Jump to content

Hidden server addresses, my data, my privacy, my control over my PC

G7TOK
 Share

Recommended Posts

Porthos

Porthos

Posted
Posted

The following are required for Malwarebytes to work correctly 

https://blitz.mb-cosmos.com
https://cdn.mwbsys.com
https://data-cdn-static.mbamupdates.com
https://data-cdn.mbamupdates.com
https://downloads-static.malwarebytes.com
https://downloads.malwarebytes.com
https://hubble.mb-cosmos.com
https://keystone.mwbsys.com
https://sirius.mwbsys.com

The following can be turned off withe settings from the screenshot from my first response. 

https://telemetry.malwarebytes.com

 

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted

I found the following info that applies to Mac and is probably true with Windows.

 

Quote

There is one daily check-in sent to telemetry.malwarebytes.com, regardless of the status of that setting. (This is the "client data.") This just sends some basic info, like Malwarebytes version, macOS version, hardware architecture, license state, etc - nothing that is sensitive. It will normally be sent only once per day... but if the connection fails, it will retry periodically. I suspect that, because there is a network connection, but the connection to that server is being blocked, the software is probably seeing this as a temporary issue and the retries are more frequent.

Just FYI, the data that is not sent when you turn off that option is:

  • Data on protection-related activity (scans, RTP events) and any detections
    • This data does not include copies of files that were detected
  • Data on how you interact with the app... ie, buttons you click, etc
    • This helps us understand how people interact with the app

None of this data is shared with any other parties, it's solely for our own use to better understand what kinds of threats our customers are seeing and what parts of the app people aren't interacting with (which may indicate unclear user interface or a feature that people don't find useful), so that we can ensure we're protecting folks as well as we can. We are absolutely not in the business of monetizing data about our users.

I personally work a lot with the detection data. It helps me better understand the threats that are out there in the wild. For example, I can see that certain threats that may get a lot of news coverage aren't found on any of our customers' machines, or threats that aren't getting any attention are very widely-distributed. This helps me understand the threat landscape and know how to communicate with customers. It also helps me spot any potential for ways we could improve our detections.

Anyway, long story short, if you unblock telemetry.malwarebytes.com, the client data is pretty insignificant, and nothing else will get sent to the telemetry server with the Usage and Threat Statistics option turned off. You can also opt to continue blocking it, but you'll continue to see those entries in the logs.

I suspect that, because there is a network connection, but the connection to that server is being blocked, the software is probably seeing this as a temporary issue and the retries are more frequent.

  • Like 2
Link to post
Share on other sites
G7TOK

G7TOK

Posted
  • Author
Posted
Quote

There is one daily check-in sent to telemetry.malwarebytes.com, regardless of the status of that setting.

That. Right there. Is a red flag.

If I have turned it off, it's off. Period.

Quote

Data on how you interact with the app... ie, buttons you click, etc

That is personal data, it can be parsed, along with data recovered from other badly behaving apps and the likes of spying by Chrome etc to recover a great deal about my activities.
And, that first line "regardless of the setting of the app" is a criminal offence under EU data protection laws.

 

Neither Malwarebytes or anybody else gets to override our choices regarding privacy or the usage of our data.

  • Thanks 1
Link to post
Share on other sites
McOwnage

McOwnage

Posted
Posted
On 10/15/2023 at 3:16 PM, G7TOK said:

What is this in the screen grab?

Why can't I turn it off?

And whilst we're at it, what is this other address you have my machine dialing home to

 

Screenshot2023-10-15at23_10_51.thumb.png.dd1700e9015df24559501133dc89a0ec.pngScreenshot2023-10-15at23_10_51.thumb.png.dd1700e9015df24559501133dc89a0ec.pngScreenshot2023-10-15at23_10_51.thumb.png.dd1700e9015df24559501133dc89a0ec.png

sirius.mwbsys.com

 

I posted a question like this a LONG time ago before the EU data protection laws the post disappear.

On 10/16/2023 at 1:45 AM, G7TOK said:

That. Right there. Is a red flag.

If I have turned it off, it's off. Period.

That is personal data, it can be parsed, along with data recovered from other badly behaving apps and the likes of spying by Chrome etc to recover a great deal about my activities.
And, that first line "regardless of the setting of the app" is a criminal offence under EU data protection laws.

 

Neither Malwarebytes or anybody else gets to override our choices regarding privacy or the usage of our data.

Hope this gets a solid answer and resolution not just a smoke screen!

Link to post
Share on other sites
lmacri

lmacri

Posted
Posted
On 10/15/2023 at 5:51 PM, Porthos said:

The following are required for Malwarebytes to work correctly...

Hi G7TOK:

I don't know the reason why Malwarebytes needs to collect all the  "required" data for the daily check-in that was described in Porthos' 16-Oct-2023 post <above> (i.e., the telemetry data that is sent even if users DISABLE collection of "optional" data at General | Usage and Threat Statistics | Provide Usage and Threat Statistics), but I suspect most of that "required" data like your Malwarebytes version number, Windows OS and license status also needs to sent each time you check for available updates for your Malwarebytes product and/or malware definitions to ensure the correct updates are delivered to your system.

The URLs listed in Porthos' 15-Oct-2023 post <above>, as well as their purpose, are documented in the support article Firewall Rules for Malwarebytes on Windows v4 Devices.
------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3570 * Firefox v118.0.2 * Microsoft Edge v118.0.2088.57 * Microsoft Defender v4.18.23090.2008-1.1.23090.2007 * Malwarebytes Premium v4.6.4.286-1.0.2163 * Macrium Reflect Free v8.0.7690

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.