“Damn, this is the **** bro, it saved like 50 minutes of my gaming time lol,” reads one review on the tool’s Microsoft Edge Add-Ons page.
The tone changed when the solo developer posted “GREAT NEWS” on the extension’s website. Avast, a giant in cybersecurity that just completed an $8.1 billion merger with NortonLifeLock, will acquire the 10-year-old software for an undisclosed price.
“I am proud and happy to say that Avast… a famous and trustworthy IT company known for the wide range of products that help secure our digital experience, has recognized its value!,” developer Daniel Kladnik wrote recently. Kladnik wrote that he would keep working on the extension, it would remain free, and asked for donations to cease.
Commenters on Facebook, Twitter, and the extension’s various installation pages did not agree with Kladnik’s characterization of Avast. “Congratulations on killing the extension! Avast is cancer on this planet,” wrote a Facebook commenter. “The cure is now worse than the disease,” wrote another. “Sad to see a great pop-up blocking extension being acquired by a well-known pop-up creating company,” someone opined on the Chrome extension page.
Beyond the general scale and scope of the recently merged Norton/Avast entity (cleared just four days ago), and long before it, Avast has made news for its history of data management.
Avast closed down data brokerage operation Jumpshot in 2020 after a joint investigation by Vice and PCMag revealed that its antivirus programs were selling browsing data to some of the world’s largest companies, including Home Depot, Google, and Microsoft (and, disclosure, Ars Technica parent company Conde Nast). The data included Google searches, GPS coordinates on Google Maps, and searches on various sites, including YouTube and PornHub. Jumpshot touted itself as “the only company that unlocked walled garden data,” and, in a now-deleted tweettouted its ability to collect “Every search. Every click. Every buy. On every site.”
In 2019, the creator of AdBlock Plus dug into Avast’s Online Security browser extension (and a similar one from AVG, which Avast acquired). The extension was sending extensive details about the pages visited, activity on those pages, and other data that made de-anonymizing people fairly easy. Google soon after removed Avast and AVG’s extensions from the Chrome Web Store.
In its mainline work providing security, Avast had one notable misstep in distributing a smaller software app it acquired. CCleaner, a tool for fully removing all the pieces of Windows software, was distributed by Avast while it contained malware. The malware, which allowed remote access and control with a seemingly legitimate signing certificate, was inserted by an attacker into CCleaner’s update servers through another firm that Avast acquired.
Avast, a Czech-based company in operation since 1988, has also contributed notable research and security discoveries for more than three decades. In recent years, Avast found 28 malware-infected browser extensions (in 2020), revealed a backdoor inside a federal agency (in 2021), and raised alarms about a Chrome vulnerability being used to target journalists and other specific targets.
Alternatives to “I don’t care about cookies” mentioned by sites and users include Consent-O-Matic and a number of other extensions that have nowhere near the same 10-year history or review build-up of Kladnik’s extension. You could, of course, keep using the extension and watch the updates closely.