Kaspersky Antivirus Software Exposed Millions to Web Tracking
Source: Tom's Guide
Kaspersky Antivirus Software Exposed Millions to Web Tracking
By Paul Wagenseil a day ago Security
Program injected JavaScript, unique IDs into web pages
UPDATED with comment from Kaspersky.
Kaspersky antivirus software let websites track users for years, a German journalist revealed today (Aug. 15).
Ronald Eikenberg of c't magazine detailed how the Kaspersky software installed on a test laptop injected JavaScript code onto every web page rendered on every browser on a test laptop.
Even worse, the Kaspersky JavaScript contained an ID number that was replicated in every page rendered on a single machine. The ID number was changed on other PCs.
"That's a remarkably bad idea," Eikenberg wrote in the English version of his article (it's also available in German). "Other scripts running in the context of the website domain can access the entire HTML source any time, which means they can read the Kaspersky ID. In other words, any website can read the user's Kaspersky ID and use it for tracking."
You can disable the Kaspersky ID injection entirely by going into your Kaspersky software's settings, then Additional/Network, then locating Traffic Processing and unchecking "Inject script into web traffic to interact with web pages."
-snip-
Read more:
https://www.tomsguide.com/news/kaspersky-antivirus-software-exposed-millions-to-web-tracking