Avast, the cybersecurity software company, is facing a $16.5 million fine after it was caught storing and selling customer information without their consent. The Federal Trade Commission (FTC) announced the fine on Thursday and said that it’s banning Avast from selling user data for advertising purposes.
Cybersec company ❌
Advertisement/Data mining ✔️
And people still think they can trust password managers lmao
Yeah, those. Thanks for the example.
So is your problem with using a password manager at all, or just the companies/sources of them?
Any company trying to get my data, really, and my passwords are the most sensitive of my data. Even if I coded one myself, and kept it completely local, my passwords are all in one place if that device gets compromised.
I can remember my passwords, so why take the gamble?
People should consider using a double-blind scheme with cloud-connected managers.
The service you’re setting a password for gets the actual credential, being two components <randomcomplexity><specialrule>, whereas the manager gets only <randomcomplexity>
Consider the example of
U})wJAL0}RhIr')Rgs{,&^>I3/
versusU})wJAL0}RhIr')Rgs{,&^>I3/based
It protects against password database compromise at least. Keyloggers, MITM, etc. are another matter.
Well, you do you, but I’m happier with complex unique password locked behind a 2FA open source self hosted encrypted vault than I am remembering a few passwords shared amongst services. I have 400+ entries in it, and if I get hit by a bus, my wife has access to it with her yubikey.
You do you as well, one of the amazing things about all the technology we have available to us lol.
Because by not using a password manager I guarantee you are duplicating passwords between services. This means the second a service you use is compromised, every single service you use with that same email/password combination is compromised. Even if every one of your passwords had a slight deviation malicious actors know people do this and will likely be able to write a program that attempts those deviations on other services. You’re effectively leaving your security up to weakest link in services you sign up for, and security is more often implemented poorly than implemented well.
By using a password manager you generate a 20+ character long password that is unique to each service you use. These passwords being random and unique to each service protects you from rainbow tables and other hash table based attacks. In the event Bitwarden or another password manager you use is breached anything they get will be worthless as long as your master password is not compromised (which should only ever exist in your head) due to the data being encrypted at rest.
It is a similar concept to using a secure, trusted middleman for processing payments instead of giving your credit card to every single site that asks for it.
Just curious, how do you know they’re secure? Like how do you know it’s only local and not being uploaded somewhere? I’m not about to tear through the code of open source password manager apps to make sure it’s “safe” when I can keep track of them myself, but yes, I do see your point about that not being as safe as them being completely randomly generated for each account
The great thing about open source is that anyone can read the code. Even if you don’t read every line yourself there are others who will. In popular projects it’s pretty much a guarantee any suspicious or malicious changes get caught almost immediately due to the visibility of everything.
As for local-only I trust Bitwarden and their encryption schemes enough that I use their cloud sync, but you can always self host it in a Docker container with no Internet access if you’re concerned about it.
Why? What’s wrong with Keepass?
Keep ass?
Sign me up!
OK, but you need to come down to the War Farts Center.
Who knows? I just keep track of my own passwords so when the rest of you find out I won’t be a part of it lol. Everyone on lemmy is so anti Google and anti Microsoft because of what they do with your data, that it’s actually hilarious that so many just freely give EVERY SINGLE PASSWORD for their accounts to password management apps, like nothing bad could ever come from it.
If you can keep track of your passwords yourself, why take such a massive gamble?
That works great when you’re young, kid, bit when you get older, you’re going to be forgetting and resetting a lot of those passwords.
You’re smarter than the collective wisdom of the entire cybersecurity community, I see. Researchers who have been doing this for decades have nothing on you. People with peer-reviewed studies and bucketloads of data are like pawns in the face of your vast intellect. When FOSS password managers fall, you’ll be the only one left standing and the world will bow at your feet. Certainly you are the first person to have ever thought of this.
Be a sarcastic ass all you want, at least I can remember a password without relying on some random company lol. You keep giving all your passwords away though, no skin off my back
One password. Yes, that’s the problem. Thank you for so eloquently disassembling your own inane point.
I’m sorry you can’t even remember one. Maybe work on reading comprehension first. Have a great life!
You said “a password.” That’s one. I think my reading comprehension is just fine, but I admire your commitment to misunderstanding the point at every turn. It solidly explains why you’re against password managers when literally everyone who knows anything about Internet security is for them.
Oh, I can remember far more than one. But I can’t remember the 687 that I have currently stored in Bitwarden. Can you? Can you accurately and correctly remember six hundred and eighty-seven unique and distinct passwords? 687 unique and distinct passwords that are long and complex enough to be difficult to guess? Can you constantly monitor all 687 accounts for when they show up in data breaches? Can you recognize all 687 login screens for when they’re spoofed for a phishing attack? Remember, some of those are banks! You’ve probably given a couple of them your SSN! There are 687 potential land mines out there. Good luck!
This is a careful reminder to be VERY SCEPTICAL about not only “anti-viruses” (like bro, Windows defender is good enough), but also browsers. There is a high probability that the company is either a data broker or fintech… looking at you, Opera.
If you use antivirus software you’re a dumbass. Just don’t download viruses?
I tried Windows Defender a couple of years ago for an entire year. I thought it was dog water. The anti-ransomeware feature was the only nice thing about it. I now use BitDefender.
What are you clicking on all day?
At least once every 6 months I come across a top Google result trying to download malicious scripts. The web searches are innocent, eg. “Iso standard metric thread” or “bee keeper hive monitor”, which are both search terms in the past where a top result had malicious scripts.
Sounds like you need the noscript browser extension instead.
Sounds like a horrible internet experience. No thanks.
this, i prefer the service based on Free and Open Source Software,
$16.5 million is not even a slap on the wrist
A great business model actually
Is there a class action lawsuit?
I wonder what other uses there are to sell data that is not for advertising? My second thought goes to what is in place to stop a middleman from saying that they would not sell information for advertising purposes, but selling the data for “quality control of data acquisition” purposes. If you are getting a service for free, you are the product.
Political campaigns? A political candidate may want to know his opponent’s supporters and may think he can do a more targeted wooing. 1 may say it’s advertising too.
Also, he can send bots to the political discussions that folks participate in. The bots can start nasty political arguments.
A greedy religious figure may want to encourage more to join his religion. More members, more cash.
They should be put out of business and those responsible jailed
Jesus Christ.
Remember when Google’s Motto was “Don’t be Evil” It was supposed to be a jab at Microsoft, but it feels like every year tech companies find news ways to just be fucking evil.
PS. Google kind of fails to live up to that motto too, I don’t even know if it’s still an official motto.
Corporations have no soul to damn and no body to incarcerate.
Kind of? They would happily sell your mother heroine and auction off her house. They fail at not being evil like Antarctica fails at being hospitable to palm trees.
I’m all for crapping on large publicly traded companies but lumping Google in with companies that sell your data isn’t honest. Google does not and never has sold user data. They sure as hell use your data for their own ad network but they do not sell that data wholesale. Meta and other data brokers sell your data and this Avast company sells your data through a product they claimed stopped tracking. I’m not pro-Google but to compare their business model (which is very transparent about how it handles your data and how it’s never sold) to Avast’s business model (which is to completely lie to the end user while literally selling everything that user does) is not an honest comparison.
I don’t even know if it’s still an official motto.
It’s not
No they officially (quietly) dropped it like a decade ago
No, they didn’t. Alphabet was created as a parent company in 2015 and uses the similarly vague “Do the right thing” in their code of conduct. Google itself still has “Don’t be evil” in their code of conduct, unchanged. Google needed Alphabet to not be Google (or they’d get fined to hell) so having everything identical wouldn’t have been a smart idea.
That this easily Google-able myth is so pervasive is a wonderful microcosm about online gullibility and laziness.
https://gizmodo.com/google-removes-nearly-all-mentions-of-dont-be-evil-from-1826153393
Wow literally the first thing i searched.
And get fucked for your tone you pedantic little punk.
Love the vibe and energy against pretense for pretense sakes, but your source makes you seem demented as it literally repeats exactly what they said if you read it.
Well fuck me then lol. Swhat i get for linking gizmodo. I’ll take the L. Still that guy sucked and i won’t unblock him
I too love blocking people who make reading this place shittier.
Read your own article all the way to the bottom ❤️
(Also thank you for citing a fucking Gizmodo article from 2018 instead of the actual Google Code of Conduct which is the top result for "Google Code of Conduct to prove my point about laziness beautifully. Please note, you’ll have to read all the way to the end again, sorry. https://abc.xyz/investor/google-code-of-conduct/)
Google execs knew this motto will just get in the way of maximizing profits for shareholders, so they dropped it a few years ago.
Can’t believe a company with a notorious history of spying on users is at it again for the 234th time!
This is fucking garbage.
When a company gets caught with their hand in the cook jar, it’s not a punishment to put one of the cookies back.
Fines should be ten TIMES what the company made from their misbehaviour, not ten percent.
This is the best summary I could come up with:
Avast, the cybersecurity software company, is facing a $16.5 million fine after it was caught storing and selling customer information without their consent.
The Federal Trade Commission (FTC) announced the fine on Thursday and said that it’s banning Avast from selling user data for advertising purposes.
From at least 2014 to 2020, Avast harvested user web browsing information through its antivirus software and browser extension, according to the FTC’s complaint.
“We are committed to our mission of protecting and empowering people’s digital lives,” Avast spokesperson Jess Monney said in a statement to The Verge.
“While we disagree with the FTC’s allegations and characterization of the facts, we are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world.”
In January, the FTC reached a settlement with Outlogic (formerly X-Mode Social) that prevents the data broker from selling information that can be used to track users’ locations.
The original article contains 398 words, the summary contains 155 words. Saved 61%. I’m a bot and I’m open source!
“While we disagree with the FTC’s allegations and characterization of the facts, we are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world.”…translation, we regret being caught but look forward to the opportunity of exploring alternate ways to exploiting consumers for profit.
Good bot.
That’s horrifying. I remember using the avast private browser when I was younger as to not get tracked by Google chrome, but i was just getting tracked by avast instead. :(
It’s capitalism. You get to choose who steals your personal data.
False choice. Self hosting is an option, and not even that difficult these days.
People are lazy.
Unless you use a trusted firefox fork
I kinda feel like capitalism is treating me like a lemon thief these days.
You lemon stealing whore!
And I’m sure that fine was as high or higher than the profit they made from the data… what, it wasn’t?!
They definitely made more than that selling data what a fucking joke
F*C fines are just protection money payments.