Update 9:40am ET: Developer Daniel Kladnik writes Ars that he’s “getting a ton of congrats emails from all around the world … Online you can only find the hate speech, angry people are usually the loudest ones.” He adds that he is “aware of the problems Avast had (created) because of data collecting several years ago, and I can understand why some people are worried. The things is: data collecting is gone and, (as far as I know), Avast has changed for the better. It’s a fine company with good values and a plan for the future.”

Marina Ziegler, public relations director for Avast, writes Ars, “Many online users feel interrupted by web cookies, or even unsure about what they are, what they are used for, and how to adjust them.” Avast does not have “concrete plans for implementation across other products at the moment,” but has implemented cookie consent management into a beta version of Avast Online Security and Privacy.

“The extension does not collect any data,” Ziegler writes. “No user data is collected or sold. Also, we have no plans to change the extension’s way of working at this point. The acquisition was planned before the NortonLifeLock merger.”

Avast understands that “the news about our data processing for the purposes of trend analytics in early 2020 raised a number of questions,” Ziegler writes. Avast closed the business, ended the transfer of data, and has “taken further steps to improve data protection, collaborated with privacy organizations such as TOR and the Future of Privacy Forum, and have received certification of our data protection guidelines with TRUSTe,” Ziegler writes.

Original story follows:

Browser extension I don’t care about cookies does one job and does it well. It automatically removes the annoying-but-mandated “This website uses cookies” notices from websites. People like it, donate to it, and don’t ask more of it, a rare find for free software.

“Damn, this is the **** bro, it saved like 50 minutes of my gaming time lol,” reads one review on the tool’s Microsoft Edge Add-Ons page.

The tone changed when the solo developer posted “GREAT NEWS” on the extension’s website. Avast, a giant in cybersecurity that just completed an $8.1 billion merger with NortonLifeLock, will acquire the 10-year-old software for an undisclosed price.

“I am proud and happy to say that Avast … a famous and trustworthy IT company known for the wide range of products that help secure our digital experience, has recognized its value!,” developer Daniel Kladnik wrote recently. Kladnik wrote that he would keep working on the extension, it would remain free, and asked for donations to cease.

Commenters on Facebook, Twitter, and the extension’s various installation pages did not agree with Kladnik’s characterization of Avast. “Congratulations on killing the extension! Avast is cancer on this planet,” wrote a Facebook commenter. “The cure is now worse than the disease,” wrote another. “Sad to see a great pop-up blocking extension being acquired by a well-known pop-up creating company,” someone opined on the Chrome extension page.

There’s always a certain amount of knee-jerk “uninstalling” reaction to software acquisitions, but an extension that handles cookie policy for you being acquired by Avast does raise some questions. (We’ve reached out to both Kladnik and Avast and will update the post with new information).

Beyond the general scale and scope of the recently merged Norton/Avast entity (cleared just four days ago), and long before it, Avast has made news for its history of data management.

Avast closed down data brokerage operation Jumpshot in 2020 after a joint investigation by Vice and PCMag revealed that its antivirus programs were selling browsing data to some of the world’s largest companies, including Home Depot, Google, and Microsoft (and, disclosure, Ars Technica parent company Condé Nast). The data included Google searches, GPS coordinates on Google Maps, and searches on various sites, including YouTube and PornHub. Jumpshot touted itself as “the only company that unlocked walled garden data,” and, in a now-deleted tweet, touted its ability to collect “Every search. Every click. Every buy. On every site.”

In 2019, the creator of AdBlock Plus dug into Avast’s Online Security browser extension (and a similar one from AVG, which Avast acquired). The extension was sending extensive details about the pages visited, activity on those pages, and other data that made de-anonymizing people fairly easy. Google soon after removed Avast and AVG’s extensions from the Chrome Web Store.

In its mainline work providing security, Avast had one notable misstep in distributing a smaller software app it acquired. CCleaner, a tool for fully removing all the pieces of Windows software, was distributed by Avast while it contained malware. The malware, which allowed remote access and control with a seemingly legitimate signing certificate, was inserted by an attacker into CCleaner’s update servers through another firm that Avast acquired.

Avast, a Czech-based company in operation since 1988, has also contributed notable research and security discoveries for more than three decades. In recent years, Avast found 28 malware-infected browser extensions (in 2020), revealed a backdoor inside a federal agency (in 2021), and raised alarms about a Chrome vulnerability being used to target journalists and other specific targets.

Alternatives to “I don’t care about cookies” mentioned by sites and users include Consent-O-Matic and a number of other extensions that have nowhere near the same 10-year history or review build-up of Kladnik’s extension. You could, of course, keep using the extension and watch the updates closely.

https://arstechnica.com/?p=1882086