If I broke into your computer and stole your browser history I'd probably face criminal charges under the Computer Fraud and Abuse Act. So why not Trend Micro?
I don't want to defend Trend Micro here, but since browser history is a primary vector for malware they at least have a reasonable business purpose related to the intended use of the apps. The contract and permission people agreed to when they willingly installed it and accepted the EULA are probably the distinction between them doing it and you breaking into a system and doing it.
> since browser history is a primary vector for malware
Can you expand on this from a technical perspective?
> distinction between them doing it and you breaking into a system and doing it.
I think a more accurate comparison would be you being given access to a system to perform some work, but then accessing files and performing operations, such as exfiltrating that data, outside the scope of your work.
Come on, cut me a break even though I was not 100% precise with my language! I mean browser exploits in general. Unpatched plugins, XSS, spoofing, etc. If they didn't clean up after themselves you could try to correlate an attack with something in the browsing history and try to evaluate it and add it to a shared blacklist. I am not endorsing that, just speculating that could be the well-meaning (if dumb) explanation for this.
I didn't mean to scrutinize - I just know very little about browser exploits, especially details, and thought there was some specific attack for browser history.
According to the article, this also included user passwords:
> The apps in question were collecting users browser history and sending files, including user passwords, in a ZIP archive to a remote server.
I remain numb as to how little accountability there is in tech. The abuses taking place now for too long - even out of sheer laziness (ie, not updating or patching software) - is mind-blowing.
I suppose the moment you hold a single company accountable, you're forced to hold the entire abusive industry accountable.
So lets see... this was for the customers benefit AND was allowed by the EULA anyway AND was accidentally enabled on non-security products AND this feature is so important that it is being disabled and the collected archives purged.
I'm skeptical that this is the whole story. And really, why should the benefit of the doubt still be given to companies collecting this kind of data for dubious (stated) reasons without an explicit opt-in?
Does anyone know how the post installation process for those applications looked like (on first start)? Did a window pop up asking to accept the EULA and were you able to decline or was the EULA hidden behind some menu entry and using the application was consider accepting it?
I'm asking because I haven't installed an app myself yet through the Mac AppStore which would explicitly ask me to accept any terms.
