On Sun, 29 Jan 2012 18:52:07 -0000 [email protected] wrote: > Nowadays Antivirus software often includes a Webscanner, even free > ones... > > The webscanner scans the tcp stream on the fly and may stop (or > modify?) it. Perhaps he is sending back - over non anonymous channels > - for "remote analysis"? > > Do you think legit Antivirus software may compromise anonymity? Any > known examples yet?
I don't have a definitive answer, but here are my proto-thoughts, likely yes. This answer is based on support calls and tickets. It seems most anti-virus/anti-malware providers include some software that intercepts and/or replaces 'localhost'. Their software generally does one of two things: 1. scans for known malware/virus patterns locally, with this scan database updated periodically; 2. intercepts and relays the traffic to a 'cloud' somewhere which records lots of information about the user (ip address, program name, timestamp, registration or serial number) and stuff all of this into a database. Over time, they get to learn a whole lot about your computer usage and build a fantastic profile of it. I've seen documents, executables, etc sent to the 'cloud' too, scanned, and returned to the user. What they do with all of that data is unknown. My first thought when working with a user and ESET scanner was 'who needs spyware, you paid for your spying to boot'. The typical support call is when the user's A-V system prompts them with 'start-tor-browser.exe' is of unknown safety. do you really want to run this?' It then repeats that question for tor.exe and vidalia.exe. It seems when you click on some link for 'unsafe' or 'check the cloud', you go to the vendor's website and by default opt-in to upload the aforementioned data. If enough people tell the 'cloud' that the tor-related executables are safe, it crosses some threshold and all 'cloud subscribers' no longer get the warnings. However, every time there is a new tor release, the cycle of approval starts anew. All of this is gathered from working with users. A fine bit of data privacy research may be to figure out what A-V companies are collecting from your computer and storing. -- Andrew http://tpo.is/contact pgp 0x74ED336B _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
