Hacker News new | past | comments | ask | show | jobs | submit login
Trend Micro says sorry after apps grabbed Mac browser history (zdnet.com)
35 points by dvdhnt on Sept 11, 2018 | hide | past | web | favorite | 12 comments



If I broke into your computer and stole your browser history I'd probably face criminal charges under the Computer Fraud and Abuse Act. So why not Trend Micro?


I don't want to defend Trend Micro here, but since browser history is a primary vector for malware they at least have a reasonable business purpose related to the intended use of the apps. The contract and permission people agreed to when they willingly installed it and accepted the EULA are probably the distinction between them doing it and you breaking into a system and doing it.


>The contract and permission people agreed to when they willingly installed it and accepted the EULA

I don't know about US contract law, but some jurisdictions require special notice for "unusual" terms.

Just because the EULA was accepted doesn't mean it is fully valid.


> since browser history is a primary vector for malware

Can you expand on this from a technical perspective?

> distinction between them doing it and you breaking into a system and doing it.

I think a more accurate comparison would be you being given access to a system to perform some work, but then accessing files and performing operations, such as exfiltrating that data, outside the scope of your work.


Come on, cut me a break even though I was not 100% precise with my language! I mean browser exploits in general. Unpatched plugins, XSS, spoofing, etc. If they didn't clean up after themselves you could try to correlate an attack with something in the browsing history and try to evaluate it and add it to a shared blacklist. I am not endorsing that, just speculating that could be the well-meaning (if dumb) explanation for this.


Sorry about that!

I didn't mean to scrutinize - I just know very little about browser exploits, especially details, and thought there was some specific attack for browser history.

Cheers.


No problem at all! I was being a bit tongue in cheek with my response, too. I wasn't really offended or anything.


According to the article, this also included user passwords:

> The apps in question were collecting users browser history and sending files, including user passwords, in a ZIP archive to a remote server.

I remain numb as to how little accountability there is in tech. The abuses taking place now for too long - even out of sheer laziness (ie, not updating or patching software) - is mind-blowing.

I suppose the moment you hold a single company accountable, you're forced to hold the entire abusive industry accountable.


They aren't the only AV company doing it. There is another who openly sells the user's history. I was really shocked how no one cares.


From 2015: "AVG anti-virus is selling your web browsing history" [0]

> I was really shocked how no one cares.

Of course people aren't willing to care that much when they're unwilling to give up something they're currently getting 'for free'.

... But you're right, we should care.

[0] https://www.smh.com.au/technology/avg-antivirus-is-selling-y...


So lets see... this was for the customers benefit AND was allowed by the EULA anyway AND was accidentally enabled on non-security products AND this feature is so important that it is being disabled and the collected archives purged.

I'm skeptical that this is the whole story. And really, why should the benefit of the doubt still be given to companies collecting this kind of data for dubious (stated) reasons without an explicit opt-in?


Does anyone know how the post installation process for those applications looked like (on first start)? Did a window pop up asking to accept the EULA and were you able to decline or was the EULA hidden behind some menu entry and using the application was consider accepting it?

I'm asking because I haven't installed an app myself yet through the Mac AppStore which would explicitly ask me to accept any terms.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: