We always recommend keeping your extension list light, because you never know when something might try to siphon data from your browser—especially more data than it should be able to access. That’s exactly the issue Mozilla is raising with four seemingly “good” extensions—Avast Online Security, AVG Online Security, Avast SafePrice, and AVG SafePrice—and you should uninstall them from your browser until they’ve been fixed, at minimum.
As ZDNet reports, Mozilla removed these four extensions from its online gallery following reports from AdBlock Plus’ creator, Wladimir Palant, that the extensions were collecting more data than they should. Palant writes:
“Spying on your users is clearly a violation of the terms that both Google and Mozilla make extension developers sign. So yesterday I reported these four extensions to Mozilla and Google. Mozilla immediately disabled the extension listings, so that these extensions can no longer be found on the Mozilla Add-ons site. Mozilla didn’t blacklist the extensions however, stating that they are still talking to Avast. So for existing users these extensions will still be active and continue spying on the users.”
You can read more about Palant’s overall findings here, but here’s a snippet of his findings:
“When Avast Online Security extension is active, it will request information about your visited websites from an Avast server. In the process, it will transmit data that allows reconstructing your entire web browsing history and much of your browsing behaviour. The amount of data being sent goes far beyond what’s necessary for the extension to function, especially if you compare to competing solutions such as Google Safe Browsing.
For what it’s worth, an Avast spokesperson told ZDNet that it’s working with Mozilla to fix up its extension to make it “fully compliant and transparent.” You can still find all four extensions on the Chrome web store, but Opera has followed Mozilla’s footprints and also removed them from its extension gallery for the time being.
What to do about these extensions in the meantime
If you’ve installed any of those four extensions in any browser you use, uninstall them. You probably don’t even need extensions to vet websites you’re visiting, because this can all be done with a little common sense.
If you still feel like you need an extension to tell you whether websites are legitimate or not, you can try using something like Windows Defender Browser Protection (for Chrome) or the slightly more complicated Application Guard Extension (for Chrome or Firefox), which dumps untrusted websites into an isolated instance of Microsoft Edge. (You’ll also have to install Edge on your system for this to work.)
As for the price-watching extensions, I can’t tell you the last time one actually saved me money on anything. If you must have some kind of little tool that tells you about potential deals for items you’re considering buying, Honey (Chrome, Firefox) is a pretty well-respected extension. Though, were I you, I’d just do a little searching to find the best deals.