Hacker News new | ask | show | jobs
by zinekeller 1558 days ago
... and I don't get your point in this useless pedantry? Sure that the data in of itself is not sent, but you seemed to imply that DNS queries don't reveal anything. In practice, you can build a good enough picture to decode what's their interests, what type of places they visit etc., which is worrying of itself. It's like saying to not worry because they didn't know you ordered a Big Mac while the fact that you went to McDonald's is being known is already creepy to a lot of people.
2 comments
rfoo 1558 days ago
I think the point is the original author did not prove anything was sent to Avira in this case. All they have is speculation that "the router is making DNS queries about a Avira safe things domain and the DNS query QPS is correlated to the amount of traffic in the network".

I agree this is tremendously bad code, but what they observed could also be perfectly explained with "some stupid code doing a Avira subscription check whenever something arrives at the router and they do that without a cache for negative answer, and even if the feature is turned off".

So we need more evidence.

link
zinekeller 1558 days ago
> I agree this is tremendously bad code, but what they observed could also be perfectly explained with "some stupid code doing a Avira subscription check whenever something arrives at the router and they do that without a cache for negative answer, and even if the feature is turned off".

I do wish that it is at least it's Google-like (https://developers.google.com/safe-browsing/v4/update-api) and I hope that it's simply just a bad code, but the simplest method to check if a domain is blacklisted is to simply send the domain - there's no hashing and canonisation to deal with. And before counterarguing, this already happened with Avast (https://www.howtogeek.com/199829/avast-antivirus-was-spying-...), so while I agree that a stronger evidence is needed at the same time I can definitely consider it a smoking gun.

link
kayodelycaon 1558 days ago
There’s a huge difference from sending metadata and sending everything. Most notably in the bandwidth required.

If I’m reading this correctly, it’s not sending every password and username it discovers.

It’s invasive but not to the point of being a complete set of malware.

link