Yahoo Finance Mozilla pulls four Firefox add-ons over excessive data collection
The Avast and AVG extensions obtained extremely detailed web histories.
Browser security extensions aren't automatically safer -- they might even make things worse. Mozilla has pulled Avast's Online Security and SafePrice extensions for Firefox, plus their AVG-branded equivalents, after AdBlock Plus creator Wladimir Palant found they were collecting much more data than necessary. This included a detailed web history that went well beyond site addresses and search history, including when and how long you visit a site, what you click, the number of open tabs and even when you switch to another tab. Mozilla's policies explicitly forbid this kind of fine-grained collection.
Palant first wrote about the overreach on October 28th, but it wasn't until he reported the problems to Mozilla on December 2nd that the developer took action. It pulled all four extensions within 24 hours. Opera also pulled the corresponding extensions on its store within about 16 hours of receiving notice.
If you found the extensions useful, don't worry -- they should come back. Avast told ZDNet that it was working with Mozilla to clear up issues. It had "already implemented" some of Mozilla's more recent privacy requirements, and planned versions that were "fully compliant and transparent." You could expect them back in Mozilla's extension store sometime in the "near future."
There's one remaining problem, though: the extensions appear to violate Google's policies for Chrome extensions, but were still available in the Chrome Web Store as of this writing. We've asked Google for comment, but it's safe to say that Chrome's popularity could exacerbate any privacy violations.
