[FTC Bans Antivirus Provider Avast From Selling Users' Browsing Data]

https://www.pcmag.com/news/ftc-bans-antivirus-provider-avast-from-selling-users-browsing-data

Quote

The US Federal Trade Commission is cracking down on antivirus provider Avast for secretly harvesting users’ browsing data and then selling the information to third-party companies.

On Thursday, the FTC announced it was fining Avast $16.5 million and prohibiting the antivirus brand from selling or licensing collected user data for advertising purposes.

“Avast promised users that its products would protect the privacy of their browsing data but delivered the opposite,” said FTC Bureau of Consumer Protection Director Samuel Levine. “Avast’s bait-and-switch surveillance tactics compromised consumers’ privacy and broke the law.”

The FTC issued the order four years after PCMag and Motherboard published a joint investigation into how Avast’s free antivirus products could expose your browsing history to corporations, even though the same products promised to protect users' privacy.  At the time, Avast claimed it was stripping out personal details before supplying the browsing data to marketers. But internal documents showed that the browsing data could still be used to link back to individual Avast users, especially when the information was combined with other data sources.  

The FTC conducted its own investigation and found that Avast subsidiary Jumpshot had been selling users’ browsing data from 2014 to January 2020 to “more than 100 customers.” In addition, the antivirus provider managed to amass “more than eight petabytes (8000TBs) of browsing information dating back to 2014,” none of which was ever deleted.

“This browsing data included information about users’ web searches and the webpages they visited—revealing consumers’ religious beliefs, health concerns, political leanings, location, financial status, visits to child-directed content and other sensitive information,” the FTC added. Avast’s Jumpshot also struck deals to let advertising firms Lotame and Omnicom combine the collected browsing data with their own sources, enabling them to potentially identify users.

Although web tracking has become pervasive over the internet, the FTC says Avast violated US fair trade laws by initially failing to disclose to users that their browsing data would be sold to third parties, and later misrepresenting the collection practices.  

“The vast majority of consumers would not know that the Avast Software would surveil their every move on the Internet or that their browsing information might be sold to more than 100 third parties and stored indefinitely, in granular, re-identifiable form,” the FTC’s order adds.

In response, the Commission is ordering Avast to delete “the web browsing information transferred to Jumpshot and any products or algorithms Jumpshot derived from that data.” The FTC is also forcing Avast to obtain consent from users before selling or licensing collected user data for non-Avast products.

Avast has decided to comply with the FTC’s order. In a statement, it told PCMag: “Avast has reached a settlement with the FTC to resolve its investigation of Avast’s past provision of customer data to its Jumpshot subsidiary that Avast voluntarily closed in January of 2020. We are committed to our mission of protecting and empowering people’s digital lives. While we disagree with the FTC’s allegation and characterization of the facts, we are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world.”

In January 2020, the company terminated Jumpshot, the Avast subsidiary charged with selling the harvested user data. Avast has since merged with NortonLifeLock to form a new parent company called Gen.

The FTC adds that the $16.5 million fine “is expected to be used to provide redress to consumers.” Avast must also notify all consumers who had their browsing information sold to the third-party companies without their consent.

 

[Poland launches Pegasus spyware probe]

https://www.politico.eu/article/poland-pegasus-spyware-probe-law-and-justice-pis-jaroslaw-kaczynski/

Quote

 

WARSAW — The Polish parliament on Monday launched an investigation into whether the former government misused Pegasus hacking software to spy on its political opponents.

Setting up the Pegasus probe was one of the current government’s top campaign pledges ahead of October's general election.

The use of the Israeli surveillance software was brought to light through an investigation by the University of Toronto's Citizen Lab, a digital security nonprofit.

Poland was one of four countries, along with Hungary, Spain, and Greece, where it was reported that the spyware was used against the political opposition, members of civil society and journalists.

A Polish investigation commission now aims to quiz top officials from the former Law and Justice (PiS) government, including party chief Jarosław Kaczyński.

Kaczyński has previously confirmed the government's possession of the Pegasus hacking software. But he has consistently denied it was used against opposition politicians during the 2019 parliamentary election campaign.

“It’s all overblown,” Kaczyński said last week. "Everything … was in line with Polish national interest, with the needs of the security services to combat crime and espionage.”

The ruling coalition alleges PiS used Pegasus both to spy on its enemies and to keep an eye on its own members.

"The scale of [the] surveillance is shocking," Justice Minister Adam Bodnar told the Oko.press news outlet.

Other top officials facing a summons to appear before the commission include former PiS Prime Minister Beata Szydło, former Justice Minister Zbigniew Ziobro, and former PiS MPs Mariusz Kamiński and Maciej Wąsik — who headed the interior ministry and were recently pardoned by President Andrzej Duda following their conviction in an old corruption case.

Kamiński denounced the commission as "a political game with Poland's security," adding: "The secret service always acted in accordance with the law. I look forward to presenting the truth to the public as soon as possible."

Magdalena Sroka, the MP heading the commission, told reporters after the first meeting of the panel: “Too long we’ve been lied to about Pegasus by PiS and we’re going to get to the bottom of it now."

Krzysztof Brejza, an MEP for Tusk's Civic Coalition whose phone was allegedly hacked when he ran the party's campaign in 2019, will also appear.

“This commission will determine not just the people responsible for the use of Pegasus but also [the] people who were attacked: politicians, lawyers, journalists, and ordinary people,” Sroka said.

 

 

[Phishing scam involving Fido leads CRTC to post a warning]

https://mobilesyrup.com/2024/01/12/phishing-scam-involving-fido-leads-crtc-to-post-a-warning/

Quote

Fraudsters posing as Fido are sending Canadians text messages with fake offers, the CRTC warns

Ottawa’s telecom watchdog is warning Canadians about a new phishing scam involving fraudsters pretending to be from Fido.

The Canadian Radio-television and Telecommunications Commission (CRTC) says the fraudsters are sending text messages with fake New Year’s offers.

“Don’t fall for it! Avoid clicking on any suspicious links,” the commission states in a post on X.

Texts with offers aren’t the only type of message to look out for. I recently got a text from a fraudster posing as Fido informing me of a refund for being “billed an excessive amount.”

Telecom companies, including Fido, often send customers offers through text. If you’re unsure if an offer is real or a scam, avoid clicking any links sent via text and instead go to the carrier’s website and log into your account — the offer should also be available there. You can also call a customer service representative to confirm an offer.