We have released a study of data transmission in Internet security products. Many Internet users are concerned about who has access to their personal information and what is done with it. After revelations by Edward Snowden regarding the extent of eavesdropping by the US-American NSA, users have become increasingly aware of privacy issues. Computer security software has legitimate grounds for sending its makers some information about the system it’s running on; in particular, details of malware found on the machine have to be sent to the manufacturer in order to protect the user effectively. however, this does not mean that a program should have carte blanche to send any and all personal information found on a computer to the manufacturer (other than with the specific knowledge and agreement of the system’s owner). This report gives some insight into data-sending by popular security programs.
Clearly, antivirus manufacturers have to comply with the laws of the countries in which they are established. In the event of e.g. a court order requiring the vendor to provide information about a customer, the company has no choice but to do this. However, this should be the only reason for providing user data to a third party. Some companies do not state that they will only pass on customer information in such circumstances.
This report was initially requested and commissioned by PCgo and PC Magazin Germany.