. It looks like it might not have been triggered by my investigation at all but rather by a complaint a few months earlier. That seems to be the reason why they are talking about data collection between April and July 2019.<a href="https://infosec.exchange/tags/Avast" class="mention hashtag" rel="nofollow noopener" target="_blank">#Avast</a> <a href="https://infosec.exchange/tags/AvastAntivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#AvastAntivirus</a> <a href="https://infosec.exchange/tags/Jumpshot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Jumpshot</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a>

Yellow FlagNice to see Avast being held liable for their data collection. After the <a href="https://www.edpb.europa.eu/news/news/2024/czech-sa-imposed-fine-139-million-eur-infringement-art-6-and-art-13-gdpr_en" rel="nofollow noopener" target="_blank">Czech fine in May for the GDPR violation</a> they are now also being <a href="https://www.ftc.gov/system/files/ftc_gov/pdf/202_3033_-_avast_final_consent_package.pdf" rel="nofollow noopener" target="_blank">fined by the FTC in the US</a>.Interesting fact here: according to the Czech decision Avast is continuing to claim that the data was properly anonymized and no personal data was being transferred to third parties. As I could document four years ago, <a href="https://palant.info/2020/02/18/insights-from-avast/jumpshot-data-pitfalls-of-data-anonymization/" rel="nofollow noopener" target="_blank">these claims are definitely untrue</a>.It seems that the Czech data protection authority didn’t buy into these blanket claims either and requested detailed information on the data handling – which Avast failed to provide. They also seem to have read my blog. So their conclusions (like my original analysis) are largely based on the patent Avast filed. Which is already quite damning but not really as much as the real data which shows that the patented approach was severely misimplemented.The FTC decision is far less detailed but also states: “The FTC further alleges that, in some cases, the data Avast shared with Jumpshot was not aggregated or fully anonymized before Jumpshot sold it, and in some cases, Jumpshot sold the data in a form that could have allowed third parties to link back browsing information to you or your devices.”Now one might be inclined to ask: why does it matter? Avast has since been sold. So the people paying the fines now aren’t the ones responsible.But I’d like to think that this controversy had a significant impact on the selling price. This was likely the reason why Avast was in such a hurry to shut down Jumpshot and to end this affair.<a href="https://infosec.exchange/tags/Avast" class="mention hashtag" rel="nofollow noopener" target="_blank">#Avast</a> <a href="https://infosec.exchange/tags/AvastAntivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#AvastAntivirus</a> <a href="https://infosec.exchange/tags/Jumpshot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Jumpshot</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a>

Marcel SIneM(S)US<a href="https://social.tchncs.de/tags/Avast" class="mention hashtag" rel="nofollow noopener" target="_blank">#Avast</a> Antivirus: Angreifer können Rechte durch Schwachstelle ausweiten | Security <a href="https://www.heise.de/news/Avast-Antivirus-Angreifer-koennen-Rechte-durch-Schwachstelle-ausweiten-9757748.html" rel="nofollow noopener" translate="no" target="_blank">https://www.heise.de/news/Avast-Antivirus-Angreifer-koennen-Rechte-durch-Schwachstelle-ausweiten-9757748.html</a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener" target="_blank">#Patchday</a> <a href="https://social.tchncs.de/tags/AvastAntivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#AvastAntivirus</a>

Your Autistic Life FR/EN/ESAvast sneezed in your face! Have a nice day.<a href="https://mast.yourautisticlife.com/tags/AvastAntivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#AvastAntivirus</a> <a href="https://mast.yourautisticlife.com/tags/sneeze" class="mention hashtag" rel="nofollow noopener" target="_blank">#sneeze</a> <a href="https://mast.yourautisticlife.com/tags/nonsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#nonsense</a>

Steam Powered Frisbee 🥏What's a better <a href="https://hear-me.social/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#antivirus</a> for a Windows PC, now that <a href="https://hear-me.social/tags/AvastAntivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#AvastAntivirus</a> needs to be uninstalled?It doesn't have to be free, but offering a free tier or trial is nice. Thanks!<a href="https://hear-me.social/tags/avastscam" class="mention hashtag" rel="nofollow noopener" target="_blank">#avastscam</a> <a href="https://hear-me.social/tags/avast" class="mention hashtag" rel="nofollow noopener" target="_blank">#avast</a> <a href="https://hear-me.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://hear-me.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://hear-me.social/tags/recommendations" class="mention hashtag" rel="nofollow noopener" target="_blank">#recommendations</a> <a href="https://hear-me.social/tags/askfedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#askfedi</a>

IT NewsAvast ordered to stop selling browsing data from its browsing privacy apps - Enlarge (credit: Getty Images) Avast, a name known for its sec... - <a href="https://arstechnica.com/?p=2005605" rel="nofollow noopener" translate="no" target="_blank">https://arstechnica.com/?p=2005605</a> <a href="https://schleuss.online/tags/federaltradecommission" class="mention hashtag" rel="nofollow noopener" target="_blank">#federaltradecommission</a> <a href="https://schleuss.online/tags/avastantivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#avastantivirus</a> <a href="https://schleuss.online/tags/browsingdata" class="mention hashtag" rel="nofollow noopener" target="_blank">#browsingdata</a> <a href="https://schleuss.online/tags/jumpshot" class="mention hashtag" rel="nofollow noopener" target="_blank">#jumpshot</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://schleuss.online/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/policy" class="mention hashtag" rel="nofollow noopener" target="_blank">#policy</a> <a href="https://schleuss.online/tags/avast" class="mention hashtag" rel="nofollow noopener" target="_blank">#avast</a> <a href="https://schleuss.online/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://schleuss.online/tags/ftc" class="mention hashtag" rel="nofollow noopener" target="_blank">#ftc</a>

Karl Voit :emacs: :orgmode:When <a href="https://graz.social/tags/antimalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#antimalware</a> products are the <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a>:FTC to ban <a href="https://graz.social/tags/Avast" class="mention hashtag" rel="nofollow noopener" target="_blank">#Avast</a> from selling browsing data for advertising purposes <a href="https://www.bleepingcomputer.com/news/security/ftc-to-ban-avast-from-selling-browsing-data-for-advertising-purposes/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/ftc-to-ban-avast-from-selling-browsing-data-for-advertising-purposes/</a>Edit: just to be clear: most anti-malware products deployed major security issues like open backdoors on many Millions of computers in the past. It's a <a href="https://graz.social/tags/snakeoil" class="mention hashtag" rel="nofollow noopener" target="_blank">#snakeoil</a> business where users pay for a false feeling of security and tend to take higher risks. Almost all companies that got <a href="https://graz.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> had anti-malware in place.<a href="https://graz.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://graz.social/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#antivirus</a> <a href="https://graz.social/tags/AvastAntivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#AvastAntivirus</a>

Tarnkappe.info📬 Antiviren-Software: Datenverlust durch Microsoft, Avast und AVG <a href="https://social.tchncs.de/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a> <a href="https://social.tchncs.de/tags/AikidoWiper" class="mention hashtag" rel="nofollow noopener" target="_blank">#AikidoWiper</a> <a href="https://social.tchncs.de/tags/AvastAntivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#AvastAntivirus</a> <a href="https://social.tchncs.de/tags/AVGAntivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#AVGAntivirus</a> <a href="https://social.tchncs.de/tags/Echtzeitschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#Echtzeitschutz</a> <a href="https://social.tchncs.de/tags/MicrosoftDefender" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftDefender</a> <a href="https://social.tchncs.de/tags/Mimikatz" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mimikatz</a> <a href="https://social.tchncs.de/tags/SentinelOneEDR" class="mention hashtag" rel="nofollow noopener" target="_blank">#SentinelOneEDR</a> <a href="https://tarnkappe.info/artikel/hacking/antiviren-software-datenverlust-durch-microsoft-avast-und-avg-260713.html" rel="nofollow noopener" target="_blank">https://tarnkappe.info/artikel/hacking/antiviren-software-datenverlust-durch-microsoft-avast-und-avg-260713.html</a>

Recent searches

Search options

Administered by:

Server stats:

#avastantivirus